[csw-devel] SF.net SVN: gar:[6273] csw/mgar/pkg/tcpwrappers/tags

dmichelsen at users.sourceforge.net dmichelsen at users.sourceforge.net
Fri Sep 11 17:46:06 CEST 2009


Revision: 6273
          http://gar.svn.sourceforge.net/gar/?rev=6273&view=rev
Author:   dmichelsen
Date:     2009-09-11 15:46:06 +0000 (Fri, 11 Sep 2009)

Log Message:
-----------
tcpwrappers: Add legacy description

Added Paths:
-----------
    csw/mgar/pkg/tcpwrappers/tags/legacy/
    csw/mgar/pkg/tcpwrappers/tags/legacy/BUILD.NOTES
    csw/mgar/pkg/tcpwrappers/tags/legacy/README.t
    csw/mgar/pkg/tcpwrappers/tags/legacy/copyright
    csw/mgar/pkg/tcpwrappers/tags/legacy/makepkg.old
    csw/mgar/pkg/tcpwrappers/tags/legacy/man.patch
    csw/mgar/pkg/tcpwrappers/tags/legacy/pkginfo
    csw/mgar/pkg/tcpwrappers/tags/legacy/prototype
    csw/mgar/pkg/tcpwrappers/tags/legacy/sharedlib.patch

Added: csw/mgar/pkg/tcpwrappers/tags/legacy/BUILD.NOTES
===================================================================
--- csw/mgar/pkg/tcpwrappers/tags/legacy/BUILD.NOTES	                        (rev 0)
+++ csw/mgar/pkg/tcpwrappers/tags/legacy/BUILD.NOTES	2009-09-11 15:46:06 UTC (rev 6273)
@@ -0,0 +1,25 @@
+
+# Patch the makefile to allow for compile of a shared lib.
+# Plus, define a sneaky ELF .obj that contains "weak" magic symbols
+
+#Note that the library is compiled to use LOG_LOCAL1 as the
+#syslog type, NOT "LOG_MAIL", the default
+#ALSO, it uses /opt/csw/etc, NOT /etc/hosts.XXX
+
+gpatch <~/pkgs/tcpwrap/sharedlib.patch
+
+#update manpage paths about /opt/csw/etc
+gpatch <~/pkgs/tcpwrap/man.patch
+
+
+gmake REAL_DAEMON_DIR=/usr/sbin sunos5-shared
+mv libwrap.so.1 libwrap-std.so.1
+gmake clean
+
+gmake REAL_DAEMON_DIR=/usr/sbin sunos5-sharedext
+mv libwrap.so.1 libwrap-ext.so.1
+
+cd ~/pkgs/tcpwrap
+cp README.t /export/home/phil/build/tcp_wrappers_7.6-ipv6.4
+createpkg -r /export/home/phil/build/tcp_wrappers_7.6-ipv6.4
+

Added: csw/mgar/pkg/tcpwrappers/tags/legacy/README.t
===================================================================
--- csw/mgar/pkg/tcpwrappers/tags/legacy/README.t	                        (rev 0)
+++ csw/mgar/pkg/tcpwrappers/tags/legacy/README.t	2009-09-11 15:46:06 UTC (rev 6273)
@@ -0,0 +1,28 @@
+TCP-Wrappers, from http://www.porcupine.org
+
+Note  that the library is compiled to use LOG_LOCAL1 as the
+syslog facility, NOT "LOG_MAIL", the default.
+
+ALSO, it uses /opt/csw/etc/hosts.xxx, NOT /etc/hosts.XXX
+
+man hosts_access(3), hosts_access(5), hosts_options(5)
+for syntax on those.
+
+The compile has been hacked to provide a shared-library version instead
+of libwrap.a
+There is an extra hack, in that there are default variable definitions of
+deny_severity and allow_severity, set to 0.
+This is to allow for ./configure style tests, that break in the transition
+from lib.a to lib.so
+
+
+Note also that there are TWO versions of libwrap.so: 
+libwrap-std.so.1      The "standard" tcp wrapper library
+libwrap-ext.so.1      The "extended" tcp wrapper library
+
+By default, /opt/csw/lib/libwrap.so.1 is linked to the std version.
+To use the extended syntax in hosts_options(5), you need to change
+the link to point to libwrap-ext.so.1
+Unfortunately, the syntax for the two versions, is slightly incompatible,
+which is why there are two versions.
+

Added: csw/mgar/pkg/tcpwrappers/tags/legacy/copyright
===================================================================
--- csw/mgar/pkg/tcpwrappers/tags/legacy/copyright	                        (rev 0)
+++ csw/mgar/pkg/tcpwrappers/tags/legacy/copyright	2009-09-11 15:46:06 UTC (rev 6273)
@@ -0,0 +1,16 @@
+/************************************************************************
+* Copyright 1995 by Wietse Venema.  All rights reserved.  Some individual
+* files may be covered by other copyrights.
+*
+* This material was originally written and compiled by Wietse Venema at
+* Eindhoven University of Technology, The Netherlands, in 1990, 1991,
+* 1992, 1993, 1994 and 1995.
+*
+* Redistribution and use in source and binary forms are permitted
+* provided that this entire copyright notice is duplicated in all such
+* copies.
+*
+* This software is provided "as is" and without any expressed or implied
+* warranties, including, without limitation, the implied warranties of
+* merchantibility and fitness for any particular purpose.
+************************************************************************/

Added: csw/mgar/pkg/tcpwrappers/tags/legacy/makepkg.old
===================================================================
--- csw/mgar/pkg/tcpwrappers/tags/legacy/makepkg.old	                        (rev 0)
+++ csw/mgar/pkg/tcpwrappers/tags/legacy/makepkg.old	2009-09-11 15:46:06 UTC (rev 6273)
@@ -0,0 +1,61 @@
+#!/bin/ksh -p
+
+## MODIFIED BUILDPKG - this builds directly from source tree!!
+
+if [ "$1" = "" ] ; then
+	echo ERROR: need source dir
+	exit 1
+fi
+
+if [ ! -f "$1/libwrap.a" ] ; then
+	echo ERROR: do not detect built libwrap.a
+	exit 1
+fi
+
+
+
+# This script actually builds the package.. once you have already
+# put together the pkginfo and prototype file.
+# See the makeproto script for a way to make a prototype file.
+
+ARCH=all
+
+die()
+{
+	print ERROR: $*
+	exit 1
+}
+
+PROTO=prototype
+
+
+grep 'i copyright' $PROTO || die need copyright in $PROTO
+grep 'root other' $PROTO && die fix $PROTO file
+
+grep 'Replace this file' copyright && die fix copyright file
+
+mode=relative
+
+
+PKG=`sed -n 's/^PKG=//p' pkginfo`
+PKGREV=`sed -n 's/^VERSION=//p' pkginfo`
+SOFTNAME=`sed -n 's/^NAME=//p' pkginfo|awk '{print $1}'`
+ARCH=`uname -p`
+
+PKGFILE=$SOFTNAME-$PKGREV-SunOS`uname -r`-$ARCH-CSW.pkg
+
+if [ "$PKGREV" = "" -o "$SOFTNAME" = "" ] ; then
+	echo ERROR: need VERSION and NAME defined properly in pkginfo
+	exit 1
+fi
+
+pkgmk -b $1 -a $ARCH -f $PROTO
+
+
+if [ $? -ne 0 ] ; then die package creation failed ; fi
+
+
+pkgtrans -s /var/spool/pkg `pwd`/$PKGFILE $PKG
+echo gzipping pkgfile
+gzip $PKGFILE
+rm -r /var/spool/pkg/$PKG

Added: csw/mgar/pkg/tcpwrappers/tags/legacy/man.patch
===================================================================
--- csw/mgar/pkg/tcpwrappers/tags/legacy/man.patch	                        (rev 0)
+++ csw/mgar/pkg/tcpwrappers/tags/legacy/man.patch	2009-09-11 15:46:06 UTC (rev 6273)
@@ -0,0 +1,149 @@
+--- hosts_access.3.pre-csw	1996-02-11 11:01:27.000000000 -0500
++++ hosts_access.3	2006-03-30 17:08:22.857367000 -0500
+@@ -78,7 +78,7 @@
+ hosts_access(5), format of the access control tables.
+ hosts_options(5), optional extensions to the base language.
+ .SH FILES
+-/etc/hosts.allow, /etc/hosts.deny, access control tables.
++/opt/csw/etc/hosts.allow, /opt/csw/etc/hosts.deny, access control tables.
+ .SH BUGS
+ hosts_access() uses the strtok() library function. This may interfere
+ with other code that relies on strtok().
+--- hosts_access.5.pre-csw	1995-01-30 13:51:47.000000000 -0500
++++ hosts_access.5	2006-03-30 17:08:22.913093000 -0500
+@@ -21,10 +21,10 @@
+ at the first match:
+ .IP \(bu
+ Access will be granted when a (daemon,client) pair matches an entry in
+-the \fI/etc/hosts.allow\fR file.
++the \fI/opt/csw/etc/hosts.allow\fR file.
+ .IP \(bu
+ Otherwise, access will be denied when a (daemon,client) pair matches an
+-entry in the \fI/etc/hosts.deny\fR file.
++entry in the \fI/opt/csw/etc/hosts.deny\fR file.
+ .IP \(bu
+ Otherwise, access will be granted.
+ .PP
+@@ -268,7 +268,7 @@
+ file:
+ .PP
+ .ne 2
+-/etc/hosts.deny: 
++/opt/csw/etc/hosts.deny: 
+ .in +3
+ ALL: ALL
+ .PP
+@@ -279,7 +279,7 @@
+ For example:
+ .PP
+ .ne 2
+-/etc/hosts.allow: 
++/opt/csw/etc/hosts.allow: 
+ .in +3
+ ALL: LOCAL @some_netgroup
+ .br
+@@ -298,7 +298,7 @@
+ that it can be omitted.  The explicitly non-authorized hosts are listed
+ in the deny file. For example:
+ .PP
+-/etc/hosts.deny:
++/opt/csw/etc/hosts.deny:
+ .in +3
+ ALL: some.host.name, .some.domain
+ .br
+@@ -313,13 +313,13 @@
+ host. The result is mailed to the superuser.
+ .PP
+ .ne 2
+-/etc/hosts.allow:
++/opt/csw/etc/hosts.allow:
+ .in +3
+ .nf
+ in.tftpd: LOCAL, .my.domain
+ .PP
+ .ne 2
+-/etc/hosts.deny:
++/opt/csw/etc/hosts.deny:
+ .in +3
+ .nf
+ in.tftpd: ALL: (/some/where/safe_finger -l @%h | \\
+@@ -353,8 +353,8 @@
+ .SH FILES
+ .na
+ .nf
+-/etc/hosts.allow, (daemon,client) pairs that are granted access.
+-/etc/hosts.deny, (daemon,client) pairs that are denied access.
++/opt/csw/etc/hosts.allow, (daemon,client) pairs that are granted access.
++/opt/csw/etc/hosts.deny, (daemon,client) pairs that are denied access.
+ .ad
+ .fi
+ .SH SEE ALSO
+--- tcpd.8.pre-csw	1996-02-21 10:39:16.000000000 -0500
++++ tcpd.8	2006-03-30 17:08:22.960557000 -0500
+@@ -146,7 +146,7 @@
+ only non-trivial service that is affected by this limitation is
+ \fIrexd\fR, which is used by the \fIon(1)\fR command. This is no great
+ loss.  On most systems, \fIrexd\fR is less secure than a wildcard in
+-/etc/hosts.equiv.
++/opt/csw/etc/hosts.equiv.
+ .PP
+ RPC broadcast requests (for example: \fIrwall, rup, rusers\fR) always
+ appear to come from the responding host. What happens is that the
+@@ -158,9 +158,9 @@
+ .PP
+ The default locations of the host access control tables are:
+ .PP
+-/etc/hosts.allow
++/opt/csw/etc/hosts.allow
+ .br
+-/etc/hosts.deny
++/opt/csw/etc/hosts.deny
+ .SH SEE ALSO
+ .na
+ .nf
+--- tcpdchk.8.pre-csw	1995-01-08 11:00:31.000000000 -0500
++++ tcpdchk.8	2006-03-30 17:08:23.007553000 -0500
+@@ -8,7 +8,7 @@
+ \fItcpdchk\fR examines your tcp wrapper configuration and reports all
+ potential and real problems it can find. The program examines the
+ \fItcpd\fR access control files (by default, these are
+-\fI/etc/hosts.allow\fR and \fI/etc/hosts.deny\fR), and compares the
++\fI/opt/csw/etc/hosts.allow\fR and \fI/opt/csw/etc/hosts.deny\fR), and compares the
+ entries in these files against entries in the \fIinetd\fR or \fItlid\fR
+ network configuration files.
+ .PP
+@@ -44,9 +44,9 @@
+ .PP
+ The default locations of the \fItcpd\fR access control tables are:
+ .PP
+-/etc/hosts.allow
++/opt/csw/etc/hosts.allow
+ .br
+-/etc/hosts.deny
++/opt/csw/etc/hosts.deny
+ .SH SEE ALSO
+ .na
+ .nf
+--- tcpdmatch.8.pre-csw	1996-02-11 11:01:36.000000000 -0500
++++ tcpdmatch.8	2006-03-30 17:08:23.055866000 -0500
+@@ -11,7 +11,7 @@
+ request for service.  Examples are given below.
+ .PP
+ The program examines the \fItcpd\fR access control tables (default
+-\fI/etc/hosts.allow\fR and \fI/etc/hosts.deny\fR) and prints its
++\fI/opt/csw/etc/hosts.allow\fR and \fI/opt/csw/etc/hosts.deny\fR) and prints its
+ conclusion.  For maximal accuracy, it extracts additional information
+ from your \fIinetd\fR or \fItlid\fR network configuration file.
+ .PP
+@@ -76,9 +76,9 @@
+ .PP
+ The default locations of the \fItcpd\fR access control tables are:
+ .PP
+-/etc/hosts.allow
++/opt/csw/etc/hosts.allow
+ .br
+-/etc/hosts.deny
++/opt/csw/etc/hosts.deny
+ .SH SEE ALSO
+ .na
+ .nf

Added: csw/mgar/pkg/tcpwrappers/tags/legacy/pkginfo
===================================================================
--- csw/mgar/pkg/tcpwrappers/tags/legacy/pkginfo	                        (rev 0)
+++ csw/mgar/pkg/tcpwrappers/tags/legacy/pkginfo	2009-09-11 15:46:06 UTC (rev 6273)
@@ -0,0 +1,8 @@
+PKG=CSWtcpwrap
+NAME=tcpwrappers - (ipv6.4 patched) lib and tools for pre-screening tcp connections
+VERSION=7.6,REV=2006.03.30.ipv6.4
+ARCH=i386
+CATEGORY=system
+VENDOR=http://ftp.porcupine.org/pub/security/ packaged for CSW by Philip Brown
+HOTLINE=http://www.blastwave.com/bugtrack/
+EMAIL=phil at blastwave.org

Added: csw/mgar/pkg/tcpwrappers/tags/legacy/prototype
===================================================================
--- csw/mgar/pkg/tcpwrappers/tags/legacy/prototype	                        (rev 0)
+++ csw/mgar/pkg/tcpwrappers/tags/legacy/prototype	2009-09-11 15:46:06 UTC (rev 6273)
@@ -0,0 +1,29 @@
+i pkginfo
+i copyright
+d none /opt/csw/share/doc 0755 root bin
+d none /opt/csw/share/doc/tcpwrappers 0755 root bin
+f none /opt/csw/share/doc/tcpwrappers/README=README.t 0644 root bin
+d none /opt/csw/lib 0755 root bin
+f none /opt/csw/lib/libwrap-std.so.1=libwrap-std.so.1 0755 root bin
+f none /opt/csw/lib/libwrap-ext.so.1=libwrap-ext.so.1 0755 root bin
+s none /opt/csw/lib/libwrap.so.1=libwrap-std.so.1
+s none /opt/csw/lib/libwrap.so=libwrap.so.1
+d none /opt/csw/libexec 0755 root bin
+f none /opt/csw/libexec/tcpd=tcpd 0755 root bin
+f none /opt/csw/libexec/tcpdmatch=tcpdmatch 0755 root bin
+f none /opt/csw/libexec/try-from=try-from 0755 root bin
+f none /opt/csw/libexec/safe_finger=safe_finger 0755 root bin
+f none /opt/csw/libexec/tcpdchk=tcpdchk 0755 root bin
+d none /opt/csw/include 0755 root bin
+f none /opt/csw/include/tcpd.h=tcpd.h 0644 root bin
+d none /opt/csw/share 0755 root bin
+d none /opt/csw/share/man 0755 root bin
+d none /opt/csw/share/man/man3 0755 root bin
+d none /opt/csw/share/man/man5 0755 root bin
+d none /opt/csw/share/man/man8 0755 root bin
+f none /opt/csw/share/man/man3/hosts_access.3=hosts_access.3 0644 root bin
+f none /opt/csw/share/man/man5/hosts_access.5=hosts_access.5 0644 root bin
+f none /opt/csw/share/man/man5/hosts_options.5=hosts_options.5 0644 root bin
+f none /opt/csw/share/man/man8/tcpd.8=tcpd.8 0644 root bin
+f none /opt/csw/share/man/man8/tcpdchk.8=tcpdchk.8 0644 root bin
+f none /opt/csw/share/man/man8/tcpdmatch.8=tcpdmatch.8 0644 root bin

Added: csw/mgar/pkg/tcpwrappers/tags/legacy/sharedlib.patch
===================================================================
--- csw/mgar/pkg/tcpwrappers/tags/legacy/sharedlib.patch	                        (rev 0)
+++ csw/mgar/pkg/tcpwrappers/tags/legacy/sharedlib.patch	2009-09-11 15:46:06 UTC (rev 6273)
@@ -0,0 +1,71 @@
+--- Makefile.pre-csw	2006-03-30 16:47:20.849031000 -0500
++++ Makefile	2006-03-30 16:49:56.343391000 -0500
+@@ -197,6 +197,24 @@
+ 	BUGS="$(BUGS) -DSOLARIS_24_GETHOSTBYNAME_BUG" IPV6="$(IPV6)" \
+ 	EXTRA_CFLAGS=-DUSE_STRERROR all
+ 
++sunos5-shared:
++	@$(MAKE) REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
++	LIBS="-lsocket -lnsl" RANLIB=/bin/true \
++	AR=ld ARFLAGS="-G -h libwrap.so.1 -o " \
++	LIB=libwrap.so.1 VSYSLOG= \
++	NETGROUP=-DNETGROUP AUX_OBJ="setenv.o sharedhack.o" TLI=-DTLI \
++	BUGS="$(BUGS) -DSOLARIS_24_GETHOSTBYNAME_BUG" IPV6="$(IPV6)" \
++	EXTRA_CFLAGS="-DUSE_STRERROR -Kpic" all
++
++sunos5-sharedext:
++	@$(MAKE) REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
++	LIBS="-lsocket -lnsl" RANLIB=/bin/true \
++	AR=ld ARFLAGS="-G -h libwrap.so.1 -o " \
++	LIB=libwrap.so.1 VSYSLOG= STYLE=-DPROCESS_OPTIONS \
++	NETGROUP=-DNETGROUP AUX_OBJ="setenv.o sharedhack.o" TLI=-DTLI \
++	BUGS="$(BUGS) -DSOLARIS_24_GETHOSTBYNAME_BUG" IPV6="$(IPV6)" \
++	EXTRA_CFLAGS="-DUSE_STRERROR -Kpic" all
++
+ # Generic SYSV40
+ esix sysv4:
+ 	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
+@@ -481,7 +499,7 @@
+ # If your system has IPv6 and supports getipnode* and inet_pton/inet_ntop
+ # uncomment the following (Solaris 8)
+ 
+-# IPV6 = -DHAVE_IPV6
++IPV6 = -DHAVE_IPV6
+ 
+ # If your system does not have getipnodebyname() but uses the obsolete
+ # gethostbyname2() instead, use this (AIX)
+@@ -527,7 +545,7 @@
+ #
+ # The LOG_XXX names below are taken from the /usr/include/syslog.h file.
+ 
+-FACILITY= LOG_MAIL	# LOG_MAIL is what most sendmail daemons use
++FACILITY= LOG_LOCAL1	# LOG_MAIL is what most sendmail daemons use
+ 
+ # The syslog priority at which successful connections are logged.
+ 
+@@ -603,7 +621,7 @@
+ # look for access control information. Watch out for the quotes and
+ # backslashes when you make changes.
+ 
+-TABLES	= -DHOSTS_DENY=\"/etc/hosts.deny\" -DHOSTS_ALLOW=\"/etc/hosts.allow\"
++TABLES	= -DHOSTS_DENY=\"/opt/csw/etc/hosts.deny\" -DHOSTS_ALLOW=\"/opt/csw/etc/hosts.allow\"
+ 
+ ####################################################
+ # Optional: dealing with host name/address conflicts
+@@ -725,7 +743,7 @@
+ 	$(CC) $(CFLAGS) -o $@ miscd.o $(LIB) $(LIBS)
+ 
+ safe_finger: safe_finger.o $(LIB)
+-	$(CC) $(CFLAGS) -o $@ safe_finger.o $(LIB) $(LIBS)
++	$(CC) $(CFLAGS) -o $@ safe_finger.o $(LIBS)
+ 
+ TCPDMATCH_OBJ = tcpdmatch.o fakelog.o inetcf.o scaffold.o
+ 
+--- /dev/null	2006-03-30 15:03:19.000000000 -0500
++++ sharedhack.c	2006-03-30 16:50:50.946442000 -0500
+@@ -0,0 +1,5 @@
++/* This must be compiled with Sun CC for the pragma */
++#pragma weak deny_severity
++#pragma weak allow_severity
++int deny_severity=0;
++int allow_severity=0;


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.



More information about the devel mailing list