From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 9565E1391DB for ; Mon, 24 Mar 2014 19:37:09 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 1421BE0856; Mon, 24 Mar 2014 19:37:04 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 85D75E0856 for ; Mon, 24 Mar 2014 19:37:03 +0000 (UTC) Received: from spoonbill.gentoo.org (spoonbill.gentoo.org [81.93.255.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 8F14E335E31 for ; Mon, 24 Mar 2014 19:37:02 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by spoonbill.gentoo.org (Postfix) with ESMTP id CC68E188F1 for ; Mon, 24 Mar 2014 19:37:00 +0000 (UTC) From: "Anthony G. Basile" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Anthony G. Basile" Message-ID: <1395689829.b6c98ac91a420c28f1f7c91c161daaab6fe93bb1.blueness@gentoo> Subject: [gentoo-commits] proj/hardened-dev:musl commit in: sys-apps/tcp-wrappers/files/, sys-apps/tcp-wrappers/ X-VCS-Repository: proj/hardened-dev X-VCS-Files: sys-apps/tcp-wrappers/files/tcp-wrappers-7.6-headers.patch sys-apps/tcp-wrappers/files/tcp-wrappers-7.6-redhat-bug11881.patch sys-apps/tcp-wrappers/files/tcp-wrappers-7.6.22-remove-DECLS.patch sys-apps/tcp-wrappers/metadata.xml sys-apps/tcp-wrappers/tcp-wrappers-7.6.22-r99.ebuild X-VCS-Directories: sys-apps/tcp-wrappers/files/ sys-apps/tcp-wrappers/ X-VCS-Committer: blueness X-VCS-Committer-Name: Anthony G. Basile X-VCS-Revision: b6c98ac91a420c28f1f7c91c161daaab6fe93bb1 X-VCS-Branch: musl Date: Mon, 24 Mar 2014 19:37:00 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 9c88732b-c204-473a-b1e9-ea2ed6f880c6 X-Archives-Hash: 342da61d5a3f1432e52624d7424abf97 commit: b6c98ac91a420c28f1f7c91c161daaab6fe93bb1 Author: Anthony G. Basile gentoo org> AuthorDate: Mon Mar 24 19:20:43 2014 +0000 Commit: Anthony G. Basile gentoo org> CommitDate: Mon Mar 24 19:37:09 2014 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=b6c98ac9 sys-apps/tcp-wrappers: version bump Package-Manager: portage-2.2.8-r1 RepoMan-Options: --force --- .../files/tcp-wrappers-7.6-headers.patch | 295 +++++++++++++++++++++ .../files/tcp-wrappers-7.6-redhat-bug11881.patch | 35 +++ .../files/tcp-wrappers-7.6.22-remove-DECLS.patch | 22 ++ sys-apps/tcp-wrappers/metadata.xml | 6 + .../tcp-wrappers/tcp-wrappers-7.6.22-r99.ebuild | 99 +++++++ 5 files changed, 457 insertions(+) diff --git a/sys-apps/tcp-wrappers/files/tcp-wrappers-7.6-headers.patch b/sys-apps/tcp-wrappers/files/tcp-wrappers-7.6-headers.patch new file mode 100644 index 0000000..328a4a1 --- /dev/null +++ b/sys-apps/tcp-wrappers/files/tcp-wrappers-7.6-headers.patch @@ -0,0 +1,295 @@ +--- a/options.c ++++ b/options.c +@@ -34,6 +34,8 @@ + + /* System libraries. */ + ++#include ++#include + #include + #include + #include +--- a/safe_finger.c ++++ b/safe_finger.c +@@ -20,6 +20,11 @@ + + /* System libraries */ + ++#include ++#include ++#include ++#include ++#include + #include + #include + #include +@@ -27,7 +31,7 @@ + #include + #include + +-extern void exit(); ++int pipe_stdin(char **argv); + + /* Local stuff */ + +--- a/scaffold.c ++++ b/scaffold.c +@@ -10,6 +10,7 @@ + + /* System libraries. */ + ++#include + #include + #include + #include +@@ -27,7 +27,4 @@ + #endif + +-#ifndef INET6 +-extern char *malloc(); +-#endif + + /* Application-specific. */ +--- a/shell_cmd.c ++++ b/shell_cmd.c +@@ -14,6 +14,10 @@ + + /* System libraries. */ + ++#include ++#include ++#include ++#include + #include + #include + #include +@@ -25,8 +25,6 @@ + #include + #include + +-extern void exit(); +- + /* Local stuff. */ + + #include "tcpd.h" +--- a/tcpdchk.c ++++ b/tcpdchk.c +@@ -20,6 +20,8 @@ + + /* System libraries. */ + ++#include ++#include + #include + #include + #ifdef INET6 +@@ -35,10 +36,7 @@ + #include + #include + +-extern int errno; +-extern void exit(); +-extern int optind; +-extern char *optarg; ++int cidr_mask_addr(char *str); + + #ifndef INADDR_NONE + #define INADDR_NONE (-1) /* XXX should be 0xffffffff */ +--- a/clean_exit.c ++++ b/clean_exit.c +@@ -13,8 +13,8 @@ + #endif + + #include +- +-extern void exit(); ++#include ++#include + + #include "tcpd.h" + +--- a/hosts_access.c ++++ b/hosts_access.c +@@ -23,6 +23,7 @@ + + /* System libraries. */ + ++#include + #include + #ifdef INT32_T + typedef uint32_t u_int32_t; +@@ -43,8 +44,8 @@ + #include + #endif + +-extern char *fgets(); +-extern int errno; ++static int match_pattern_ylo(const char *s, const char *pattern); ++int cidr_mask_addr(char *str); + + #ifndef INADDR_NONE + #define INADDR_NONE (-1) /* XXX should be 0xffffffff */ +--- a/inetcf.c ++++ b/inetcf.c +@@ -9,15 +9,14 @@ + static char sccsid[] = "@(#) inetcf.c 1.7 97/02/12 02:13:23"; + #endif + ++#include + #include + #include + #include + #include + #include + +-extern int errno; +-extern void exit(); +- ++#include "scaffold.h" + #include "tcpd.h" + #include "inetcf.h" + +--- a/percent_x.c ++++ b/percent_x.c +@@ -16,12 +16,12 @@ + + /* System libraries. */ + ++#include ++#include + #include + #include + #include + +-extern void exit(); +- + /* Local stuff. */ + + #include "tcpd.h" +--- a/rfc931.c ++++ b/rfc931.c +@@ -15,6 +15,7 @@ + + /* System libraries. */ + ++#include + #include + #include + #include +--- a/tcpd.c ++++ b/tcpd.c +@@ -16,6 +16,7 @@ + + /* System libraries. */ + ++#include + #include + #include + #include +@@ -39,6 +39,8 @@ + #include "patchlevel.h" + #include "tcpd.h" + ++void fix_options(struct request_info *request); ++ + int allow_severity = SEVERITY; /* run-time adjustable */ + int deny_severity = LOG_WARNING; /* ditto */ + +--- a/tcpdmatch.c ++++ b/tcpdmatch.c +@@ -19,6 +19,8 @@ + + /* System libraries. */ + ++#include ++#include + #include + #include + #include +@@ -30,9 +32,6 @@ + #include + #include + +-extern void exit(); +-extern int optind; +-extern char *optarg; + + #ifndef INADDR_NONE + #define INADDR_NONE (-1) /* XXX should be 0xffffffff */ +--- a/update.c ++++ b/update.c +@@ -19,6 +19,7 @@ + + /* System libraries */ + ++#include + #include + #include + #include +--- a/misc.c ++++ b/misc.c +@@ -14,11 +14,10 @@ + #include + #include + #include ++#include + + #include "tcpd.h" + +-extern char *fgets(); +- + #ifndef INADDR_NONE + #define INADDR_NONE (-1) /* XXX should be 0xffffffff */ + #endif +--- a/fix_options.c ++++ b/fix_options.c +@@ -32,6 +32,7 @@ + + /* fix_options - get rid of IP-level socket options */ + ++void + fix_options(request) + struct request_info *request; + { +@@ -38,11 +38,8 @@ + #ifdef IP_OPTIONS + unsigned char optbuf[BUFFER_SIZE / 3], *cp; + char lbuf[BUFFER_SIZE], *lp; +-#ifdef __GLIBC__ +- size_t optsize = sizeof(optbuf), ipproto; +-#else +- int optsize = sizeof(optbuf), ipproto; +-#endif ++ socklen_t optsize = sizeof(optbuf); ++ int ipproto; + struct protoent *ip; + int fd = request->fd; + unsigned int opt; +--- a/socket.c ++++ b/socket.c +@@ -95,11 +95,7 @@ + static struct sockaddr_in client; + static struct sockaddr_in server; + #endif +-#ifdef __GLIBC__ +- size_t len; +-#else +- int len; +-#endif ++ socklen_t len; + char buf[BUFSIZ]; + int fd = request->fd; + +@@ -430,11 +426,7 @@ + #else + struct sockaddr_in sin; + #endif +-#ifdef __GLIBC__ +- size_t size = sizeof(sin); +-#else +- int size = sizeof(sin); +-#endif ++ socklen_t size; + + /* + * Eat up the not-yet received datagram. Some systems insist on a diff --git a/sys-apps/tcp-wrappers/files/tcp-wrappers-7.6-redhat-bug11881.patch b/sys-apps/tcp-wrappers/files/tcp-wrappers-7.6-redhat-bug11881.patch new file mode 100644 index 0000000..4a68476 --- /dev/null +++ b/sys-apps/tcp-wrappers/files/tcp-wrappers-7.6-redhat-bug11881.patch @@ -0,0 +1,35 @@ +--- tcp_wrappers_7.6/tcpd.c.bug11881 ++++ tcp_wrappers_7.6/tcpd.c +@@ -60,10 +60,10 @@ + */ + + if (argv[0][0] == '/') { +- strcpy(path, argv[0]); ++ strncpy(path, argv[0], sizeof(path)); + argv[0] = strrchr(argv[0], '/') + 1; + } else { +- sprintf(path, "%s/%s", REAL_DAEMON_DIR, argv[0]); ++ snprintf(path, sizeof(path), "%s/%s", REAL_DAEMON_DIR, argv[0]); + } + + /* +--- tcp_wrappers_7.6/eval.c.bug11881 ++++ tcp_wrappers_7.6/eval.c +@@ -111,7 +111,7 @@ + return (hostinfo); + #endif + if (STR_NE(eval_user(request), unknown)) { +- sprintf(both, "%s@%s", request->user, hostinfo); ++ snprintf(both, sizeof(both), "%s@%s", request->user, hostinfo); + return (both); + } else { + return (hostinfo); +@@ -128,7 +128,7 @@ + char *daemon = eval_daemon(request); + + if (STR_NE(host, unknown)) { +- sprintf(both, "%s@%s", daemon, host); ++ snprintf(both, sizeof(both), "%s@%s", daemon, host); + return (both); + } else { + return (daemon); diff --git a/sys-apps/tcp-wrappers/files/tcp-wrappers-7.6.22-remove-DECLS.patch b/sys-apps/tcp-wrappers/files/tcp-wrappers-7.6.22-remove-DECLS.patch new file mode 100644 index 0000000..0fbd5ed --- /dev/null +++ b/sys-apps/tcp-wrappers/files/tcp-wrappers-7.6.22-remove-DECLS.patch @@ -0,0 +1,22 @@ +diff -Naur tcp_wrappers_7.6.orig/tcpd.h tcp_wrappers_7.6/tcpd.h +--- tcp_wrappers_7.6.orig/tcpd.h 2014-03-24 18:39:52.000000000 +0000 ++++ tcp_wrappers_7.6/tcpd.h 2014-03-24 18:48:21.000000000 +0000 +@@ -11,7 +11,9 @@ + #include + #include + ++#ifdef __cplusplus + __BEGIN_DECLS ++#endif + + /* Structure to describe one communications endpoint. */ + +@@ -252,6 +254,8 @@ + extern char *my_strtok(); + #endif + ++#ifdef __cplusplus + __END_DECLS ++#endif + + #endif diff --git a/sys-apps/tcp-wrappers/metadata.xml b/sys-apps/tcp-wrappers/metadata.xml index 96a2d58..1cecd60 100644 --- a/sys-apps/tcp-wrappers/metadata.xml +++ b/sys-apps/tcp-wrappers/metadata.xml @@ -2,4 +2,10 @@ base-system + + + Support matching NIS (host) netgroup names via the @netgroup syntax + (if you don't know what this means, you most likely need want it) + + diff --git a/sys-apps/tcp-wrappers/tcp-wrappers-7.6.22-r99.ebuild b/sys-apps/tcp-wrappers/tcp-wrappers-7.6.22-r99.ebuild new file mode 100644 index 0000000..98e3f4c --- /dev/null +++ b/sys-apps/tcp-wrappers/tcp-wrappers-7.6.22-r99.ebuild @@ -0,0 +1,99 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-apps/tcp-wrappers/tcp-wrappers-7.6.22-r1.ebuild,v 1.7 2014/03/16 17:17:09 maekke Exp $ + +EAPI="4" + +inherit eutils toolchain-funcs versionator flag-o-matic multilib-minimal + +MY_PV=$(get_version_component_range 1-2) +DEB_PV=$(get_version_component_range 3) +MY_P="${PN//-/_}_${MY_PV}" +DESCRIPTION="TCP Wrappers" +HOMEPAGE="ftp://ftp.porcupine.org/pub/security/index.html" +SRC_URI="ftp://ftp.porcupine.org/pub/security/${MY_P}.tar.gz + mirror://debian/pool/main/t/${PN}/${PN}_${MY_PV}.q-${DEB_PV}.debian.tar.gz" + +LICENSE="tcp_wrappers_license" +SLOT="0" +KEYWORDS="amd64 arm ~mips x86" +IUSE="ipv6 netgroups static-libs" + +RDEPEND=" + abi_x86_32? ( + !<=app-emulation/emul-linux-x86-baselibs-20131008-r4 + !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] + )" + +S=${WORKDIR}/${MY_P} + +src_prepare() { + EPATCH_OPTS="-p1" \ + epatch $(sed -e 's:^:../debian/patches/:' ../debian/patches/series) + epatch "${FILESDIR}"/${PN}-7.6-headers.patch + epatch "${FILESDIR}"/${PN}-7.6-redhat-bug11881.patch + epatch "${FILESDIR}"/${PN}-7.6.22-remove-DECLS.patch + + multilib_copy_sources +} + +temake() { + local mycppflags="-DHAVE_WEAKSYMS -DHAVE_STRERROR -DSYS_ERRLIST_DEFINED" + use ipv6 && mycppflags+=" -DINET6=1 -Dss_family=__ss_family -Dss_len=__ss_len" + emake \ + REAL_DAEMON_DIR="${EPREFIX}"/usr/sbin \ + TLI= VSYSLOG= PARANOID= BUGS= \ + AUTH="-DALWAYS_RFC931" \ + AUX_OBJ="weak_symbols.o" \ + DOT="-DAPPEND_DOT" \ + HOSTNAME="-DALWAYS_HOSTNAME" \ + NETGROUP=$(usex netgroups -DNETGROUPS "") \ + STYLE="-DPROCESS_OPTIONS" \ + LIBS=$(usex netgroups -lnsl "") \ + LIB=$(usex static-libs libwrap.a "") \ + AR="$(tc-getAR)" ARFLAGS=rc \ + CC="$(tc-getCC)" \ + RANLIB="$(tc-getRANLIB)" \ + COPTS="${CFLAGS} ${CPPFLAGS} ${mycppflags}" \ + LDFLAGS="${LDFLAGS}" \ + "$@" || die +} + +multilib_src_configure() { + tc-export AR RANLIB + temake config-check +} + +multilib_src_compile() { + temake all +} + +multilib_src_install() { + into /usr + use static-libs && dolib.a libwrap.a + dolib.so shared/libwrap.so* + + insinto /usr/include + doins tcpd.h + + if multilib_build_binaries; then + gen_usr_ldscript -a wrap + dosbin tcpd tcpdchk tcpdmatch safe_finger try-from + fi +} + +multilib_src_install_all() { + doman *.[358] + dosym hosts_access.5 /usr/share/man/man5/hosts.allow.5 + dosym hosts_access.5 /usr/share/man/man5/hosts.deny.5 + + insinto /etc + newins "${FILESDIR}"/hosts.allow.example hosts.allow + + dodoc BLURB CHANGES DISCLAIMER README* +} + +pkg_preinst() { + # don't clobber people with our default example config + [[ -e ${EROOT}/etc/hosts.allow ]] && cp -pP "${EROOT}"/etc/hosts.allow "${ED}"/etc/hosts.allow +}