rpms/tcp_wrappers/devel tcp_wrappers-7.6-220015.patch, NONE, 1.1 tcp_wrappers.spec, 1.23, 1.24
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Mar 9 10:12:48 UTC 2007
Author: tjanouse
Update of /cvs/dist/rpms/tcp_wrappers/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv13212
Modified Files:
tcp_wrappers.spec
Added Files:
tcp_wrappers-7.6-220015.patch
Log Message:
* Fri Mar 09 2007 Tomas Janousek <tjanouse at redhat.com> - 7.6-43
- resolve hostnames in hosts.{allow,deny}, should fix a bunch of issues with
IPv4/6
tcp_wrappers-7.6-220015.patch:
hosts_access.c | 24 ++++++++++++++++++++++--
socket.c | 40 ++++++++++++++++++++++++++++++++++++++++
2 files changed, 62 insertions(+), 2 deletions(-)
--- NEW FILE tcp_wrappers-7.6-220015.patch ---
--- tcp_wrappers_7.6/hosts_access.c.220015 2007-02-08 15:39:51.000000000 +0100
+++ tcp_wrappers_7.6/hosts_access.c 2007-02-08 15:39:51.000000000 +0100
@@ -312,8 +312,28 @@
} else if ((mask = split_at(tok, '/')) != 0) { /* net/mask */
return (masked_match(tok, mask, eval_hostaddr(host)));
} else { /* anything else */
- return (string_match(tok, eval_hostaddr(host))
- || (NOT_INADDR(tok) && string_match(tok, eval_hostname(host))));
+ int ret;
+ if ((ret = string_match(tok, eval_hostaddr(host))))
+ return ret;
+
+ if (NOT_INADDR(tok)) {
+ if ((ret = string_match(tok, eval_hostname(host))))
+ return ret;
+
+ /* try to resolve the pattern and match the numeric
+ * addresses */
+ const char *tok_resolved = sock_resolve(tok, AF_INET);
+ if (HOSTNAME_KNOWN(tok_resolved))
+ if ((ret = string_match(tok_resolved, eval_hostaddr(host))))
+ return ret;
+
+ tok_resolved = sock_resolve(tok, AF_INET6);
+ if (HOSTNAME_KNOWN(tok_resolved))
+ if ((ret = string_match(tok_resolved, eval_hostaddr(host))))
+ return ret;
+ }
+
+ return (NO);
}
}
--- tcp_wrappers_7.6/socket.c.220015 2007-02-08 15:39:51.000000000 +0100
+++ tcp_wrappers_7.6/socket.c 2007-02-08 15:41:38.000000000 +0100
@@ -435,3 +435,43 @@
(void) recvfrom(fd, buf, sizeof(buf), 0, (struct sockaddr *) & sin, &size);
}
+
+/* sock_resolve - resolve the hostname to ip and return a string */
+
+const char * sock_resolve(hostname, family)
+const char * hostname;
+int family;
+{
+ static struct host_info h;
+
+ memset(&h, 0, sizeof(h));
+
+ int ret;
+ struct addrinfo hints, *res;
+
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_family = family;
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_flags = AI_PASSIVE;
+
+ if ((ret = getaddrinfo(hostname, NULL, &hints, &res)) == 0) {
+ h.sin = res->ai_addr;
+ sock_hostaddr(&h);
+ freeaddrinfo(res);
+
+ /* we have to add [] to the ipv6 address, as the string_match funtion
+ * will do a more correct match then */
+ if (family == AF_INET6) {
+ int len = strlen(h.addr);
+ memmove(h.addr + 1, h.addr, len + 1);
+ h.addr[0] = '[';
+ h.addr[len + 1] = ']';
+ h.addr[len + 2] = 0;
+ }
+
+ return h.addr;
+ } else {
+ tcpd_warn("can't get pattern (%s) address: %s", hostname, gai_strerror(ret));
+ return STRING_UNKNOWN;
+ }
+}
Index: tcp_wrappers.spec
===================================================================
RCS file: /cvs/dist/rpms/tcp_wrappers/devel/tcp_wrappers.spec,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- tcp_wrappers.spec 8 Mar 2007 14:41:55 -0000 1.23
+++ tcp_wrappers.spec 9 Mar 2007 10:12:45 -0000 1.24
@@ -1,7 +1,7 @@
Summary: A security tool which acts as a wrapper for TCP daemons.
Name: tcp_wrappers
Version: 7.6
-Release: 42.1%{?dist}
+Release: 43%{?dist}
%define LIB_MAJOR 0
%define LIB_MINOR 7
@@ -27,6 +27,7 @@
Patch14: tcp_wrappers-7.6-ldflags.patch
Patch15: tcp_wrappers-7.6-fix_sig-bug141110.patch
Patch16: tcp_wrappers-7.6-162412.patch
+Patch17: tcp_wrappers-7.6-220015.patch
# required by sin_scope_id in ipv6 patch
BuildRequires: glibc-devel >= 2.2
BuildRoot: %{_tmppath}/%{name}-root
@@ -79,6 +80,7 @@
%patch14 -p1 -b .cflags
%patch15 -p1 -b .fix_sig
%patch16 -p1 -b .162412
+%patch17 -p1 -b .220015
%build
make RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fPIC -DPIC -D_REENTRANT -DHAVE_STRERROR" LDFLAGS="-pie" MAJOR=%{LIB_MAJOR} MINOR=%{LIB_MINOR} REL=%{LIB_REL} linux
@@ -135,6 +137,10 @@
%{_mandir}/man3/*
%changelog
+* Fri Mar 09 2007 Tomas Janousek <tjanouse at redhat.com> - 7.6-43
+- resolve hostnames in hosts.{allow,deny}, should fix a bunch of issues with
+ IPv4/6
+
* Thu Mar 08 2007 Tomas Janousek <tjanouse at redhat.com> - 7.6-42.1
- moved libwrap.so* to /lib
- removed the static library libwrap.a
More information about the fedora-cvs-commits
mailing list