1 files changed, 151 insertions, 0 deletions
diff --git a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/11_tcpd_blacklist.patch b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/11_tcpd_blacklist.patch
new file mode 100644
index 0000000000..0238e35208
--- /dev/null
+++ b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/11_tcpd_blacklist.patch
@@ -0,0 +1,151 @@
+Path: news.porcupine.org!news.porcupine.org!not-for-mail
+From: Wietse Venema <wietse@((no)(spam)(please))wzv.win.tue.nl>
+Newsgroups: comp.mail.sendmail,comp.security.unix
+Subject: TCP Wrapper Blacklist Extension
+Followup-To: poster
+Date: 8 Sep 1997 18:53:13 -0400
+Organization: Wietse's hangout while on sabattical in the USA
+Lines: 147
+Sender: wietse@spike.porcupine.org
+Message-ID: <5v1vkp$h4f$1@spike.porcupine.org>
+NNTP-Posting-Host: spike.porcupine.org
+Xref: news.porcupine.org comp.mail.sendmail:3541 comp.security.unix:7158
+The patch below adds a new host pattern to the TCP Wrapper access
+control language. Instead of a host name or address pattern, you
+can specify an external /file/name with host name or address
+patterns.   The feature can be used recursively.
+The /file/name extension makes it easy to blacklist bad sites, for
+example, to block unwanted electronic mail when libwrap is linked
+into sendmail.  Adding hosts to a simple text file is much easier
+than having to edit a more complex hosts.allow/deny file.
+I developed this a year or so ago as a substitute for NIS netgroups.
+At that time, I did not consider it of sufficient interest for
+inclusion in the TCP Wrapper distribution. How times have changed.
+The patch is relative to TCP Wrappers version 7.6. The main archive
+site is ftp://ftp.win.tue.nl/pub/security/tcp_wrappers_7.6.tar.gz
+Thanks to the Debian LINUX folks for expressing their interest in
+this patch.
+        Wietse
+[diff updated by Md]
+diff -ruN tcp_wrappers_7.6.orig/hosts_access.5 tcp_wrappers_7.6/hosts_access.5
+--- tcp_wrappers_7.6.orig/hosts_access.5        2004-04-10 19:28:09.000000000 +0200
+++ tcp_wrappers_7.6/hosts_access.5     2004-04-10 19:28:01.000000000 +0200
+@@ -97,6 +97,13 @@
+ `[3ffe:505:2:1::]/64\' matches every address in the range
+ `3ffe:505:2:1::\' through `3ffe:505:2:1:ffff:ffff:ffff:ffff\'.
+ .IP \(bu
+A string that begins with a `/\' character is treated as a file
+name. A host name or address is matched if it matches any host name
+or address pattern listed in the named file. The file format is
+zero or more lines with zero or more host name or address patterns
+separated by whitespace.  A file name pattern can be used anywhere
+a host name or address pattern can be used.
+.IP \(bu
+ Wildcards `*\' and `?\' can be used to match hostnames or IP addresses.  This
+ method of matching cannot be used in conjunction with `net/mask\' matching,
+ hostname matching beginning with `.\' or IP address matching ending with `.\'.
+diff -ruN tcp_wrappers_7.6.orig/hosts_access.c tcp_wrappers_7.6/hosts_access.c
+--- tcp_wrappers_7.6.orig/hosts_access.c        2004-04-10 19:28:09.000000000 +0200
+++ tcp_wrappers_7.6/hosts_access.c     2004-04-10 19:27:05.000000000 +0200
+@@ -253,6 +253,26 @@
+     }
+ }
+ 
+/* hostfile_match - look up host patterns from file */
+
+static int hostfile_match(path, host)
+char   *path;
+struct hosts_info *host;
+{
+    char    tok[BUFSIZ];
+    int     match = NO;
+    FILE   *fp;
+
+    if ((fp = fopen(path, "r")) != 0) {
+       while (fscanf(fp, "%s", tok) == 1 && !(match = host_match(tok, host)))
+            /* void */ ;
+       fclose(fp);
+    } else if (errno != ENOENT) {
+       tcpd_warn("open %s: %m", path);
+    }
+    return (match);
+}
+
+ /* host_match - match host name and/or address against pattern */
+ 
+ static int host_match(tok, host)
+@@ -280,6 +300,8 @@
+        tcpd_warn("netgroup support is disabled");      /* not tcpd_jump() */
+        return (NO);
+ #endif
+    } else if (tok[0] == '/') {                        /* /file hack */
+       return (hostfile_match(tok, host));
+     } else if (STR_EQ(tok, "KNOWN")) {         /* check address and name */
+        char   *name = eval_hostname(host);
+        return (STR_NE(eval_hostaddr(host), unknown) && HOSTNAME_KNOWN(name));
+diff -ruN tcp_wrappers_7.6.orig/tcpdchk.c tcp_wrappers_7.6/tcpdchk.c
+--- tcp_wrappers_7.6.orig/tcpdchk.c     2004-04-10 19:28:09.000000000 +0200
+++ tcp_wrappers_7.6/tcpdchk.c  2004-04-10 19:27:05.000000000 +0200
+@@ -353,6 +353,8 @@
+ {
+     if (pat[0] == '@') {
+        tcpd_warn("%s: daemon name begins with \"@\"", pat);
+    } else if (pat[0] == '/') {
+       tcpd_warn("%s: daemon name begins with \"/\"", pat);
+     } else if (pat[0] == '.') {
+        tcpd_warn("%s: daemon name begins with dot", pat);
+     } else if (pat[strlen(pat) - 1] == '.') {
+@@ -385,6 +387,8 @@
+ {
+     if (pat[0] == '@') {                       /* @netgroup */
+        tcpd_warn("%s: user name begins with \"@\"", pat);
+    } else if (pat[0] == '/') {
+       tcpd_warn("%s: user name begins with \"/\"", pat);
+     } else if (pat[0] == '.') {
+        tcpd_warn("%s: user name begins with dot", pat);
+     } else if (pat[strlen(pat) - 1] == '.') {
+@@ -430,8 +434,13 @@
+ static int check_host(pat)
+ char   *pat;
+ {
+    char    buf[BUFSIZ];
+     char   *mask;
+     int     addr_count = 1;
+    FILE   *fp;
+    struct tcpd_context saved_context;
+    char   *cp;
+    char   *wsp = " \t\r\n";
+ 
+     if (pat[0] == '@') {                       /* @netgroup */
+ #ifdef NO_NETGRENT
+@@ -450,6 +459,21 @@
+        tcpd_warn("netgroup support disabled");
+ #endif
+ #endif
+    } else if (pat[0] == '/') {                        /* /path/name */
+       if ((fp = fopen(pat, "r")) != 0) {
+           saved_context = tcpd_context;
+           tcpd_context.file = pat;
+           tcpd_context.line = 0;
+           while (fgets(buf, sizeof(buf), fp)) {
+               tcpd_context.line++;
+               for (cp = strtok(buf, wsp); cp; cp = strtok((char *) 0, wsp))
+                   check_host(cp);
+           }
+           tcpd_context = saved_context;
+           fclose(fp);
+       } else if (errno != ENOENT) {
+           tcpd_warn("open %s: %m", pat);
+       }
+     } else if (mask = split_at(pat, '/')) {    /* network/netmask */
+ #ifdef INET6
+        int mask_len;

diff --git a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/11_tcpd_blacklist.patch b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/11_tcpd_blacklist.patch new file mode 100644 index 0000000000..0238e35208 --- /dev/null +++ b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/11_tcpd_blacklist.patch
@@ -0,0 +1,151 @@
	1	Path: news.porcupine.org!news.porcupine.org!not-for-mail
	2	From: Wietse Venema <wietse@((no)(spam)(please))wzv.win.tue.nl>
	3	Newsgroups: comp.mail.sendmail,comp.security.unix
	4	Subject: TCP Wrapper Blacklist Extension
	5	Followup-To: poster
	6	Date: 8 Sep 1997 18:53:13 -0400
	7	Organization: Wietse's hangout while on sabattical in the USA
	8	Lines: 147
	9	Sender: wietse@spike.porcupine.org
	10	Message-ID: <5v1vkp$h4f$1@spike.porcupine.org>
	11	NNTP-Posting-Host: spike.porcupine.org
	12	Xref: news.porcupine.org comp.mail.sendmail:3541 comp.security.unix:7158
	13
	14	The patch below adds a new host pattern to the TCP Wrapper access
	15	control language. Instead of a host name or address pattern, you
	16	can specify an external /file/name with host name or address
	17	patterns. The feature can be used recursively.
	18
	19	The /file/name extension makes it easy to blacklist bad sites, for
	20	example, to block unwanted electronic mail when libwrap is linked
	21	into sendmail. Adding hosts to a simple text file is much easier
	22	than having to edit a more complex hosts.allow/deny file.
	23
	24	I developed this a year or so ago as a substitute for NIS netgroups.
	25	At that time, I did not consider it of sufficient interest for
	26	inclusion in the TCP Wrapper distribution. How times have changed.
	27
	28	The patch is relative to TCP Wrappers version 7.6. The main archive
	29	site is ftp://ftp.win.tue.nl/pub/security/tcp_wrappers_7.6.tar.gz
	30
	31	Thanks to the Debian LINUX folks for expressing their interest in
	32	this patch.
	33
	34	Wietse
	35
	36
	37	[diff updated by Md]
	38
	39	diff -ruN tcp_wrappers_7.6.orig/hosts_access.5 tcp_wrappers_7.6/hosts_access.5
	40	--- tcp_wrappers_7.6.orig/hosts_access.5 2004-04-10 19:28:09.000000000 +0200
	41	+++ tcp_wrappers_7.6/hosts_access.5 2004-04-10 19:28:01.000000000 +0200
	42	@@ -97,6 +97,13 @@
	43	`[3ffe:505:2:1::]/64\' matches every address in the range
	44	`3ffe:505:2:1::\' through `3ffe:505:2:1:ffff:ffff:ffff:ffff\'.
	45	.IP \(bu
	46	+A string that begins with a `/\' character is treated as a file
	47	+name. A host name or address is matched if it matches any host name
	48	+or address pattern listed in the named file. The file format is
	49	+zero or more lines with zero or more host name or address patterns
	50	+separated by whitespace. A file name pattern can be used anywhere
	51	+a host name or address pattern can be used.
	52	+.IP \(bu
	53	Wildcards `*\' and `?\' can be used to match hostnames or IP addresses. This
	54	method of matching cannot be used in conjunction with `net/mask\' matching,
	55	hostname matching beginning with `.\' or IP address matching ending with `.\'.
	56	diff -ruN tcp_wrappers_7.6.orig/hosts_access.c tcp_wrappers_7.6/hosts_access.c
	57	--- tcp_wrappers_7.6.orig/hosts_access.c 2004-04-10 19:28:09.000000000 +0200
	58	+++ tcp_wrappers_7.6/hosts_access.c 2004-04-10 19:27:05.000000000 +0200
	59	@@ -253,6 +253,26 @@
	60	}
	61	}
	62
	63	+/* hostfile_match - look up host patterns from file */
	64	+
	65	+static int hostfile_match(path, host)
	66	+char *path;
	67	+struct hosts_info *host;
	68	+{
	69	+ char tok[BUFSIZ];
	70	+ int match = NO;
	71	+ FILE *fp;
	72	+
	73	+ if ((fp = fopen(path, "r")) != 0) {
	74	+ while (fscanf(fp, "%s", tok) == 1 && !(match = host_match(tok, host)))
	75	+ /* void */ ;
	76	+ fclose(fp);
	77	+ } else if (errno != ENOENT) {
	78	+ tcpd_warn("open %s: %m", path);
	79	+ }
	80	+ return (match);
	81	+}
	82	+
	83	/* host_match - match host name and/or address against pattern */
	84
	85	static int host_match(tok, host)
	86	@@ -280,6 +300,8 @@
	87	tcpd_warn("netgroup support is disabled"); /* not tcpd_jump() */
	88	return (NO);
	89	#endif
	90	+ } else if (tok[0] == '/') { /* /file hack */
	91	+ return (hostfile_match(tok, host));
	92	} else if (STR_EQ(tok, "KNOWN")) { /* check address and name */
	93	char *name = eval_hostname(host);
	94	return (STR_NE(eval_hostaddr(host), unknown) && HOSTNAME_KNOWN(name));
	95	diff -ruN tcp_wrappers_7.6.orig/tcpdchk.c tcp_wrappers_7.6/tcpdchk.c
	96	--- tcp_wrappers_7.6.orig/tcpdchk.c 2004-04-10 19:28:09.000000000 +0200
	97	+++ tcp_wrappers_7.6/tcpdchk.c 2004-04-10 19:27:05.000000000 +0200
	98	@@ -353,6 +353,8 @@
	99	{
	100	if (pat[0] == '@') {
	101	tcpd_warn("%s: daemon name begins with \"@\"", pat);
	102	+ } else if (pat[0] == '/') {
	103	+ tcpd_warn("%s: daemon name begins with \"/\"", pat);
	104	} else if (pat[0] == '.') {
	105	tcpd_warn("%s: daemon name begins with dot", pat);
	106	} else if (pat[strlen(pat) - 1] == '.') {
	107	@@ -385,6 +387,8 @@
	108	{
	109	if (pat[0] == '@') { /* @netgroup */
	110	tcpd_warn("%s: user name begins with \"@\"", pat);
	111	+ } else if (pat[0] == '/') {
	112	+ tcpd_warn("%s: user name begins with \"/\"", pat);
	113	} else if (pat[0] == '.') {
	114	tcpd_warn("%s: user name begins with dot", pat);
	115	} else if (pat[strlen(pat) - 1] == '.') {
	116	@@ -430,8 +434,13 @@
	117	static int check_host(pat)
	118	char *pat;
	119	{
	120	+ char buf[BUFSIZ];
	121	char *mask;
	122	int addr_count = 1;
	123	+ FILE *fp;
	124	+ struct tcpd_context saved_context;
	125	+ char *cp;
	126	+ char *wsp = " \t\r\n";
	127
	128	if (pat[0] == '@') { /* @netgroup */
	129	#ifdef NO_NETGRENT
	130	@@ -450,6 +459,21 @@
	131	tcpd_warn("netgroup support disabled");
	132	#endif
	133	#endif
	134	+ } else if (pat[0] == '/') { /* /path/name */
	135	+ if ((fp = fopen(pat, "r")) != 0) {
	136	+ saved_context = tcpd_context;
	137	+ tcpd_context.file = pat;
	138	+ tcpd_context.line = 0;
	139	+ while (fgets(buf, sizeof(buf), fp)) {
	140	+ tcpd_context.line++;
	141	+ for (cp = strtok(buf, wsp); cp; cp = strtok((char *) 0, wsp))
	142	+ check_host(cp);
	143	+ }
	144	+ tcpd_context = saved_context;
	145	+ fclose(fp);
	146	+ } else if (errno != ENOENT) {
	147	+ tcpd_warn("open %s: %m", pat);
	148	+ }
	149	} else if (mask = split_at(pat, '/')) { /* network/netmask */
	150	#ifdef INET6
	151	int mask_len;