1 files changed, 153 insertions, 0 deletions
diff --git a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/11_tcpd_blacklist.patch b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/11_tcpd_blacklist.patch
new file mode 100644
index 0000000000..226106f4ff
--- /dev/null
+++ b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/11_tcpd_blacklist.patch
@@ -0,0 +1,153 @@
+Upstream-Status: Backport
+Path: news.porcupine.org!news.porcupine.org!not-for-mail
+From: Wietse Venema <wietse@((no)(spam)(please))wzv.win.tue.nl>
+Newsgroups: comp.mail.sendmail,comp.security.unix
+Subject: TCP Wrapper Blacklist Extension
+Followup-To: poster
+Date: 8 Sep 1997 18:53:13 -0400
+Organization: Wietse's hangout while on sabattical in the USA
+Lines: 147
+Sender: wietse@spike.porcupine.org
+Message-ID: <5v1vkp$h4f$1@spike.porcupine.org>
+NNTP-Posting-Host: spike.porcupine.org
+Xref: news.porcupine.org comp.mail.sendmail:3541 comp.security.unix:7158
+The patch below adds a new host pattern to the TCP Wrapper access
+control language. Instead of a host name or address pattern, you
+can specify an external /file/name with host name or address
+patterns.   The feature can be used recursively.
+The /file/name extension makes it easy to blacklist bad sites, for
+example, to block unwanted electronic mail when libwrap is linked
+into sendmail.  Adding hosts to a simple text file is much easier
+than having to edit a more complex hosts.allow/deny file.
+I developed this a year or so ago as a substitute for NIS netgroups.
+At that time, I did not consider it of sufficient interest for
+inclusion in the TCP Wrapper distribution. How times have changed.
+The patch is relative to TCP Wrappers version 7.6. The main archive
+site is ftp://ftp.win.tue.nl/pub/security/tcp_wrappers_7.6.tar.gz
+Thanks to the Debian LINUX folks for expressing their interest in
+this patch.
+        Wietse
+[diff updated by Md]
+diff -ruN tcp_wrappers_7.6.orig/hosts_access.5 tcp_wrappers_7.6/hosts_access.5
+--- tcp_wrappers_7.6.orig/hosts_access.5        2004-04-10 19:28:09.000000000 +0200
+++ tcp_wrappers_7.6/hosts_access.5     2004-04-10 19:28:01.000000000 +0200
+@@ -97,6 +97,13 @@
+ `[3ffe:505:2:1::]/64\' matches every address in the range
+ `3ffe:505:2:1::\' through `3ffe:505:2:1:ffff:ffff:ffff:ffff\'.
+ .IP \(bu
+A string that begins with a `/\' character is treated as a file
+name. A host name or address is matched if it matches any host name
+or address pattern listed in the named file. The file format is
+zero or more lines with zero or more host name or address patterns
+separated by whitespace.  A file name pattern can be used anywhere
+a host name or address pattern can be used.
+.IP \(bu
+ Wildcards `*\' and `?\' can be used to match hostnames or IP addresses.  This
+ method of matching cannot be used in conjunction with `net/mask\' matching,
+ hostname matching beginning with `.\' or IP address matching ending with `.\'.
+diff -ruN tcp_wrappers_7.6.orig/hosts_access.c tcp_wrappers_7.6/hosts_access.c
+--- tcp_wrappers_7.6.orig/hosts_access.c        2004-04-10 19:28:09.000000000 +0200
+++ tcp_wrappers_7.6/hosts_access.c     2004-04-10 19:27:05.000000000 +0200
+@@ -253,6 +253,26 @@
+     }
+ }
+ 
+/* hostfile_match - look up host patterns from file */
+
+static int hostfile_match(path, host)
+char   *path;
+struct hosts_info *host;
+{
+    char    tok[BUFSIZ];
+    int     match = NO;
+    FILE   *fp;
+
+    if ((fp = fopen(path, "r")) != 0) {
+       while (fscanf(fp, "%s", tok) == 1 && !(match = host_match(tok, host)))
+            /* void */ ;
+       fclose(fp);
+    } else if (errno != ENOENT) {
+       tcpd_warn("open %s: %m", path);
+    }
+    return (match);
+}
+
+ /* host_match - match host name and/or address against pattern */
+ 
+ static int host_match(tok, host)
+@@ -280,6 +300,8 @@
+        tcpd_warn("netgroup support is disabled");      /* not tcpd_jump() */
+        return (NO);
+ #endif
+    } else if (tok[0] == '/') {                        /* /file hack */
+       return (hostfile_match(tok, host));
+     } else if (STR_EQ(tok, "KNOWN")) {         /* check address and name */
+        char   *name = eval_hostname(host);
+        return (STR_NE(eval_hostaddr(host), unknown) && HOSTNAME_KNOWN(name));
+diff -ruN tcp_wrappers_7.6.orig/tcpdchk.c tcp_wrappers_7.6/tcpdchk.c
+--- tcp_wrappers_7.6.orig/tcpdchk.c     2004-04-10 19:28:09.000000000 +0200
+++ tcp_wrappers_7.6/tcpdchk.c  2004-04-10 19:27:05.000000000 +0200
+@@ -353,6 +353,8 @@
+ {
+     if (pat[0] == '@') {
+        tcpd_warn("%s: daemon name begins with \"@\"", pat);
+    } else if (pat[0] == '/') {
+       tcpd_warn("%s: daemon name begins with \"/\"", pat);
+     } else if (pat[0] == '.') {
+        tcpd_warn("%s: daemon name begins with dot", pat);
+     } else if (pat[strlen(pat) - 1] == '.') {
+@@ -385,6 +387,8 @@
+ {
+     if (pat[0] == '@') {                       /* @netgroup */
+        tcpd_warn("%s: user name begins with \"@\"", pat);
+    } else if (pat[0] == '/') {
+       tcpd_warn("%s: user name begins with \"/\"", pat);
+     } else if (pat[0] == '.') {
+        tcpd_warn("%s: user name begins with dot", pat);
+     } else if (pat[strlen(pat) - 1] == '.') {
+@@ -430,8 +434,13 @@
+ static int check_host(pat)
+ char   *pat;
+ {
+    char    buf[BUFSIZ];
+     char   *mask;
+     int     addr_count = 1;
+    FILE   *fp;
+    struct tcpd_context saved_context;
+    char   *cp;
+    char   *wsp = " \t\r\n";
+ 
+     if (pat[0] == '@') {                       /* @netgroup */
+ #ifdef NO_NETGRENT
+@@ -450,6 +459,21 @@
+        tcpd_warn("netgroup support disabled");
+ #endif
+ #endif
+    } else if (pat[0] == '/') {                        /* /path/name */
+       if ((fp = fopen(pat, "r")) != 0) {
+           saved_context = tcpd_context;
+           tcpd_context.file = pat;
+           tcpd_context.line = 0;
+           while (fgets(buf, sizeof(buf), fp)) {
+               tcpd_context.line++;
+               for (cp = strtok(buf, wsp); cp; cp = strtok((char *) 0, wsp))
+                   check_host(cp);
+           }
+           tcpd_context = saved_context;
+           fclose(fp);
+       } else if (errno != ENOENT) {
+           tcpd_warn("open %s: %m", pat);
+       }
+     } else if (mask = split_at(pat, '/')) {    /* network/netmask */
+ #ifdef INET6
+        int mask_len;

diff --git a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/11_tcpd_blacklist.patch b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/11_tcpd_blacklist.patch new file mode 100644 index 0000000000..226106f4ff --- /dev/null +++ b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/11_tcpd_blacklist.patch
@@ -0,0 +1,153 @@
	1	Upstream-Status: Backport
	2
	3	Path: news.porcupine.org!news.porcupine.org!not-for-mail
	4	From: Wietse Venema <wietse@((no)(spam)(please))wzv.win.tue.nl>
	5	Newsgroups: comp.mail.sendmail,comp.security.unix
	6	Subject: TCP Wrapper Blacklist Extension
	7	Followup-To: poster
	8	Date: 8 Sep 1997 18:53:13 -0400
	9	Organization: Wietse's hangout while on sabattical in the USA
	10	Lines: 147
	11	Sender: wietse@spike.porcupine.org
	12	Message-ID: <5v1vkp$h4f$1@spike.porcupine.org>
	13	NNTP-Posting-Host: spike.porcupine.org
	14	Xref: news.porcupine.org comp.mail.sendmail:3541 comp.security.unix:7158
	15
	16	The patch below adds a new host pattern to the TCP Wrapper access
	17	control language. Instead of a host name or address pattern, you
	18	can specify an external /file/name with host name or address
	19	patterns. The feature can be used recursively.
	20
	21	The /file/name extension makes it easy to blacklist bad sites, for
	22	example, to block unwanted electronic mail when libwrap is linked
	23	into sendmail. Adding hosts to a simple text file is much easier
	24	than having to edit a more complex hosts.allow/deny file.
	25
	26	I developed this a year or so ago as a substitute for NIS netgroups.
	27	At that time, I did not consider it of sufficient interest for
	28	inclusion in the TCP Wrapper distribution. How times have changed.
	29
	30	The patch is relative to TCP Wrappers version 7.6. The main archive
	31	site is ftp://ftp.win.tue.nl/pub/security/tcp_wrappers_7.6.tar.gz
	32
	33	Thanks to the Debian LINUX folks for expressing their interest in
	34	this patch.
	35
	36	Wietse
	37
	38
	39	[diff updated by Md]
	40
	41	diff -ruN tcp_wrappers_7.6.orig/hosts_access.5 tcp_wrappers_7.6/hosts_access.5
	42	--- tcp_wrappers_7.6.orig/hosts_access.5 2004-04-10 19:28:09.000000000 +0200
	43	+++ tcp_wrappers_7.6/hosts_access.5 2004-04-10 19:28:01.000000000 +0200
	44	@@ -97,6 +97,13 @@
	45	`[3ffe:505:2:1::]/64\' matches every address in the range
	46	`3ffe:505:2:1::\' through `3ffe:505:2:1:ffff:ffff:ffff:ffff\'.
	47	.IP \(bu
	48	+A string that begins with a `/\' character is treated as a file
	49	+name. A host name or address is matched if it matches any host name
	50	+or address pattern listed in the named file. The file format is
	51	+zero or more lines with zero or more host name or address patterns
	52	+separated by whitespace. A file name pattern can be used anywhere
	53	+a host name or address pattern can be used.
	54	+.IP \(bu
	55	Wildcards `*\' and `?\' can be used to match hostnames or IP addresses. This
	56	method of matching cannot be used in conjunction with `net/mask\' matching,
	57	hostname matching beginning with `.\' or IP address matching ending with `.\'.
	58	diff -ruN tcp_wrappers_7.6.orig/hosts_access.c tcp_wrappers_7.6/hosts_access.c
	59	--- tcp_wrappers_7.6.orig/hosts_access.c 2004-04-10 19:28:09.000000000 +0200
	60	+++ tcp_wrappers_7.6/hosts_access.c 2004-04-10 19:27:05.000000000 +0200
	61	@@ -253,6 +253,26 @@
	62	}
	63	}
	64
	65	+/* hostfile_match - look up host patterns from file */
	66	+
	67	+static int hostfile_match(path, host)
	68	+char *path;
	69	+struct hosts_info *host;
	70	+{
	71	+ char tok[BUFSIZ];
	72	+ int match = NO;
	73	+ FILE *fp;
	74	+
	75	+ if ((fp = fopen(path, "r")) != 0) {
	76	+ while (fscanf(fp, "%s", tok) == 1 && !(match = host_match(tok, host)))
	77	+ /* void */ ;
	78	+ fclose(fp);
	79	+ } else if (errno != ENOENT) {
	80	+ tcpd_warn("open %s: %m", path);
	81	+ }
	82	+ return (match);
	83	+}
	84	+
	85	/* host_match - match host name and/or address against pattern */
	86
	87	static int host_match(tok, host)
	88	@@ -280,6 +300,8 @@
	89	tcpd_warn("netgroup support is disabled"); /* not tcpd_jump() */
	90	return (NO);
	91	#endif
	92	+ } else if (tok[0] == '/') { /* /file hack */
	93	+ return (hostfile_match(tok, host));
	94	} else if (STR_EQ(tok, "KNOWN")) { /* check address and name */
	95	char *name = eval_hostname(host);
	96	return (STR_NE(eval_hostaddr(host), unknown) && HOSTNAME_KNOWN(name));
	97	diff -ruN tcp_wrappers_7.6.orig/tcpdchk.c tcp_wrappers_7.6/tcpdchk.c
	98	--- tcp_wrappers_7.6.orig/tcpdchk.c 2004-04-10 19:28:09.000000000 +0200
	99	+++ tcp_wrappers_7.6/tcpdchk.c 2004-04-10 19:27:05.000000000 +0200
	100	@@ -353,6 +353,8 @@
	101	{
	102	if (pat[0] == '@') {
	103	tcpd_warn("%s: daemon name begins with \"@\"", pat);
	104	+ } else if (pat[0] == '/') {
	105	+ tcpd_warn("%s: daemon name begins with \"/\"", pat);
	106	} else if (pat[0] == '.') {
	107	tcpd_warn("%s: daemon name begins with dot", pat);
	108	} else if (pat[strlen(pat) - 1] == '.') {
	109	@@ -385,6 +387,8 @@
	110	{
	111	if (pat[0] == '@') { /* @netgroup */
	112	tcpd_warn("%s: user name begins with \"@\"", pat);
	113	+ } else if (pat[0] == '/') {
	114	+ tcpd_warn("%s: user name begins with \"/\"", pat);
	115	} else if (pat[0] == '.') {
	116	tcpd_warn("%s: user name begins with dot", pat);
	117	} else if (pat[strlen(pat) - 1] == '.') {
	118	@@ -430,8 +434,13 @@
	119	static int check_host(pat)
	120	char *pat;
	121	{
	122	+ char buf[BUFSIZ];
	123	char *mask;
	124	int addr_count = 1;
	125	+ FILE *fp;
	126	+ struct tcpd_context saved_context;
	127	+ char *cp;
	128	+ char *wsp = " \t\r\n";
	129
	130	if (pat[0] == '@') { /* @netgroup */
	131	#ifdef NO_NETGRENT
	132	@@ -450,6 +459,21 @@
	133	tcpd_warn("netgroup support disabled");
	134	#endif
	135	#endif
	136	+ } else if (pat[0] == '/') { /* /path/name */
	137	+ if ((fp = fopen(pat, "r")) != 0) {
	138	+ saved_context = tcpd_context;
	139	+ tcpd_context.file = pat;
	140	+ tcpd_context.line = 0;
	141	+ while (fgets(buf, sizeof(buf), fp)) {
	142	+ tcpd_context.line++;
	143	+ for (cp = strtok(buf, wsp); cp; cp = strtok((char *) 0, wsp))
	144	+ check_host(cp);
	145	+ }
	146	+ tcpd_context = saved_context;
	147	+ fclose(fp);
	148	+ } else if (errno != ENOENT) {
	149	+ tcpd_warn("open %s: %m", pat);
	150	+ }
	151	} else if (mask = split_at(pat, '/')) { /* network/netmask */
	152	#ifdef INET6
	153	int mask_len;