%define build_compat32 %{?_with_compat32:1}%{!?_with_compat32:0} %define LIB_MAJOR 0 %define LIB_MINOR 7 %define LIB_REL 6 Summary: A security tool which acts as a wrapper for TCP daemons. Summary(ja): TCP デーモンのラッパとして働くセキュリティツール Name: tcp_wrappers Version: 7.6 Release: 39%{?_dist_release} License: BSD Group: System Environment/Daemons Source: ftp://ftp.porcupine.org/pub/security/tcp_wrappers_7.6.tar.gz Patch0: tcpw7.2-config.patch Patch1: tcpw7.2-setenv.patch Patch2: tcpw7.6-netgroup.patch Patch3: tcp_wrappers-7.6-bug11881.patch Patch4: tcp_wrappers-7.6-bug17795.patch Patch5: tcp_wrappers-7.6-bug17847.patch Patch6: tcp_wrappers-7.6-fixgethostbyname.patch Patch7: tcp_wrappers-7.6-docu.patch Patch8: tcp_wrappers-7.6-casesens.patch Patch9: tcp_wrappers.usagi-ipv6.patch Patch10: tcp_wrappers.ume-ipv6.patch Patch11: tcp_wrappers-7.6-shared.patch Patch12: tcp_wrappers-7.6-sig.patch Patch13: tcp_wrappers-7.6-strerror.patch Patch14: tcp_wrappers-7.6-ldflags.patch Patch15: tcp_wrappers-7.6-fix_sig-bug141110.patch Patch16: tcp_wrappers-7.6-162412.patch Patch17: tcp_wrappers-7.6-220015.patch Patch18: tcp_wrappers-7.6-restore_sigalarm.patch Patch19: tcp_wrappers-7.6-siglongjmp.patch Patch20: tcp_wrappers-7.6-sigchld.patch Patch21: tcp_wrappers-7.6-196326.patch Patch22: tcp_wrappers_7.6-249430.patch Patch23: tcp_wrappers-7.6-aclexec.patch Patch24: tcp_wrappers-7.6-fix-multidef.patch # required by sin_scope_id in ipv6 patch BuildRequires: glibc-devel >= 2.2 BuildRoot: %{_tmppath}/%{name}-%{version}-root %description The tcp_wrappers package provides small daemon programs which can monitor and filter incoming requests for systat, finger, FTP, telnet, rlogin, rsh, exec, tftp, talk and other network services. Install the tcp_wrappers program if you need a security tool for filtering incoming network services requests. %description -l ja tcp_wrapper パッケージには小さなデーモンプログラムが収められており, systat, finger, FTP, telnet, rlogin, rsh, exec, tftp, talk, その他 様々なネットワークサービスに対する外部からの要求を監視し,フィルタリング することが出来ます. ネットワークサービスに対する外部からのリクエストをフィルタリング 出来るセキュリティツールが必要ならば tcp_wrappers パッケージを インストールして下さい. ## to build compat32 for x86_64 architecture support %package -n compat32-%{name} Summary: A security tool which acts as a wrapper for TCP daemons. Summary(ja): TCP デーモンのラッパとして働くセキュリティツール Group: System Environment/Daemons %description -n compat32-%{name} The tcp_wrappers package provides small daemon programs which can monitor and filter incoming requests for systat, finger, FTP, telnet, rlogin, rsh, exec, tftp, talk and other network services. Install the tcp_wrappers program if you need a security tool for filtering incoming network services requests. %prep %setup -q -n tcp_wrappers_7.6 %patch0 -p1 -b .config %patch1 -p1 -b .setenv %patch2 -p1 -b .netgroup %patch3 -p1 -b .bug11881 %patch4 -p1 -b .bug17795 %patch5 -p1 -b .bug17847 %patch6 -p1 -b .fixgethostbyname %patch7 -p1 -b .docu %patch8 -p1 -b .man %patch9 -p1 -b .usagi-ipv6 %patch10 -p1 -b .ume-ipv6 %patch11 -p1 -b .shared %patch12 -p1 -b .sig %patch13 -p1 -b .strerror %patch14 -p1 -b .cflags %patch15 -p1 -b .fix_sig %patch16 -p1 -b .162412 %patch17 -p1 -b .220015 %patch18 -p1 -b .restore_sigalarm %patch19 -p1 -b .siglongjmp %patch20 -p1 -b .sigchld %patch21 -p1 -b .196326 %patch22 -p1 -b .249430 %patch23 -p1 -b .aclexec %patch24 -p1 -b .multidef # Disable static library creation by default. %define with_static 0 %build make RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fPIC -DPIC -D_REENTRANT -DHAVE_STRERROR -DACLEXEC" \ LDFLAGS="-pie" MAJOR=%{LIB_MAJOR} MINOR=%{LIB_MINOR} REL=%{LIB_REL} linux %install [ -n "$RPM_BUILD_ROOT" -a "$RPM_BUILD_ROOT" != / ] && rm -rf $RPM_BUILD_ROOT mkdir -p ${RPM_BUILD_ROOT}%{_includedir} mkdir -p ${RPM_BUILD_ROOT}%{_libdir} mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man{3,5,8} mkdir -p ${RPM_BUILD_ROOT}%{_sbindir} cp hosts_access.3 ${RPM_BUILD_ROOT}%{_mandir}/man3 cp hosts_access.5 hosts_options.5 ${RPM_BUILD_ROOT}%{_mandir}/man5 cp tcpd.8 tcpdchk.8 tcpdmatch.8 ${RPM_BUILD_ROOT}%{_mandir}/man8 ln -sf hosts_access.5 ${RPM_BUILD_ROOT}%{_mandir}/man5/hosts.allow.5 ln -sf hosts_access.5 ${RPM_BUILD_ROOT}%{_mandir}/man5/hosts.deny.5 %if %{with_static} cp -a libwrap.a ${RPM_BUILD_ROOT}%{_libdir} %endif cp -a libwrap.so* ${RPM_BUILD_ROOT}%{_libdir} install -p -m644 tcpd.h ${RPM_BUILD_ROOT}%{_includedir} install -m755 safe_finger ${RPM_BUILD_ROOT}%{_sbindir} install -m711 tcpd ${RPM_BUILD_ROOT}%{_sbindir} install -m755 try-from ${RPM_BUILD_ROOT}%{_sbindir} ## XXX remove utilities that expect /etc/inetd.conf (#16059). ##install -m755 tcpdchk ${RPM_BUILD_ROOT}%{_sbindir} ##install -m755 tcpdmatch ${RPM_BUILD_ROOT}%{_sbindir} #rm -f ${RPM_BUILD_ROOT}%{_mandir}/man8/tcpdmatch.* #rm -f ${RPM_BUILD_ROOT}%{_mandir}/man8/tcpdchk.* ## keep tcpdchk and tcpdmatch included here ## until xinetd is introduced for Vine Linux.... ## install -m755 tcpdchk $RPM_BUILD_ROOT%{_sbindir} install -m755 tcpdmatch $RPM_BUILD_ROOT%{_sbindir} %post -p /sbin/ldconfig %postun -p /sbin/ldconfig %post -n compat32-%{name} -p /sbin/ldconfig %postun -n compat32-%{name} -p /sbin/ldconfig %clean [ -n "$RPM_BUILD_ROOT" -a "$RPM_BUILD_ROOT" != / ] && rm -rf $RPM_BUILD_ROOT %files %defattr(-,root,root) %doc BLURB CHANGES README* DISCLAIMER Banners.Makefile %{_mandir}/man[358]/* %{_includedir}/* %if %{with_static} %{_libdir}/*.a %endif %{_libdir}/*.so %{_libdir}/*.so.* %{_sbindir}/* %if %{build_compat32} %files -n compat32-%{name} %defattr(-,root,root) %if %{with_static} %{_libdir}/*.a %endif %{_libdir}/*.so %{_libdir}/*.so.* %endif %changelog * Tue Aug 07 2012 Tomohiro "Tomo-p" KATO 7.6-39 - added Patch23 from debian (aclexec support). - added Patch24 (fix multiple definition). * Sun Apr 17 2011 Shu KONNO 7.6-38 - rebuilt with rpm-4.8.1-3 * Fri Feb 19 2010 Ryoichi INAGAKI 7.6-37 - s/BuildPrereq/BuildRequires/ - added Patch14-22 from FC * Wed Jul 25 2007 Tomas Janousek - 7.6-49 - fix for a.b.c.d/255.255.255.255 - fixes #249430 * Thu Jun 28 2007 Tomas Janousek - 7.6-48 - compare localhost and localhost.localdomain as the same * Wed Jun 06 2007 Tomas Janousek - 7.6-47 - fix the hostname resolving patch for x86_64 * Fri May 25 2007 Tomas Janousek - 7.6-45 - unblock and catch SIGCHLD from spawned shell commands, fixes #112975 * Mon Apr 16 2007 Tomas Janousek - 7.6-44 - added restore_sigalarm and siglongjmp patches from Debian, fixes #205129 * Fri Mar 09 2007 Tomas Janousek - 7.6-43 - resolve hostnames in hosts.{allow,deny}, should fix a bunch of issues with IPv4/6 * Tue Jan 24 2006 Thomas Woerner 7.6-40 - fixed uninitialized fp in function inet_cfg (#162412) * Fri May 6 2005 Thomas Woerner 7.6-39 - fixed sig patch (#141110). Thanks to Nikita Shulga for the patch * Mon May 04 2009 NAKAMURA Kenta 7.6-36 - removed unnecessary %%if %{build_compat32} statements - removed the static library libwrap.a by default * Wed Jul 09 2008 Daisuke SUZUKI 7.6-35 - new versioning policy - spec in UTF-8 * Fri Feb 17 2006 Shu KONNO 7.6-34vl3 - added compat32-* packages for x86_64 architecture support - fixed tcp_wrappers-7.6-shared.patch (which changed gcc to $CC) * Wed Nov 03 2004 Daisuke SUZUKI 7.6-34vl2 - new upstream release - add libwrap.so* to %%files * Fri Jul 4 2003 Ryoichi INAGAKI 7.6-34vl1 - based on 7.6-34 from Rawhide, applied some patches - rebuild with new toolchains - s/Copyright/License/ * Wed Jan 10 2001 MATSUBAYASHI 'Shaolin' Kohji - 7.6-17vl0 - based on 7.6-17 from Rawhide - added Japanese summary and description - keep tcpdmatch and tcpchk still until xinetd is introduced for Vine (if so in the future, these two program should be removed again...) * Sat Dec 30 2000 Jeff Johnson - permit hosts.{allow,deny} to be assembled from included components (#17795). - permit '*' and '?' wildcard matches on hostnames (#17847). * Sun Nov 19 2000 Bill Nottingham - ia64 needs -fPIC too * Mon Aug 14 2000 Jeff Johnson - remove utilities that expect /etc/inetd.conf (#16059). * Thu Jul 27 2000 Jeff Johnson - security hardening (#11881). * Wed Jul 12 2000 Prospector - automatic rebuild * Tue Jun 6 2000 Jeff Johnson - FHS packaging. * Tue May 16 2000 Chris Evans - Make tcpd mode -rwx--x--x as a security hardening measure * Mon Feb 7 2000 Jeff Johnson - compress man pages. * Mon Aug 23 1999 Jeff Johnson - add netgroup support (#3940). * Wed May 26 1999 Jeff Johnson - compile on sparc with -fPIC. * Sun Mar 21 1999 Cristian Gafton - auto rebuild in the new build environment (release 7) * Wed Dec 30 1998 Cristian Gafton - build for glibc 2.1 * Sat Aug 22 1998 Jeff Johnson - close setenv bug (problem #690) - spec file cleanup * Thu Jun 25 1998 Alan Cox - Erp where did the Dec 05 patch escape to * Thu May 07 1998 Prospector System - translations modified for de, fr, tr * Fri Dec 05 1997 Erik Troan - don't build setenv.o module -- it just breaks things * Wed Oct 29 1997 Marc Ewing - upgrade to 7.6 * Thu Jul 17 1997 Erik Troan - built against glibc * Mon Mar 03 1997 Erik Troan - Upgraded to version 7.5 - Uses a build root