| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 00_man_quoting.diff | diff -ruN tcp_wrappers_7.6.orig/hosts_access.5 tcp_wrappers_7.6/hosts_access.5 | no | ||||
| 00_man_typos | diff -ruNp tcp_wrappers_7.6.orig/hosts_access.5 tcp_wrappers_7.6/hosts_access.5 | no | ||||
| 01_man_portability | diff -ruNp tcp_wrappers_7.6.orig/hosts_access.3 tcp_wrappers_7.6/hosts_access.3 | no | ||||
| 05_wildcard_matching | (Though the original code needs to be patched to be case-insensitive.) | Pekka Savola <pekkas@netcore.fi> | no | https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=17847 | 2000-09-26 | |
| 06_fix_gethostbyname | * Mon Feb 5 2001 Preston Brown <pbrown@redhat.com> - fix gethostbyname to work better with dot "." notation (#16949) |
no | ||||
| 10_usagi-ipv6 | no | |||||
| 11_tcpd_blacklist | TCP Wrapper Blacklist Extension The patch below adds a new host pattern to the TCP Wrapper access control language. Instead of a host name or address pattern, you can specify an external /file/name with host name or address patterns. The feature can be used recursively. The /file/name extension makes it easy to blacklist bad sites, for example, to block unwanted electronic mail when libwrap is linked into sendmail. Adding hosts to a simple text file is much easier than having to edit a more complex hosts.allow/deny file. I developed this a year or so ago as a substitute for NIS netgroups. At that time, I did not consider it of sufficient interest for inclusion in the TCP Wrapper distribution. How times have changed. The patch is relative to TCP Wrappers version 7.6. The main archive site is ftp://ftp.win.tue.nl/pub/security/tcp_wrappers_7.6.tar.gz Thanks to the Debian LINUX folks for expressing their interest in this patch. Wietse [diff updated by Md] diff -ruN tcp_wrappers_7.6.orig/hosts_access.5 tcp_wrappers_7.6/hosts_access.5 |
Wietse Venema <wietse@((no)(spam)(please))wzv.win.tue.nl> | no | upstream, ftp://ftp.porcupine.org/pub/security/tcpd-blacklist-patch | 1997-09-08 | |
| 11_usagi_fix | diff -uN tcp_wrappers_7.6/hosts_access.c tcp_wrappers_7.6.new/hosts_access.c | no | ||||
| 12_makefile_config | no | |||||
| 13_shlib_weaksym | no | |||||
| 14_cidr_support | diff -ruN tcp_wrappers_7.6.orig/hosts_access.5 tcp_wrappers_7.6/hosts_access.5 | no | ||||
| 15_match_clarify | diff -ruN tcp_wrappers_7.6.orig/hosts_access.5 tcp_wrappers_7.6/hosts_access.5 | no | ||||
| musl_support | no | |||||
| aclexec | diff -ruNp tcp_wrappers_7.6.orig/hosts_access.c tcp_wrappers_7.6/hosts_access.c | no | ||||
| expand_remote_port | diff -ruN tcp_wrappers_7.6.orig/eval.c tcp_wrappers_7.6/eval.c | no | ||||
| catch-sigchld | no | |||||
| fix_warnings | no | |||||
| have_strerror | diff -ruN tcp_wrappers_7.6.orig/percent_m.c tcp_wrappers_7.6/percent_m.c | no | ||||
| man_fromhost | diff -ruN tcp_wrappers_7.6.orig/hosts_access.3 tcp_wrappers_7.6/hosts_access.3 | no | ||||
| more_man_pages | no | |||||
| match_port | diff -ruNp tcp_wrappers_7.6.orig/hosts_access.c tcp_wrappers_7.6/hosts_access.c | no | ||||
| restore_sigalarm | diff -ruN tcp_wrappers_7.6.orig/rfc931.c tcp_wrappers_7.6/rfc931.c | no | ||||
| rfc931.diff | diff -ruNp tcp_wrappers_7.6.orig/scaffold.c tcp_wrappers_7.6/scaffold.c | no | ||||
| safe_finger | no | |||||
| sig_fix | * Fri May 6 2005 Thomas Woerner <twoerner@redhat.com> 7.6-39 - fixed sig patch (#141110). Thanks to Nikita Shulga for the patch * Mon Feb 10 2003 Harald Hoyer <harald@redhat.de> 7.6-29 - added security patch tcp_wrappers-7.6-sig.patch diff -ruNp tcp_wrappers_7.6.orig/hosts_access.c tcp_wrappers_7.6/hosts_access.c |
no | ||||
| siglongjmp | diff -ruNp tcp_wrappers_7.6.orig/rfc931.c tcp_wrappers_7.6/rfc931.c | no | ||||
| size_t | no | |||||
| tcpdchk_libwrapped | diff -ruN tcp_wrappers_7.6.orig/tcpdchk.c tcp_wrappers_7.6/tcpdchk.c | no | ||||
| fix_static | no | |||||
| fix_parsing_long_lines | Fix parsing of lines longer than 2047 characters If a line in /etc/hosts.{allow,deny} is longer than BUFLEN-1 (2047) characters then len will be set to 1 at the end of the xgets() loop. . At the next iteration, fgets will be passed a buffer of length 1, so it will only be able to read an empty string (the buffer must always have space for the trailing NUL). . strlen(3) on the empty string will return 0, so len will not be modified anymore and the last step will repeat forever. . To reproduce: perl -e 'print "#sshd: " . ("127.0.0.1, " x 210) . "\n"' > hosts.deny tcpdmatch -d test localhost |
Marco d'Itri <md@linux.it> | no | debian | ||
| initgroups | diff -up tcp_wrappers_7.6/options.c.initgroups tcp_wrappers_7.6/options.c | no | ||||
| ignore_missing_inetdconf | no | |||||
| fix_warnings2 | no | |||||
| disable_netgroups | disable support for NIS netgroups This allows to stop linking the library with libnsl and its dependencies. | Marco d'Itri <md@linux.it> | no | debian |