--- tcp-wrappers-7.6.q.orig/try-from.8 +++ tcp-wrappers-7.6.q/try-from.8 @@ -0,0 +1,28 @@ +.TH TRY-FROM 8 "21th June 1997" Linux "Linux Programmer's Manual" +.SH NAME +try-from \- test program for the tcp_wrapper +.SH SYNOPSIS +.B try-from +.SH DESCRIPTION +The +.B try-from +command can be called via a remote shell command to find out +if the hostname and address are properly recognized +by the +.B tcp_wrapper +library, if username lookup works, and (SysV only) if the TLI +on top of IP heuristics work. Diagnostics are reported through +.BR syslog (3) +and redirected to stderr. + +Example: + +rsh host /some/where/try-from + +.SH SEE ALSO +.BR hosts_access (5), +.BR hosts_options (5), +.BR tcpd (8) +.SH AUTHOR +Wietse Venema, Eindhoven University of Technology, The Netherlands. + --- tcp-wrappers-7.6.q.orig/safe_finger.8 +++ tcp-wrappers-7.6.q/safe_finger.8 @@ -0,0 +1,34 @@ +.TH SAFE_FINGER 8 "21th June 1997" Linux "Linux Programmer's Manual" +.SH NAME +safe_finger \- finger client wrapper that protects against nasty stuff +from finger servers +.SH SYNOPSIS +.B safe_finger [finger_options] +.SH DESCRIPTION +The +.B safe_finger +command protects against nasty stuff from finger servers. Use this +program for automatic reverse finger probes from the +.B tcp_wrapper +.B (tcpd) +, not the raw finger command. The +.B safe_finger +command makes sure that the finger client is not run with root +privileges. It also runs the finger client with a defined PATH +environment. +.B safe_finger +will also protect you from problems caused by the output of some +finger servers. The problem: some programs may react to stuff in +the first column. Other programs may get upset by thrash anywhere +on a line. File systems may fill up as the finger server keeps +sending data. Text editors may bomb out on extremely long lines. +The finger server may take forever because it is somehow wedged. +.B safe_finger +takes care of all this badness. +.SH SEE ALSO +.BR hosts_access (5), +.BR hosts_options (5), +.BR tcpd (8) +.SH AUTHOR +Wietse Venema, Eindhoven University of Technology, The Netherlands. + --- tcp-wrappers-7.6.q.orig/debian/tcpd.dirs +++ tcp-wrappers-7.6.q/debian/tcpd.dirs @@ -0,0 +1,3 @@ +usr/sbin +usr/share/man/man5 +usr/share/man/man8 --- tcp-wrappers-7.6.q.orig/debian/libwrap0.shlibs +++ tcp-wrappers-7.6.q/debian/libwrap0.shlibs @@ -0,0 +1 @@ +libwrap 0 libwrap0 --- tcp-wrappers-7.6.q.orig/debian/README.Debian +++ tcp-wrappers-7.6.q/debian/README.Debian @@ -0,0 +1,70 @@ +tcp_wrappers for Debian +----------------------- + +Extensions: +----------- + +There are a number of Debian specific changes to TCP wrappers: + + * libwrap.so.0 is available for dynamic linking. + + * You can blacklist a whole bunch of hosts at once by specifying a + file that contains a list of those hosts instead of just naming + a host. See the hosts_access(5) manpage. + + * You can allow or disallow access to a service depending on the + exit status of a program. See the hosts_access(5) manpage. + + * CIDR support in hosts_access(5) functions. + + * %r and %R parameters in hosts_access(5) functions. + + * Servers can be matched by port number other than by process name. + + * IPv6 support. + +Library versioning: +------------------- + +TCP wrappers isn't distributed as a shared library upstream, so the +versioning scheme used for TCP wrappers may not match Linux's library +versioning schme. Hence, libwrap has a soname of libwrap0 (version 7.6), +instead of libwrap7 (version 6). + +Build options: +-------------- + +STYLE = "-DPROCESS_OPTIONS -DACLEXEC" + + Debian TCP Wrappers use the extended syntax for /etc/hosts.allow + and /etc/hosts.deny. This particularly affects spawning other + commands on connections, see the hosts_options(5) manpage for + more details. + +FACILITY = LOG_DAEMON +SEVERITY = LOG_INFO + + TCP Wrappers logs as daemon.info (rather than mail.info). + +BUGS = + + Linux has no bugs. :) + +VSYSLOG = + + libc6 has vsyslog built in. + +UMASK = -DDAEMON_UMASK=022 +NETGROUP = -DNETGROUP + +RFC931_TIMEOUT = 10 +ACCESS = -DHOSTS_ACCESS +TABLES = -DHOSTS_DENY=\"/etc/hosts.deny\" -DHOSTS_ALLOW=\"/etc/hosts.al +low\" +KILL_OPT = -DKILL_IP_OPTIONS + +EXTRA_CFLAGS="-DSYS_ERRLIST_DEFINED -DHAVE_STRERROR -DHAVE_WEAKSYMS -D_REENTRANT -DINET6=1 -Dss_family=__ss_family -Dss_len=__ss_len" + +The options ALWAYS_RFC931, ALWAYS_HOSTNAME and PARANOID have not been +enabled because these features can be enabled at runtime. The option +APPEND_DOT is not enabled because of compatibility reasons. --- tcp-wrappers-7.6.q.orig/debian/control +++ tcp-wrappers-7.6.q/debian/control @@ -0,0 +1,55 @@ +Source: tcp-wrappers +Section: net +Priority: important +Maintainer: Marco d'Itri +Build-Depends: debhelper (>= 5.0.61), dpkg-dev (>= 1.14.8), quilt (>= 0.40), po-debconf +Standards-Version: 3.8.0 + +Package: tcpd +Architecture: any +Priority: important +Depends: ${shlibs:Depends}, ${misc:Depends} +Replaces: libwrap0 (<< 7.6-8) +Description: Wietse Venema's TCP wrapper utilities + Wietse Venema's network logger, also known as TCPD or LOG_TCP. + . + These programs log the client host name of incoming telnet, + ftp, rsh, rlogin, finger etc. requests. + . + Security options are: + - access control per host, domain and/or service; + - detection of host name spoofing or host address spoofing; + - booby traps to implement an early-warning system. + +Package: libwrap0 +Section: libs +Priority: important +Architecture: any +Depends: ${shlibs:Depends} +Recommends: tcpd +Description: Wietse Venema's TCP wrappers library + Wietse Venema's network logger, also known as TCPD or LOG_TCP. + . + These programs log the client host name of incoming telnet, + ftp, rsh, rlogin, finger etc. requests. + . + Security options are: + - access control per host, domain and/or service; + - detection of host name spoofing or host address spoofing; + - booby traps to implement an early-warning system. + +Package: libwrap0-dev +Section: libdevel +Priority: optional +Architecture: any +Depends: libwrap0 (= ${binary:Version}) +Description: Wietse Venema's TCP wrappers library, development files + Wietse Venema's network logger, also known as TCPD or LOG_TCP. + . + These programs log the client host name of incoming telnet, + ftp, rsh, rlogin, finger etc. requests. + . + Security options are: + - access control per host, domain and/or service; + - detection of host name spoofing or host address spoofing; + - booby traps to implement an early-warning system. --- tcp-wrappers-7.6.q.orig/debian/libwrap0-dev.dirs +++ tcp-wrappers-7.6.q/debian/libwrap0-dev.dirs @@ -0,0 +1,3 @@ +usr/lib +usr/include +usr/share/man/man3 --- tcp-wrappers-7.6.q.orig/debian/tcpd.config +++ tcp-wrappers-7.6.q/debian/tcpd.config @@ -0,0 +1,13 @@ +#!/bin/sh -e + +# Only ask about the configuration if there are no hosts.{allow,deny} files + +if [ ! -e /etc/hosts.allow ] && [ ! -e /etc/hosts.deny ]; then + . /usr/share/debconf/confmodule + db_input medium tcpd/paranoid-mode || true + db_go +fi + +#DEBHELPER# + +exit 0 --- tcp-wrappers-7.6.q.orig/debian/libwrap0.dirs +++ tcp-wrappers-7.6.q/debian/libwrap0.dirs @@ -0,0 +1 @@ +lib --- tcp-wrappers-7.6.q.orig/debian/libwrap0.symbols +++ tcp-wrappers-7.6.q/debian/libwrap0.symbols @@ -0,0 +1,41 @@ +libwrap.so.0 libwrap0 #MINVER# + allow_severity@Base 7.6-4~ + cidr_mask_addr@Base 7.6-4~ + clean_exit@Base 7.6-4~ + deny_severity@Base 7.6-4~ + dot_quad_addr@Base 7.6-4~ + dry_run@Base 7.6-4~ + eval_client@Base 7.6-4~ + eval_hostaddr@Base 7.6-4~ + eval_hostinfo@Base 7.6-4~ + eval_hostname@Base 7.6-4~ + eval_port@Base 7.6-4~ + eval_server@Base 7.6-4~ + eval_user@Base 7.6-4~ + fix_options@Base 7.6-4~ + hosts_access@Base 7.6-4~ + hosts_access_verbose@Base 7.6-4~ + hosts_allow_table@Base 7.6-4~ + hosts_ctl@Base 7.6-4~ + hosts_deny_table@Base 7.6-4~ + paranoid@Base 7.6-4~ + percent_m@Base 7.6-4~ + percent_x@Base 7.6-4~ + process_options@Base 7.6-4~ + refuse@Base 7.6-4~ + request_init@Base 7.6-4~ + request_set@Base 7.6-4~ + resident@Base 7.6-4~ + rfc931@Base 7.6-4~ + rfc931_timeout@Base 7.6-4~ + shell_cmd@Base 7.6-4~ + sock_host@Base 7.6-4~ + sock_hostaddr@Base 7.6-4~ + sock_hostname@Base 7.6-4~ + split_at@Base 7.6-4~ + tcpd_buf@Base 7.6-4~ + tcpd_context@Base 7.6-4~ + tcpd_jump@Base 7.6-4~ + tcpd_warn@Base 7.6-4~ + unknown@Base 7.6-4~ + xgets@Base 7.6-4~ --- tcp-wrappers-7.6.q.orig/debian/libwrap0-dev.links +++ tcp-wrappers-7.6.q/debian/libwrap0-dev.links @@ -0,0 +1,3 @@ +usr/share/man/man3/hosts_access.3 usr/share/man/man3/hosts_ctl.3 +usr/share/man/man3/hosts_access.3 usr/share/man/man3/request_init.3 +usr/share/man/man3/hosts_access.3 usr/share/man/man3/request_set.3 --- tcp-wrappers-7.6.q.orig/debian/changelog +++ tcp-wrappers-7.6.q/debian/changelog @@ -0,0 +1,317 @@ +tcp-wrappers (7.6.q-16) unstable; urgency=low + + * New debconf translation: sk. (Closes: #489267) + * Updated debconf translations: gl, sv, es, ro. + (Closes: #480968, #483768, #488606, #488889) + + -- Marco d'Itri Sat, 26 Jul 2008 01:24:15 +0200 + +tcp-wrappers (7.6.q-15) unstable; urgency=low + + * Converted from dbs to quilt. + * Added cross building support. (Closes: #451854) + * Added a dpkg symbols file (and depend on a newer debhelper and dpkg-dev). + * Updated debconf translations: fr, ca, nl. + (Closes: #435784, #446392, #465667) + * New debconf translation: fi. (Closes: #447075) + * New patch catch-sigchld: unblocks and catches SIGCHLD from spawned + shell commands and uses waitpid to prevent waiting for the childs of + the calling application. + (From the Fedora package, fixes RH #112975 and RH #156373.) + + -- Marco d'Itri Fri, 04 Apr 2008 05:30:21 +0200 + +tcp-wrappers (7.6.dbs-14) unstable; urgency=medium + + * Updated patch wildcard_matching to be case insensitive. Fix courtesy of + Kees Cook. (Closes: #426811) + * Package description and debconf messages fixed by debian-l10n-english. + (Closes: #418848) + * Updated debconf translations: ja, nb, ru, se, gl, pt_BR, de, cs, pt, ko, + vi, da. + (Closes: #419712, #419711, #419743, #419824, #419834, #419858, #412493) + (Closes: #419955, #420215, #419779, #421483, #422036, #425413, #426688) + (Closes: #426788) + * New debconf translations: hu, ko, ta, ca. + (Closes: #420423, #419739, #419645, #431969) + * Removed references to portmapper.txt.gz. (Closes: #432714) + * Fixed a typo in hosts_access(5). + * Removed obsolete Provides/Conflicts statements. + + -- Marco d'Itri Sun, 20 May 2007 17:26:50 +0200 + +tcp-wrappers (7.6.dbs-13) unstable; urgency=medium + + * New debconf translation: nb. (Closes: #412329) + + -- Marco d'Itri Sun, 25 Feb 2007 21:05:12 +0100 + +tcp-wrappers (7.6.dbs-12) unstable; urgency=high + + * Fixed the match_port patch to not break matching on daemon names in + a corner case (when request->server->sin has not been initialised by + the caller). Patch courtesy of Janusz Krzysztofik. (Closes: #405342) + * New debconf translations: ro, es. (Closes: #393514, #401908) + + -- Marco d'Itri Mon, 8 Jan 2007 01:37:59 +0100 + +tcp-wrappers (7.6.dbs-11) unstable; urgency=medium + + * Fixed the port number matching. (Closes: #384289) + + -- Marco d'Itri Wed, 23 Aug 2006 19:31:06 +0200 + +tcp-wrappers (7.6.dbs-10) unstable; urgency=low + + * Added support to match servers by port number. (Closes: #377154) + * Fixed the check for hosts.{allow,deny} in postinst. (Closes: #374819) + * New debconf translations: gl, ru. (Closes: #361265, #367215, #373962) + + -- Marco d'Itri Thu, 17 Aug 2006 20:47:40 +0200 + +tcp-wrappers (7.6.dbs-9) unstable; urgency=low + + * Updated patch siglongjmp: actually save the signals mask on jumps + to prevent blocking SIGALRM on unsuspecting calling programs. + Fix contributed by Ian Jackson of Ubuntu. (Closes: #354855) + * Updated patch sig_fix with a fix from the Red Hat package. + * New patch aclexec: adds the aclexec command and its documentation. + (Closes: #17798) + * New patch 01_man_typos: fixes some man pages typos. (Closes: #344127) + * New patch fix_warnings: fixes misc compilation warnings. + * New debconf translations: pt, sv, vi. (Closes: #348442, #333495, #320320) + + -- Marco d'Itri Thu, 2 Mar 2006 00:01:59 +0100 + +tcp-wrappers (7.6.dbs-8) unstable; urgency=medium + + * Fixed postinst to source /usr/share/debconf/confmodule at top level, or + $@ will be reset when it re-executes $0. (Closes: #299129) + + -- Marco d'Itri Sat, 12 Mar 2005 01:00:14 +0100 + +tcp-wrappers (7.6.dbs-7) unstable; urgency=medium + + * Updated patch siglongjmp: explicitly pass the second argument 0 to + sigsetjmp(). + * Updated patch rfc931.diff: fix the prototypes for Hurd. (Closes: #289075) + * Updated patch 01_man_portability: add a reference for hosts_options(5). + (Closes: #298570) + * New debconf translations: nl, pt_BR. (Closes: #272481, #284226) + * New patch expand_remote_port: add a %-espansion for the remote port + number. (Closes: #279695) + + -- Marco d'Itri Wed, 9 Mar 2005 18:22:37 +0100 + +tcp-wrappers (7.6.dbs-6) unstable; urgency=medium + + * New patch restore_sigalarm correctly restores the SIGALARM handler after + it has been modified by libwrap functions. Extracted from the upstream + package tcp_wrappers_7.6-ipv6.4.tar.gz. (Closes: #268467) + * New debconf translation: it. + + -- Marco d'Itri Sun, 29 Aug 2004 18:43:11 +0200 + +tcp-wrappers (7.6.dbs-5) unstable; urgency=high + + * Updated debconf translations: ja, fr, da, cs, de. + (Closes: #250846, #250881, #251086, #251680, #254019) + + -- Marco d'Itri Wed, 28 Jul 2004 00:56:18 +0200 + +tcp-wrappers (7.6.dbs-4) unstable; urgency=medium + + * Fixed the text of the debconf template. (Closes: #248262) + * New template translations: tr fr da cs. + (Closes: #248312, #248690, #248821, #249259) + * Removed a bashism (posh sucks and is a waste of our time). + (Closes: #247384) + + -- Marco d'Itri Sat, 22 May 2004 12:55:16 +0200 + +tcp-wrappers (7.6.dbs-3) unstable; urgency=high + + * Updated patch 13_shlib_weaksym to add back to tcpd.h some #includes + lost in 7.6.dbs-1. (Closes: #244659, #246675) + Post-sarge a new tcpd.h to be used by other programs should be written. + * New template translation: ja. (Closes: #246441) + + -- Marco d'Itri Sun, 2 May 2004 15:11:20 +0200 + +tcp-wrappers (7.6.dbs-2) unstable; urgency=medium + + * Uploaded to unstable. + * New patches: man_fromhost and 15_match_clarify to clarify documention. + (Closes: #162146, #226930) + * Close the bugs fixed by the last upload. + (Closes: #20030, #163346, #179707, #184489, #205368, #179708, #205532) + (Closes: #62145, #65390, #76378) + + -- Marco d'Itri Sun, 25 Apr 2004 12:18:13 +0200 + +tcp-wrappers (7.6.dbs-1) experimental; urgency=low + + * Source package converted to DBS. + * Switced back from the source patched by Casper Dik to the official + tree, because it's the one other distributions are using and this will + allow fixing some bugs. IPv6 support is provided by the 10_usagi-ipv6 + and 11_usagi_fix patches, which are tcp_wrappers.usagi-ipv6.patch and + tcp_wrappers.ume-ipv6.patch from the Red Hat package. + (Closes: #20030, #163346, #179707, #184489, #205368) + * Removed bogus dependency on libc6-dev. (Closes: #179708) + * Use : with chown. (Closes: #205532) + * Added a debconf question to deny access to everything by default. + Patch by Javier Fernández-Sanguino Peña. (Closes: #62145) + * New patch 05_wildcard_matching (tcp_wrappers-7.6-bug17847.patch from + the Red Hat package) to add support for wildcard matching on hostnames. + * New patch 06_fix_gethostbyname (tcp_wrappers-7.6-fixgethostbyname.patch + from the Red Hat package) to fix handling of hostnames with a trailing + dot. (Closes: #65390) + * New patch sig_fix (tcp_wrappers-7.6-sig.patch from the Red Hat package). + + -- Marco d'Itri Sat, 10 Apr 2004 20:46:54 +0200 + +tcp-wrappers (7.6-ipv6.1-3) unstable; urgency=low + + * Fixed CIDR-style netmasks on little endian architectures. + * Added links for hosts.allow(5) and hosts.deny(5) (Closes: #156819). + + -- Marco d'Itri Wed, 4 Sep 2002 22:52:20 +0200 + +tcp-wrappers (7.6-ipv6.1-2) unstable; urgency=low + + * Moved to main (Closes: #110672, #123057, #137843, #141130, #141132). + + -- Marco d'Itri Mon, 12 Aug 2002 02:47:31 +0200 + +tcp-wrappers (7.6-ipv6.1-1) experimental; urgency=low + + * New upstream source with IPv6 support by Casper Dik. + * Removed README.IRIX. Other README.* files moved from tcpd-dev to tcpd. + * Fixed libwrap0.postinst to call ldconfig only at configuration time. + * Removed references to /usr/doc/ from /etc/hosts.* (Closes: #123057). + * Removed references to tlid and tlid.conf from man pages (Closes: #141130). + * Documented in tcpd.8 the existence of libwrap (Closes: #141132). + * Added a list of programs linked to libwrap (Closes: #137843). + + -- Marco d'Itri Wed, 31 Jul 2002 19:30:21 +0200 + +tcp-wrappers (7.6-9) unstable; urgency=low + + * Include changes from NMUs, fixing C++ compilation. Thanks to Matthew + Wilcox and Ryan Murray. (Closes: Bug#100891, Bug#105874) + + * Fix paths in man pages. (Closes: Bug#44575, Bug#110890) + * Make symlinks for manpages as well as having multiple entries in the NAME + section. (Closes: Bug#99581) + + -- Anthony Towns Sun, 18 Nov 2001 00:24:50 +1000 + +tcp-wrappers (7.6-8.3) unstable; urgency=low + + * NMU. + * tcpd.h: define __P() ourselves; sys/cdefs.h doesn't appear to be standard, + and the glibc version adds __throw to the prototypes. + + -- Ryan Murray Sun, 30 Sep 2001 23:06:24 -0700 + +tcp-wrappers (7.6-8.2) unstable; urgency=low + + * NMU. + * tcpd.h: include and to define some structs + which are used by the new prototypes. Also prevent against multiple + inclusion. Patch courtesy of John Daily. + + -- Matthew Wilcox Mon, 16 Jul 2001 12:28:54 -0600 + +tcp-wrappers (7.6-8.1) unstable; urgency=low + + * NMU approved by Anthony Towns. + * tcpd.h: use __P() to prototype the functions, allowing use from c++. + * scaffold.c: Fix bug detected by above change. For patch, see bug + #100891 + + -- Matthew Wilcox Fri, 29 Jun 2001 19:19:28 -0600 + +tcp-wrappers (7.6-8) unstable; urgency=low + + * debian/copyright: Update license. (Closes: Bug#99719) + * debian/control: Added Build-Depends, and bumped Standards-Version. + (Closes: Bug#89084) + * debian/rules: Change PWD to CURDIR. (Closes: Bug#45175) + + * debian/tcpd.postinst: Update reference to portmapper.txt.gz in + hosts.deny, hosts.allow. (Closes: Bug#77181) + * debian/tcpd.postinst: Comment out ALL: PARANOID from hosts.deny. + (Closes: Bug#62372, Bug#55528) + + * Move hosts_access(5) and hosts_options(5) to tcpd.deb. + + * Get rid of dh_suidregister. + + -- Anthony Towns Fri, 8 Jun 2001 20:14:46 +1000 + +tcp-wrappers (7.6-7) unstable; urgency=low + + * Fix here document in tcpd postinst (Closes: Bug#75309) + * Fix apostrophes in tcpd(8), hosts_access(5) and hosts_options(5) + manpages (Closes: Bug#75654, Bug#75656) + * libwrap0 has a weak allow_severity symbol since 7.6-4 (Closes: Bug#51210) + * Change "tcpd.h" to in hosts_access(3) manpage. (Closes: Bug#63526) + * tcpd.h seems to be correct (Closes: Bug#65543) + + -- Anthony Towns Tue, 26 Dec 2000 15:22:32 +1000 + +tcp-wrappers (7.6-6) unstable; urgency=low + + * Use $(CC) to build shared libraries instead of $(LD). Important for + getting magical start files or something. (Closes: Bug#71940) + + -- Anthony Towns Mon, 18 Sep 2000 11:58:29 -0700 + +tcp-wrappers (7.6-5) unstable; urgency=low + + * Move /etc/hosts.allow and /etc/hosts.deny from netbase into the + tcpd package. Generate them in postinst rather than have them as + conffiles. + + -- Anthony Towns Sun, 16 Jul 2000 11:51:39 +1000 + +tcp-wrappers (7.6-4) frozen unstable; urgency=high + + * Actually compile in the weak_symbols. Thanks to Tomas Ogren for + working out where things were going wrong. (Closes: Bug#57780, + Bug#55824) + + -- Anthony Towns Fri, 11 Feb 2000 15:52:44 +1000 + +tcp-wrappers (7.6-3) frozen unstable; urgency=medium + + * Define hosts_ctl in tcpd.h (Closes: Bug#55265, Bug#53887) + + -- Anthony Towns Tue, 25 Jan 2000 11:14:33 +1000 + +tcp-wrappers (7.6-2) unstable; urgency=low + + * Move libwrap0 to /lib (Closes: Bug#52534) + + * Make weak symbols for allow_severity and deny_severity + (Closes: Bug#44542) + * Adjust shlibs file to require libwrap0 (>= 7.6-1.1) thanks to + the above (Closes: Bug#51217) + + * Change how the Hurd is handled, thanks to Marcus Brinkmann + (Closes: Bug#44408) + + * Add support for `ftp' severity specifier. (Closes: Bug#53575) + + * Add -D_REENTRANT when compiling. + + -- Anthony Towns Sun, 29 Aug 1999 00:08:36 +1000 + +tcp-wrappers (7.6-1) unstable; urgency=low + + * Initial Release. + * Split from netbase. + + -- Anthony Towns Tue, 10 Aug 1999 12:06:33 +1000 --- tcp-wrappers-7.6.q.orig/debian/tcpd.postinst +++ tcp-wrappers-7.6.q/debian/tcpd.postinst @@ -0,0 +1,99 @@ +#!/bin/sh -e + +# must be sourced at the top level or $@ will be lost when $0 is executed +if [ "$1" = "configure" ]; then + . /usr/share/debconf/confmodule +fi + +create_hosts_files() { + if [ -e /etc/hosts.allow -a -e /etc/hosts.deny ]; then + return 0 + fi + + # The default paranoid mode, in order to avoid breaking expected + # behaviour is 'false', however, if debconf is used to set this to + # true then we add a more restrictive definition + PARANOID="false" + + db_get tcpd/paranoid-mode || true + PARANOID="$RET" + + if [ ! -e /etc/hosts.allow ]; then + cat > /etc/hosts.allow <> /etc/hosts.allow < /etc/hosts.deny <> /etc/hosts.deny <> /etc/hosts.deny <&2 + exit 1 + ;; +esac + +#DEBHELPER# --- tcp-wrappers-7.6.q.orig/debian/tcpd.install +++ tcp-wrappers-7.6.q/debian/tcpd.install @@ -0,0 +1,5 @@ +tcpd /usr/sbin/ +tcpdchk /usr/sbin/ +tcpdmatch /usr/sbin/ +try-from /usr/sbin/ +safe_finger /usr/sbin/ --- tcp-wrappers-7.6.q.orig/debian/tcpd.templates +++ tcp-wrappers-7.6.q/debian/tcpd.templates @@ -0,0 +1,19 @@ +Template: tcpd/paranoid-mode +Type: boolean +Default: false +_description: Use paranoid settings in hosts.allow and hosts.deny? + New /etc/hosts.allow and /etc/hosts.deny files for the TCP wrapper + programs (tcpd) and the libwrap library will be created as they do + not exist yet. + . + You can choose between a generic and permissive configuration which + will allow any incoming connection or a paranoid configuration which + will not allow remote connections regardless of where they originate + from. The latter, even if more secure, will block out all + communication, including, for example, remote administration. + . + Both files can be modified later to suit your needs as explained in + the hosts_access(5) manpage. These settings will only affect network + services that use the libwrap library: restrictions for other services + may be established by using package-specific configuration directives + or firewall rules. --- tcp-wrappers-7.6.q.orig/debian/libwrap0-dev.install +++ tcp-wrappers-7.6.q/debian/libwrap0-dev.install @@ -0,0 +1,2 @@ +tcpd.h /usr/include/ +libwrap.a /usr/lib/ --- tcp-wrappers-7.6.q.orig/debian/tcpd.links +++ tcp-wrappers-7.6.q/debian/tcpd.links @@ -0,0 +1,2 @@ +usr/share/man/man5/hosts_access.5 usr/share/man/man5/hosts.allow.5 +usr/share/man/man5/hosts_access.5 usr/share/man/man5/hosts.deny.5 --- tcp-wrappers-7.6.q.orig/debian/compat +++ tcp-wrappers-7.6.q/debian/compat @@ -0,0 +1 @@ +4 --- tcp-wrappers-7.6.q.orig/debian/copyright +++ tcp-wrappers-7.6.q/debian/copyright @@ -0,0 +1,33 @@ +This package was debianized by Anthony Towns on +Tue, 10 Aug 1999 12:06:33 +1000. + +It was downloaded from ftp://ftp.porcupine.org/pub/security/index.html + +and includes ftp://ftp.porcupine.org/pub/security/tcpd-blacklist-patch + +Copyright updated on 2001/06/08 from +ftp://ftp.porcupine.org/pub/security/tcp_wrappers_license + +Upstream Author: Wietse Venema + +Copyright: + +/************************************************************************ +* Copyright 1995 by Wietse Venema. All rights reserved. Some individual +* files may be covered by other copyrights. +* +* This material was originally written and compiled by Wietse Venema at +* Eindhoven University of Technology, The Netherlands, in 1990, 1991, +* 1992, 1993, 1994 and 1995. +* +* Redistribution and use in source and binary forms, with or without +* modification, are permitted provided that this entire copyright notice +* is duplicated in all such copies. +* +* This software is provided "as is" and without any expressed or implied +* warranties, including, without limitation, the implied warranties of +* merchantibility and fitness for any particular purpose. +************************************************************************/ + +Thanks to Wietse Venema for his permission to include the tcp_wrapper +package in the Debian Distribution. --- tcp-wrappers-7.6.q.orig/debian/rules +++ tcp-wrappers-7.6.q/debian/rules @@ -0,0 +1,77 @@ +#!/usr/bin/make -f +SHELL+= -e + +export DPKG_GENSYMBOLS_CHECK_LEVEL=2 + +QUILT_STAMPFN := debian/.stamp-patched +include /usr/share/quilt/quilt.make + +D := $(CURDIR)/debian/tcpd +W := $(CURDIR)/debian/libwrap0 +WD := $(CURDIR)/debian/libwrap0-dev + +# for dpkg-cross +DEB_HOST_GNU_TYPE := $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +DEB_BUILD_GNU_TYPE := $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) +ifneq ($(DEB_HOST_GNU_TYPE),$(DEB_BUILD_GNU_TYPE)) + CROSS := CC=$(DEB_HOST_GNU_TYPE)-gcc +endif + +DEB_BUILD_ARCH := $(shell dpkg --print-installation-architecture) +ifeq ($(filter-out hurd-%,$(DEB_BUILD_ARCH)),) + DEB_BUILD_GNU_SYSTEM := gnu +else + DEB_BUILD_GNU_SYSTEM := linux +endif + + +all: build + +clean: unpatch + dh_testdir + rm -rf debian/.stamp-* shared/ + $(MAKE) clean + dh_clean + +build: debian/.stamp-build +debian/.stamp-build: $(QUILT_STAMPFN) + dh_testdir + $(MAKE) $(CROSS) $(DEB_BUILD_GNU_SYSTEM) + touch $@ + +binary-arch: debian/.stamp-build checkroot + dh_testdir + dh_clean -k + + dh_installdirs -a + dh_install -a + + dh_installdocs README README.NIS + dh_installchangelogs -a CHANGES + dh_installman -p tcpd *.8 *.5 + dh_installman -p libwrap0-dev *.3 + dh_link -a + + cp shared/libwrap.so.0.7.6 $W/lib/ + ln -s libwrap.so.0.7.6 $W/lib/libwrap.so.0 + + ln -s /lib/libwrap.so.0 $(WD)/usr/lib/libwrap.so + + dh_link -a + dh_strip -a + dh_compress -a + dh_fixperms -a + dh_installdebconf -a + dh_makeshlibs -a + dh_installdeb -a + dh_shlibdeps -a + dh_gencontrol -a + dh_md5sums -a + dh_builddeb -a + +binary: binary-arch + +checkroot: + test root = "`whoami`" + +.PHONY: build clean binary-indep binary-arch binary --- tcp-wrappers-7.6.q.orig/debian/patches/catch-sigchld +++ tcp-wrappers-7.6.q/debian/patches/catch-sigchld @@ -0,0 +1,87 @@ +--- tcp_wrappers_7.6/shell_cmd.c.sigchld 1994-12-28 17:42:44.000000000 +0100 ++++ tcp_wrappers_7.6/shell_cmd.c 2007-06-28 15:42:17.000000000 +0200 +@@ -20,6 +20,11 @@ + #include + #include + #include ++#include ++#include ++#include ++#include ++#include + + extern void exit(); + +@@ -31,13 +36,42 @@ + + static void do_child(); + ++/* ++ * The sigchld handler. If there is a SIGCHLD caused by a child other than ++ * ours, we set a flag and raise the signal later. ++ */ ++volatile static int foreign_sigchld; ++volatile static int our_child_pid; ++static void sigchld(int sig, siginfo_t *si, void *unused) ++{ ++ if (si && si->si_pid != our_child_pid) ++ foreign_sigchld = 1; ++} ++ + /* shell_cmd - execute shell command */ + + void shell_cmd(command) + char *command; + { + int child_pid; +- int wait_pid; ++ ++ struct sigaction new_action, old_action; ++ sigset_t new_mask, old_mask, empty_mask; ++ ++ new_action.sa_sigaction = &sigchld; ++ new_action.sa_flags = SA_SIGINFO; ++ sigemptyset(&new_action.sa_mask); ++ sigemptyset(&new_mask); ++ sigemptyset(&empty_mask); ++ sigaddset(&new_mask, SIGCHLD); ++ ++ /* ++ * Set the variables for handler, set the handler and block the signal ++ * until we have the pid. ++ */ ++ foreign_sigchld = 0; our_child_pid = 0; ++ sigprocmask(SIG_BLOCK, &new_mask, &old_mask); ++ sigaction(SIGCHLD, &new_action, &old_action); + + /* + * Most of the work is done within the child process, to minimize the +@@ -49,12 +83,26 @@ + tcpd_warn("cannot fork: %m"); + break; + case 00: /* child */ ++ /* Clear the blocked mask for the child not to be surprised. */ ++ sigprocmask(SIG_SETMASK, &empty_mask, 0); + do_child(command); + /* NOTREACHED */ + default: /* parent */ +- while ((wait_pid = wait((int *) 0)) != -1 && wait_pid != child_pid) +- /* void */ ; ++ our_child_pid = child_pid; ++ sigprocmask(SIG_UNBLOCK, &new_mask, 0); ++ while (waitpid(child_pid, (int *) 0, 0) == -1 && errno == EINTR); + } ++ ++ /* ++ * Revert the signal mask and the SIGCHLD handler. ++ */ ++ sigprocmask(SIG_SETMASK, &old_mask, 0); ++ sigaction(SIGCHLD, &old_action, 0); ++ ++ /* If there was a foreign SIGCHLD, raise it after we have restored the old ++ * mask and handler. */ ++ if (foreign_sigchld) ++ raise(SIGCHLD); + } + + /* do_child - exec command with { stdin, stdout, stderr } to /dev/null */ --- tcp-wrappers-7.6.q.orig/debian/patches/sig_fix +++ tcp-wrappers-7.6.q/debian/patches/sig_fix @@ -0,0 +1,44 @@ +* Fri May 6 2005 Thomas Woerner 7.6-39 +- fixed sig patch (#141110). Thanks to Nikita Shulga for the patch + +* Mon Feb 10 2003 Harald Hoyer 7.6-29 +- added security patch tcp_wrappers-7.6-sig.patch + +diff -ruNp tcp_wrappers_7.6.orig/hosts_access.c tcp_wrappers_7.6/hosts_access.c +--- tcp_wrappers_7.6.orig/hosts_access.c 2006-03-01 22:14:14.000000000 +0100 ++++ tcp_wrappers_7.6/hosts_access.c 2006-03-01 22:14:11.000000000 +0100 +@@ -66,6 +66,7 @@ static char sep[] = ", \t\r\n"; + + #define YES 1 + #define NO 0 ++#define ERR -1 + + /* + * These variables are globally visible so that they can be redirected in +@@ -130,11 +131,11 @@ struct request_info *request; + verdict = setjmp(tcpd_buf); + if (verdict != 0) + return (verdict == AC_PERMIT); +- if (table_match(hosts_allow_table, request)) ++ if (table_match(hosts_allow_table, request) == YES) + return (YES); +- if (table_match(hosts_deny_table, request)) +- return (NO); +- return (YES); ++ if (table_match(hosts_deny_table, request) == NO) ++ return (YES); ++ return (NO); + } + + /* table_match - match table entries with (daemon, client) pair */ +@@ -178,8 +179,9 @@ struct request_info *request; + (void) fclose(fp); + } else if (errno != ENOENT) { + tcpd_warn("cannot open %s: %m", table); ++ match = ERR; + } +- if (match) { ++ if (match == YES) { + if (hosts_access_verbose > 1) + syslog(LOG_DEBUG, "matched: %s line %d", + tcpd_context.file, tcpd_context.line); --- tcp-wrappers-7.6.q.orig/debian/patches/match_port +++ tcp-wrappers-7.6.q/debian/patches/match_port @@ -0,0 +1,64 @@ +diff -ruNp tcp_wrappers_7.6.orig/hosts_access.c tcp_wrappers_7.6/hosts_access.c +--- tcp_wrappers_7.6.orig/hosts_access.c 2007-01-08 01:31:32.000000000 +0100 ++++ tcp_wrappers_7.6/hosts_access.c 2007-01-08 01:31:08.000000000 +0100 +@@ -232,6 +232,36 @@ int (*match_fn) (); + return (NO); + } + ++/* ++ * daemon_or_port_match - match server information: if the server endpoint ++ * pattern is a port number, match against port number of connection; ++ * otherwise match against daemon executable name ++ */ ++ ++static int daemon_or_port_match(char *tok, struct request_info *request) { ++ unsigned int port, sin_port; ++ char junk; ++ ++ /* daemon name */ ++ if (sscanf(tok, "%u%c", &port, &junk) != 1 || port > 65535) ++ return (string_match(tok, eval_daemon(request))); ++ ++ /* port number */ ++ if (!request->server->sin) ++ return (NO); ++ ++#ifdef INET6 ++ sin_port = ntohs(((struct sockaddr_in *)request->server->sin)->sin_port); ++#else ++ sin_port = ntohs(request->server->sin->sin_port); ++#endif ++ ++ if (port == sin_port) ++ return (YES); ++ else ++ return (NO); ++} ++ + /* server_match - match server information */ + + static int server_match(tok, request) +@@ -241,9 +271,9 @@ struct request_info *request; + char *host; + + if ((host = split_at(tok + 1, '@')) == 0) { /* plain daemon */ +- return (string_match(tok, eval_daemon(request))); ++ return (daemon_or_port_match(tok, request)); + } else { /* daemon@host */ +- return (string_match(tok, eval_daemon(request)) ++ return (daemon_or_port_match(tok, request) + && host_match(host, request->server)); + } + } +diff -ruNp tcp_wrappers_7.6.orig/hosts_access.5 tcp_wrappers_7.6/hosts_access.5 +--- tcp_wrappers_7.6.orig/hosts_access.5 2007-01-08 01:31:32.000000000 +0100 ++++ tcp_wrappers_7.6/hosts_access.5 2007-01-08 01:30:18.000000000 +0100 +@@ -51,7 +51,7 @@ being optional: + daemon_list : client_list [ : shell_command ] + .PP + \fIdaemon_list\fR is a list of one or more daemon process names +-(argv[0] values) or wildcards (see below). ++(argv[0] values) or server port numbers or wildcards (see below). + .PP + \fIclient_list\fR is a list + of one or more host names, host addresses, patterns or wildcards (see --- tcp-wrappers-7.6.q.orig/debian/patches/expand_remote_port +++ tcp-wrappers-7.6.q/debian/patches/expand_remote_port @@ -0,0 +1,71 @@ +diff -ruN tcp_wrappers_7.6.orig/eval.c tcp_wrappers_7.6/eval.c +--- tcp_wrappers_7.6.orig/eval.c 1995-01-30 19:51:46.000000000 +0100 ++++ tcp_wrappers_7.6/eval.c 2004-11-04 13:59:01.000000000 +0100 +@@ -98,6 +98,28 @@ + } + } + ++/* eval_port - return string with the port */ ++char *eval_port(saddr) ++#ifdef INET6 ++struct sockaddr *saddr; ++#else ++struct sockaddr_in *saddr; ++#endif ++{ ++ static char port[16]; ++ if (saddr != 0) { ++ sprintf(port, "%u", ++#ifdef INET6 ++ ntohs(((struct sockaddr_in *)saddr)->sin_port)); ++#else ++ ntohs(saddr->sin_port)); ++#endif ++ } else { ++ strcpy(port, "0"); ++ } ++ return (port); ++} ++ + /* eval_client - return string with as much about the client as we know */ + + char *eval_client(request) +diff -ruN tcp_wrappers_7.6.orig/hosts_access.5 tcp_wrappers_7.6/hosts_access.5 +--- tcp_wrappers_7.6.orig/hosts_access.5 2004-11-04 13:17:45.000000000 +0100 ++++ tcp_wrappers_7.6/hosts_access.5 2004-11-04 13:55:32.000000000 +0100 +@@ -175,6 +175,8 @@ + unavailable. + .IP "%n (%N)" + The client (server) host name (or "unknown" or "paranoid"). ++.IP "%r (%R)" ++The clients (servers) port number (or "0"). + .IP %p + The daemon process id. + .IP %s +diff -ruN tcp_wrappers_7.6.orig/percent_x.c tcp_wrappers_7.6/percent_x.c +--- tcp_wrappers_7.6.orig/percent_x.c 1994-12-28 17:42:38.000000000 +0100 ++++ tcp_wrappers_7.6/percent_x.c 2004-11-04 13:19:29.000000000 +0100 +@@ -63,6 +63,8 @@ + ch == 'n' ? eval_hostname(request->client) : + ch == 'N' ? eval_hostname(request->server) : + ch == 'p' ? eval_pid(request) : ++ ch == 'r' ? eval_port(request->client->sin) : ++ ch == 'R' ? eval_port(request->server->sin) : + ch == 's' ? eval_server(request) : + ch == 'u' ? eval_user(request) : + ch == '%' ? "%" : (tcpd_warn("unrecognized %%%c", ch), ""); +diff -ruN tcp_wrappers_7.6.orig/tcpd.h tcp_wrappers_7.6/tcpd.h +--- tcp_wrappers_7.6.orig/tcpd.h 2004-11-04 13:17:45.000000000 +0100 ++++ tcp_wrappers_7.6/tcpd.h 2004-11-04 13:19:13.000000000 +0100 +@@ -145,6 +145,11 @@ + extern char *eval_hostinfo(struct host_info *); /* host name or address */ + extern char *eval_client(struct request_info *);/* whatever is available */ + extern char *eval_server(struct request_info *);/* whatever is available */ ++#ifdef INET6 ++extern char *eval_port(struct sockaddr *); ++#else ++extern char *eval_port(struct sockaddr_in *); ++#endif + #define eval_daemon(r) ((r)->daemon) /* daemon process name */ + #define eval_pid(r) ((r)->pid) /* process id */ + --- tcp-wrappers-7.6.q.orig/debian/patches/aclexec +++ tcp-wrappers-7.6.q/debian/patches/aclexec @@ -0,0 +1,137 @@ +diff -ruNp tcp_wrappers_7.6.orig/hosts_access.c tcp_wrappers_7.6/hosts_access.c +--- tcp_wrappers_7.6.orig/hosts_access.c 2006-03-01 19:25:45.000000000 +0100 ++++ tcp_wrappers_7.6/hosts_access.c 2006-03-01 19:23:58.000000000 +0100 +@@ -82,6 +82,9 @@ int hosts_access_verbose = 0; + */ + + int resident = (-1); /* -1, 0: unknown; +1: yes */ ++#ifdef ACLEXEC ++int aclexec_matched = 0; ++#endif + + /* Forward declarations. */ + +@@ -185,6 +188,12 @@ struct request_info *request; + if (sh_cmd) { + #ifdef PROCESS_OPTIONS + process_options(sh_cmd, request); ++# ifdef ACLEXEC ++ if (aclexec_matched) { ++ syslog(LOG_INFO, "aclexec returned %d", aclexec_matched); ++ match = NO; ++ } ++# endif + #else + char cmd[BUFSIZ]; + shell_cmd(percent_x(cmd, sizeof(cmd), sh_cmd, request)); +diff -ruNp tcp_wrappers_7.6.orig/options.c tcp_wrappers_7.6/options.c +--- tcp_wrappers_7.6.orig/options.c 1996-02-11 17:01:32.000000000 +0100 ++++ tcp_wrappers_7.6/options.c 2006-03-01 19:24:25.000000000 +0100 +@@ -47,6 +47,7 @@ static char sccsid[] = "@(#) options.c 1 + #include + #include + #include ++#include + + #ifndef MAXPATHNAMELEN + #define MAXPATHNAMELEN BUFSIZ +@@ -76,6 +77,7 @@ static void group_option(); /* execute + static void umask_option(); /* execute "umask mask" option */ + static void linger_option(); /* execute "linger time" option */ + static void keepalive_option(); /* execute "keepalive" option */ ++static void aclexec_option(); /* execute "aclexec command" option */ + static void spawn_option(); /* execute "spawn command" option */ + static void twist_option(); /* execute "twist command" option */ + static void rfc931_option(); /* execute "rfc931" option */ +@@ -113,6 +115,9 @@ static struct option option_table[] = { + "umask", umask_option, NEED_ARG, + "linger", linger_option, NEED_ARG, + "keepalive", keepalive_option, 0, ++#ifdef ACLEXEC ++ "aclexec", aclexec_option, NEED_ARG | EXPAND_ARG, ++#endif + "spawn", spawn_option, NEED_ARG | EXPAND_ARG, + "twist", twist_option, NEED_ARG | EXPAND_ARG | USE_LAST, + "rfc931", rfc931_option, OPT_ARG, +@@ -310,6 +315,54 @@ struct request_info *request; + shell_cmd(value); + } + ++#ifdef ACLEXEC ++/* aclexec_option - spawn a shell command and check status */ ++ ++/* ARGSUSED */ ++ ++static void aclexec_option(value, request) ++char *value; ++struct request_info *request; ++{ ++ int status, child_pid, wait_pid; ++ extern int aclexec_matched; ++ ++ if (dry_run != 0) ++ return; ++ ++ child_pid = fork(); ++ ++ /* Something went wrong: we MUST terminate the process. */ ++ if (child_pid < 0) { ++ tcpd_warn("aclexec_option: /bin/sh: %m"); ++ clean_exit(request); ++ } ++ ++ if (child_pid == 0) { ++ execl("/bin/sh", "sh", "-c", value, (char *) 0); ++ ++ /* Something went wrong. We MUST terminate the child process. */ ++ tcpd_warn("execl /bin/sh: %m"); ++ _exit(0); ++ } ++ ++ while ((wait_pid = wait(&status)) != -1 && wait_pid != child_pid) ++ /* void */ ; ++ ++ aclexec_matched = 1; ++ ++ if (WIFEXITED(status) && WEXITSTATUS(status) == 0) { ++ aclexec_matched = 0; ++ } ++ ++ if (WIFSIGNALED(status)) ++ tcpd_warn("process %d exited with signal %d", child_pid, ++ WTERMSIG(status)); ++ ++ return; ++} ++#endif ++ + /* linger_option - set the socket linger time (Marc Boucher ) */ + + /* ARGSUSED */ +diff -ruNp tcp_wrappers_7.6.orig/hosts_options.5 tcp_wrappers_7.6/hosts_options.5 +--- tcp_wrappers_7.6.orig/hosts_options.5 2006-03-01 21:48:43.000000000 +0100 ++++ tcp_wrappers_7.6/hosts_options.5 2006-03-01 21:47:39.000000000 +0100 +@@ -52,6 +52,23 @@ ALL: ALL: ALLOW + .sp + Notice the leading dot on the domain name patterns. + .SH RUNNING OTHER COMMANDS ++.IP "aclexec shell_command" ++Execute, in a child process, the specified shell command, after ++performing the % expansions described in the hosts_access(5) ++manual page. The command is executed with stdin, stdout and stderr ++connected to the null device, so that it won't mess up the ++conversation with the client host. Example: ++.sp ++.nf ++.ti +3 ++smtp : ALL : aclexec checkdnsbl %a ++.fi ++.sp ++executes, in a background child process, the shell command "checkdnsbl %a" ++after replacing %a by the address of the remote host. ++.sp ++The connection will be allowed or refused depending on whether the ++command returns a true or false exit status. + .IP "spawn shell_command" + Execute, in a child process, the specified shell command, after + performing the % expansions described in the hosts_access(5) --- tcp-wrappers-7.6.q.orig/debian/patches/10_usagi-ipv6 +++ tcp-wrappers-7.6.q/debian/patches/10_usagi-ipv6 @@ -0,0 +1,1236 @@ +--- a/fix_options.c ++++ b/fix_options.c +@@ -11,6 +11,9 @@ static char sccsid[] = "@(#) fix_options + + #include + #include ++#ifdef INET6 ++#include ++#endif + #include + #include + #include +@@ -41,6 +44,22 @@ struct request_info *request; + unsigned int opt; + int optlen; + struct in_addr dummy; ++#ifdef INET6 ++ struct sockaddr_storage ss; ++ int sslen; ++ ++ /* ++ * check if this is AF_INET socket ++ * XXX IPv6 support? ++ */ ++ sslen = sizeof(ss); ++ if (getsockname(fd, (struct sockaddr *)&ss, &sslen) < 0) { ++ syslog(LOG_ERR, "getpeername: %m"); ++ clean_exit(request); ++ } ++ if (ss.ss_family != AF_INET) ++ return; ++#endif + + if ((ip = getprotobyname("ip")) != 0) + ipproto = ip->p_proto; +--- a/hosts_access.5 ++++ b/hosts_access.5 +@@ -85,11 +85,18 @@ member of the specified netgroup. Netgro + for daemon process names or for client user names. + .IP \(bu + An expression of the form `n.n.n.n/m.m.m.m\' is interpreted as a +-`net/mask\' pair. A host address is matched if `net\' is equal to the ++`net/mask\' pair. An IPv4 host address is matched if `net\' is equal to the + bitwise AND of the address and the `mask\'. For example, the net/mask + pattern `131.155.72.0/255.255.254.0\' matches every address in the + range `131.155.72.0\' through `131.155.73.255\'. + .IP \(bu ++An expression of the form `[n:n:n:n:n:n:n:n]/m\' is interpreted as a ++`[net]/prefixlen\' pair. An IPv6 host address is matched if ++`prefixlen\' bits of `net\' is equal to the `prefixlen\' bits of the ++address. For example, the [net]/prefixlen pattern ++`[3ffe:505:2:1::]/64\' matches every address in the range ++`3ffe:505:2:1::\' through `3ffe:505:2:1:ffff:ffff:ffff:ffff\'. ++.IP \(bu + Wildcards `*\' and `?\' can be used to match hostnames or IP addresses. This + method of matching cannot be used in conjunction with `net/mask\' matching, + hostname matching beginning with `.\' or IP address matching ending with `.\'. +--- a/hosts_access.c ++++ b/hosts_access.c +@@ -24,7 +24,13 @@ static char sccsid[] = "@(#) hosts_acces + /* System libraries. */ + + #include ++#ifdef INT32_T ++ typedef uint32_t u_int32_t; ++#endif + #include ++#ifdef INET6 ++#include ++#endif + #include + #include + #include +@@ -33,6 +39,9 @@ static char sccsid[] = "@(#) hosts_acces + #include + #include + #include ++#ifdef INET6 ++#include ++#endif + + extern char *fgets(); + extern int errno; +@@ -83,6 +92,10 @@ static int host_match(); + static int string_match(); + static int masked_match(); + static int match_pattern_ylo(); ++#ifdef INET6 ++static int masked_match4(); ++static int masked_match6(); ++#endif + + /* Size of logical line buffer. */ + +@@ -290,6 +303,13 @@ char *string; + { + int n; + ++#ifdef INET6 ++ /* convert IPv4 mapped IPv6 address to IPv4 address */ ++ if (STRN_EQ(string, "::ffff:", 7) ++ && dot_quad_addr(string + 7) != INADDR_NONE) { ++ string += 7; ++ } ++#endif + #ifndef DISABLE_WILDCARD_MATCHING + if (strchr(tok, '*') || strchr(tok,'?')) { /* contains '*' or '?' */ + return (match_pattern_ylo(string,tok)); +@@ -305,20 +325,72 @@ char *string; + } else if (tok[(n = strlen(tok)) - 1] == '.') { /* prefix */ + return (STRN_EQ(tok, string, n)); + } else { /* exact match */ ++#ifdef INET6 ++ struct addrinfo hints, *res; ++ struct sockaddr_in6 pat, addr; ++ int len, ret; ++ char ch; ++ ++ len = strlen(tok); ++ if (*tok == '[' && tok[len - 1] == ']') { ++ ch = tok[len - 1]; ++ tok[len - 1] = '\0'; ++ memset(&hints, 0, sizeof(hints)); ++ hints.ai_family = AF_INET6; ++ hints.ai_socktype = SOCK_STREAM; ++ hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST; ++ if ((ret = getaddrinfo(tok + 1, NULL, &hints, &res)) == 0) { ++ memcpy(&pat, res->ai_addr, sizeof(pat)); ++ freeaddrinfo(res); ++ } ++ tok[len - 1] = ch; ++ if (ret != 0 || getaddrinfo(string, NULL, &hints, &res) != 0) ++ return NO; ++ memcpy(&addr, res->ai_addr, sizeof(addr)); ++ freeaddrinfo(res); ++#ifdef NI_WITHSCOPEID ++ if (pat.sin6_scope_id != 0 && ++ addr.sin6_scope_id != pat.sin6_scope_id) ++ return NO; ++#endif ++ return (!memcmp(&pat.sin6_addr, &addr.sin6_addr, ++ sizeof(struct in6_addr))); ++ return (ret); ++ } ++#endif + return (STR_EQ(tok, string)); + } + } + + /* masked_match - match address against netnumber/netmask */ + ++#ifdef INET6 + static int masked_match(net_tok, mask_tok, string) + char *net_tok; + char *mask_tok; + char *string; + { ++ return (masked_match4(net_tok, mask_tok, string) || ++ masked_match6(net_tok, mask_tok, string)); ++} ++ ++static int masked_match4(net_tok, mask_tok, string) ++#else ++static int masked_match(net_tok, mask_tok, string) ++#endif ++char *net_tok; ++char *mask_tok; ++char *string; ++{ ++#ifdef INET6 ++ u_int32_t net; ++ u_int32_t mask; ++ u_int32_t addr; ++#else + unsigned long net; + unsigned long mask; + unsigned long addr; ++#endif + + /* + * Disallow forms other than dotted quad: the treatment that inet_addr() +@@ -330,12 +402,78 @@ char *string; + return (NO); + if ((net = dot_quad_addr(net_tok)) == INADDR_NONE + || (mask = dot_quad_addr(mask_tok)) == INADDR_NONE) { ++#ifndef INET6 + tcpd_warn("bad net/mask expression: %s/%s", net_tok, mask_tok); ++#endif + return (NO); /* not tcpd_jump() */ + } + return ((addr & mask) == net); + } + ++#ifdef INET6 ++static int masked_match6(net_tok, mask_tok, string) ++char *net_tok; ++char *mask_tok; ++char *string; ++{ ++ struct addrinfo hints, *res; ++ struct sockaddr_in6 net, addr; ++ u_int32_t mask; ++ int len, mask_len, i = 0; ++ char ch; ++ ++ memset(&hints, 0, sizeof(hints)); ++ hints.ai_family = AF_INET6; ++ hints.ai_socktype = SOCK_STREAM; ++ hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST; ++ if (getaddrinfo(string, NULL, &hints, &res) != 0) ++ return NO; ++ memcpy(&addr, res->ai_addr, sizeof(addr)); ++ freeaddrinfo(res); ++ ++ if (IN6_IS_ADDR_V4MAPPED(&addr.sin6_addr)) { ++ if ((*(u_int32_t *)&net.sin6_addr.s6_addr[12] = dot_quad_addr(net_tok)) == INADDR_NONE ++ || (mask = dot_quad_addr(mask_tok)) == INADDR_NONE) ++ return (NO); ++ return ((*(u_int32_t *)&addr.sin6_addr.s6_addr[12] & mask) == *(u_int32_t *)&net.sin6_addr.s6_addr[12]); ++ } ++ ++ /* match IPv6 address against netnumber/prefixlen */ ++ len = strlen(net_tok); ++ if (*net_tok != '[' || net_tok[len - 1] != ']') ++ return NO; ++ ch = net_tok[len - 1]; ++ net_tok[len - 1] = '\0'; ++ if (getaddrinfo(net_tok + 1, NULL, &hints, &res) != 0) { ++ net_tok[len - 1] = ch; ++ return NO; ++ } ++ memcpy(&net, res->ai_addr, sizeof(net)); ++ freeaddrinfo(res); ++ net_tok[len - 1] = ch; ++ if ((mask_len = atoi(mask_tok)) < 0 || mask_len > 128) ++ return NO; ++ ++#ifdef NI_WITHSCOPEID ++ if (net.sin6_scope_id != 0 && addr.sin6_scope_id != net.sin6_scope_id) ++ return NO; ++#endif ++ while (mask_len > 0) { ++ if (mask_len < 32) { ++ mask = htonl(~(0xffffffff >> mask_len)); ++ if ((*(u_int32_t *)&addr.sin6_addr.s6_addr[i] & mask) != (*(u_int32_t *)&net.sin6_addr.s6_addr[i] & mask)) ++ return NO; ++ break; ++ } ++ if (*(u_int32_t *)&addr.sin6_addr.s6_addr[i] != *(u_int32_t *)&net.sin6_addr.s6_addr[i]) ++ return NO; ++ i += 4; ++ mask_len -= 32; ++ } ++ return YES; ++} ++#endif /* INET6 */ ++ + #ifndef DISABLE_WILDCARD_MATCHING + /* Note: this feature has been adapted in a pretty straightforward way + from Tatu Ylonen's last SSH version under free license by +--- a/Makefile ++++ b/Makefile +@@ -21,7 +21,7 @@ what: + @echo " dynix epix esix freebsd hpux irix4 irix5 irix6 isc iunix" + @echo " linux machten mips(untested) ncrsvr4 netbsd next osf power_unix_211" + @echo " ptx-2.x ptx-generic pyramid sco sco-nis sco-od2 sco-os5 sinix sunos4" +- @echo " sunos40 sunos5 sysv4 tandem ultrix unicos7 unicos8 unixware1 unixware2" ++ @echo " sunos40 sunos5 solaris8 sysv4 tandem ultrix unicos7 unicos8 unixware1 unixware2" + @echo " uts215 uxp" + @echo + @echo "If none of these match your environment, edit the system" +@@ -131,20 +131,34 @@ epix: + NETGROUP=-DNETGROUP TLI= SYSTYPE="-systype bsd43" all + + # Freebsd and linux by default have no NIS. +-386bsd netbsd bsdos: ++386bsd bsdos: + @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ + LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= NETGROUP= TLI= \ + EXTRA_CFLAGS=-DSYS_ERRLIST_DEFINED VSYSLOG= all + + freebsd: + @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ ++ LIBS="-L/usr/local/v6/lib -linet6" \ + LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= NETGROUP= TLI= \ +- EXTRA_CFLAGS=-DSYS_ERRLIST_DEFINED VSYSLOG= all ++ EXTRA_CFLAGS="-DSYS_ERRLIST_DEFINED -DINET6 -Dss_family=__ss_family -Dss_len=__ss_len" \ ++ VSYSLOG= all ++ ++netbsd: ++ @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ ++ LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= NETGROUP= TLI= \ ++ EXTRA_CFLAGS="-DSYS_ERRLIST_DEFINED -DINET6 -Dss_family=__ss_family -Dss_len=__ss_len" VSYSLOG= all + + linux: + @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ +- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \ +- NETGROUP= TLI= EXTRA_CFLAGS="-DBROKEN_SO_LINGER" all ++ LIBS=-lnsl RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \ ++ NETGROUP="-DNETGROUP" TLI= VSYSLOG= BUGS= \ ++ EXTRA_CFLAGS="-DSYS_ERRLIST_DEFINED -DHAVE_STRERROR -DINET6=1 -Dss_family=__ss_family -Dss_len=__ss_len" all ++ ++gnu: ++ @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ ++ LIBS=-lnsl RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \ ++ NETGROUP=-DNETGROUP TLI= VSYSLOG= BUGS= \ ++ EXTRA_CFLAGS="-DSYS_ERRLIST_DEFINED -DHAVE_STRERROR" all + + # This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x. + hpux hpux8 hpux9 hpux10: +@@ -196,6 +210,13 @@ sunos5: + NETGROUP=-DNETGROUP AUX_OBJ=setenv.o TLI=-DTLI \ + BUGS="$(BUGS) -DSOLARIS_24_GETHOSTBYNAME_BUG" all + ++# SunOS 5.8 is another SYSV4 variant, but has IPv6 support ++solaris8: ++ @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ ++ LIBS="-lsocket -lnsl" RANLIB=echo ARFLAGS=rv VSYSLOG= \ ++ NETGROUP=-DNETGROUP AUX_OBJ=setenv.o TLI=-DTLI \ ++ EXTRA_CFLAGS="-DINET6 -DNO_CLONE_DEVICE -DINT32_T" all ++ + # Generic SYSV40 + esix sysv4: + @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ +--- a/misc.c ++++ b/misc.c +@@ -58,9 +58,31 @@ int delimiter; + { + char *cp; + ++#ifdef INET6 ++ int bracket = 0; ++ ++ for (cp = string; cp && *cp; cp++) { ++ switch (*cp) { ++ case '[': ++ bracket++; ++ break; ++ case ']': ++ bracket--; ++ break; ++ default: ++ if (bracket == 0 && *cp == delimiter) { ++ *cp++ = 0; ++ return cp; ++ } ++ break; ++ } ++ } ++ return (NULL); ++#else + if ((cp = strchr(string, delimiter)) != 0) + *cp++ = 0; + return (cp); ++#endif + } + + /* dot_quad_addr - convert dotted quad to internal form */ +--- a/refuse.c ++++ b/refuse.c +@@ -25,7 +25,12 @@ static char sccsid[] = "@(#) refuse.c 1. + void refuse(request) + struct request_info *request; + { ++#ifdef INET6 ++ syslog(deny_severity, "refused connect from %s (%s)", ++ eval_client(request), eval_hostaddr(request->client)); ++#else + syslog(deny_severity, "refused connect from %s", eval_client(request)); ++#endif + clean_exit(request); + /* NOTREACHED */ + } +--- a/rfc931.c ++++ b/rfc931.c +@@ -68,20 +68,50 @@ int sig; + /* rfc931 - return remote user name, given socket structures */ + + void rfc931(rmt_sin, our_sin, dest) ++#ifdef INET6 ++struct sockaddr *rmt_sin; ++struct sockaddr *our_sin; ++#else + struct sockaddr_in *rmt_sin; + struct sockaddr_in *our_sin; ++#endif + char *dest; + { + unsigned rmt_port; + unsigned our_port; ++#ifdef INET6 ++ struct sockaddr_storage rmt_query_sin; ++ struct sockaddr_storage our_query_sin; ++ int alen; ++#else + struct sockaddr_in rmt_query_sin; + struct sockaddr_in our_query_sin; ++#endif + char user[256]; /* XXX */ + char buffer[512]; /* XXX */ + char *cp; + char *result = unknown; + FILE *fp; + ++#ifdef INET6 ++ /* address family must be the same */ ++ if (rmt_sin->sa_family != our_sin->sa_family) { ++ STRN_CPY(dest, result, STRING_LENGTH); ++ return; ++ } ++ switch (our_sin->sa_family) { ++ case AF_INET: ++ alen = sizeof(struct sockaddr_in); ++ break; ++ case AF_INET6: ++ alen = sizeof(struct sockaddr_in6); ++ break; ++ default: ++ STRN_CPY(dest, result, STRING_LENGTH); ++ return; ++ } ++#endif ++ + /* + * Use one unbuffered stdio stream for writing to and for reading from + * the RFC931 etc. server. This is done because of a bug in the SunOS +@@ -92,7 +122,11 @@ char *dest; + * sockets. + */ + ++#ifdef INET6 ++ if ((fp = fsocket(our_sin->sa_family, SOCK_STREAM, 0)) != 0) { ++#else + if ((fp = fsocket(AF_INET, SOCK_STREAM, 0)) != 0) { ++#endif + setbuf(fp, (char *) 0); + + /* +@@ -112,6 +146,25 @@ char *dest; + * addresses from the query socket. + */ + ++#ifdef INET6 ++ memcpy(&our_query_sin, our_sin, alen); ++ memcpy(&rmt_query_sin, rmt_sin, alen); ++ switch (our_sin->sa_family) { ++ case AF_INET: ++ ((struct sockaddr_in *)&our_query_sin)->sin_port = htons(ANY_PORT); ++ ((struct sockaddr_in *)&rmt_query_sin)->sin_port = htons(RFC931_PORT); ++ break; ++ case AF_INET6: ++ ((struct sockaddr_in6 *)&our_query_sin)->sin6_port = htons(ANY_PORT); ++ ((struct sockaddr_in6 *)&rmt_query_sin)->sin6_port = htons(RFC931_PORT); ++ break; ++ } ++ ++ if (bind(fileno(fp), (struct sockaddr *) & our_query_sin, ++ alen) >= 0 && ++ connect(fileno(fp), (struct sockaddr *) & rmt_query_sin, ++ alen) >= 0) { ++#else + our_query_sin = *our_sin; + our_query_sin.sin_port = htons(ANY_PORT); + rmt_query_sin = *rmt_sin; +@@ -121,6 +174,7 @@ char *dest; + sizeof(our_query_sin)) >= 0 && + connect(fileno(fp), (struct sockaddr *) & rmt_query_sin, + sizeof(rmt_query_sin)) >= 0) { ++#endif + + /* + * Send query to server. Neglect the risk that a 13-byte +@@ -129,8 +183,13 @@ char *dest; + */ + + fprintf(fp, "%u,%u\r\n", ++#ifdef INET6 ++ ntohs(((struct sockaddr_in *)rmt_sin)->sin_port), ++ ntohs(((struct sockaddr_in *)our_sin)->sin_port)); ++#else + ntohs(rmt_sin->sin_port), + ntohs(our_sin->sin_port)); ++#endif + fflush(fp); + + /* +@@ -144,8 +203,13 @@ char *dest; + && ferror(fp) == 0 && feof(fp) == 0 + && sscanf(buffer, "%u , %u : USERID :%*[^:]:%255s", + &rmt_port, &our_port, user) == 3 ++#ifdef INET6 ++ && ntohs(((struct sockaddr_in *)rmt_sin)->sin_port) == rmt_port ++ && ntohs(((struct sockaddr_in *)our_sin)->sin_port) == our_port) { ++#else + && ntohs(rmt_sin->sin_port) == rmt_port + && ntohs(our_sin->sin_port) == our_port) { ++#endif + + /* + * Strip trailing carriage return. It is part of the +--- a/scaffold.c ++++ b/scaffold.c +@@ -25,7 +25,9 @@ static char sccs_id[] = "@(#) scaffold.c + #define INADDR_NONE (-1) /* XXX should be 0xffffffff */ + #endif + ++#ifndef INET6 + extern char *malloc(); ++#endif + + /* Application-specific. */ + +@@ -39,6 +41,7 @@ int allow_severity = SEVERITY; + int deny_severity = LOG_WARNING; + int rfc931_timeout = RFC931_TIMEOUT; + ++#ifndef INET6 + /* dup_hostent - create hostent in one memory block */ + + static struct hostent *dup_hostent(hp) +@@ -73,9 +76,46 @@ struct hostent *hp; + } + return (&hb->host); + } ++#endif + + /* find_inet_addr - find all addresses for this host, result to free() */ + ++#ifdef INET6 ++struct addrinfo *find_inet_addr(host) ++char *host; ++{ ++ struct addrinfo hints, *res; ++ ++ memset(&hints, 0, sizeof(hints)); ++ hints.ai_family = PF_UNSPEC; ++ hints.ai_socktype = SOCK_STREAM; ++ hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST; ++ if (getaddrinfo(host, NULL, &hints, &res) == 0) ++ return (res); ++ ++ memset(&hints, 0, sizeof(hints)); ++ hints.ai_family = PF_UNSPEC; ++ hints.ai_socktype = SOCK_STREAM; ++ hints.ai_flags = AI_PASSIVE | AI_CANONNAME; ++ if (getaddrinfo(host, NULL, &hints, &res) != 0) { ++ tcpd_warn("%s: host not found", host); ++ return (0); ++ } ++ if (res->ai_family != AF_INET6 && res->ai_family != AF_INET) { ++ tcpd_warn("%d: not an internet host", res->ai_family); ++ freeaddrinfo(res); ++ return (0); ++ } ++ if (!res->ai_canonname) { ++ tcpd_warn("%s: hostname alias", host); ++ tcpd_warn("(cannot obtain official name)", res->ai_canonname); ++ } else if (STR_NE(host, res->ai_canonname)) { ++ tcpd_warn("%s: hostname alias", host); ++ tcpd_warn("(official name: %.*s)", STRING_LENGTH, res->ai_canonname); ++ } ++ return (res); ++} ++#else + struct hostent *find_inet_addr(host) + char *host; + { +@@ -118,6 +158,7 @@ char *host; + } + return (dup_hostent(hp)); + } ++#endif + + /* check_dns - give each address thorough workout, return address count */ + +@@ -125,8 +166,13 @@ int check_dns(host) + char *host; + { + struct request_info request; ++#ifdef INET6 ++ struct sockaddr_storage sin; ++ struct addrinfo *hp, *res; ++#else + struct sockaddr_in sin; + struct hostent *hp; ++#endif + int count; + char *addr; + +@@ -134,11 +180,18 @@ char *host; + return (0); + request_init(&request, RQ_CLIENT_SIN, &sin, 0); + sock_methods(&request); ++#ifndef INET6 + memset((char *) &sin, 0, sizeof(sin)); + sin.sin_family = AF_INET; ++#endif + ++#ifdef INET6 ++ for (res = hp, count = 0; res; res = res->ai_next, count++) { ++ memcpy(&sin, res->ai_addr, res->ai_addrlen); ++#else + for (count = 0; (addr = hp->h_addr_list[count]) != 0; count++) { + memcpy((char *) &sin.sin_addr, addr, sizeof(sin.sin_addr)); ++#endif + + /* + * Force host name and address conversions. Use the request structure +@@ -151,7 +204,11 @@ char *host; + tcpd_warn("host address %s->name lookup failed", + eval_hostaddr(request.client)); + } ++#ifdef INET6 ++ freeaddrinfo(hp); ++#else + free((char *) hp); ++#endif + return (count); + } + +--- a/scaffold.h ++++ b/scaffold.h +@@ -4,6 +4,10 @@ + * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. + */ + ++#ifdef INET6 ++extern struct addrinfo *find_inet_addr(); ++#else + extern struct hostent *find_inet_addr(); ++#endif + extern int check_dns(); + extern int check_path(); +--- a/socket.c ++++ b/socket.c +@@ -24,13 +24,22 @@ static char sccsid[] = "@(#) socket.c 1. + #include + #include + #include ++#ifdef INT32_T ++typedef uint32_t u_int32_t; ++#endif + #include + #include + #include + #include + #include + ++#ifdef INET6 ++#ifndef NI_WITHSCOPEID ++#define NI_WITHSCOPEID 0 ++#endif ++#else + extern char *inet_ntoa(); ++#endif + + /* Local stuff. */ + +@@ -79,8 +88,13 @@ char *name; + void sock_host(request) + struct request_info *request; + { ++#ifdef INET6 ++ static struct sockaddr_storage client; ++ static struct sockaddr_storage server; ++#else + static struct sockaddr_in client; + static struct sockaddr_in server; ++#endif + int len; + char buf[BUFSIZ]; + int fd = request->fd; +@@ -109,7 +123,11 @@ struct request_info *request; + memset(buf, 0 sizeof(buf)); + #endif + } ++#ifdef INET6 ++ request->client->sin = (struct sockaddr *)&client; ++#else + request->client->sin = &client; ++#endif + + /* + * Determine the server binding. This is used for client username +@@ -122,7 +140,11 @@ struct request_info *request; + tcpd_warn("getsockname: %m"); + return; + } ++#ifdef INET6 ++ request->server->sin = (struct sockaddr *)&server; ++#else + request->server->sin = &server; ++#endif + } + + /* sock_hostaddr - map endpoint address to printable form */ +@@ -130,10 +152,26 @@ struct request_info *request; + void sock_hostaddr(host) + struct host_info *host; + { ++#ifdef INET6 ++ struct sockaddr *sin = host->sin; ++ int salen; ++ ++ if (!sin) ++ return; ++#ifdef SIN6_LEN ++ salen = sin->sa_len; ++#else ++ salen = (sin->sa_family == AF_INET) ? sizeof(struct sockaddr_in) ++ : sizeof(struct sockaddr_in6); ++#endif ++ getnameinfo(sin, salen, host->addr, sizeof(host->addr), ++ NULL, 0, NI_NUMERICHOST | NI_WITHSCOPEID); ++#else + struct sockaddr_in *sin = host->sin; + + if (sin != 0) + STRN_CPY(host->addr, inet_ntoa(sin->sin_addr), sizeof(host->addr)); ++#endif + } + + /* sock_hostname - map endpoint address to host name */ +@@ -141,6 +179,160 @@ struct host_info *host; + void sock_hostname(host) + struct host_info *host; + { ++#ifdef INET6 ++ struct sockaddr *sin = host->sin; ++ struct sockaddr_in sin4; ++ struct addrinfo hints, *res, *res0 = NULL; ++ int salen, alen, err = 1; ++ char *ap = NULL, *rap, hname[NI_MAXHOST]; ++ ++ if (sin != NULL) { ++ if (sin->sa_family == AF_INET6) { ++ struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sin; ++ ++ if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) { ++ memset(&sin4, 0, sizeof(sin4)); ++#ifdef SIN6_LEN ++ sin4.sin_len = sizeof(sin4); ++#endif ++ sin4.sin_family = AF_INET; ++ sin4.sin_port = sin6->sin6_port; ++ sin4.sin_addr.s_addr = *(u_int32_t *)&sin6->sin6_addr.s6_addr[12]; ++ sin = (struct sockaddr *)&sin4; ++ } ++ } ++ switch (sin->sa_family) { ++ case AF_INET: ++ ap = (char *)&((struct sockaddr_in *)sin)->sin_addr; ++ alen = sizeof(struct in_addr); ++ salen = sizeof(struct sockaddr_in); ++ break; ++ case AF_INET6: ++ ap = (char *)&((struct sockaddr_in6 *)sin)->sin6_addr; ++ alen = sizeof(struct in6_addr); ++ salen = sizeof(struct sockaddr_in6); ++ break; ++ default: ++ break; ++ } ++ if (ap) ++ err = getnameinfo(sin, salen, hname, sizeof(hname), ++ NULL, 0, NI_WITHSCOPEID | NI_NAMEREQD); ++ } ++ if (!err) { ++ ++ STRN_CPY(host->name, hname, sizeof(host->name)); ++ ++ /* reject numeric addresses */ ++ memset(&hints, 0, sizeof(hints)); ++ hints.ai_family = sin->sa_family; ++ hints.ai_socktype = SOCK_STREAM; ++ hints.ai_flags = AI_PASSIVE | AI_CANONNAME | AI_NUMERICHOST; ++ if ((err = getaddrinfo(host->name, NULL, &hints, &res0) == 0)) { ++ freeaddrinfo(res0); ++ res0 = NULL; ++ tcpd_warn("host name/name mismatch: " ++ "reverse lookup results in non-FQDN %s", ++ host->name); ++ strcpy(host->name, paranoid); /* name is bad, clobber it */ ++ } ++ err = !err; ++ } ++ if (!err) { ++ /* we are now sure that this is non-numeric */ ++ ++ /* ++ * Verify that the address is a member of the address list returned ++ * by gethostbyname(hostname). ++ * ++ * Verify also that gethostbyaddr() and gethostbyname() return the same ++ * hostname, or rshd and rlogind may still end up being spoofed. ++ * ++ * On some sites, gethostbyname("localhost") returns "localhost.domain". ++ * This is a DNS artefact. We treat it as a special case. When we ++ * can't believe the address list from gethostbyname("localhost") ++ * we're in big trouble anyway. ++ */ ++ ++ memset(&hints, 0, sizeof(hints)); ++ hints.ai_family = sin->sa_family; ++ hints.ai_socktype = SOCK_STREAM; ++ hints.ai_flags = AI_PASSIVE | AI_CANONNAME; ++ if (getaddrinfo(host->name, NULL, &hints, &res0) != 0) { ++ ++ /* ++ * Unable to verify that the host name matches the address. This ++ * may be a transient problem or a botched name server setup. ++ */ ++ ++ tcpd_warn("can't verify hostname: getaddrinfo(%s, %s) failed", ++ host->name, ++ (sin->sa_family == AF_INET) ? "AF_INET" : "AF_INET6"); ++ ++ } else if ((res0->ai_canonname == NULL ++ || STR_NE(host->name, res0->ai_canonname)) ++ && STR_NE(host->name, "localhost")) { ++ ++ /* ++ * The gethostbyaddr() and gethostbyname() calls did not return ++ * the same hostname. This could be a nameserver configuration ++ * problem. It could also be that someone is trying to spoof us. ++ */ ++ ++ tcpd_warn("host name/name mismatch: %s != %.*s", ++ host->name, STRING_LENGTH, ++ (res0->ai_canonname == NULL) ? "" : res0->ai_canonname); ++ ++ } else { ++ ++ /* ++ * The address should be a member of the address list returned by ++ * gethostbyname(). We should first verify that the h_addrtype ++ * field is AF_INET, but this program has already caused too much ++ * grief on systems with broken library code. ++ */ ++ ++ for (res = res0; res; res = res->ai_next) { ++ if (res->ai_family != sin->sa_family) ++ continue; ++ switch (res->ai_family) { ++ case AF_INET: ++ rap = (char *)&((struct sockaddr_in *)res->ai_addr)->sin_addr; ++ break; ++ case AF_INET6: ++ /* need to check scope_id */ ++ if (((struct sockaddr_in6 *)sin)->sin6_scope_id != ++ ((struct sockaddr_in6 *)res->ai_addr)->sin6_scope_id) { ++ continue; ++ } ++ rap = (char *)&((struct sockaddr_in6 *)res->ai_addr)->sin6_addr; ++ break; ++ default: ++ continue; ++ } ++ if (memcmp(rap, ap, alen) == 0) { ++ freeaddrinfo(res0); ++ return; /* name is good, keep it */ ++ } ++ } ++ ++ /* ++ * The host name does not map to the initial address. Perhaps ++ * someone has messed up. Perhaps someone compromised a name ++ * server. ++ */ ++ ++ getnameinfo(sin, salen, hname, sizeof(hname), ++ NULL, 0, NI_NUMERICHOST | NI_WITHSCOPEID); ++ tcpd_warn("host name/address mismatch: %s != %.*s", ++ hname, STRING_LENGTH, ++ (res0->ai_canonname == NULL) ? "" : res0->ai_canonname); ++ } ++ strcpy(host->name, paranoid); /* name is bad, clobber it */ ++ if (res0) ++ freeaddrinfo(res0); ++ } ++#else /* INET6 */ + struct sockaddr_in *sin = host->sin; + struct hostent *hp; + int i; +@@ -220,6 +412,7 @@ struct host_info *host; + } + strcpy(host->name, paranoid); /* name is bad, clobber it */ + } ++#endif /* INET6 */ + } + + /* sock_sink - absorb unreceived IP datagram */ +@@ -228,7 +421,11 @@ static void sock_sink(fd) + int fd; + { + char buf[BUFSIZ]; ++#ifdef INET6 ++ struct sockaddr_storage sin; ++#else + struct sockaddr_in sin; ++#endif + int size = sizeof(sin); + + /* +--- a/tcpd.c ++++ b/tcpd.c +@@ -120,7 +120,12 @@ char **argv; + + /* Report request and invoke the real daemon program. */ + ++#ifdef INET6 ++ syslog(allow_severity, "connect from %s (%s)", ++ eval_client(&request), eval_hostaddr(request.client)); ++#else + syslog(allow_severity, "connect from %s", eval_client(&request)); ++#endif + closelog(); + (void) execv(path, argv); + syslog(LOG_ERR, "error: cannot execute %s: %m", path); +--- a/tcpdchk.c ++++ b/tcpdchk.c +@@ -22,6 +22,9 @@ static char sccsid[] = "@(#) tcpdchk.c 1 + + #include + #include ++#ifdef INET6 ++#include ++#endif + #include + #include + #include +@@ -397,6 +400,31 @@ char *pat; + } + } + ++#ifdef INET6 ++static int is_inet6_addr(pat) ++ char *pat; ++{ ++ struct addrinfo hints, *res; ++ int len, ret; ++ char ch; ++ ++ if (*pat != '[') ++ return (0); ++ len = strlen(pat); ++ if ((ch = pat[len - 1]) != ']') ++ return (0); ++ pat[len - 1] = '\0'; ++ memset(&hints, 0, sizeof(hints)); ++ hints.ai_family = AF_INET6; ++ hints.ai_socktype = SOCK_STREAM; ++ hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST; ++ if ((ret = getaddrinfo(pat + 1, NULL, &hints, &res)) == 0) ++ freeaddrinfo(res); ++ pat[len - 1] = ch; ++ return (ret == 0); ++} ++#endif ++ + /* check_host - criticize host pattern */ + + static int check_host(pat) +@@ -423,14 +451,27 @@ char *pat; + #endif + #endif + } else if (mask = split_at(pat, '/')) { /* network/netmask */ ++#ifdef INET6 ++ int mask_len; ++ ++ if ((dot_quad_addr(pat) == INADDR_NONE ++ || dot_quad_addr(mask) == INADDR_NONE) ++ && (!is_inet6_addr(pat) ++ || ((mask_len = atoi(mask)) < 0 || mask_len > 128))) ++#else + if (dot_quad_addr(pat) == INADDR_NONE + || dot_quad_addr(mask) == INADDR_NONE) ++#endif + tcpd_warn("%s/%s: bad net/mask pattern", pat, mask); + } else if (STR_EQ(pat, "FAIL")) { /* obsolete */ + tcpd_warn("FAIL is no longer recognized"); + tcpd_warn("(use EXCEPT or DENY instead)"); + } else if (reserved_name(pat)) { /* other reserved */ + /* void */ ; ++#ifdef INET6 ++ } else if (is_inet6_addr(pat)) { /* IPv6 address */ ++ addr_count = 1; ++#endif + } else if (NOT_INADDR(pat)) { /* internet name */ + if (pat[strlen(pat) - 1] == '.') { + tcpd_warn("%s: domain or host name ends in dot", pat); +--- a/tcpd.h ++++ b/tcpd.h +@@ -11,7 +11,11 @@ + struct host_info { + char name[STRING_LENGTH]; /* access via eval_hostname(host) */ + char addr[STRING_LENGTH]; /* access via eval_hostaddr(host) */ ++#ifdef INET6 ++ struct sockaddr *sin; /* socket address or 0 */ ++#else + struct sockaddr_in *sin; /* socket address or 0 */ ++#endif + struct t_unitdata *unit; /* TLI transport address or 0 */ + struct request_info *request; /* for shared information */ + }; +--- a/tcpdmatch.c ++++ b/tcpdmatch.c +@@ -57,7 +57,11 @@ int main(argc, argv) + int argc; + char **argv; + { ++#ifdef INET6 ++ struct addrinfo hints, *hp, *res; ++#else + struct hostent *hp; ++#endif + char *myname = argv[0]; + char *client; + char *server; +@@ -68,8 +72,13 @@ char **argv; + int ch; + char *inetcf = 0; + int count; ++#ifdef INET6 ++ struct sockaddr_storage server_sin; ++ struct sockaddr_storage client_sin; ++#else + struct sockaddr_in server_sin; + struct sockaddr_in client_sin; ++#endif + struct stat st; + + /* +@@ -172,13 +181,20 @@ char **argv; + if (NOT_INADDR(server) == 0 || HOSTNAME_KNOWN(server)) { + if ((hp = find_inet_addr(server)) == 0) + exit(1); ++#ifndef INET6 + memset((char *) &server_sin, 0, sizeof(server_sin)); + server_sin.sin_family = AF_INET; ++#endif + request_set(&request, RQ_SERVER_SIN, &server_sin, 0); + ++#ifdef INET6 ++ for (res = hp, count = 0; res; res = res->ai_next, count++) { ++ memcpy(&server_sin, res->ai_addr, res->ai_addrlen); ++#else + for (count = 0; (addr = hp->h_addr_list[count]) != 0; count++) { + memcpy((char *) &server_sin.sin_addr, addr, + sizeof(server_sin.sin_addr)); ++#endif + + /* + * Force evaluation of server host name and address. Host name +@@ -194,7 +210,11 @@ char **argv; + fprintf(stderr, "Please specify an address instead\n"); + exit(1); + } ++#ifdef INET6 ++ freeaddrinfo(hp); ++#else + free((char *) hp); ++#endif + } else { + request_set(&request, RQ_SERVER_NAME, server, 0); + } +@@ -208,6 +228,18 @@ char **argv; + tcpdmatch(&request); + exit(0); + } ++#ifdef INET6 ++ memset(&hints, 0, sizeof(hints)); ++ hints.ai_family = AF_INET6; ++ hints.ai_socktype = SOCK_STREAM; ++ hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST; ++ if (getaddrinfo(client, NULL, &hints, &res) == 0) { ++ freeaddrinfo(res); ++ request_set(&request, RQ_CLIENT_ADDR, client, 0); ++ tcpdmatch(&request); ++ exit(0); ++ } ++#endif + + /* + * Perhaps they are testing special client hostname patterns that aren't +@@ -229,6 +261,34 @@ char **argv; + */ + if ((hp = find_inet_addr(client)) == 0) + exit(1); ++#ifdef INET6 ++ request_set(&request, RQ_CLIENT_SIN, &client_sin, 0); ++ ++ for (res = hp, count = 0; res; res = res->ai_next, count++) { ++ memcpy(&client_sin, res->ai_addr, res->ai_addrlen); ++ ++ /* ++ * getnameinfo() doesn't do reverse lookup against link-local ++ * address. So, we pass through host name evaluation against ++ * such addresses. ++ */ ++ if (res->ai_family != AF_INET6 || ++ !IN6_IS_ADDR_LINKLOCAL(&((struct sockaddr_in6 *)res->ai_addr)->sin6_addr)) { ++ /* ++ * Force evaluation of client host name and address. Host name ++ * conflicts will be reported while eval_hostname() does its job. ++ */ ++ request_set(&request, RQ_CLIENT_NAME, "", RQ_CLIENT_ADDR, "", 0); ++ if (STR_EQ(eval_hostname(request.client), unknown)) ++ tcpd_warn("host address %s->name lookup failed", ++ eval_hostaddr(request.client)); ++ } ++ tcpdmatch(&request); ++ if (res->ai_next) ++ printf("\n"); ++ } ++ freeaddrinfo(hp); ++#else + memset((char *) &client_sin, 0, sizeof(client_sin)); + client_sin.sin_family = AF_INET; + request_set(&request, RQ_CLIENT_SIN, &client_sin, 0); +@@ -250,6 +310,7 @@ char **argv; + printf("\n"); + } + free((char *) hp); ++#endif + exit(0); + } + +--- a/tli.c ++++ b/tli.c +@@ -65,8 +65,13 @@ static void tli_sink(); + void tli_host(request) + struct request_info *request; + { ++#ifdef INET6 ++ static struct sockaddr_storage client; ++ static struct sockaddr_storage server; ++#else + static struct sockaddr_in client; + static struct sockaddr_in server; ++#endif + + /* + * If we discover that we are using an IP transport, pretend we never +@@ -76,14 +81,29 @@ struct request_info *request; + + tli_endpoints(request); + if ((request->config = tli_transport(request->fd)) != 0 ++#ifdef INET6 ++ && (STR_EQ(request->config->nc_protofmly, "inet") || ++ STR_EQ(request->config->nc_protofmly, "inet6"))) { ++#else + && STR_EQ(request->config->nc_protofmly, "inet")) { ++#endif + if (request->client->unit != 0) { ++#ifdef INET6 ++ client = *(struct sockaddr_storage *) request->client->unit->addr.buf; ++ request->client->sin = (struct sockaddr *) &client; ++#else + client = *(struct sockaddr_in *) request->client->unit->addr.buf; + request->client->sin = &client; ++#endif + } + if (request->server->unit != 0) { ++#ifdef INET6 ++ server = *(struct sockaddr_storage *) request->server->unit->addr.buf; ++ request->server->sin = (struct sockaddr *) &server; ++#else + server = *(struct sockaddr_in *) request->server->unit->addr.buf; + request->server->sin = &server; ++#endif + } + tli_cleanup(request); + sock_methods(request); +@@ -187,7 +207,15 @@ int fd; + } + while (config = getnetconfig(handlep)) { + if (stat(config->nc_device, &from_config) == 0) { ++#ifdef NO_CLONE_DEVICE ++ /* ++ * If the network devices are not cloned (as is the case for ++ * Solaris 8 Beta), we must compare the major device numbers. ++ */ ++ if (major(from_config.st_rdev) == major(from_client.st_rdev)) ++#else + if (minor(from_config.st_rdev) == major(from_client.st_rdev)) ++#endif + break; + } + } +--- a/update.c ++++ b/update.c +@@ -46,10 +46,18 @@ va_list ap; + request->fd = va_arg(ap, int); + continue; + case RQ_CLIENT_SIN: ++#ifdef INET6 ++ request->client->sin = va_arg(ap, struct sockaddr *); ++#else + request->client->sin = va_arg(ap, struct sockaddr_in *); ++#endif + continue; + case RQ_SERVER_SIN: ++#ifdef INET6 ++ request->server->sin = va_arg(ap, struct sockaddr *); ++#else + request->server->sin = va_arg(ap, struct sockaddr_in *); ++#endif + continue; + + /* +--- a/workarounds.c ++++ b/workarounds.c +@@ -166,11 +166,22 @@ struct sockaddr *sa; + int *len; + { + int ret; ++#ifdef INET6 ++ struct sockaddr *sin = sa; ++#else + struct sockaddr_in *sin = (struct sockaddr_in *) sa; ++#endif + + if ((ret = getpeername(sock, sa, len)) >= 0 ++#ifdef INET6 ++ && ((sin->su_si.si_family == AF_INET6 ++ && IN6_IS_ADDR_UNSPECIFIED(&sin->su_sin6.sin6_addr)) ++ || (sin->su_si.si_family == AF_INET ++ && sin->su_sin.sin_addr.s_addr == 0))) { ++#else + && sa->sa_family == AF_INET + && sin->sin_addr.s_addr == 0) { ++#endif + errno = ENOTCONN; + return (-1); + } else { --- tcp-wrappers-7.6.q.orig/debian/patches/series +++ tcp-wrappers-7.6.q/debian/patches/series @@ -0,0 +1,27 @@ +00_man_quoting.diff +00_man_typos +01_man_portability +05_wildcard_matching +06_fix_gethostbyname +10_usagi-ipv6 +11_tcpd_blacklist +11_usagi_fix +12_makefile_config +13_shlib_weaksym +14_cidr_support +15_match_clarify +aclexec +expand_remote_port +catch-sigchld +fix_warnings +have_strerror +man_fromhost +match_port +restore_sigalarm +rfc931.diff +safe_finger +sig_fix +siglongjmp +size_t +tcpdchk_libwrapped +fix_static --- tcp-wrappers-7.6.q.orig/debian/patches/12_makefile_config +++ tcp-wrappers-7.6.q/debian/patches/12_makefile_config @@ -0,0 +1,81 @@ +diff -ruN tcp_wrappers_7.6.orig/Makefile tcp_wrappers_7.6/Makefile +--- tcp_wrappers_7.6.orig/Makefile 2003-08-21 01:43:39.000000000 +0200 ++++ tcp_wrappers_7.6/Makefile 2003-08-21 01:43:35.000000000 +0200 +@@ -45,7 +45,7 @@ + # + # SysV.4 Solaris 2.x OSF AIX + #REAL_DAEMON_DIR=/usr/sbin +-# ++REAL_DAEMON_DIR=/usr/sbin + # BSD 4.4 + #REAL_DAEMON_DIR=/usr/libexec + # +@@ -512,6 +519,7 @@ + # (examples: allow, deny, banners, twist and spawn). + # + #STYLE = -DPROCESS_OPTIONS # Enable language extensions. ++STYLE = "-DPROCESS_OPTIONS -DACLEXEC" + + ################################################################ + # Optional: Changing the default disposition of logfile records +@@ -535,6 +543,7 @@ + # The LOG_XXX names below are taken from the /usr/include/syslog.h file. + + FACILITY= LOG_MAIL # LOG_MAIL is what most sendmail daemons use ++FACILITY= LOG_DAEMON + + # The syslog priority at which successful connections are logged. + +@@ -631,6 +640,7 @@ + # lookups altogether, see the next section. + + PARANOID= -DPARANOID ++PARANOID= + + ######################################## + # Optional: turning off hostname lookups +@@ -644,6 +654,7 @@ + # mode (see previous section) and comment out the following definition. + + HOSTNAME= -DALWAYS_HOSTNAME ++HOSTNAME= + + ############################################# + # Optional: Turning on host ADDRESS checking +@@ -670,6 +681,7 @@ + # Solaris 2.x, and Linux. See your system documentation for details. + # + # KILL_OPT= -DKILL_IP_OPTIONS ++KILL_OPT= -DKILL_IP_OPTIONS + + ## End configuration options + ############################ +@@ -677,9 +689,10 @@ + # Protection against weird shells or weird make programs. + + SHELL = /bin/sh +-.c.o:; $(CC) $(CFLAGS) -c $*.c ++.c.o:; $(CC) $(CFLAGS) -o $*.o -c $*.c + +-CFLAGS = -O -DFACILITY=$(FACILITY) $(ACCESS) $(PARANOID) $(NETGROUP) \ ++COPTS = -O2 -g ++CFLAGS = $(COPTS) -DFACILITY=$(FACILITY) $(ACCESS) $(PARANOID) $(NETGROUP) \ + $(BUGS) $(SYSTYPE) $(AUTH) $(UMASK) \ + -DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" $(STYLE) $(KILL_OPT) \ + -DSEVERITY=$(SEVERITY) -DRFC931_TIMEOUT=$(RFC931_TIMEOUT) \ +@@ -712,10 +725,11 @@ + + config-check: + @set +e; test -n "$(REAL_DAEMON_DIR)" || { make; exit 1; } +- @set +e; echo $(CFLAGS) >/tmp/cflags.$$$$ ; \ +- if cmp cflags /tmp/cflags.$$$$ ; \ +- then rm /tmp/cflags.$$$$ ; \ +- else mv /tmp/cflags.$$$$ cflags ; \ ++ @set +e; echo $(CFLAGS) >cflags.new ; \ ++ if cmp cflags cflags.new ; \ ++ then rm cflags.new ; \ ++ else mv cflags.new cflags ; \ + fi >/dev/null 2>/dev/null ++ @if [ ! -d shared ]; then mkdir shared; fi + + $(LIB): $(LIB_OBJ) --- tcp-wrappers-7.6.q.orig/debian/patches/05_wildcard_matching +++ tcp-wrappers-7.6.q/debian/patches/05_wildcard_matching @@ -0,0 +1,117 @@ +See https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=17847 +(Though the original code needs to be patched to be case-insensitive.) + +--- a/hosts_access.5 ++++ b/hosts_access.5 +@@ -89,6 +89,10 @@ An expression of the form `n.n.n.n/m.m.m + bitwise AND of the address and the `mask\'. For example, the net/mask + pattern `131.155.72.0/255.255.254.0\' matches every address in the + range `131.155.72.0\' through `131.155.73.255\'. ++.IP \(bu ++Wildcards `*\' and `?\' can be used to match hostnames or IP addresses. This ++method of matching cannot be used in conjunction with `net/mask\' matching, ++hostname matching beginning with `.\' or IP address matching ending with `.\'. + .SH WILDCARDS + The access control language supports explicit wildcards: + .IP ALL +--- a/hosts_access.c ++++ b/hosts_access.c +@@ -82,6 +82,7 @@ static int client_match(); + static int host_match(); + static int string_match(); + static int masked_match(); ++static int match_pattern_ylo(); + + /* Size of logical line buffer. */ + +@@ -289,6 +290,11 @@ char *string; + { + int n; + ++#ifndef DISABLE_WILDCARD_MATCHING ++ if (strchr(tok, '*') || strchr(tok,'?')) { /* contains '*' or '?' */ ++ return (match_pattern_ylo(string,tok)); ++ } else ++#endif + if (tok[0] == '.') { /* suffix */ + n = strlen(string) - strlen(tok); + return (n > 0 && STR_EQ(tok, string + n)); +@@ -329,3 +335,78 @@ char *string; + } + return ((addr & mask) == net); + } ++ ++#ifndef DISABLE_WILDCARD_MATCHING ++/* Note: this feature has been adapted in a pretty straightforward way ++ from Tatu Ylonen's last SSH version under free license by ++ Pekka Savola . ++ ++ Copyright (c) 1995 Tatu Ylonen , Espoo, Finland ++*/ ++ ++/* Returns true if the given string matches the pattern (which may contain ++ ? and * as wildcards), and zero if it does not match. */ ++ ++static int match_pattern_ylo(const char *s, const char *pattern) ++{ ++ char src; ++ char pat; ++ while (1) ++ { ++ /* If at end of pattern, accept if also at end of string. */ ++ if (!*pattern) ++ return !*s; ++ ++ /* Process '*'. */ ++ if (*pattern == '*') ++ { ++ /* Skip the asterisk. */ ++ pattern++; ++ ++ /* If at end of pattern, accept immediately. */ ++ if (!*pattern) ++ return 1; ++ ++ /* If next character in pattern is known, optimize. */ ++ if (*pattern != '?' && *pattern != '*') ++ { ++ /* Look instances of the next character in pattern, and try ++ to match starting from those. */ ++ pat = *pattern; ++ for (; *s; s++) { ++ src = *s; ++ if (toupper(src) == toupper(pat) && ++ match_pattern_ylo(s + 1, pattern + 1)) ++ return 1; ++ } ++ /* Failed. */ ++ return 0; ++ } ++ ++ /* Move ahead one character at a time and try to match at each ++ position. */ ++ for (; *s; s++) ++ if (match_pattern_ylo(s, pattern)) ++ return 1; ++ /* Failed. */ ++ return 0; ++ } ++ ++ /* There must be at least one more character in the string. If we are ++ at the end, fail. */ ++ if (!*s) ++ return 0; ++ ++ /* Check if the next character of the string is acceptable. */ ++ pat = *pattern; ++ src = *s; ++ if (*pattern != '?' && toupper(pat) != toupper(src)) ++ return 0; ++ ++ /* Move to the next character, both in string and in pattern. */ ++ s++; ++ pattern++; ++ } ++ /*NOTREACHED*/ ++} ++#endif /* DISABLE_WILDCARD_MATCHING */ --- tcp-wrappers-7.6.q.orig/debian/patches/11_usagi_fix +++ tcp-wrappers-7.6.q/debian/patches/11_usagi_fix @@ -0,0 +1,45 @@ +diff -uN tcp_wrappers_7.6/hosts_access.c tcp_wrappers_7.6.new/hosts_access.c +--- tcp_wrappers_7.6/hosts_access.c Mon May 20 14:00:56 2002 ++++ tcp_wrappers_7.6.new/hosts_access.c Mon May 20 14:25:05 2002 +@@ -448,6 +448,15 @@ + int len, mask_len, i = 0; + char ch; + ++ /* ++ * Behavior of getaddrinfo() against IPv4-mapped IPv6 address is ++ * different between KAME and Solaris8. While KAME returns ++ * AF_INET6, Solaris8 returns AF_INET. So, we avoid this here. ++ */ ++ if (STRN_EQ(string, "::ffff:", 7) ++ && dot_quad_addr(string + 7) != INADDR_NONE) ++ return (masked_match4(net_tok, mask_tok, string + 7)); ++ + memset(&hints, 0, sizeof(hints)); + hints.ai_family = AF_INET6; + hints.ai_socktype = SOCK_STREAM; +@@ -457,13 +466,6 @@ + memcpy(&addr, res->ai_addr, sizeof(addr)); + freeaddrinfo(res); + +- if (IN6_IS_ADDR_V4MAPPED(&addr.sin6_addr)) { +- if ((*(u_int32_t *)&net.sin6_addr.s6_addr[12] = dot_quad_addr(net_tok)) == INADDR_NONE +- || (mask = dot_quad_addr(mask_tok)) == INADDR_NONE) +- return (NO); +- return ((*(u_int32_t *)&addr.sin6_addr.s6_addr[12] & mask) == *(u_int32_t *)&net.sin6_addr.s6_addr[12]); +- } +- + /* match IPv6 address against netnumber/prefixlen */ + len = strlen(net_tok); + if (*net_tok != '[' || net_tok[len - 1] != ']') +diff -uN tcp_wrappers_7.6/socket.c tcp_wrappers_7.6.new/socket.c +--- tcp_wrappers_7.6/socket.c Mon May 20 13:48:35 2002 ++++ tcp_wrappers_7.6.new/socket.c Mon May 20 14:22:27 2002 +@@ -228,7 +228,7 @@ + hints.ai_family = sin->sa_family; + hints.ai_socktype = SOCK_STREAM; + hints.ai_flags = AI_PASSIVE | AI_CANONNAME | AI_NUMERICHOST; +- if ((err = getaddrinfo(host->name, NULL, &hints, &res0) == 0)) { ++ if ((err = getaddrinfo(host->name, NULL, &hints, &res0)) == 0) { + freeaddrinfo(res0); + res0 = NULL; + tcpd_warn("host name/name mismatch: " --- tcp-wrappers-7.6.q.orig/debian/patches/06_fix_gethostbyname +++ tcp-wrappers-7.6.q/debian/patches/06_fix_gethostbyname @@ -0,0 +1,30 @@ +* Mon Feb 5 2001 Preston Brown +- fix gethostbyname to work better with dot "." notation (#16949) + +--- tcp_wrappers_7.6/socket.c.fixgethostbyname Fri Mar 21 13:27:25 1997 ++++ tcp_wrappers_7.6/socket.c Mon Feb 5 14:09:40 2001 +@@ -52,7 +52,8 @@ + char *name; + { + char dot_name[MAXHOSTNAMELEN + 1]; +- ++ struct hostent *hp; ++ + /* + * Don't append dots to unqualified names. Such names are likely to come + * from local hosts files or from NIS. +@@ -61,8 +62,12 @@ + if (strchr(name, '.') == 0 || strlen(name) >= MAXHOSTNAMELEN - 1) { + return (gethostbyname(name)); + } else { +- sprintf(dot_name, "%s.", name); +- return (gethostbyname(dot_name)); ++ sprintf(dot_name, "%s.", name); ++ hp = gethostbyname(dot_name); ++ if (hp) ++ return hp; ++ else ++ return (gethostbyname(name)); + } + } + --- tcp-wrappers-7.6.q.orig/debian/patches/tcpdchk_libwrapped +++ tcp-wrappers-7.6.q/debian/patches/tcpdchk_libwrapped @@ -0,0 +1,39 @@ +diff -ruN tcp_wrappers_7.6.orig/tcpdchk.c tcp_wrappers_7.6/tcpdchk.c +--- tcp_wrappers_7.6.orig/tcpdchk.c 2003-08-21 02:50:37.000000000 +0200 ++++ tcp_wrappers_7.6/tcpdchk.c 2003-08-21 02:50:33.000000000 +0200 +@@ -53,6 +53,24 @@ + #include "inetcf.h" + #include "scaffold.h" + ++/* list of programs which are known to be linked with libwrap in debian */ ++static const char *const libwrap_programs[] = { ++ "portmap", "mountd", "statd", "ugidd", ++ "redir", "rlinetd", ++ "sshd", ++ "atftpd", ++ "diald", ++ "esound", ++ "gdm", "gnome-session", ++ "icecast", "icecast_admin", "icecast_client", "icecast_source", ++ "mysqld", ++ "ntop", ++ "pptpd", ++ "rquotad", ++ "sendmail", "smail", ++ NULL ++}; ++ + /* + * Stolen from hosts_access.c... + */ +@@ -147,8 +165,8 @@ + /* + * These are not run from inetd but may have built-in access control. + */ +- inet_set("portmap", WR_NOT); +- inet_set("rpcbind", WR_NOT); ++ for (c = 0; libwrap_programs[c]; c++) ++ inet_set(libwrap_programs[c], WR_YES); + + /* + * Check accessibility of access control files. --- tcp-wrappers-7.6.q.orig/debian/patches/15_match_clarify +++ tcp-wrappers-7.6.q/debian/patches/15_match_clarify @@ -0,0 +1,12 @@ +diff -ruN tcp_wrappers_7.6.orig/hosts_access.5 tcp_wrappers_7.6/hosts_access.5 +--- tcp_wrappers_7.6.orig/hosts_access.5 2004-04-25 12:17:59.000000000 +0200 ++++ tcp_wrappers_7.6/hosts_access.5 2004-04-25 12:17:53.000000000 +0200 +@@ -89,6 +89,8 @@ + bitwise AND of the address and the `mask\'. For example, the net/mask + pattern `131.155.72.0/255.255.254.0\' matches every address in the + range `131.155.72.0\' through `131.155.73.255\'. ++`255.255.255.255\' is not a valid mask value, so a single host can be ++matched just by its IP. + .IP \(bu + An expression of the form `n.n.n.n/mm' is interpreted as a + `net/masklength' pair, where `mm' is the number of consecutive `1' --- tcp-wrappers-7.6.q.orig/debian/patches/rfc931.diff +++ tcp-wrappers-7.6.q/debian/patches/rfc931.diff @@ -0,0 +1,39 @@ +diff -ruNp tcp_wrappers_7.6.orig/scaffold.c tcp_wrappers_7.6/scaffold.c +--- tcp_wrappers_7.6.orig/scaffold.c 2005-03-09 18:22:04.000000000 +0100 ++++ tcp_wrappers_7.6/scaffold.c 2005-03-09 18:20:47.000000000 +0100 +@@ -237,10 +237,17 @@ struct request_info *request; + + /* ARGSUSED */ + +-void rfc931(request) +-struct request_info *request; ++void rfc931(rmt_sin, our_sin, dest) ++#ifdef INET6 ++struct sockaddr *rmt_sin; ++struct sockaddr *our_sin; ++#else ++struct sockaddr_in *rmt_sin; ++struct sockaddr_in *our_sin; ++#endif ++char *dest; + { +- strcpy(request->user, unknown); ++ strcpy(dest, unknown); + } + + /* check_path - examine accessibility */ +diff -ruNp tcp_wrappers_7.6.orig/tcpd.h tcp_wrappers_7.6/tcpd.h +--- tcp_wrappers_7.6.orig/tcpd.h 2005-03-09 18:22:04.000000000 +0100 ++++ tcp_wrappers_7.6/tcpd.h 2005-03-09 18:21:23.000000000 +0100 +@@ -83,7 +83,11 @@ extern int hosts_access(struct request_i + extern void shell_cmd(char *); /* execute shell command */ + extern char *percent_x(char *, int, char *, struct request_info *); + /* do % expansion */ ++#ifdef INET6 + extern void rfc931(struct sockaddr *, struct sockaddr *, char *); ++#else ++extern void rfc931(struct sockaddr_in *, struct sockaddr_in *, char *); ++#endif + /* client name from RFC 931 daemon */ + extern void clean_exit(struct request_info *); /* clean up and exit */ + extern void refuse(struct request_info *); /* clean up and exit */ --- tcp-wrappers-7.6.q.orig/debian/patches/14_cidr_support +++ tcp-wrappers-7.6.q/debian/patches/14_cidr_support @@ -0,0 +1,66 @@ +diff -ruN tcp_wrappers_7.6.orig/hosts_access.5 tcp_wrappers_7.6/hosts_access.5 +--- tcp_wrappers_7.6.orig/hosts_access.5 2003-08-21 03:15:36.000000000 +0200 ++++ tcp_wrappers_7.6/hosts_access.5 2003-08-21 03:15:31.000000000 +0200 +@@ -90,6 +90,10 @@ + pattern `131.155.72.0/255.255.254.0\' matches every address in the + range `131.155.72.0\' through `131.155.73.255\'. + .IP \(bu ++An expression of the form `n.n.n.n/mm' is interpreted as a ++`net/masklength' pair, where `mm' is the number of consecutive `1' ++bits in the netmask applied to the `n.n.n.n' address. ++.IP \(bu + An expression of the form `[n:n:n:n:n:n:n:n]/m\' is interpreted as a + `[net]/prefixlen\' pair. An IPv6 host address is matched if + `prefixlen\' bits of `net\' is equal to the `prefixlen\' bits of the +diff -ruN tcp_wrappers_7.6.orig/hosts_access.c tcp_wrappers_7.6/hosts_access.c +--- tcp_wrappers_7.6.orig/hosts_access.c 2003-08-21 03:15:36.000000000 +0200 ++++ tcp_wrappers_7.6/hosts_access.c 2003-08-21 03:09:30.000000000 +0200 +@@ -417,7 +417,8 @@ + if ((addr = dot_quad_addr(string)) == INADDR_NONE) + return (NO); + if ((net = dot_quad_addr(net_tok)) == INADDR_NONE +- || (mask = dot_quad_addr(mask_tok)) == INADDR_NONE) { ++ || ((mask = dot_quad_addr(mask_tok)) == INADDR_NONE ++ && (mask = cidr_mask_addr(mask_tok)) == 0)) { + #ifndef INET6 + tcpd_warn("bad net/mask expression: %s/%s", net_tok, mask_tok); + #endif +diff -ruN tcp_wrappers_7.6.orig/misc.c tcp_wrappers_7.6/misc.c +--- tcp_wrappers_7.6.orig/misc.c 2003-08-21 03:15:36.000000000 +0200 ++++ tcp_wrappers_7.6/misc.c 2003-08-21 03:09:30.000000000 +0200 +@@ -107,3 +107,17 @@ + } + return (runs == 4 ? inet_addr(str) : INADDR_NONE); + } ++ ++/* cidr_mask_addr - convert cidr netmask length to internal form */ ++ ++unsigned long cidr_mask_addr(str) ++char *str; ++{ ++ int maskbits; ++ ++ maskbits = atoi(str); ++ if (maskbits < 1 || maskbits > 32) ++ return (0); ++ return htonl(0xFFFFFFFF << (32 - maskbits)); ++} ++ +diff -ruN tcp_wrappers_7.6.orig/tcpdchk.c tcp_wrappers_7.6/tcpdchk.c +--- tcp_wrappers_7.6.orig/tcpdchk.c 2003-08-21 03:15:36.000000000 +0200 ++++ tcp_wrappers_7.6/tcpdchk.c 2003-08-21 03:09:30.000000000 +0200 +@@ -497,12 +497,12 @@ + int mask_len; + + if ((dot_quad_addr(pat) == INADDR_NONE +- || dot_quad_addr(mask) == INADDR_NONE) ++ || dot_quad_addr(mask) == INADDR_NONE && cidr_mask_addr(mask) == 0) + && (!is_inet6_addr(pat) + || ((mask_len = atoi(mask)) < 0 || mask_len > 128))) + #else + if (dot_quad_addr(pat) == INADDR_NONE +- || dot_quad_addr(mask) == INADDR_NONE) ++ || dot_quad_addr(mask) == INADDR_NONE && cidr_mask_addr(mask) == 0) + #endif + tcpd_warn("%s/%s: bad net/mask pattern", pat, mask); + } else if (STR_EQ(pat, "FAIL")) { /* obsolete */ --- tcp-wrappers-7.6.q.orig/debian/patches/11_tcpd_blacklist +++ tcp-wrappers-7.6.q/debian/patches/11_tcpd_blacklist @@ -0,0 +1,151 @@ +Path: news.porcupine.org!news.porcupine.org!not-for-mail +From: Wietse Venema +Newsgroups: comp.mail.sendmail,comp.security.unix +Subject: TCP Wrapper Blacklist Extension +Followup-To: poster +Date: 8 Sep 1997 18:53:13 -0400 +Organization: Wietse's hangout while on sabattical in the USA +Lines: 147 +Sender: wietse@spike.porcupine.org +Message-ID: <5v1vkp$h4f$1@spike.porcupine.org> +NNTP-Posting-Host: spike.porcupine.org +Xref: news.porcupine.org comp.mail.sendmail:3541 comp.security.unix:7158 + +The patch below adds a new host pattern to the TCP Wrapper access +control language. Instead of a host name or address pattern, you +can specify an external /file/name with host name or address +patterns. The feature can be used recursively. + +The /file/name extension makes it easy to blacklist bad sites, for +example, to block unwanted electronic mail when libwrap is linked +into sendmail. Adding hosts to a simple text file is much easier +than having to edit a more complex hosts.allow/deny file. + +I developed this a year or so ago as a substitute for NIS netgroups. +At that time, I did not consider it of sufficient interest for +inclusion in the TCP Wrapper distribution. How times have changed. + +The patch is relative to TCP Wrappers version 7.6. The main archive +site is ftp://ftp.win.tue.nl/pub/security/tcp_wrappers_7.6.tar.gz + +Thanks to the Debian LINUX folks for expressing their interest in +this patch. + + Wietse + + +[diff updated by Md] + +diff -ruN tcp_wrappers_7.6.orig/hosts_access.5 tcp_wrappers_7.6/hosts_access.5 +--- tcp_wrappers_7.6.orig/hosts_access.5 2004-04-10 19:28:09.000000000 +0200 ++++ tcp_wrappers_7.6/hosts_access.5 2004-04-10 19:28:01.000000000 +0200 +@@ -97,6 +97,13 @@ + `[3ffe:505:2:1::]/64\' matches every address in the range + `3ffe:505:2:1::\' through `3ffe:505:2:1:ffff:ffff:ffff:ffff\'. + .IP \(bu ++A string that begins with a `/\' character is treated as a file ++name. A host name or address is matched if it matches any host name ++or address pattern listed in the named file. The file format is ++zero or more lines with zero or more host name or address patterns ++separated by whitespace. A file name pattern can be used anywhere ++a host name or address pattern can be used. ++.IP \(bu + Wildcards `*\' and `?\' can be used to match hostnames or IP addresses. This + method of matching cannot be used in conjunction with `net/mask\' matching, + hostname matching beginning with `.\' or IP address matching ending with `.\'. +diff -ruN tcp_wrappers_7.6.orig/hosts_access.c tcp_wrappers_7.6/hosts_access.c +--- tcp_wrappers_7.6.orig/hosts_access.c 2004-04-10 19:28:09.000000000 +0200 ++++ tcp_wrappers_7.6/hosts_access.c 2004-04-10 19:27:05.000000000 +0200 +@@ -253,6 +253,26 @@ + } + } + ++/* hostfile_match - look up host patterns from file */ ++ ++static int hostfile_match(path, host) ++char *path; ++struct hosts_info *host; ++{ ++ char tok[BUFSIZ]; ++ int match = NO; ++ FILE *fp; ++ ++ if ((fp = fopen(path, "r")) != 0) { ++ while (fscanf(fp, "%s", tok) == 1 && !(match = host_match(tok, host))) ++ /* void */ ; ++ fclose(fp); ++ } else if (errno != ENOENT) { ++ tcpd_warn("open %s: %m", path); ++ } ++ return (match); ++} ++ + /* host_match - match host name and/or address against pattern */ + + static int host_match(tok, host) +@@ -280,6 +300,8 @@ + tcpd_warn("netgroup support is disabled"); /* not tcpd_jump() */ + return (NO); + #endif ++ } else if (tok[0] == '/') { /* /file hack */ ++ return (hostfile_match(tok, host)); + } else if (STR_EQ(tok, "KNOWN")) { /* check address and name */ + char *name = eval_hostname(host); + return (STR_NE(eval_hostaddr(host), unknown) && HOSTNAME_KNOWN(name)); +diff -ruN tcp_wrappers_7.6.orig/tcpdchk.c tcp_wrappers_7.6/tcpdchk.c +--- tcp_wrappers_7.6.orig/tcpdchk.c 2004-04-10 19:28:09.000000000 +0200 ++++ tcp_wrappers_7.6/tcpdchk.c 2004-04-10 19:27:05.000000000 +0200 +@@ -353,6 +353,8 @@ + { + if (pat[0] == '@') { + tcpd_warn("%s: daemon name begins with \"@\"", pat); ++ } else if (pat[0] == '/') { ++ tcpd_warn("%s: daemon name begins with \"/\"", pat); + } else if (pat[0] == '.') { + tcpd_warn("%s: daemon name begins with dot", pat); + } else if (pat[strlen(pat) - 1] == '.') { +@@ -385,6 +387,8 @@ + { + if (pat[0] == '@') { /* @netgroup */ + tcpd_warn("%s: user name begins with \"@\"", pat); ++ } else if (pat[0] == '/') { ++ tcpd_warn("%s: user name begins with \"/\"", pat); + } else if (pat[0] == '.') { + tcpd_warn("%s: user name begins with dot", pat); + } else if (pat[strlen(pat) - 1] == '.') { +@@ -430,8 +434,13 @@ + static int check_host(pat) + char *pat; + { ++ char buf[BUFSIZ]; + char *mask; + int addr_count = 1; ++ FILE *fp; ++ struct tcpd_context saved_context; ++ char *cp; ++ char *wsp = " \t\r\n"; + + if (pat[0] == '@') { /* @netgroup */ + #ifdef NO_NETGRENT +@@ -450,6 +459,21 @@ + tcpd_warn("netgroup support disabled"); + #endif + #endif ++ } else if (pat[0] == '/') { /* /path/name */ ++ if ((fp = fopen(pat, "r")) != 0) { ++ saved_context = tcpd_context; ++ tcpd_context.file = pat; ++ tcpd_context.line = 0; ++ while (fgets(buf, sizeof(buf), fp)) { ++ tcpd_context.line++; ++ for (cp = strtok(buf, wsp); cp; cp = strtok((char *) 0, wsp)) ++ check_host(cp); ++ } ++ tcpd_context = saved_context; ++ fclose(fp); ++ } else if (errno != ENOENT) { ++ tcpd_warn("open %s: %m", pat); ++ } + } else if (mask = split_at(pat, '/')) { /* network/netmask */ + #ifdef INET6 + int mask_len; --- tcp-wrappers-7.6.q.orig/debian/patches/fix_static +++ tcp-wrappers-7.6.q/debian/patches/fix_static @@ -0,0 +1,11 @@ +--- a/workarounds.c ++++ b/workarounds.c +@@ -8,7 +8,7 @@ + */ + + #ifndef lint +-char sccsid[] = "@(#) workarounds.c 1.6 96/03/19 16:22:25"; ++static char sccsid[] = "@(#) workarounds.c 1.6 96/03/19 16:22:25"; + #endif + + #include --- tcp-wrappers-7.6.q.orig/debian/patches/size_t +++ tcp-wrappers-7.6.q/debian/patches/size_t @@ -0,0 +1,42 @@ +diff -ruN tcp_wrappers_7.6.orig/fix_options.c tcp_wrappers_7.6/fix_options.c +--- tcp_wrappers_7.6.orig/fix_options.c 2003-08-21 03:41:33.000000000 +0200 ++++ tcp_wrappers_7.6/fix_options.c 2003-08-21 03:41:27.000000000 +0200 +@@ -38,7 +38,11 @@ + #ifdef IP_OPTIONS + unsigned char optbuf[BUFFER_SIZE / 3], *cp; + char lbuf[BUFFER_SIZE], *lp; ++#ifdef __GLIBC__ ++ size_t optsize = sizeof(optbuf), ipproto; ++#else + int optsize = sizeof(optbuf), ipproto; ++#endif + struct protoent *ip; + int fd = request->fd; + unsigned int opt; +diff -ruN tcp_wrappers_7.6.orig/socket.c tcp_wrappers_7.6/socket.c +--- tcp_wrappers_7.6.orig/socket.c 2003-08-21 03:41:33.000000000 +0200 ++++ tcp_wrappers_7.6/socket.c 2003-08-21 03:40:51.000000000 +0200 +@@ -90,7 +90,11 @@ + static struct sockaddr_in client; + static struct sockaddr_in server; + #endif ++#ifdef __GLIBC__ ++ size_t len; ++#else + int len; ++#endif + char buf[BUFSIZ]; + int fd = request->fd; + +@@ -421,7 +425,11 @@ + #else + struct sockaddr_in sin; + #endif ++#ifdef __GLIBC__ ++ size_t size = sizeof(sin); ++#else + int size = sizeof(sin); ++#endif + + /* + * Eat up the not-yet received datagram. Some systems insist on a --- tcp-wrappers-7.6.q.orig/debian/patches/safe_finger +++ tcp-wrappers-7.6.q/debian/patches/safe_finger @@ -0,0 +1,29 @@ +--- tcp-wrappers-7.6-ipv6.1.orig/safe_finger.c ++++ tcp-wrappers-7.6-ipv6.1/safe_finger.c +@@ -26,21 +26,24 @@ + #include + #include + #include ++#include + + extern void exit(); + + /* Local stuff */ + +-char path[] = "PATH=/bin:/usr/bin:/usr/ucb:/usr/bsd:/etc:/usr/etc:/usr/sbin"; ++char path[] = "PATH=/bin:/usr/bin:/sbin:/usr/sbin"; + + #define TIME_LIMIT 60 /* Do not keep listinging forever */ + #define INPUT_LENGTH 100000 /* Do not keep listinging forever */ + #define LINE_LENGTH 128 /* Editors can choke on long lines */ + #define FINGER_PROGRAM "finger" /* Most, if not all, UNIX systems */ + #define UNPRIV_NAME "nobody" /* Preferred privilege level */ +-#define UNPRIV_UGID 32767 /* Default uid and gid */ ++#define UNPRIV_UGID 65534 /* Default uid and gid */ + + int finger_pid; ++int allow_severity = SEVERITY; ++int deny_severity = LOG_WARNING; + + void cleanup(sig) + int sig; --- tcp-wrappers-7.6.q.orig/debian/patches/man_fromhost +++ tcp-wrappers-7.6.q/debian/patches/man_fromhost @@ -0,0 +1,21 @@ +diff -ruN tcp_wrappers_7.6.orig/hosts_access.3 tcp_wrappers_7.6/hosts_access.3 +--- tcp_wrappers_7.6.orig/hosts_access.3 2004-04-25 00:10:48.000000000 +0200 ++++ tcp_wrappers_7.6/hosts_access.3 2004-04-25 00:09:36.000000000 +0200 +@@ -14,6 +14,9 @@ + struct request_info *request_set(request, key, value, ..., 0) + struct request_info *request; + ++void fromhost(request) ++struct request_info *request; ++ + int hosts_access(request) + struct request_info *request; + +@@ -60,6 +63,7 @@ + is available, host names and client user names are looked up on demand, + using the request structure as a cache. hosts_access() returns zero if + access should be denied. ++fromhost() must be called before hosts_access(). + .PP + hosts_ctl() is a wrapper around the request_init() and hosts_access() + routines with a perhaps more convenient interface (though it does not --- tcp-wrappers-7.6.q.orig/debian/patches/13_shlib_weaksym +++ tcp-wrappers-7.6.q/debian/patches/13_shlib_weaksym @@ -0,0 +1,257 @@ +--- a/Makefile ++++ b/Makefile +@@ -150,15 +150,15 @@ netbsd: + + linux: + @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ +- LIBS=-lnsl RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \ ++ LIBS=-lnsl RANLIB=ranlib ARFLAGS=rv AUX_OBJ=weak_symbols.o \ + NETGROUP="-DNETGROUP" TLI= VSYSLOG= BUGS= \ +- EXTRA_CFLAGS="-DSYS_ERRLIST_DEFINED -DHAVE_STRERROR -DINET6=1 -Dss_family=__ss_family -Dss_len=__ss_len" all ++ EXTRA_CFLAGS="-DSYS_ERRLIST_DEFINED -DHAVE_STRERROR -DHAVE_WEAKSYMS -D_REENTRANT -DINET6=1 -Dss_family=__ss_family -Dss_len=__ss_len" all + + gnu: + @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \ +- LIBS=-lnsl RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \ ++ LIBS=-lnsl RANLIB=ranlib ARFLAGS=rv AUX_OBJ=weak_symbols.o \ + NETGROUP=-DNETGROUP TLI= VSYSLOG= BUGS= \ +- EXTRA_CFLAGS="-DSYS_ERRLIST_DEFINED -DHAVE_STRERROR" all ++ EXTRA_CFLAGS="-DSYS_ERRLIST_DEFINED -DHAVE_STRERROR -DHAVE_WEAKSYMS -D_REENTRANT" all + + # This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x. + hpux hpux8 hpux9 hpux10: +@@ -713,7 +713,22 @@ KIT = README miscd.c tcpd.c fromhost.c h + + LIB = libwrap.a + +-all other: config-check tcpd tcpdmatch try-from safe_finger tcpdchk ++shared/%.o: %.c ++ $(CC) $(CFLAGS) $(SHCFLAGS) -c $< -o $@ ++ ++SOMAJOR = 0 ++SOMINOR = 7.6 ++ ++SHLIB = shared/libwrap.so.$(SOMAJOR).$(SOMINOR) ++SHLIBSOMAJ = shared/libwrap.so.$(SOMAJOR) ++SHLIBSO = shared/libwrap.so ++SHLIBFLAGS = -Lshared -lwrap ++ ++SHLINKFLAGS = -fpic -shared -Wl,-soname,libwrap.so.$(SOMAJOR) -Wl,--version-script=libwrap.lds $(LIBS) ++SHCFLAGS = -fpic -shared -D_REENTRANT ++SHLIB_OBJ= $(addprefix shared/, $(LIB_OBJ)); ++ ++all other: config-check tcpd tcpdmatch try-from safe_finger tcpdchk $(LIB) + + # Invalidate all object files when the compiler options (CFLAGS) have changed. + +@@ -731,27 +746,33 @@ $(LIB): $(LIB_OBJ) + $(AR) $(ARFLAGS) $(LIB) $(LIB_OBJ) + -$(RANLIB) $(LIB) + +-tcpd: tcpd.o $(LIB) +- $(CC) $(CFLAGS) -o $@ tcpd.o $(LIB) $(LIBS) ++$(SHLIB): libwrap.lds $(SHLIB_OBJ) ++ rm -f $(SHLIB) ++ $(CC) -o $(SHLIB) $(SHLINKFLAGS) $(SHLIB_OBJ) ++ ln -sf $(notdir $(SHLIB)) $(SHLIBSOMAJ) ++ ln -sf $(notdir $(SHLIBSOMAJ)) $(SHLIBSO) ++ ++tcpd: tcpd.o $(SHLIB) ++ $(CC) $(CFLAGS) -o $@ tcpd.o $(SHLIBFLAGS) + + miscd: miscd.o $(LIB) + $(CC) $(CFLAGS) -o $@ miscd.o $(LIB) $(LIBS) + +-safe_finger: safe_finger.o $(LIB) +- $(CC) $(CFLAGS) -o $@ safe_finger.o $(LIB) $(LIBS) ++safe_finger: safe_finger.o ++ $(CC) $(CFLAGS) -o $@ safe_finger.o + + TCPDMATCH_OBJ = tcpdmatch.o fakelog.o inetcf.o scaffold.o + +-tcpdmatch: $(TCPDMATCH_OBJ) $(LIB) +- $(CC) $(CFLAGS) -o $@ $(TCPDMATCH_OBJ) $(LIB) $(LIBS) ++tcpdmatch: $(TCPDMATCH_OBJ) $(SHLIB) ++ $(CC) $(CFLAGS) -o $@ $(TCPDMATCH_OBJ) $(SHLIBFLAGS) + +-try-from: try-from.o fakelog.o $(LIB) +- $(CC) $(CFLAGS) -o $@ try-from.o fakelog.o $(LIB) $(LIBS) ++try-from: try-from.o fakelog.o $(SHLIB) ++ $(CC) $(CFLAGS) -o $@ try-from.o fakelog.o $(SHLIBFLAGS) + + TCPDCHK_OBJ = tcpdchk.o fakelog.o inetcf.o scaffold.o + +-tcpdchk: $(TCPDCHK_OBJ) $(LIB) +- $(CC) $(CFLAGS) -o $@ $(TCPDCHK_OBJ) $(LIB) $(LIBS) ++tcpdchk: $(TCPDCHK_OBJ) $(SHLIB) ++ $(CC) $(CFLAGS) -o $@ $(TCPDCHK_OBJ) $(SHLIBFLAGS) + + shar: $(KIT) + @shar $(KIT) +@@ -767,7 +788,9 @@ archive: + + clean: + rm -f tcpd miscd safe_finger tcpdmatch tcpdchk try-from *.[oa] core \ ++ libwrap*.so* \ + cflags ++ rm -rf shared/ + + tidy: clean + chmod -R a+r . +@@ -913,5 +936,6 @@ update.o: cflags + update.o: mystdarg.h + update.o: tcpd.h + vfprintf.o: cflags ++weak_symbols.o: tcpd.h + workarounds.o: cflags + workarounds.o: tcpd.h +--- a/tcpd.h ++++ b/tcpd.h +@@ -4,6 +4,15 @@ + * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. + */ + ++#ifndef _TCPWRAPPERS_TCPD_H ++#define _TCPWRAPPERS_TCPD_H ++ ++/* Need definitions of struct sockaddr_in and FILE. */ ++#include ++#include ++ ++__BEGIN_DECLS ++ + /* Structure to describe one communications endpoint. */ + + #define STRING_LENGTH 128 /* hosts, users, processes */ +@@ -29,10 +38,10 @@ struct request_info { + char pid[10]; /* access via eval_pid(request) */ + struct host_info client[1]; /* client endpoint info */ + struct host_info server[1]; /* server endpoint info */ +- void (*sink) (); /* datagram sink function or 0 */ +- void (*hostname) (); /* address to printable hostname */ +- void (*hostaddr) (); /* address to printable address */ +- void (*cleanup) (); /* cleanup function or 0 */ ++ void (*sink) (int); /* datagram sink function or 0 */ ++ void (*hostname) (struct host_info *); /* address to printable hostname */ ++ void (*hostaddr) (struct host_info *); /* address to printable address */ ++ void (*cleanup) (struct request_info *); /* cleanup function or 0 */ + struct netconfig *config; /* netdir handle */ + }; + +@@ -70,20 +79,27 @@ extern void fromhost(); /* get/validat + #define fromhost sock_host /* no TLI support needed */ + #endif + +-extern int hosts_access(); /* access control */ +-extern void shell_cmd(); /* execute shell command */ +-extern char *percent_x(); /* do % expansion */ +-extern void rfc931(); /* client name from RFC 931 daemon */ +-extern void clean_exit(); /* clean up and exit */ +-extern void refuse(); /* clean up and exit */ +-extern char *xgets(); /* fgets() on steroids */ +-extern char *split_at(); /* strchr() and split */ +-extern unsigned long dot_quad_addr(); /* restricted inet_addr() */ ++extern int hosts_access(struct request_info *request); /* access control */ ++extern void shell_cmd(char *); /* execute shell command */ ++extern char *percent_x(char *, int, char *, struct request_info *); ++ /* do % expansion */ ++extern void rfc931(struct sockaddr *, struct sockaddr *, char *); ++ /* client name from RFC 931 daemon */ ++extern void clean_exit(struct request_info *); /* clean up and exit */ ++extern void refuse(struct request_info *); /* clean up and exit */ ++extern char *xgets(char *, int, FILE *); /* fgets() on steroids */ ++extern char *split_at(char *, int); /* strchr() and split */ ++extern unsigned long dot_quad_addr(char *); /* restricted inet_addr() */ + + /* Global variables. */ + ++#ifdef HAVE_WEAKSYMS ++extern int allow_severity __attribute__ ((weak)); /* for connection logging */ ++extern int deny_severity __attribute__ ((weak)); /* for connection logging */ ++#else + extern int allow_severity; /* for connection logging */ + extern int deny_severity; /* for connection logging */ ++#endif + extern char *hosts_allow_table; /* for verification mode redirection */ + extern char *hosts_deny_table; /* for verification mode redirection */ + extern int hosts_access_verbose; /* for verbose matching mode */ +@@ -98,6 +114,8 @@ extern int resident; /* > 0 if residen + #ifdef __STDC__ + extern struct request_info *request_init(struct request_info *,...); + extern struct request_info *request_set(struct request_info *,...); ++extern int hosts_ctl(char *daemon, char *client_name, char *client_addr, ++ char *client_user); + #else + extern struct request_info *request_init(); /* initialize request */ + extern struct request_info *request_set(); /* update request structure */ +@@ -121,20 +139,23 @@ extern struct request_info *request_set( + * host_info structures serve as caches for the lookup results. + */ + +-extern char *eval_user(); /* client user */ +-extern char *eval_hostname(); /* printable hostname */ +-extern char *eval_hostaddr(); /* printable host address */ +-extern char *eval_hostinfo(); /* host name or address */ +-extern char *eval_client(); /* whatever is available */ +-extern char *eval_server(); /* whatever is available */ ++extern char *eval_user(struct request_info *); /* client user */ ++extern char *eval_hostname(struct host_info *); /* printable hostname */ ++extern char *eval_hostaddr(struct host_info *); /* printable host address */ ++extern char *eval_hostinfo(struct host_info *); /* host name or address */ ++extern char *eval_client(struct request_info *);/* whatever is available */ ++extern char *eval_server(struct request_info *);/* whatever is available */ + #define eval_daemon(r) ((r)->daemon) /* daemon process name */ + #define eval_pid(r) ((r)->pid) /* process id */ + + /* Socket-specific methods, including DNS hostname lookups. */ + +-extern void sock_host(); /* look up endpoint addresses */ +-extern void sock_hostname(); /* translate address to hostname */ +-extern void sock_hostaddr(); /* address to printable address */ ++/* look up endpoint addresses */ ++extern void sock_host(struct request_info *); ++/* translate address to hostname */ ++extern void sock_hostname(struct host_info *); ++/* address to printable address */ ++extern void sock_hostaddr(struct host_info *); + #define sock_methods(r) \ + { (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; } + +@@ -182,7 +203,7 @@ extern struct tcpd_context tcpd_context; + * behavior. + */ + +-extern void process_options(); /* execute options */ ++extern void process_options(char *, struct request_info *);/* execute options */ + extern int dry_run; /* verification flag */ + + /* Bug workarounds. */ +@@ -221,3 +242,7 @@ extern char *fix_strtok(); + #define strtok my_strtok + extern char *my_strtok(); + #endif ++ ++__END_DECLS ++ ++#endif +--- /dev/null ++++ b/weak_symbols.c +@@ -0,0 +1,11 @@ ++ /* ++ * @(#) weak_symbols.h 1.5 99/12/29 23:50 ++ * ++ * Author: Anthony Towns ++ */ ++ ++#ifdef HAVE_WEAKSYMS ++#include ++int deny_severity = LOG_WARNING; ++int allow_severity = SEVERITY; ++#endif +--- /dev/null ++++ b/libwrap.lds +@@ -0,0 +1,4 @@ ++{ ++ local: ++ aclexec_matched; ++}; --- tcp-wrappers-7.6.q.orig/debian/patches/00_man_typos +++ tcp-wrappers-7.6.q/debian/patches/00_man_typos @@ -0,0 +1,36 @@ +diff -ruNp tcp_wrappers_7.6.orig/hosts_access.5 tcp_wrappers_7.6/hosts_access.5 +--- tcp_wrappers_7.6.orig/hosts_access.5 2007-07-29 19:46:22.000000000 +0200 ++++ tcp_wrappers_7.6/hosts_access.5 2007-07-29 19:46:16.000000000 +0200 +@@ -12,7 +12,7 @@ An extended version of the access contro + \fIhosts_options\fR(5) document. The extensions are turned on at + program build time by building with -DPROCESS_OPTIONS. + .PP +-In the following text, \fIdaemon\fR is the the process name of a ++In the following text, \fIdaemon\fR is the process name of a + network daemon process, and \fIclient\fR is the name and/or address of + a host requesting service. Network daemon process names are specified + in the inetd configuration file. +diff -ruNp tcp_wrappers_7.6.orig/tcpdchk.8 tcp_wrappers_7.6/tcpdchk.8 +--- tcp_wrappers_7.6.orig/tcpdchk.8 1995-01-08 17:00:31.000000000 +0100 ++++ tcp_wrappers_7.6/tcpdchk.8 2007-07-29 19:46:01.000000000 +0200 +@@ -1,7 +1,7 @@ + .TH TCPDCHK 8 + .SH NAME + tcpdchk \- tcp wrapper configuration checker +-.SH SYNOPSYS ++.SH SYNOPSIS + tcpdchk [-a] [-d] [-i inet_conf] [-v] + .SH DESCRIPTION + .PP +diff -ruNp tcp_wrappers_7.6.orig/tcpdmatch.8 tcp_wrappers_7.6/tcpdmatch.8 +--- tcp_wrappers_7.6.orig/tcpdmatch.8 2007-07-29 19:46:22.000000000 +0200 ++++ tcp_wrappers_7.6/tcpdmatch.8 2007-07-29 19:46:01.000000000 +0200 +@@ -1,7 +1,7 @@ + .TH TCPDMATCH 8 + .SH NAME + tcpdmatch \- tcp wrapper oracle +-.SH SYNOPSYS ++.SH SYNOPSIS + tcpdmatch [-d] [-i inet_conf] daemon client + .sp + tcpdmatch [-d] [-i inet_conf] daemon[@server] [user@]client --- tcp-wrappers-7.6.q.orig/debian/patches/00_man_quoting.diff +++ tcp-wrappers-7.6.q/debian/patches/00_man_quoting.diff @@ -0,0 +1,75 @@ +diff -ruN tcp_wrappers_7.6.orig/hosts_access.5 tcp_wrappers_7.6/hosts_access.5 +--- tcp_wrappers_7.6.orig/hosts_access.5 1995-01-30 19:51:47.000000000 +0100 ++++ tcp_wrappers_7.6/hosts_access.5 2004-04-09 16:59:45.000000000 +0200 +@@ -173,7 +173,7 @@ + Patterns like these can be used when the machine has different internet + addresses with different internet hostnames. Service providers can use + this facility to offer FTP, GOPHER or WWW archives with internet names +-that may even belong to different organizations. See also the `twist' ++that may even belong to different organizations. See also the `twist\' + option in the hosts_options(5) document. Some systems (Solaris, + FreeBSD) can have more than one internet address on one physical + interface; with other systems you may have to resort to SLIP or PPP +@@ -236,10 +236,10 @@ + Before accepting a client request, the wrappers can use the IDENT + service to find out that the client did not send the request at all. + When the client host provides IDENT service, a negative IDENT lookup +-result (the client matches `UNKNOWN@host') is strong evidence of a host ++result (the client matches `UNKNOWN@host\') is strong evidence of a host + spoofing attack. + .PP +-A positive IDENT lookup result (the client matches `KNOWN@host') is ++A positive IDENT lookup result (the client matches `KNOWN@host\') is + less trustworthy. It is possible for an intruder to spoof both the + client connection and the IDENT lookup, although doing so is much + harder than spoofing just a client connection. It may also be that +diff -ruN tcp_wrappers_7.6.orig/hosts_options.5 tcp_wrappers_7.6/hosts_options.5 +--- tcp_wrappers_7.6.orig/hosts_options.5 1994-12-28 17:42:29.000000000 +0100 ++++ tcp_wrappers_7.6/hosts_options.5 2004-04-09 16:59:49.000000000 +0200 +@@ -124,7 +124,7 @@ + value is taken. + .SH MISCELLANEOUS + .IP "banners /some/directory" +-Look for a file in `/some/directory' with the same name as the daemon ++Look for a file in `/some/directory\' with the same name as the daemon + process (for example in.telnetd for the telnet service), and copy its + contents to the client. Newline characters are replaced by + carriage-return newline, and % sequences are expanded (see +diff -ruN tcp_wrappers_7.6.orig/tcpdmatch.8 tcp_wrappers_7.6/tcpdmatch.8 +--- tcp_wrappers_7.6.orig/tcpdmatch.8 1996-02-11 17:01:36.000000000 +0100 ++++ tcp_wrappers_7.6/tcpdmatch.8 2004-04-09 17:00:49.000000000 +0200 +@@ -26,7 +26,7 @@ + A daemon process name. Typically, the last component of a daemon + executable pathname. + .IP client +-A host name or network address, or one of the `unknown' or `paranoid' ++A host name or network address, or one of the `unknown\' or `paranoid\' + wildcard patterns. + .sp + When a client host name is specified, \fItcpdmatch\fR gives a +@@ -37,13 +37,13 @@ + .PP + Optional information specified with the \fIdaemon@server\fR form: + .IP server +-A host name or network address, or one of the `unknown' or `paranoid' +-wildcard patterns. The default server name is `unknown'. ++A host name or network address, or one of the `unknown\' or `paranoid\' ++wildcard patterns. The default server name is `unknown\'. + .PP + Optional information specified with the \fIuser@client\fR form: + .IP user + A client user identifier. Typically, a login name or a numeric userid. +-The default user name is `unknown'. ++The default user name is `unknown\'. + .SH OPTIONS + .IP -d + Examine \fIhosts.allow\fR and \fIhosts.deny\fR files in the current +@@ -70,7 +70,7 @@ + .ti +5 + tcpdmatch in.telnetd paranoid + .PP +-On some systems, daemon names have no `in.' prefix, or \fItcpdmatch\fR ++On some systems, daemon names have no `in.\' prefix, or \fItcpdmatch\fR + may need some help to locate the inetd configuration file. + .SH FILES + .PP --- tcp-wrappers-7.6.q.orig/debian/patches/fix_warnings +++ tcp-wrappers-7.6.q/debian/patches/fix_warnings @@ -0,0 +1,34 @@ +diff -ruNp tcp_wrappers_7.6.orig/fix_options.c tcp_wrappers_7.6/fix_options.c +--- tcp_wrappers_7.6.orig/fix_options.c 2006-03-01 23:45:28.000000000 +0100 ++++ tcp_wrappers_7.6/fix_options.c 2006-03-01 23:45:25.000000000 +0100 +@@ -50,7 +50,7 @@ struct request_info *request; + struct in_addr dummy; + #ifdef INET6 + struct sockaddr_storage ss; +- int sslen; ++ socklen_t sslen; + + /* + * check if this is AF_INET socket +diff -ruNp tcp_wrappers_7.6.orig/options.c tcp_wrappers_7.6/options.c +--- tcp_wrappers_7.6.orig/options.c 2006-03-01 23:45:28.000000000 +0100 ++++ tcp_wrappers_7.6/options.c 2006-03-01 22:55:44.000000000 +0100 +@@ -41,6 +41,7 @@ static char sccsid[] = "@(#) options.c 1 + #include + #include + #include ++#include + #include + #include + #include +diff -ruNp tcp_wrappers_7.6.orig/scaffold.c tcp_wrappers_7.6/scaffold.c +--- tcp_wrappers_7.6.orig/scaffold.c 2006-03-01 23:45:28.000000000 +0100 ++++ tcp_wrappers_7.6/scaffold.c 2006-03-01 22:56:13.000000000 +0100 +@@ -17,6 +17,7 @@ static char sccs_id[] = "@(#) scaffold.c + #include + #include + #include ++#include + #include + #include + #include --- tcp-wrappers-7.6.q.orig/debian/patches/siglongjmp +++ tcp-wrappers-7.6.q/debian/patches/siglongjmp @@ -0,0 +1,30 @@ +diff -ruNp tcp_wrappers_7.6.orig/rfc931.c tcp_wrappers_7.6/rfc931.c +--- tcp_wrappers_7.6.orig/rfc931.c 2004-08-29 18:42:25.000000000 +0200 ++++ tcp_wrappers_7.6/rfc931.c 2004-08-29 18:41:04.000000000 +0200 +@@ -33,7 +33,7 @@ static char sccsid[] = "@(#) rfc931.c 1. + + int rfc931_timeout = RFC931_TIMEOUT;/* Global so it can be changed */ + +-static jmp_buf timebuf; ++static sigjmp_buf timebuf; + + /* fsocket - open stdio stream on top of socket */ + +@@ -62,7 +62,7 @@ int protocol; + static void timeout(sig) + int sig; + { +- longjmp(timebuf, sig); ++ siglongjmp(timebuf, sig); + } + + /* rfc931 - return remote user name, given socket structures */ +@@ -135,7 +135,7 @@ char *dest; + * Set up a timer so we won't get stuck while waiting for the server. + */ + +- if (setjmp(timebuf) == 0) { ++ if (sigsetjmp(timebuf, 1) == 0) { + /* Save SIGALRM timer and handler. Sudheer Abdul-Salam, SUN. */ + saved_timeout = alarm(0); + nact.sa_handler = timeout; --- tcp-wrappers-7.6.q.orig/debian/patches/restore_sigalarm +++ tcp-wrappers-7.6.q/debian/patches/restore_sigalarm @@ -0,0 +1,37 @@ +diff -ruN tcp_wrappers_7.6.orig/rfc931.c tcp_wrappers_7.6/rfc931.c +--- tcp_wrappers_7.6.orig/rfc931.c 2004-08-29 18:40:08.000000000 +0200 ++++ tcp_wrappers_7.6/rfc931.c 2004-08-29 18:40:02.000000000 +0200 +@@ -92,6 +92,8 @@ + char *cp; + char *result = unknown; + FILE *fp; ++ unsigned saved_timeout; ++ struct sigaction nact, oact; + + #ifdef INET6 + /* address family must be the same */ +@@ -134,7 +136,12 @@ + */ + + if (setjmp(timebuf) == 0) { +- signal(SIGALRM, timeout); ++ /* Save SIGALRM timer and handler. Sudheer Abdul-Salam, SUN. */ ++ saved_timeout = alarm(0); ++ nact.sa_handler = timeout; ++ nact.sa_flags = 0; ++ (void) sigemptyset(&nact.sa_mask); ++ (void) sigaction(SIGALRM, &nact, &oact); + alarm(rfc931_timeout); + + /* +@@ -223,6 +230,10 @@ + } + alarm(0); + } ++ /* Restore SIGALRM timer and handler. Sudheer Abdul-Salam, SUN. */ ++ (void) sigaction(SIGALRM, &oact, NULL); ++ if (saved_timeout > 0) ++ alarm(saved_timeout); + fclose(fp); + } + STRN_CPY(dest, result, STRING_LENGTH); --- tcp-wrappers-7.6.q.orig/debian/patches/01_man_portability +++ tcp-wrappers-7.6.q/debian/patches/01_man_portability @@ -0,0 +1,248 @@ +diff -ruNp tcp_wrappers_7.6.orig/hosts_access.3 tcp_wrappers_7.6/hosts_access.3 +--- tcp_wrappers_7.6.orig/hosts_access.3 2005-03-09 18:30:25.000000000 +0100 ++++ tcp_wrappers_7.6/hosts_access.3 2005-03-09 18:27:03.000000000 +0100 +@@ -3,7 +3,7 @@ + hosts_access, hosts_ctl, request_init, request_set \- access control library + .SH SYNOPSIS + .nf +-#include "tcpd.h" ++#include + + extern int allow_severity; + extern int deny_severity; +diff -ruNp tcp_wrappers_7.6.orig/hosts_access.5 tcp_wrappers_7.6/hosts_access.5 +--- tcp_wrappers_7.6.orig/hosts_access.5 2005-03-09 18:30:25.000000000 +0100 ++++ tcp_wrappers_7.6/hosts_access.5 2005-03-09 18:30:18.000000000 +0100 +@@ -8,9 +8,9 @@ name, host name/address) patterns. Exam + impatient reader is encouraged to skip to the EXAMPLES section for a + quick introduction. + .PP +-An extended version of the access control language is described in the +-\fIhosts_options\fR(5) document. The extensions are turned on at +-program build time by building with -DPROCESS_OPTIONS. ++The extended version of the access control language is described in the ++\fIhosts_options\fR(5) document. \fBNote that this language supersedes ++the meaning of \fIshell_command\fB as documented below.\fR + .PP + In the following text, \fIdaemon\fR is the process name of a + network daemon process, and \fIclient\fR is the name and/or address of +@@ -346,8 +346,8 @@ in.tftpd: LOCAL, .my.domain + /etc/hosts.deny: + .in +3 + .nf +-in.tftpd: ALL: (/some/where/safe_finger -l @%h | \\ +- /usr/ucb/mail -s %d-%h root) & ++in.tftpd: ALL: (/usr/sbin/safe_finger -l @%h | \\ ++ /usr/bin/mail -s %d-%h root) & + .fi + .PP + The safe_finger command comes with the tcpd wrapper and should be +@@ -383,6 +383,7 @@ that shouldn\'t. All problems are repor + .fi + .SH SEE ALSO + .nf ++hosts_options(5) extended syntax. + tcpd(8) tcp/ip daemon wrapper program. + tcpdchk(8), tcpdmatch(8), test programs. + .SH BUGS +diff -ruNp tcp_wrappers_7.6.orig/hosts_options.5 tcp_wrappers_7.6/hosts_options.5 +--- tcp_wrappers_7.6.orig/hosts_options.5 2005-03-09 18:30:24.000000000 +0100 ++++ tcp_wrappers_7.6/hosts_options.5 2005-03-09 18:27:03.000000000 +0100 +@@ -2,10 +2,8 @@ + .SH NAME + hosts_options \- host access control language extensions + .SH DESCRIPTION +-This document describes optional extensions to the language described +-in the hosts_access(5) document. The extensions are enabled at program +-build time. For example, by editing the Makefile and turning on the +-PROCESS_OPTIONS compile-time option. ++This document describes extensions to the language described ++in the hosts_access(5) document. + .PP + The extensible language uses the following format: + .sp +@@ -58,12 +56,12 @@ Notice the leading dot on the domain nam + Execute, in a child process, the specified shell command, after + performing the % expansions described in the hosts_access(5) + manual page. The command is executed with stdin, stdout and stderr +-connected to the null device, so that it won\'t mess up the ++connected to the null device, so that it won't mess up the + conversation with the client host. Example: + .sp + .nf + .ti +3 +-spawn (/some/where/safe_finger -l @%h | /usr/ucb/mail root) & ++spawn (/usr/sbin/safe_finger -l @%h | /usr/bin/mail root) & + .fi + .sp + executes, in a background child process, the shell command "safe_finger +diff -ruNp tcp_wrappers_7.6.orig/inetcf.c tcp_wrappers_7.6/inetcf.c +--- tcp_wrappers_7.6.orig/inetcf.c 1997-02-12 02:13:24.000000000 +0100 ++++ tcp_wrappers_7.6/inetcf.c 2005-03-09 18:27:03.000000000 +0100 +@@ -26,13 +26,17 @@ extern void exit(); + * guesses. Shorter names follow longer ones. + */ + char *inet_files[] = { ++#if 0 + "/private/etc/inetd.conf", /* NEXT */ + "/etc/inet/inetd.conf", /* SYSV4 */ + "/usr/etc/inetd.conf", /* IRIX?? */ ++#endif + "/etc/inetd.conf", /* BSD */ ++#if 0 + "/etc/net/tlid.conf", /* SYSV4?? */ + "/etc/saf/tlid.conf", /* SYSV4?? */ + "/etc/tlid.conf", /* SYSV4?? */ ++#endif + 0, + }; + +diff -ruNp tcp_wrappers_7.6.orig/tcpd.8 tcp_wrappers_7.6/tcpd.8 +--- tcp_wrappers_7.6.orig/tcpd.8 1996-02-21 16:39:16.000000000 +0100 ++++ tcp_wrappers_7.6/tcpd.8 2005-03-09 18:27:03.000000000 +0100 +@@ -12,7 +12,11 @@ The program supports both 4.3BSD-style s + TLI. Functionality may be limited when the protocol underneath TLI is + not an internet protocol. + .PP +-Operation is as follows: whenever a request for service arrives, the ++There are two possible modes of operation: execution of \fItcpd\fP ++before a service started by \fIinetd\fP, or linking a daemon with ++the \fIlibwrap\fP shared library as documented in the \fIhosts_access\fR(3) ++manual page. Operation when started by \fIinetd\fP ++is as follows: whenever a request for service arrives, the + \fIinetd\fP daemon is tricked into running the \fItcpd\fP program + instead of the desired server. \fItcpd\fP logs the request and does + some additional checks. When all is well, \fItcpd\fP runs the +@@ -88,11 +92,11 @@ configuration files. + .sp + .in +5 + # mkdir /other/place +-# mv /usr/etc/in.fingerd /other/place +-# cp tcpd /usr/etc/in.fingerd ++# mv /usr/sbin/in.fingerd /other/place ++# cp tcpd /usr/sbin/in.fingerd + .fi + .PP +-The example assumes that the network daemons live in /usr/etc. On some ++The example assumes that the network daemons live in /usr/sbin. On some + systems, network daemons live in /usr/sbin or in /usr/libexec, or have + no `in.\' prefix to their name. + .SH EXAMPLE 2 +@@ -101,35 +105,34 @@ are left in their original place. + .PP + In order to monitor access to the \fIfinger\fR service, perform the + following edits on the \fIinetd\fR configuration file (usually +-\fI/etc/inetd.conf\fR or \fI/etc/inet/inetd.conf\fR): ++\fI/etc/inetd.conf\fR): + .nf + .sp + .ti +5 +-finger stream tcp nowait nobody /usr/etc/in.fingerd in.fingerd ++finger stream tcp nowait nobody /usr/sbin/in.fingerd in.fingerd + .sp + becomes: + .sp + .ti +5 +-finger stream tcp nowait nobody /some/where/tcpd in.fingerd ++finger stream tcp nowait nobody /usr/sbin/tcpd in.fingerd + .sp + .fi + .PP +-The example assumes that the network daemons live in /usr/etc. On some ++The example assumes that the network daemons live in /usr/sbin. On some + systems, network daemons live in /usr/sbin or in /usr/libexec, the + daemons have no `in.\' prefix to their name, or there is no userid + field in the inetd configuration file. + .PP + Similar changes will be needed for the other services that are to be + covered by \fItcpd\fR. Send a `kill -HUP\' to the \fIinetd\fR(8) +-process to make the changes effective. AIX users may also have to +-execute the `inetimp\' command. ++process to make the changes effective. + .SH EXAMPLE 3 + In the case of daemons that do not live in a common directory ("secret" + or otherwise), edit the \fIinetd\fR configuration file so that it + specifies an absolute path name for the process name field. For example: + .nf + .sp +- ntalk dgram udp wait root /some/where/tcpd /usr/local/lib/ntalkd ++ ntalk dgram udp wait root /usr/sbin/tcpd /usr/local/lib/ntalkd + .sp + .fi + .PP +@@ -164,6 +167,7 @@ The default locations of the host access + .SH SEE ALSO + .na + .nf ++hosts_access(3), functions provided by the libwrap library. + hosts_access(5), format of the tcpd access control tables. + syslog.conf(5), format of the syslogd control file. + inetd.conf(5), format of the inetd control file. +diff -ruNp tcp_wrappers_7.6.orig/tcpdchk.8 tcp_wrappers_7.6/tcpdchk.8 +--- tcp_wrappers_7.6.orig/tcpdchk.8 1995-01-08 17:00:31.000000000 +0100 ++++ tcp_wrappers_7.6/tcpdchk.8 2005-03-09 18:27:03.000000000 +0100 +@@ -9,8 +9,8 @@ tcpdchk [-a] [-d] [-i inet_conf] [-v] + potential and real problems it can find. The program examines the + \fItcpd\fR access control files (by default, these are + \fI/etc/hosts.allow\fR and \fI/etc/hosts.deny\fR), and compares the +-entries in these files against entries in the \fIinetd\fR or \fItlid\fR +-network configuration files. ++entries in these files against entries in the \fIinetd\fR ++network configuration file. + .PP + \fItcpdchk\fR reports problems such as non-existent pathnames; services + that appear in \fItcpd\fR access control rules, but are not controlled +@@ -26,14 +26,13 @@ problem. + .SH OPTIONS + .IP -a + Report access control rules that permit access without an explicit +-ALLOW keyword. This applies only when the extended access control +-language is enabled (build with -DPROCESS_OPTIONS). ++ALLOW keyword. + .IP -d + Examine \fIhosts.allow\fR and \fIhosts.deny\fR files in the current + directory instead of the default ones. + .IP "-i inet_conf" + Specify this option when \fItcpdchk\fR is unable to find your +-\fIinetd.conf\fR or \fItlid.conf\fR network configuration file, or when ++\fIinetd.conf\fR network configuration file, or when + you suspect that the program uses the wrong one. + .IP -v + Display the contents of each access control rule. Daemon lists, client +@@ -54,7 +53,6 @@ tcpdmatch(8), explain what tcpd would do + hosts_access(5), format of the tcpd access control tables. + hosts_options(5), format of the language extensions. + inetd.conf(5), format of the inetd control file. +-tlid.conf(5), format of the tlid control file. + .SH AUTHORS + .na + .nf +diff -ruNp tcp_wrappers_7.6.orig/tcpdmatch.8 tcp_wrappers_7.6/tcpdmatch.8 +--- tcp_wrappers_7.6.orig/tcpdmatch.8 2005-03-09 18:30:24.000000000 +0100 ++++ tcp_wrappers_7.6/tcpdmatch.8 2005-03-09 18:27:03.000000000 +0100 +@@ -13,7 +13,7 @@ request for service. Examples are given + The program examines the \fItcpd\fR access control tables (default + \fI/etc/hosts.allow\fR and \fI/etc/hosts.deny\fR) and prints its + conclusion. For maximal accuracy, it extracts additional information +-from your \fIinetd\fR or \fItlid\fR network configuration file. ++from your \fIinetd\fR network configuration file. + .PP + When \fItcpdmatch\fR finds a match in the access control tables, it + identifies the matched rule. In addition, it displays the optional +@@ -50,7 +50,7 @@ Examine \fIhosts.allow\fR and \fIhosts.d + directory instead of the default ones. + .IP "-i inet_conf" + Specify this option when \fItcpdmatch\fR is unable to find your +-\fIinetd.conf\fR or \fItlid.conf\fR network configuration file, or when ++\fIinetd.conf\fR network configuration file, or when + you suspect that the program uses the wrong one. + .SH EXAMPLES + To predict how \fItcpd\fR would handle a telnet request from the local +@@ -86,7 +86,6 @@ tcpdchk(8), tcpd configuration checker + hosts_access(5), format of the tcpd access control tables. + hosts_options(5), format of the language extensions. + inetd.conf(5), format of the inetd control file. +-tlid.conf(5), format of the tlid control file. + .SH AUTHORS + .na + .nf --- tcp-wrappers-7.6.q.orig/debian/patches/have_strerror +++ tcp-wrappers-7.6.q/debian/patches/have_strerror @@ -0,0 +1,19 @@ +diff -ruN tcp_wrappers_7.6.orig/percent_m.c tcp_wrappers_7.6/percent_m.c +--- tcp_wrappers_7.6.orig/percent_m.c 1994-12-28 17:42:37.000000000 +0100 ++++ tcp_wrappers_7.6/percent_m.c 2003-08-21 02:45:31.000000000 +0200 +@@ -29,11 +29,15 @@ + + while (*bp = *cp) + if (*cp == '%' && cp[1] == 'm') { ++#ifdef HAVE_STRERROR ++ strcpy(bp, strerror(errno)); ++#else + if (errno < sys_nerr && errno > 0) { + strcpy(bp, sys_errlist[errno]); + } else { + sprintf(bp, "Unknown error %d", errno); + } ++#endif + bp += strlen(bp); + cp += 2; + } else { --- tcp-wrappers-7.6.q.orig/debian/po/nb.po +++ tcp-wrappers-7.6.q/debian/po/nb.po @@ -0,0 +1,67 @@ +# translation of tcpwrapper_nb.po to Norwegian Bokmål +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR , YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: tcpwrapper_nb\n" +"Report-Msgid-Bugs-To: md@linux.it\n" +"POT-Creation-Date: 2007-05-20 17:32+0200\n" +"PO-Revision-Date: 2007-04-17 19:21+0200\n" +"Last-Translator: Bjørn Steensrud \n" +"Language-Team: Norwegian Bokmål \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +#, fuzzy +msgid "Use paranoid settings in hosts.allow and hosts.deny?" +msgstr "Skal «paranoide» innstillinger brukes i hosts.allow og hosts.access?" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +#, fuzzy +msgid "" +"New /etc/hosts.allow and /etc/hosts.deny files for the TCP wrapper programs " +"(tcpd) and the libwrap library will be created as they do not exist yet." +msgstr "" +"Siden filene /etc/hosts.allow og /etc/hosts.deny for tcpwrappers-nissen tcpd " +"ikke finnes, så vil de bli laget." + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"You can choose between a generic and permissive configuration which will " +"allow any incoming connection or a paranoid configuration which will not " +"allow remote connections regardless of where they originate from. The " +"latter, even if more secure, will block out all communication, including, " +"for example, remote administration." +msgstr "" +"En kan velge mellom et generisk tolerant oppsett som tillater alle " +"innkommende tilkoblinger, eller et paranoid oppsett som ikke tillater " +"nettverkstilkoblinger uansett hvor de kommer fra. Det siste oppsettet er " +"mest sikkert, men blokkerer all kommunikasjon, deriblant for eksempel " +"administrasjon over nettverket." + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +#, fuzzy +msgid "" +"Both files can be modified later to suit your needs as explained in the " +"hosts_access(5) manpage. These settings will only affect network services " +"that use the libwrap library: restrictions for other services may be " +"established by using package-specific configuration directives or firewall " +"rules." +msgstr "" +"Begge filer kan endres senere for å passe til det lokale behovet, slik det " +"forklares i man-siden hosts_access(5). Disse innstillingene påvirker bare " +"nettverkstjenester som bruker biblioteket libwrap. Restriksjoner for andre " +"tjenester bør settes opp ved å bruke brannmurregler." --- tcp-wrappers-7.6.q.orig/debian/po/ro.po +++ tcp-wrappers-7.6.q/debian/po/ro.po @@ -0,0 +1,99 @@ +# translation of ro.po to Romanian +# Romanian translation of tcp-wrappers. +# Copyright (C) 2006 THE tcp-wrappers'S COPYRIGHT HOLDER +# This file is distributed under the same license as the tcp-wrappers package. +# +# Stan Ioan-Eugen , 2006, 2007. +# Eddy Petrișor , 2008. +msgid "" +msgstr "" +"Project-Id-Version: ro\n" +"Report-Msgid-Bugs-To: md@linux.it\n" +"POT-Creation-Date: 2007-05-20 17:32+0200\n" +"PO-Revision-Date: 2008-07-01 02:31+0300\n" +"Last-Translator: Eddy Petrișor \n" +"Language-Team: Romanian \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" +"Plural-Forms: nplurals=3; plural=n==1 ? 0 : (n==0 || (n%100 > 0 && n%100 < 20)) ? 1 : 2;\n" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "Use paranoid settings in hosts.allow and hosts.deny?" +msgstr "Se folosesc configurațiile paranoice în hosts.allow și hosts.deny?" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"New /etc/hosts.allow and /etc/hosts.deny files for the TCP wrapper programs " +"(tcpd) and the libwrap library will be created as they do not exist yet." +msgstr "" +"Vor fi create noile fișiere /etc/hosts.allow și /etc/hosts.deny pentru serviciul " +"TCP (tcpd) deoarece ele nu există." + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"You can choose between a generic and permissive configuration which will " +"allow any incoming connection or a paranoid configuration which will not " +"allow remote connections regardless of where they originate from. The " +"latter, even if more secure, will block out all communication, including, " +"for example, remote administration." +msgstr "" +"Puteți alege între o configurație generică și permisivă care va permite " +"orice conexiune de la distanță, sau o configurație de securitate extremă " +"care nu va permite nici o conexiune de la distanță indiferent de unde a fost " +"inițiată. Cea dea doua configurație, deși mai sigură, va împiedica orice " +"comunicație, inclusiv administrarea de la distanță." + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"Both files can be modified later to suit your needs as explained in the " +"hosts_access(5) manpage. These settings will only affect network services " +"that use the libwrap library: restrictions for other services may be " +"established by using package-specific configuration directives or firewall " +"rules." +msgstr "" +"Ambele fișiere pot fi modificate ulterior pentru a se potrivi nevoilor " +"dumneavoastră, după cum este explicat și în pagina de manual hosts_acces(5). " +"Aceste configurări vor afecta doar serviciile de rețea care folosesc biblioteca " +"libwrap: pentru alte servicii restricțiile ar trebui impuse folosind directive specifice pachetului sau reguli de firewall." + +#~ msgid "" +#~ "The second option, even if more secure, will block out all communication, " +#~ "including, for example, remote administration. So if you need this don't " +#~ "choose it." +#~ msgstr "" +#~ "A doua opțiune, chiar dacă este mai sigură, va bloca toate comunicațiile, " +#~ "inclusiv cele pentru adminstrare la distanță. Așa că, dacă aveți nevoie " +#~ "de așa ceva, nu alegeți această opțiune." + +#~ msgid "" +#~ "Regardless of which option you select you can always manually edit both " +#~ "files to suit your needs, for this, review the hosts_access(5) manpage. " +#~ "This might include giving remote access of services to legitimate hosts." +#~ msgstr "" +#~ "Indiferent de ce opțiune alegeți puteți să editați manual ambele fișiere " +#~ "pentru propriile dumneavoastră nevoi, aflați cum citind pagina de manual " +#~ "hosts_acces(5). Acest lucru poate însemna să oferiți acces de la " +#~ "distanță pentru gazdele autorizate la serviciile oferite de " +#~ "dumneavoastră. " + +#~ msgid "" +#~ "Notice this only applies to internet services that use the libwrap " +#~ "library. Remote connections will still be possible to services that do " +#~ "not use this library, consider using firewall rules to block access to " +#~ "these." +#~ msgstr "" +#~ "De remarcat că acest lucru se aplică doar serviciilor internet care " +#~ "folosesc biblioteca libwrap. Conexiunile de la distanță vor fi posibile " +#~ "către serviciile care nu folosesc această bibliotecă, folosiți reguli de " +#~ "firewall pentru a bloca accesul la acestea." + --- tcp-wrappers-7.6.q.orig/debian/po/templates.pot +++ tcp-wrappers-7.6.q/debian/po/templates.pot @@ -0,0 +1,53 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR , YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: md@linux.it\n" +"POT-Creation-Date: 2007-05-20 17:32+0200\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME \n" +"Language-Team: LANGUAGE \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "Use paranoid settings in hosts.allow and hosts.deny?" +msgstr "" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"New /etc/hosts.allow and /etc/hosts.deny files for the TCP wrapper programs " +"(tcpd) and the libwrap library will be created as they do not exist yet." +msgstr "" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"You can choose between a generic and permissive configuration which will " +"allow any incoming connection or a paranoid configuration which will not " +"allow remote connections regardless of where they originate from. The " +"latter, even if more secure, will block out all communication, including, " +"for example, remote administration." +msgstr "" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"Both files can be modified later to suit your needs as explained in the " +"hosts_access(5) manpage. These settings will only affect network services " +"that use the libwrap library: restrictions for other services may be " +"established by using package-specific configuration directives or firewall " +"rules." +msgstr "" --- tcp-wrappers-7.6.q.orig/debian/po/es.po +++ tcp-wrappers-7.6.q/debian/po/es.po @@ -0,0 +1,116 @@ +# tcp-wrappers translation to spanish +# This file is distributed under the same license as the tcp-wrappers package. +# +# Changes: +# - Initial translation +# Jesus Aneiros , 2006 +# - Revision +# Fernando Cerezal +# César Gómez Martín +# Nacho Barriento +# David Martínez +# Javier Fernández-Sanguino +# +# Traductores, si no conoce el formato PO, merece la pena leer la +# documentación de gettext, especialmente las secciones dedicadas a este +# formato, por ejemplo ejecutando: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Equipo de traducción al español, por favor lean antes de traducir +# los siguientes documentos: +# +# - El proyecto de traducción de Debian al español +# http://www.debian.org/intl/spanish/ +# especialmente las notas y normas de traducción en +# http://www.debian.org/intl/spanish/notas +# +# - La guía de traducción de po's de debconf: +# /usr/share/doc/po-debconf/README-trans +# o http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Si tiene dudas o consultas sobre esta traducción consulte con el último +# traductor (campo Last-Translator) y ponga en copia a la lista de +# traducción de Debian al español () +# +msgid "" +msgstr "" +"Project-Id-Version: tcp-wrappers 7.6.dbs-11\n" +"Report-Msgid-Bugs-To: md@linux.it\n" +"POT-Creation-Date: 2007-05-20 17:32+0200\n" +"PO-Revision-Date: 2008-06-30 03:48+0200\n" +"Last-Translator: Javier Fernández-Sanguino \n" +"Language-Team: Debian l10n Spanish \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-POFile-SpellExtra: deny hostaccess tcpd TCP access hosts wrapper allow\n" +"X-POFile-SpellExtra: libwrap\n" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "Use paranoid settings in hosts.allow and hosts.deny?" +msgstr "¿Debería tcpd configurar los archivos hosts.allow y hosts.access de forma «paranoica»?" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"New /etc/hosts.allow and /etc/hosts.deny files for the TCP wrapper programs " +"(tcpd) and the libwrap library will be created as they do not exist yet." +msgstr "Se crearán nuevos ficheros «/etc/hosts.allow» y «/etc/hosts.deny» para los programas TCP wrapper (tcpd) y para la librería libwrap ya que no tiene ninguno de estos archivos aún." + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"You can choose between a generic and permissive configuration which will " +"allow any incoming connection or a paranoid configuration which will not " +"allow remote connections regardless of where they originate from. The " +"latter, even if more secure, will block out all communication, including, " +"for example, remote administration." +msgstr "Puede elegir entre una configuración genérica y permisiva que permita cualquier conexión entrante o una configuración paranoica que no permita ninguna conexión entrante independientemente de dónde se origine. La última opción, aunque sea la más segura, bloqueará cualquier comunicación incluyendo, por ejemplo, la administración remota." + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"Both files can be modified later to suit your needs as explained in the " +"hosts_access(5) manpage. These settings will only affect network services " +"that use the libwrap library: restrictions for other services may be " +"established by using package-specific configuration directives or firewall " +"rules." +msgstr "Puede modificar ambos ficheros más adelante para ajustarlos a sus necesidades tal y como se describe en la página de manual host_access(5). Esta configuración sólo afectará a los servidores de red que utilicen la librería «libwrap». Puede restringir el acceso a otros servicios utilizando directivas específicas de cada paquete o reglas de cortafuegos." + +#~ msgid "" +#~ "The second option, even if more secure, will block out all communication, " +#~ "including, for example, remote administration. So if you need this don't " +#~ "choose it." +#~ msgstr "" +#~ "La segunda opción, incluso más segura, bloqueará todas las " +#~ "comunicaciones, incluyendo, por ejemplo, la administración remota. No " +#~ "elija la segunda opción si necesita tener habilitadas este tipo de " +#~ "conexiones." + +#~ msgid "" +#~ "Regardless of which option you select you can always manually edit both " +#~ "files to suit your needs, for this, review the hosts_access(5) manpage. " +#~ "This might include giving remote access of services to legitimate hosts." +#~ msgstr "" +#~ "Sin tener en cuenta qué opción seleccione, siempre puede editar ambos " +#~ "archivos de forma manual para ajustarlos a sus necesidades; para ello " +#~ "revise la página de manual hosts_access(5). Lo anterior puede incluir " +#~ "otorgar acceso remoto a servicios residentes en los equipos autorizados." + +#~ msgid "" +#~ "Notice this only applies to internet services that use the libwrap " +#~ "library. Remote connections will still be possible to services that do " +#~ "not use this library, consider using firewall rules to block access to " +#~ "these." +#~ msgstr "" +#~ "Tenga en cuenta que ésto sólo se aplica a los servicios de red que " +#~ "utilizan la biblioteca «libwrap». Aún serán posibles las conexiones " +#~ "remotas a los servicios que no utilicen esta biblioteca. Considere " +#~ "utilizar reglas del cortafuegos para bloquear el acceso a dichos " +#~ "servicios." --- tcp-wrappers-7.6.q.orig/debian/po/pt.po +++ tcp-wrappers-7.6.q/debian/po/pt.po @@ -0,0 +1,64 @@ +# Portuguese translation for tcp-wrappers +# Luís Matos , 2005 +# Luís Matos , 2007 +# +msgid "" +msgstr "" +"Project-Id-Version: tcp-wrappers 7.6.dbs-8\n" +"Report-Msgid-Bugs-To: md@linux.it\n" +"POT-Creation-Date: 2007-05-20 17:32+0200\n" +"PO-Revision-Date: 2007-05-21 19:37+0100\n" +"Last-Translator: Luis Matos \n" +"Language-Team: Portuguese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "Use paranoid settings in hosts.allow and hosts.deny?" +msgstr "Utilizar definições paranoícas no hosts.allow e hosts.deny?" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"New /etc/hosts.allow and /etc/hosts.deny files for the TCP wrapper programs " +"(tcpd) and the libwrap library will be created as they do not exist yet." +msgstr "" +"Serão criados novos ficheiros /etc/hosts.allow e /etc/hosts.deny para os programas do " +"daemon TCP wrappers (tcpd) e da biblioteca libwrap pois eles não existem." + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"You can choose between a generic and permissive configuration which will " +"allow any incoming connection or a paranoid configuration which will not " +"allow remote connections regardless of where they originate from. The " +"latter, even if more secure, will block out all communication, including, " +"for example, remote administration." +msgstr "" +"Pode escolher entre uma configuraçao genérica e uma configuração permissiva " +"que permitirão a chegada de uma ligação ou uma configuração paranoíca que " +"não permitirá ligações remotas independentemente da sua origem. A última, " +"ainda que mais segura, bloqueará qualquer comunicação, inluíndo, por " +"exemplo, administração remota." + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"Both files can be modified later to suit your needs as explained in the " +"hosts_access(5) manpage. These settings will only affect network services " +"that use the libwrap library: restrictions for other services may be " +"established by using package-specific configuration directives or firewall " +"rules." +msgstr "" +"Ambos os ficheiros podem ser modificados posteriormente para servir as suas " +"necessidades como explicado na manpage hosts_access(5). Estas definições " +"apenas afectrão os serviços de rede que usem a biblioteca libwrap. " +"As definições para outros serviçoes devem ser definidas utilizando directivas de " +"configurações específicas de cada pacote ou regras de firewall." + --- tcp-wrappers-7.6.q.orig/debian/po/it.po +++ tcp-wrappers-7.6.q/debian/po/it.po @@ -0,0 +1,70 @@ +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# Developers do not need to manually edit POT or PO files. +# +# +msgid "" +msgstr "" +"Project-Id-Version: tcp-wrappers 7.6.dbs-4\n" +"Report-Msgid-Bugs-To: md@linux.it\n" +"POT-Creation-Date: 2007-05-20 17:32+0200\n" +"PO-Revision-Date: 2004-08-29 18:53+0200\n" +"Last-Translator: Marco d'Itri \n" +"Language-Team: Italian \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=iso-8859-15\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "Use paranoid settings in hosts.allow and hosts.deny?" +msgstr "Configurare hosts.allow e hosts.deny in modo paranoico?" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"New /etc/hosts.allow and /etc/hosts.deny files for the TCP wrapper programs " +"(tcpd) and the libwrap library will be created as they do not exist yet." +msgstr "" +"Poich non esistono ancora, saranno creati i file /etc/hosts.allow e " +"/etc/hosts.deny usati dai programmi TCP wrapper e dalla libreria libwrap." + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"You can choose between a generic and permissive configuration which will " +"allow any incoming connection or a paranoid configuration which will not " +"allow remote connections regardless of where they originate from. The " +"latter, even if more secure, will block out all communication, including, " +"for example, remote administration." +msgstr "" +"Si pu scegliere tra una configurazione generica e permissiva che permetta " +"qualsiasi connessione in ingresso e una paranoica che non permetta nessuna " +"connessione remota indipentemente dalla sua origine. Anche se pi sicura, " +"la seconda impedir ogni tipo di comunicazione, compresa per esempio " +"l'amministrazione remota." + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"Both files can be modified later to suit your needs as explained in the " +"hosts_access(5) manpage. These settings will only affect network services " +"that use the libwrap library: restrictions for other services may be " +"established by using package-specific configuration directives or firewall " +"rules." +msgstr "" +" comunque possibile modificare in seguito i file come spiegato nella man " +"page hosts_access(5). Queste impostazioni avranno effetto solo sui servizi " +"di rete che usano la libreria libwrap: possibile configurare restrizioni " +"per gli altri servizi usando direttive specifiche dei pacchetti o regole " +"del firewall." --- tcp-wrappers-7.6.q.orig/debian/po/POTFILES.in +++ tcp-wrappers-7.6.q/debian/po/POTFILES.in @@ -0,0 +1 @@ +[type: gettext/rfc822deb] tcpd.templates --- tcp-wrappers-7.6.q.orig/debian/po/sv.po +++ tcp-wrappers-7.6.q/debian/po/sv.po @@ -0,0 +1,62 @@ +# translation of tcp-wrappers_7.6.q-15_sv.po to swedish +# Martin Bagge , 2008. +msgid "" +msgstr "" +"Project-Id-Version: tcp-wrappers_7.6.q-15_sv\n" +"Report-Msgid-Bugs-To: md@linux.it\n" +"POT-Creation-Date: 2007-05-20 17:32+0200\n" +"PO-Revision-Date: 2008-05-30 23:38+0200\n" +"Last-Translator: Martin Bagge \n" +"Language-Team: swedish \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-1\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "Use paranoid settings in hosts.allow and hosts.deny?" +msgstr "Anvnd paranoida instllningar i hosts.allow och hosts.access?" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"New /etc/hosts.allow and /etc/hosts.deny files for the TCP wrapper programs " +"(tcpd) and the libwrap library will be created as they do not exist yet." +msgstr "" +"Nya /etc/hosts.allow och /etc/hosts.deny fr TCP wrappers-demonen (tcpd) " +"kommer att skapas eftersom de nnu inte finns." + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"You can choose between a generic and permissive configuration which will " +"allow any incoming connection or a paranoid configuration which will not " +"allow remote connections regardless of where they originate from. The " +"latter, even if more secure, will block out all communication, including, " +"for example, remote administration." +msgstr "" +"Du kan vlja mellan en allmn och regelmssig konfiguration som kommer att " +"tillta inkommande anslutningar eller en paranoid konfiguration som inte " +"kommer att tillta fjrranslutningar oavsett var de kommer frn. Den senare, " +"ven om den r mer sker, kommer att blockera alla kommunikation, inklusive, " +"till exempel, fjrradministration." + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"Both files can be modified later to suit your needs as explained in the " +"hosts_access(5) manpage. These settings will only affect network services " +"that use the libwrap library: restrictions for other services may be " +"established by using package-specific configuration directives or firewall " +"rules." +msgstr "" +"Bda filerna kan ndras senare fr att passa dina behov och frklaras av " +"manualsidan hosts_access(5). Dessa instllningar kommer endast att pverka " +"ntverkstjnster som anvnder biblioteket libwrap. Restriktioner fr andra " +"tjnster br etableras genom anvndningen av brandvggsregler." + --- tcp-wrappers-7.6.q.orig/debian/po/cs.po +++ tcp-wrappers-7.6.q/debian/po/cs.po @@ -0,0 +1,71 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: tcp-wrappers\n" +"Report-Msgid-Bugs-To: md@linux.it\n" +"POT-Creation-Date: 2007-05-20 17:32+0200\n" +"PO-Revision-Date: 2007-05-25 23:47+0200\n" +"Last-Translator: Miroslav Kure \n" +"Language-Team: Czech \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "Use paranoid settings in hosts.allow and hosts.deny?" +msgstr "Použít v hosts.allow a hosts.deny paranoidní nastavení?" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"New /etc/hosts.allow and /etc/hosts.deny files for the TCP wrapper programs " +"(tcpd) and the libwrap library will be created as they do not exist yet." +msgstr "" +"Pro daemon TCP wrapper (tcpd) a knihovnu libwrap budou vytvořeny nové soubory " +"/etc/hosts.allow a /etc/hosts.deny, protože dosud neexistují." + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"You can choose between a generic and permissive configuration which will " +"allow any incoming connection or a paranoid configuration which will not " +"allow remote connections regardless of where they originate from. The " +"latter, even if more secure, will block out all communication, including, " +"for example, remote administration." +msgstr "" +"Můžete si vybrat mezi otevřeným nastavením, které povolí všechna příchozí " +"spojení, a mezi paranoidním nastavením, které zakáže vzdálená spojení bez " +"ohledu na původ. Druhé nastavení je bezpečnější, ovšem zablokuje veškerou " +"komunikaci včetně např. vzdálené správy." + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"Both files can be modified later to suit your needs as explained in the " +"hosts_access(5) manpage. These settings will only affect network services " +"that use the libwrap library: restrictions for other services may be " +"established by using package-specific configuration directives or firewall " +"rules." +msgstr "" +"Oba soubory můžete později upravit podle svých potřeb podle pokynů v " +"manuálové stránce hosts_access(5). Toto nastavení ovlivní pouze síťové " +"služby používající knihovnu libwrap. Omezení přístupu k ostatním službám " +"můžete řešit pomocí konfiguračních souborů jednotlivých balíků nebo " +"pomocí firewallu." --- tcp-wrappers-7.6.q.orig/debian/po/ja.po +++ tcp-wrappers-7.6.q/debian/po/ja.po @@ -0,0 +1,64 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: tcp-wrappers\n" +"Report-Msgid-Bugs-To: md@linux.it\n" +"POT-Creation-Date: 2007-05-20 17:32+0200\n" +"PO-Revision-Date: 2007-05-21 21:02+0900\n" +"Last-Translator: Kenshi Muto \n" +"Language-Team: Japanese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "Use paranoid settings in hosts.allow and hosts.deny?" +msgstr "hosts.allow と hosts.deny に paranoid な設定を使いますか?" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"New /etc/hosts.allow and /etc/hosts.deny files for the TCP wrapper programs " +"(tcpd) and the libwrap library will be created as they do not exist yet." +msgstr "TCP wrappers プログラム (tcpd) および libwrap ライブラリ用の新しい /etc/hosts.allow と /etc/hosts.deny のファイルは、まだ存在しないので新規に作成します。" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"You can choose between a generic and permissive configuration which will " +"allow any incoming connection or a paranoid configuration which will not " +"allow remote connections regardless of where they originate from. The " +"latter, even if more secure, will block out all communication, including, " +"for example, remote administration." +msgstr "" +"すべての入力接続を許可する一般的で寛大な設定と、それがどこから来たのかを問わ" +"ずリモート接続を許可しない paranoid 設定のいずれかを選ぶことができます。後者" +"はよりセキュアではありますが、リモート接続も含むすべての接続をブロックするこ" +"とになります。" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"Both files can be modified later to suit your needs as explained in the " +"hosts_access(5) manpage. These settings will only affect network services " +"that use the libwrap library: restrictions for other services may be " +"established by using package-specific configuration directives or firewall " +"rules." +msgstr "hosts_access(5) man ページに書かれているように、両方のファイルはあなたの必要に応じて後で編集できます。これらの設定は、libwrap ライブラリを使うネットワークサービスのみに影響します。その他のサービスの制限は、パッケージ固有の設定ディレクティブやファイアウォールルールを使って確立すべきです。" --- tcp-wrappers-7.6.q.orig/debian/po/fi.po +++ tcp-wrappers-7.6.q/debian/po/fi.po @@ -0,0 +1,38 @@ +msgid "" +msgstr "" +"Project-Id-Version: tcp-wrappers\n" +"Report-Msgid-Bugs-To: md@linux.it\n" +"POT-Creation-Date: 2007-05-20 17:32+0200\n" +"PO-Revision-Date: 2007-10-18 00:00+0200\n" +"Last-Translator: Esko Arajärvi \n" +"Language-Team: Finnish \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Poedit-Language: Finnish\n" +"X-Poedit-Country: FINLAND\n" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "Use paranoid settings in hosts.allow and hosts.deny?" +msgstr "Käytetäänkö vainoharhaisia asetuksia tiedostoissa hosts.allow ja hosts.deny?" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "New /etc/hosts.allow and /etc/hosts.deny files for the TCP wrapper programs (tcpd) and the libwrap library will be created as they do not exist yet." +msgstr "Uudet tiedostot /etc/hosts.allow ja /etc/hosts.deny luodaan TCP-kääreohjelmien (tcpd) ja libwrap-kirjaston käyttöön, koska niitä ei vielä ole." + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "You can choose between a generic and permissive configuration which will allow any incoming connection or a paranoid configuration which will not allow remote connections regardless of where they originate from. The latter, even if more secure, will block out all communication, including, for example, remote administration." +msgstr "Voit valita yleisten ja sallivien, kaikki sisäänpäin tulevat yhteydet hyväksyvien asetusten, ja vainoharhaisten, kaikki yhteydet ulkoapäin kieltävien asetusten väliltä. Jälkimmäiset, vaikka ovatkin turvallisemmat, estävät kaiken viestinnän, mukaan lukien esimerkiksi etähallinnan." + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "Both files can be modified later to suit your needs as explained in the hosts_access(5) manpage. These settings will only affect network services that use the libwrap library: restrictions for other services may be established by using package-specific configuration directives or firewall rules." +msgstr "Molempia tiedostoja voidaan myöhemmin muokata vastaamaan tarpeita man-ohjesivun hosts_access(5) ohjeiden mukaisesti. Nämä asetukset vaikuttavat vain verkkopalveluihin, jotka käyttävät libwrap-kirjastoa. Muita palveluita koskevat rajoitukset voidaan asettaa käyttäen pakettikohtaisia asetusohjeita tai palomuurisääntöjä." + --- tcp-wrappers-7.6.q.orig/debian/po/ca.po +++ tcp-wrappers-7.6.q/debian/po/ca.po @@ -0,0 +1,100 @@ +# +# Catalan translation for tcp-wrappers package. +# Copyright (C) 2007 Marco d'Itri. +# This file is distributed under the same license as the tcp-wrappers +# package. +# +# Jordà Polo , 2007. +# +msgid "" +msgstr "" +"Project-Id-Version: 7.6.dbs-14\n" +"Report-Msgid-Bugs-To: md@linux.it\n" +"POT-Creation-Date: 2007-05-20 17:32+0200\n" +"PO-Revision-Date: 2007-09-28 22:04+0200\n" +"Last-Translator: Jordà Polo \n" +"Language-Team: Català \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "Use paranoid settings in hosts.allow and hosts.deny?" +msgstr "" +"Voleu utilitzar una configuració paranoica a «hosts.allow» i «hosts.access»?" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"New /etc/hosts.allow and /etc/hosts.deny files for the TCP wrapper programs " +"(tcpd) and the libwrap library will be created as they do not exist yet." +msgstr "" +"Es crearan els fitxers «/etc/hosts.allow» i «/etc/hosts.deny» (utilitzats " +"pels programes basats en tcpd i la biblioteca libwrap), ja que encara no " +"existeixen." + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"You can choose between a generic and permissive configuration which will " +"allow any incoming connection or a paranoid configuration which will not " +"allow remote connections regardless of where they originate from. The " +"latter, even if more secure, will block out all communication, including, " +"for example, remote administration." +msgstr "" +"Podeu triar entre una configuració genèrica i permissiva que permeti " +"qualsevol connexió entrant, o una configuració paranoica que no permeti " +"connexions remotes, independentment del seu origen. La darrera opció, encara " +"que és més segura, bloquejarà tota comunicació, incloent per exemple " +"l'administració remota." + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"Both files can be modified later to suit your needs as explained in the " +"hosts_access(5) manpage. These settings will only affect network services " +"that use the libwrap library: restrictions for other services may be " +"established by using package-specific configuration directives or firewall " +"rules." +msgstr "" +"Ambdós fitxers es poden modificar més endavant per tal d'adaptar-los a les " +"vostres necessitats tal i com s'explica a la pàgina del manual hosts_access" +"(5). Tingueu en compte que aquesta configuració només afectarà els serveis " +"de la xarxa que utilitzin la biblioteca libwrap; podeu establir restriccions " +"per a altres serveis mitjançant la configuració específica de cada paquet o " +"utilitzant un tallafoc." + +#~ msgid "" +#~ "The second option, even if more secure, will block out all communication, " +#~ "including, for example, remote administration. So if you need this don't " +#~ "choose it." +#~ msgstr "" +#~ "La segona opció, tot i ser més segura, bloquejarà tota comunicació, " +#~ "incloent per exemple l'administració remota. No la trieu si necessiteu " +#~ "connexions d'aquest tipus." + +#~ msgid "" +#~ "Regardless of which option you select you can always manually edit both " +#~ "files to suit your needs, for this, review the hosts_access(5) manpage. " +#~ "This might include giving remote access of services to legitimate hosts." +#~ msgstr "" +#~ "Sigui quina sigui l'opció seleccionada, sempre podeu editar manualment " +#~ "ambdós fitxers per adaptar-los a les vostres necessitats. Abans de fer-" +#~ "ho, llegiu la pàgina de manual hosts_access(5). Us pot servir per " +#~ "permetre l'accés remot a certs serveis des de màquines legítimes." + +#~ msgid "" +#~ "Notice this only applies to internet services that use the libwrap " +#~ "library. Remote connections will still be possible to services that do " +#~ "not use this library, consider using firewall rules to block access to " +#~ "these." +#~ msgstr "" +#~ "Fixeu-vos que això només s'aplica a serveis d'Internet que utilitzin la " +#~ "biblioteca «libwrap». Les connexions remotes a serveis que no utilitzin " +#~ "aquesta biblioteca encara seran possibles; plantegeu-vos l'opció " +#~ "d'utilitzar regles de tallafoc per bloquejar-ne l'accés." --- tcp-wrappers-7.6.q.orig/debian/po/de.po +++ tcp-wrappers-7.6.q/debian/po/de.po @@ -0,0 +1,65 @@ +# Translation of tcp-wrappers debconf templates to German +# Copyright (C) Helge Kreutzmann , 2004, 2007. +# This file is distributed under the same license as the tcp-wrappers package. +# +msgid "" +msgstr "" +"Project-Id-Version: tcp-wrappers 7.6.dbs-13\n" +"Report-Msgid-Bugs-To: md@linux.it\n" +"POT-Creation-Date: 2007-05-20 17:32+0200\n" +"PO-Revision-Date: 2007-05-21 18:15+0200\n" +"Last-Translator: Helge Kreutzmann \n" +"Language-Team: German \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-15\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "Use paranoid settings in hosts.allow and hosts.deny?" +msgstr "Paranoide Einstellungen in hosts.allow und hosts.deny verwenden?" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"New /etc/hosts.allow and /etc/hosts.deny files for the TCP wrapper programs " +"(tcpd) and the libwrap library will be created as they do not exist yet." +msgstr "" +"Es werden neue Dateien /etc/hosts.allow und /etc/hosts.deny fr die TCP-" +"Wrappers-Programme (tcpd) und die libwrap-Bibliothek erstellt, da sie noch " +"nicht existieren." + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"You can choose between a generic and permissive configuration which will " +"allow any incoming connection or a paranoid configuration which will not " +"allow remote connections regardless of where they originate from. The " +"latter, even if more secure, will block out all communication, including, " +"for example, remote administration." +msgstr "" +"Sie knnen zwischen einer generische und freizgige Konfiguration, die jede " +"eingehende Verbindungen erlaubt, oder einer paranoiden Konfiguration, die " +"keine eingehende Verbindung erlaubt, egal woher sie kommt, whlen. Letztere, " +"obwohl auch sicherer, wird alle Kommunikation, darunter beispielsweise " +"Administration aus der Ferne, blocken." + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"Both files can be modified later to suit your needs as explained in the " +"hosts_access(5) manpage. These settings will only affect network services " +"that use the libwrap library: restrictions for other services may be " +"established by using package-specific configuration directives or firewall " +"rules." +msgstr "" +"Beide Dateien knnen spter nach Ihren Bedrfnissen angepasst werden, wie " +"dies in der Handbuchseite hosts_access(5) erklrt ist. Diese Einstellungen " +"betreffen nur Netz-Anwendungen, die die libwrap-Bibliothek verwenden. " +"Begrenzungen fr andere Dienste knnen ber Paket-spezifische " +"Konfigurationsanweisungen oder mittels Firewall-Regeln eingerichtet " +"werden." --- tcp-wrappers-7.6.q.orig/debian/po/pt_BR.po +++ tcp-wrappers-7.6.q/debian/po/pt_BR.po @@ -0,0 +1,75 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: tcp-wrappers\n" +"Report-Msgid-Bugs-To: md@linux.it\n" +"POT-Creation-Date: 2007-05-20 17:32+0200\n" +"PO-Revision-Date: 2007-04-18 22:30-0300\n" +"Last-Translator: André Luís Lopes \n" +"Language-Team: Debian-BR Project \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +#, fuzzy +msgid "Use paranoid settings in hosts.allow and hosts.deny?" +msgstr "Utilizar configurações paranóicas em hosts.allow e hosts.deny?" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +#, fuzzy +msgid "" +"New /etc/hosts.allow and /etc/hosts.deny files for the TCP wrapper programs " +"(tcpd) and the libwrap library will be created as they do not exist yet." +msgstr "" +"Novos arquivos /etc/hosts.allow e /etc/hosts.den para o daemon TCP wrappers " +"(tcpd) serão criados, uma vez que os mesmos ainda não existem." + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"You can choose between a generic and permissive configuration which will " +"allow any incoming connection or a paranoid configuration which will not " +"allow remote connections regardless of where they originate from. The " +"latter, even if more secure, will block out all communication, including, " +"for example, remote administration." +msgstr "" +"Você pode optar entre uma configuração genérica e permissiva, a qual " +"permitirá qualquer conexão entrante, e uma configuração paranóica, a qual " +"não permitirá conexões remotas independente de onde as mesmas se originem. A " +"última, mesmo sendo mais segura, bloqueará todas as comunicações, incluíndo, " +"por exemplo, administração remota." + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +#, fuzzy +msgid "" +"Both files can be modified later to suit your needs as explained in the " +"hosts_access(5) manpage. These settings will only affect network services " +"that use the libwrap library: restrictions for other services may be " +"established by using package-specific configuration directives or firewall " +"rules." +msgstr "" +"Ambos os arquivos podem ser modificados posteriormente e serem adequados as " +"suas necessidades, conforme explicado na página de manual hosts_access(5). " +"Essas configurações afetarão somente serviços de rede que utilizem a " +"bilbioteca libwrap. Restrições para outros serviços devem ser estabelecidas " +"através de regras de firewall." --- tcp-wrappers-7.6.q.orig/debian/po/ko.po +++ tcp-wrappers-7.6.q/debian/po/ko.po @@ -0,0 +1,64 @@ +# Korean translations for tcp-wrappers package +# tcp-wrappers 패키지에 대한 한국어 번역문. +# Copyright (C) 2007 THE tcp-wrappers'S COPYRIGHT HOLDER +# This file is distributed under the same license as the tcp-wrappers package. +# Sunjae Park , 2007. +# +msgid "" +msgstr "" +"Project-Id-Version: tcp-wrappers\n" +"Report-Msgid-Bugs-To: md@linux.it\n" +"POT-Creation-Date: 2007-05-20 17:32+0200\n" +"PO-Revision-Date: 2007-05-21 23:56+0900\n" +"Last-Translator: Sunjae Park \n" +"Language-Team: Korean \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=1; plural=0;\n" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "Use paranoid settings in hosts.allow and hosts.deny?" +msgstr "hosts.allow와 hosts.deny에 과민설정(paranoid)을 적용할까요?" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"New /etc/hosts.allow and /etc/hosts.deny files for the TCP wrapper programs " +"(tcpd) and the libwrap library will be created as they do not exist yet." +msgstr "" +"TCP wrappers 데몬(tcpd)과 libwrap 라이브러리를 위한 /etc/hosts.allow와 /etc/" +"hosts.deny 파일이 아직 없으므로 새로 생성합니다." + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"You can choose between a generic and permissive configuration which will " +"allow any incoming connection or a paranoid configuration which will not " +"allow remote connections regardless of where they originate from. The " +"latter, even if more secure, will block out all communication, including, " +"for example, remote administration." +msgstr "" +"들어오는 통신을 허용하는 일반적이고 관용적인 설정을 선택하거나 들어오는 통신" +"은 근원에 상관없이 무조건 막는 과민적인 설정을 선택하실 수 있습니다. 과민설정" +"을 사용하면 보안 수준이 더 높을 지는 모르나 원격 관리를 포함한 모든 통신을 막" +"아버립니다." + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"Both files can be modified later to suit your needs as explained in the " +"hosts_access(5) manpage. These settings will only affect network services " +"that use the libwrap library: restrictions for other services may be " +"established by using package-specific configuration directives or firewall " +"rules." +msgstr "" +"hosts_access(5) 맨페이지에 적혀있는 대로 이 파일들을 원하시는 대로 변경하실 " +"수 있습니다. 이 설정들은 libwrap 라이브러리를 사용하는 네트워크 서비스에만 적" +"용됩니다. 이에 해당되지 않는 다른 서비스들에 대한 제약은 각 꾸러미별 설정이나 " +"방화벽 규칙을 통해 변경하십시오." --- tcp-wrappers-7.6.q.orig/debian/po/fr.po +++ tcp-wrappers-7.6.q/debian/po/fr.po @@ -0,0 +1,79 @@ +# translation of fr.po to French +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +# Christian Perrier , 2007. +# Olivier Gauwin , 2001-2006. +msgid "" +msgstr "" +"Project-Id-Version: fr\n" +"Report-Msgid-Bugs-To: md@linux.it\n" +"POT-Creation-Date: 2007-05-20 17:32+0200\n" +"PO-Revision-Date: 2007-05-20 22:09+0200\n" +"Last-Translator: Christian Perrier \n" +"Language-Team: French \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "Use paranoid settings in hosts.allow and hosts.deny?" +msgstr "Faut-il configurer hosts.allow et hosts.deny en mode « paranoïaque » ?" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"New /etc/hosts.allow and /etc/hosts.deny files for the TCP wrapper programs " +"(tcpd) and the libwrap library will be created as they do not exist yet." +msgstr "" +"De nouveaux fichiers /etc/hosts.allow et /etc/hosts.deny, destinés aux " +"programmes « TCP wrappers » (tcpd) et à la bibliothèque libwrap vont être " +"créés car ils n'existent pas encore." + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"You can choose between a generic and permissive configuration which will " +"allow any incoming connection or a paranoid configuration which will not " +"allow remote connections regardless of where they originate from. The " +"latter, even if more secure, will block out all communication, including, " +"for example, remote administration." +msgstr "" +"Vous pouvez choisir entre une configuration permissive générique qui " +"autorise toutes les connexions entrantes, et une configuration " +"« paranoïaque » qui refuse toute connexion de l'extérieur quelle qu'en soit " +"l'origine. Cette dernière, plus sécurisée, bloque cependant toutes les " +"communications y compris (par exemple) celles pouvant servir à " +"l'administration distante." + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"Both files can be modified later to suit your needs as explained in the " +"hosts_access(5) manpage. These settings will only affect network services " +"that use the libwrap library: restrictions for other services may be " +"established by using package-specific configuration directives or firewall " +"rules." +msgstr "" +"Ces deux fichiers peuvent ultérieurement être modifiés pour qu'ils " +"correspondent à vos besoins, comme expliqué dans la page de manuel " +"host_access(5). Ces restrictions ne s'appliquent qu'aux services réseau qui " +"utilisent la bibliothèque libwrap. Les restrictions éventuelles pour les " +"autres services devront être établies avec des règles de pare-feu ou des " +"options de configurations propres à ces services." --- tcp-wrappers-7.6.q.orig/debian/po/sk.po +++ tcp-wrappers-7.6.q/debian/po/sk.po @@ -0,0 +1,41 @@ +# Slovak translation of tcp-wrappers. +# Copyright (C) 2005 THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the tcp-wrappers package. +# Ivan Masár , 2008. +# +msgid "" +msgstr "" +"Project-Id-Version: tcp-wrappers\n" +"Report-Msgid-Bugs-To: md@linux.it\n" +"POT-Creation-Date: 2007-05-20 17:32+0200\n" +"PO-Revision-Date: 2008-07-04 17:24+0100\n" +"Last-Translator: Ivan Masár \n" +"Language-Team: Slovak \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "Use paranoid settings in hosts.allow and hosts.deny?" +msgstr "Použiť paranoidné nastavenia v hosts.allow a hosts.deny?" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "New /etc/hosts.allow and /etc/hosts.deny files for the TCP wrapper programs (tcpd) and the libwrap library will be created as they do not exist yet." +msgstr "Keďže súbory /etc/hosts.allow a /etc/hosts.deny pre program TCP wrapper (tcpd) a knižnicu libwrap zatiaľ neexistujú, budú vytvorené." + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "You can choose between a generic and permissive configuration which will allow any incoming connection or a paranoid configuration which will not allow remote connections regardless of where they originate from. The latter, even if more secure, will block out all communication, including, for example, remote administration." +msgstr "Môžete si vybrať medzi všeobecnou a liberálnou politikou, ktorá povolí akékoľvek prichádzajúce spojenie; alebo paranoidnou konfiguráciou, ktorá nepovolí žiadne vzdialené spojenia bez ohľadu na to odkiaľ pochádzajú. Táto druhá politika, hoci je bezpečnejšia, zablokuje všetku komunikáciu vrátane, napríklad, vzdialenej správy." + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "Both files can be modified later to suit your needs as explained in the hosts_access(5) manpage. These settings will only affect network services that use the libwrap library: restrictions for other services may be established by using package-specific configuration directives or firewall rules." +msgstr "Oba súbory môžete neskôr zmeniť, aby vyhovovali vašim potrebám, podľa vysvetlenia na manuálovej stránke hosts_access(5). Tieto nastavenia ovplyvnia iba sieťové služby, ktoré využívajú knižnicu libwrap: iné služby je možné obmedziť špecifickými nastaveniami balíkov alebo pravidlami firewallu." + --- tcp-wrappers-7.6.q.orig/debian/po/vi.po +++ tcp-wrappers-7.6.q/debian/po/vi.po @@ -0,0 +1,79 @@ +# Vietnamese translation for TCP Wrappers. +# Copyright © 2007 Free Software Foundation, Inc. +# Clytie Siddall , 2005-2007. +# +msgid "" +"" +msgstr "Project-Id-Version: tcp-wrappers 7.6.dbs-14\n" +"Report-Msgid-Bugs-To: md@linux.it\n" +"POT-Creation-Date: 2007-05-20 17:32+0200\n" +"PO-Revision-Date: 2007-05-30 17:42+0930\n" +"Last-Translator: Clytie Siddall \n" +"Language-Team: Vietnamese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=1; plural=0;\n" +"X-Generator: LocFactoryEditor 1.6.3b1\n" + +#.Type: boolean +#.description +#: ../tcpd.templates:1001 +msgid "Use paranoid settings in hosts.allow and hosts.deny?" +msgstr "Có nên dùng thiết lập rất cẩn thận trong hai tập tin « hosts.allow » (cho phép " +"máy) và « hosts.deny » (từ chối máy) không?" + +#.Type: boolean +#.description +#: ../tcpd.templates:1001 +msgid "" +"New /etc/hosts.allow and /etc/hosts.deny files for the TCP wrapper programs " +"(tcpd) and the libwrap library will be created as they do not exist yet." +msgstr "Tập tin « /etc/hosts.allow » và « /etc/hosts.deny » mới cho những chương trình bao bọc TCP (tcpd) và thư viện libwrap sẽ được tạo, vì chưa có." + +#.Type: boolean +#.description +#: ../tcpd.templates:1001 +msgid "" +"You can choose between a generic and permissive configuration which will " +"allow any incoming connection or a paranoid configuration which will not " +"allow remote connections regardless of where they originate from. The " +"latter, even if more secure, will block out all communication, including, " +"for example, remote administration." +msgstr "Bạn có thể chọn hoặc cấu hình chung cho phép bất cứ kết nối gửi đến nào, hoặc cấu hình rất cẩn thận không cho phép kết nối từ xa bất chấp gốc. Cấu hình rất cẩn thận là bảo mật hơn, nhưng cũng chặn toàn bộ giao thông, gồm (thí dụ) việc quản trị từ xa." + +#.Type: boolean +#.description +#: ../tcpd.templates:1001 +msgid "" +"Both files can be modified later to suit your needs as explained in the " +"hosts_access(5) manpage. These settings will only affect network services " +"that use the libwrap library: restrictions for other services may be " +"established by using package-specific configuration directives or firewall " +"rules." +msgstr "Để thích hợp cho yêu cầu của bạn, cũng có thể sửa đổi mỗi tập tin, như được giải thích trên trang hướng dẫn hosts_access(5). Thiết lập hiện thời chỉ có tác động tới dịch vụ mạng có phải sử dụng thư viện libwrap. Cũng có thể giới hạn dịch vụ khác bằng cách dùng chỉ thị đặc trưng cho gói hay quy tắc bức tường lửa." + +#~ msgid "" +#~ "The second option, even if more secure, will block out all communication, " +#~ "including, for example, remote administration. So if you need this don't " +#~ "choose it." +#~ msgstr "Mặc dù tùy chọn thứ hai là bảo mật hơn, nó ngăn cản mọi cách truyền, gồm " +#~ "(lấy thí dụ) quản lý từ xa. Nếu bạn cần khả năng này thì đừng chọn tùy " +#~ "chọn thứ hai." + +#~ msgid "" +#~ "Regardless of which option you select you can always manually edit both " +#~ "files to suit your needs, for this, review the hosts_access(5) manpage. " +#~ "This might include giving remote access of services to legitimate hosts." +#~ msgstr "Tất nhiên, bạn vẫn còn có thể sửa đổi mỗi tập tin theo sự cần của bạn. " +#~ "Hãy xem trang hướng dẫn (man) « hosts_access(5) » để tìm cách sửa đổi, " +#~ "thí dụ cách cho phép máy nào đó truy cập dịch vụ." + +#~ msgid "" +#~ "Notice this only applies to internet services that use the libwrap " +#~ "library. Remote connections will still be possible to services that do " +#~ "not use this library, consider using firewall rules to block access to " +#~ "these." +#~ msgstr "Hãy ghi chú rằng thông tin này áp dụng chỉ vào dịch vụ dùng thư viên « " +#~ "libwrap » thôi. Dịch vụ không dùng thư viên này sẽ vẫn còn có thể kết nối " +#~ "từ xa: bạn hãy sử dụng quy tắc loại bức tường lửa để từ chối chúng." --- tcp-wrappers-7.6.q.orig/debian/po/da.po +++ tcp-wrappers-7.6.q/debian/po/da.po @@ -0,0 +1,102 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans# +# Developers do not need to manually edit POT or PO files. +# +# Claus Hindsgaul , 2004. +# Claus Hindsgaul , 2007. +msgid "" +msgstr "" +"Project-Id-Version: da\n" +"Report-Msgid-Bugs-To: md@linux.it\n" +"POT-Creation-Date: 2007-05-20 17:32+0200\n" +"PO-Revision-Date: 2007-05-30 23:17+0200\n" +"Last-Translator: Claus Hindsgaul \n" +"Language-Team: Danish\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-1\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "Use paranoid settings in hosts.allow and hosts.deny?" +msgstr "Benyt paranoide indstillinger i hosts.allow og hosts.access op?" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"New /etc/hosts.allow and /etc/hosts.deny files for the TCP wrapper programs " +"(tcpd) and the libwrap library will be created as they do not exist yet." +msgstr "" +"Der vil blive oprettet nye /etc/hosts.allow og /etc/hosts.deny til TCP-indpakningsprogrammerne " +"(tcpd) ligesom biblioteket bliver oprettet, da ingen af dem eksister." + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"You can choose between a generic and permissive configuration which will " +"allow any incoming connection or a paranoid configuration which will not " +"allow remote connections regardless of where they originate from. The " +"latter, even if more secure, will block out all communication, including, " +"for example, remote administration." +msgstr "" +"Du kan vlge mellem en som udgangspunkt eftergivende opstning, der vil tillade " +"alle indkommende forbindelser, eller en paranoid opstning, der ikke vil tillade " +"forbindelser udefra uanset hvorfra de stammer. Den sidstenvnte vil, selvom den " +"er mere sikker, udelukke al kommunikation, herunder f.eks. fjernadministration." + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"Both files can be modified later to suit your needs as explained in the " +"hosts_access(5) manpage. These settings will only affect network services " +"that use the libwrap library: restrictions for other services may be " +"established by using package-specific configuration directives or firewall " +"rules." +msgstr "" +"Begge filer kan tilrettes senere, s de svarer til dine behov, som forklaret " +"p manualsiden hosts_access(5). Disse indstillinger vil kun pvirke de " +"netvrksservices, der benytter biblioteket libwrap: restriktioner for andre " +"services kan etableres med pakke-specifik opstning eller brandmurs-regler." + +#~ msgid "" +#~ "The second option, even if more secure, will block out all communication, " +#~ "including, for example, remote administration. So if you need this don't " +#~ "choose it." +#~ msgstr "" +#~ "Selvom den sidste mulighed er den sikreste, vil den blokere for al " +#~ "kommunikation som f.eks. fjernadministration. S hvis du har brug for " +#~ "fjernadministration o.lign. skal du ikke vlge den." + +#~ msgid "" +#~ "Regardless of which option you select you can always manually edit both " +#~ "files to suit your needs, for this, review the hosts_access(5) manpage. " +#~ "This might include giving remote access of services to legitimate hosts." +#~ msgstr "" +#~ "Uanset hvilken indstilling du vlger, kan du altid redigere begge filer " +#~ "efter behov. Se manualsiden hosts_access(5) for oplysninger om dette. Her " +#~ "kan du give fjernadgang til bestemte services fra bestemte maskiner." + +#~ msgid "" +#~ "Notice this only applies to internet services that use the libwrap " +#~ "library. Remote connections will still be possible to services that do " +#~ "not use this library, consider using firewall rules to block access to " +#~ "these." +#~ msgstr "" +#~ "Bemrk at dette kun glder internet-services, der benytter libwrap-" +#~ "biblioteket. Forbindelser udefra til services, der ikke benytter dette " +#~ "bibliotek, vil stadig kunne lade sig gre. Du br overveje at benytte en " +#~ "brandmur til at blokere adgangen til sdanne services." + --- tcp-wrappers-7.6.q.orig/debian/po/hu.po +++ tcp-wrappers-7.6.q/debian/po/hu.po @@ -0,0 +1,63 @@ +msgid "" +msgstr "" +"Project-Id-Version: TCP wrappers\n" +"Report-Msgid-Bugs-To: md@linux.it\n" +"POT-Creation-Date: 2007-05-20 17:32+0200\n" +"PO-Revision-Date: 2007-04-22 10:51+0100\n" +"Last-Translator: SZERVÁC Attila \n" +"Language-Team: Hungarian \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=n != 1;\n" +"X-Poedit-Language: Hungarian\n" +"X-Poedit-Country: HUNGARY\n" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +#, fuzzy +msgid "Use paranoid settings in hosts.allow and hosts.deny?" +msgstr "" +"Paranoid beállításokat használsz a hosts.allow és hosts.access fájlokban?" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +#, fuzzy +msgid "" +"New /etc/hosts.allow and /etc/hosts.deny files for the TCP wrapper programs " +"(tcpd) and the libwrap library will be created as they do not exist yet." +msgstr "" +"Új /etc/hosts.allow és /etc/hosts.deny fájlokat készítünk a TCP wrappers " +"démon (tcpd) számára, mert még nincsenek." + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"You can choose between a generic and permissive configuration which will " +"allow any incoming connection or a paranoid configuration which will not " +"allow remote connections regardless of where they originate from. The " +"latter, even if more secure, will block out all communication, including, " +"for example, remote administration." +msgstr "" +"Választhatsz egy általános és minden bejövő kapcsolatot engedő és egy " +"paranoid beállítás közt, mely tiltja a kapcsolatokat eredetüktől " +"függetlenül. Utóbbi nyilván biztonságosabb, de tilt minden kommunikációt, " +"például a táv-felügyeletet." + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +#, fuzzy +msgid "" +"Both files can be modified later to suit your needs as explained in the " +"hosts_access(5) manpage. These settings will only affect network services " +"that use the libwrap library: restrictions for other services may be " +"established by using package-specific configuration directives or firewall " +"rules." +msgstr "" +"Minden fájlt módosíthatsz később a hosts_access(5) kézikönyv oldal szerint. " +"E beállítások csak a libwrap könyvtárat használó hálózati szolgáltatásokra " +"hatnak. Más szolgáltatások például tűzfal szabályokkal korlátozhatók." --- tcp-wrappers-7.6.q.orig/debian/po/nl.po +++ tcp-wrappers-7.6.q/debian/po/nl.po @@ -0,0 +1,66 @@ +# Dutch tcp-wrappers po-debconf translation, +# Copyright (C) 2008 THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the tcp-wrappers package. +# Vincent Zweije , 2008. +# +msgid "" +msgstr "" +"Project-Id-Version: tcp-wrappers 7.6.dbs-14\n" +"Report-Msgid-Bugs-To: md@linux.it\n" +"POT-Creation-Date: 2007-05-20 17:32+0200\n" +"PO-Revision-Date: 2008-02-13 21:47+0000\n" +"Last-Translator: Vincent Zweije \n" +"Language-Team: Debian-Dutch \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-15\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "Use paranoid settings in hosts.allow and hosts.deny?" +msgstr "" +"Paranode instellingen gebruiken in hosts.allow en hosts.access?" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"New /etc/hosts.allow and /etc/hosts.deny files for the TCP wrapper programs " +"(tcpd) and the libwrap library will be created as they do not exist yet." +msgstr "" +"Nieuwe bestanden /etc/hosts.allow en /etc/hosts.deny voor de \"TCP wrapper\" " +"programma's en de libwrap bibliotheek zullen worden aangemaakt, omdat ze " +"nog niet bestaan." + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"You can choose between a generic and permissive configuration which will " +"allow any incoming connection or a paranoid configuration which will not " +"allow remote connections regardless of where they originate from. The " +"latter, even if more secure, will block out all communication, including, " +"for example, remote administration." +msgstr "" +"U kunt ofwel een algemene, permissieve instelling hebben die iedere " +"inkomende verbinding toelaat, ofwel een paranode instelling die geen " +"inkomende verbindingen toelaat ongeacht waar ze vandaan komen. De paranode " +"instelling is veiliger, maar blokkeert alle verkeer, inclusief bijvoorbeeld " +"voor beheer op afstand." + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"Both files can be modified later to suit your needs as explained in the " +"hosts_access(5) manpage. These settings will only affect network services " +"that use the libwrap library: restrictions for other services may be " +"established by using package-specific configuration directives or firewall " +"rules." +msgstr "" +"Beide bestanden kunnen later naar wens worden aangepast zoals uitgelegd " +"in de hosts_access(5) man-pagina. Deze instellingen zullen slechts die " +"netwerkdiensten benvloeden die de libwrap bibliotheek gebruiken; voor " +"andere diensten kunnen beperkingen worden gedaan door pakket-specifieke " +"instellingen of firewallregels." --- tcp-wrappers-7.6.q.orig/debian/po/tr.po +++ tcp-wrappers-7.6.q/debian/po/tr.po @@ -0,0 +1,91 @@ +# Turkish translation of tcpd. +# This file is distributed under the same license as the tcpd package. +# Recai Oktaş , 2004. +# +msgid "" +msgstr "" +"Project-Id-Version: tcpd\n" +"Report-Msgid-Bugs-To: md@linux.it\n" +"POT-Creation-Date: 2007-05-20 17:32+0200\n" +"PO-Revision-Date: 2004-05-10 16:43+0300\n" +"Last-Translator: Recai Oktaş \n" +"Language-Team: Turkish\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +#, fuzzy +msgid "Use paranoid settings in hosts.allow and hosts.deny?" +msgstr "Tcpd, hosts.allow ve hosts.access'i paranoya seviyesinde ayarlasın mı?" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"New /etc/hosts.allow and /etc/hosts.deny files for the TCP wrapper programs " +"(tcpd) and the libwrap library will be created as they do not exist yet." +msgstr "" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +#, fuzzy +msgid "" +"You can choose between a generic and permissive configuration which will " +"allow any incoming connection or a paranoid configuration which will not " +"allow remote connections regardless of where they originate from. The " +"latter, even if more secure, will block out all communication, including, " +"for example, remote administration." +msgstr "" +"Henüz bu dosyalardan herhangi birine sahip olmadığınızdan tcpd, /etc/hosts." +"allow ve /etc/hosts.deny dosyalarını ayarlayacak. Bu ayarın genel amaçlı ve " +"gelen her bağlantıya izin verecek şekilde veya kaynağı ayırt edilmeksizin " +"uzaktan yapılan bütün bağlantıları reddecek şekilde paranoya seviyesinde " +"yapılmasını seçebilirsiniz." + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"Both files can be modified later to suit your needs as explained in the " +"hosts_access(5) manpage. These settings will only affect network services " +"that use the libwrap library: restrictions for other services may be " +"established by using package-specific configuration directives or firewall " +"rules." +msgstr "" + +#, fuzzy +#~ msgid "" +#~ "The second option, even if more secure, will block out all communication, " +#~ "including, for example, remote administration. So if you need this don't " +#~ "choose it." +#~ msgstr "" +#~ "İkinci seçenek daha güvenli olmakla birlikte, uzaktan sistem yönetimi de " +#~ "dahil, bütün iletişimi bloke edecektir. Uzaktan sistem yönetimine " +#~ "ihtiyacınız varsa, öntanımlı seçeneği değiştirmeyin." + +#~ msgid "" +#~ "Regardless of which option you select you can always manually edit both " +#~ "files to suit your needs, for this, review the hosts_access(5) manpage. " +#~ "This might include giving remote access of services to legitimate hosts." +#~ msgstr "" +#~ "Hangi seçeneği seçerseniz seçin, her iki dosyayı da ihtiyaçlarınıza uygun " +#~ "şekilde elle düzenlemeniz her zaman mümkündür. Bu işlem için hosts_access" +#~ "(5) kılavuz sayfasına göz atın. Yapılabilecek ayarlar arasında, " +#~ "hizmetlere uzaktan erişim izninin yetkilendirilmiş makinelere verilmesi " +#~ "de bulunabilir." + +#~ msgid "" +#~ "Notice this only applies to internet services that use the libwrap " +#~ "library. Remote connections will still be possible to services that do " +#~ "not use this library, consider using firewall rules to block access to " +#~ "these." +#~ msgstr "" +#~ "Tcpd üzerinden sağlanan erişim denetiminin sadece libwrap kitaplığını " +#~ "kullanan Internet hizmetleri için geçerli olduğunu unutmayın. Bu " +#~ "kitaplığı kullanmayan hizmetlere uzaktan erişim hâlâ mümkün olacaktır. " +#~ "Bu hizmetlere erişimi engellemek için bir güvenlik duvarı (firewall) " +#~ "kullanmayı düşünebilirsiniz." --- tcp-wrappers-7.6.q.orig/debian/po/ta.po +++ tcp-wrappers-7.6.q/debian/po/ta.po @@ -0,0 +1,66 @@ +# translation of tcp-wrappers.po to TAMIL +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# +# Dr.T.Vasudevan , 2007. +msgid "" +msgstr "" +"Project-Id-Version: tcp-wrappers\n" +"Report-Msgid-Bugs-To: md@linux.it\n" +"POT-Creation-Date: 2007-05-20 17:32+0200\n" +"PO-Revision-Date: 2007-04-17 12:00+0530\n" +"Last-Translator: Dr.T.Vasudevan \n" +"Language-Team: TAMIL \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +#, fuzzy +msgid "Use paranoid settings in hosts.allow and hosts.deny?" +msgstr "" +"அதி ஜாக்கிரதை அமைப்பை hosts.allow மற்றும் hosts.access ஆகியவற்றில் பயன்படுத்தவா?" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +#, fuzzy +msgid "" +"New /etc/hosts.allow and /etc/hosts.deny files for the TCP wrapper programs " +"(tcpd) and the libwrap library will be created as they do not exist yet." +msgstr "" +"டிசிபி ராப்பர் கிங்கரன் (tcpd) க்கு /etc/hosts.allow மற்றும் /etc/hosts.deny " +"கோப்புகள் இன்மையால் புதியன உருவாக்கப் படும். " + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"You can choose between a generic and permissive configuration which will " +"allow any incoming connection or a paranoid configuration which will not " +"allow remote connections regardless of where they originate from. The " +"latter, even if more secure, will block out all communication, including, " +"for example, remote administration." +msgstr "" +"நீங்கள் பாரம்பரிய உள்வரும் எந்த இணப்பையும் அனுமதிக்கும் தளர்ந்த வடிவமைப்பு அல்லது " +"அதிஜாக்கிரதையான எங்கிருந்து வந்தாலும் எந்த இணப்பை அனுமதிக்காத வடிவமைப்பு ஆகிய இரண்டில் " +"ஏதேனும் தேர்வு செய்யலாம். இரண்டாவதில் மிக பாதுகாப்பானதானாலும் தொலை நிர்வாகம் உள்ளிட்ட " +"அனைத்து தொடர்புகளும் துண்டிக்கப் படும்." + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +#, fuzzy +msgid "" +"Both files can be modified later to suit your needs as explained in the " +"hosts_access(5) manpage. These settings will only affect network services " +"that use the libwrap library: restrictions for other services may be " +"established by using package-specific configuration directives or firewall " +"rules." +msgstr "" +"இரண்டு கோப்புகளும் தேவைக்கேற்ப கைமுறையேடு hosts_access(5) இல் கண்டபடி பின்னால் " +"மாற்றப்படலாம். இந்த வடிவமைப்பு libwrap நூலகத்தை பயன்படுத்தும் வலையமைப்பை மட்டுமே " +"கட்டுப்படுத்தும். மற்ற சேவைகளுக்கான கட்டுப்பாடுகள் தீச்சுவர் விதிகளை பொறுத்தது. " --- tcp-wrappers-7.6.q.orig/debian/po/ru.po +++ tcp-wrappers-7.6.q/debian/po/ru.po @@ -0,0 +1,78 @@ +# Translation of tcp-wrappers to Russian +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans# +# Developers do not need to manually edit POT or PO files. +# Yuriy Talakan' , 2006. +# Yuriy Talakan' , 2007. +# +msgid "" +msgstr "" +"Project-Id-Version: tcp-wrappers_7.6.dbs-14_ru\n" +"Report-Msgid-Bugs-To: debian-l10n-russian@lists.debian.org\n" +"POT-Creation-Date: 2007-05-20 17:32+0200\n" +"PO-Revision-Date: 2007-05-21 11:35+0300\n" +"Last-Translator: Sergey Alyoshin \n" +"Language-Team: Russian \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.9.1\n" +"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%" +"10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "Use paranoid settings in hosts.allow and hosts.deny?" +msgstr "Использовать параноидальные настройки в hosts.allow и hosts.deny?" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"New /etc/hosts.allow and /etc/hosts.deny files for the TCP wrapper programs " +"(tcpd) and the libwrap library will be created as they do not exist yet." +msgstr "" +"Будут созданы новые файлы /etc/hosts.allow и /etc/hosts.deny для программ " +"TCP-оболочек (tcpd) и библиотеки libwrap, так как эти файлы ещё не существуют." + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"You can choose between a generic and permissive configuration which will " +"allow any incoming connection or a paranoid configuration which will not " +"allow remote connections regardless of where they originate from. The " +"latter, even if more secure, will block out all communication, including, " +"for example, remote administration." +msgstr "" +"Вы можете выбрать между общей (generic) и разрешающей (permissive) " +"настройками, которые позволят любые входящие соединения, или параноидальной " +"(paranoid) настройкой, которая не позволит удалённые соединения вне " +"зависимости от их происхождения. Последняя настройка, хотя и более " +"безопасная, будет блокировать все соединения, включая, например, удалённое " +"администрирование." + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"Both files can be modified later to suit your needs as explained in the " +"hosts_access(5) manpage. These settings will only affect network services " +"that use the libwrap library: restrictions for other services may be " +"established by using package-specific configuration directives or firewall " +"rules." +msgstr "" +"Оба файла могут быть изменены позже в соответствии с вашими требованиями " +"так, как объясняется в man-странице hosts_access(5). Эти настройки повлияют " +"только на сетевые сервисы, которые используют библиотеку libwrap; ограничения " +"для прочих сервисов могут быть установлены с использованием специфических для " +"пакета команд настройки или правил межсетевого экрана (firewall)." + --- tcp-wrappers-7.6.q.orig/debian/po/gl.po +++ tcp-wrappers-7.6.q/debian/po/gl.po @@ -0,0 +1,66 @@ +# Galician translation of tcp-wrappers's debconf templates. +# This file is distributed under the same license as the tcp-wrappers package. +# +# 2006, 2007, 2008, Jacobo Tarrio +# +msgid "" +msgstr "" +"Project-Id-Version: tcpwrappers\n" +"Report-Msgid-Bugs-To: md@linux.it\n" +"POT-Creation-Date: 2007-05-20 17:32+0200\n" +"PO-Revision-Date: 2008-05-13 00:11+0100\n" +"Last-Translator: Jacobo Tarrio \n" +"Language-Team: Galician \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "Use paranoid settings in hosts.allow and hosts.deny?" +msgstr "¿Empregar unha configuración paranoica de hosts.allow e hosts.deny?" + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"New /etc/hosts.allow and /etc/hosts.deny files for the TCP wrapper programs " +"(tcpd) and the libwrap library will be created as they do not exist yet." +msgstr "" +"Hanse crear uns novos ficheiros /etc/hosts.allow e /etc/hosts.deny para os " +"programas envoltorios TCP (tcpd) e para a biblioteca libwrap, xa que aínda " +"non existen." + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"You can choose between a generic and permissive configuration which will " +"allow any incoming connection or a paranoid configuration which will not " +"allow remote connections regardless of where they originate from. The " +"latter, even if more secure, will block out all communication, including, " +"for example, remote administration." +msgstr "" +"Pode escoller entre unha configuración xenérica e permisiva que ha permitir " +"calquera conexión entrante e unha configuración paranoica que non ha " +"permitir conexións remotas independentemente da súa procedencia. Esta " +"configuración, aínda que sexa máis segura, ha bloquear tódalas " +"comunicacións, incluíndo, por exemplo, a administración remota." + +#. Type: boolean +#. description +#: ../tcpd.templates:1001 +msgid "" +"Both files can be modified later to suit your needs as explained in the " +"hosts_access(5) manpage. These settings will only affect network services " +"that use the libwrap library: restrictions for other services may be " +"established by using package-specific configuration directives or firewall " +"rules." +msgstr "" +"Pódense modificar os dous ficheiros máis tarde para axustalos ás súas " +"necesidades tal como se explica na páxina de manual hosts_access(5). Esta " +"configuración só ha afectar aos servizos de rede que empregan a biblioteca " +"libwrap; pódense establecer as restriccións para outros servizos empregando " +"directivas de configuración específicas para cada paquete ou regras de " +"devasa."