From da22d697647c1bf00075e37ac237b8f8d7335d4e Mon Sep 17 00:00:00 2001 From: kzak Date: Mar 01 2010 12:28:24 +0000 Subject: - fix #566711 - am-utils: incorrect use of tcp_wrapper --- diff --git a/am-utils-6.1.5-libwarp.patch b/am-utils-6.1.5-libwarp.patch new file mode 100644 index 0000000..9d13d0f --- /dev/null +++ b/am-utils-6.1.5-libwarp.patch @@ -0,0 +1,69 @@ +diff -up am-utils-6.1.5/amd/amq_svc.c.kzak am-utils-6.1.5/amd/amq_svc.c +--- am-utils-6.1.5/amd/amq_svc.c.kzak 2006-01-02 19:40:31.000000000 +0100 ++++ am-utils-6.1.5/amd/amq_svc.c 2010-03-01 12:43:25.000000000 +0100 +@@ -65,47 +65,17 @@ int allow_severity=0, deny_severity=0; + * Returns: 1=allowed, 0=denied. + */ + static int +-amqsvc_is_client_allowed(const struct sockaddr_in *addr, char *remote) ++amqsvc_is_client_allowed(const struct sockaddr_in *addr) + { +- struct hostent *h; +- char *name = NULL, **ad; +- int ret = 0; /* default is 0==denied */ +- +- /* Check IP address */ +- if (hosts_ctl(AMD_SERVICE_NAME, "", remote, "")) { +- ret = 1; +- goto out; +- } +- /* Get address */ +- if (!(h = gethostbyaddr((const char *)&(addr->sin_addr), +- sizeof(addr->sin_addr), +- AF_INET))) +- goto out; +- if (!(name = strdup(h->h_name))) +- goto out; +- /* Paranoia check */ +- if (!(h = gethostbyname(name))) +- goto out; +- for (ad = h->h_addr_list; *ad; ad++) +- if (!memcmp(*ad, &(addr->sin_addr), h->h_length)) +- break; +- if (!*ad) +- goto out; +- if (hosts_ctl(AMD_SERVICE_NAME, "", h->h_name, "")) { +- return 1; +- goto out; +- } +- /* Check aliases */ +- for (ad = h->h_aliases; *ad; ad++) +- if (hosts_ctl(AMD_SERVICE_NAME, "", *ad, "")) { +- return 1; +- goto out; +- } ++ struct request_info req; ++ ++ request_init(&req, RQ_DAEMON, AMD_SERVICE_NAME, RQ_CLIENT_SIN, addr, 0); ++ sock_methods(&req); ++ ++ if (hosts_access(&req)) ++ return 1; + +- out: +- if (name) +- XFREE(name); +- return ret; ++ return 0; + } + #endif /* defined(HAVE_TCPD_H) && defined(HAVE_LIBWRAP) */ + +@@ -127,7 +97,7 @@ amq_program_1(struct svc_req *rqstp, SVC + struct sockaddr_in *remote_addr = svc_getcaller(rqstp->rq_xprt); + char *remote_hostname = inet_ntoa(remote_addr->sin_addr); + +- if (!amqsvc_is_client_allowed(remote_addr, remote_hostname)) { ++ if (!amqsvc_is_client_allowed(remote_addr)) { + plog(XLOG_WARNING, "Amd denied remote amq service to %s", remote_hostname); + svcerr_auth(transp, AUTH_FAILED); + return; diff --git a/am-utils.spec b/am-utils.spec index 5670f6b..92deca8 100644 --- a/am-utils.spec +++ b/am-utils.spec @@ -1,7 +1,7 @@ Summary: Automount utilities including an updated version of Amd Name: am-utils Version: 6.1.5 -Release: 15%{?dist} +Release: 16%{?dist} License: BSD Epoch: 5 Group: System Environment/Daemons @@ -48,6 +48,8 @@ Patch4: am-utils-6.1.5-buildsys.patch Patch5: am-utils-6.1.5-expn-temp.patch # 450754 - Amd does not work with 2.6.25 Patch6: am-utils-6.1.5-nolock-toplvl.patch +# 566711 - am-utils: incorrect use of tcp_wrapper +Patch7: am-utils-6.1.5-libwarp.patch # We need to filter out some perl requirements for now. %define _use_internal_dependency_generator 0 @@ -73,6 +75,7 @@ mounting and unmounting filesystems. %patch4 -p1 %patch5 -p1 %patch6 -p1 +%patch7 -p1 find_requires=%{old_find_requires} echo "$find_requires | grep -v lostaltmail.conf" > find-requires @@ -177,6 +180,9 @@ fi %{_libdir}/libamu.so* %changelog +* Mon Mar 1 2010 Karel Zak 5:6.1.5-16 +- fix #566711 - am-utils: incorrect use of tcp_wrapper + * Wed Feb 24 2010 Karel Zak 5:6.1.5-15 - fix #523221 - initscript collected problems LSB-compilant