From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 22678 invoked by alias); 24 Feb 2008 22:07:34 -0000 Received: (qmail 14110 invoked by uid 22791); 24 Feb 2008 22:06:33 -0000 X-Spam-Check-By: sourceware.org Message-ID: <47C1E9CD.7010903@cwilson.fastmail.fm> Date: Sun, 24 Feb 2008 22:07:00 -0000 From: Charles Wilson User-Agent: Thunderbird 2.0.0.9 (Windows/20071031) MIME-Version: 1.0 To: cygwin-announce@cygwin.com Subject: Updated: tcp_wrappers-7.6-4 [New: libwrap-devel-7.6-4, libwrap0-7.6-4] Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Mailing-List: contact cygwin-announce-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-announce-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Reply-To: The Cygwin Mailing List X-SW-Source: 2008-02/txt/msg00034.txt.bz2 tcp_wrappers provides host-based access restrictions on tcp services: facilities for monitoring and filtering incoming requests for the SSHD, SYSTAT, FINGER, FTP, TELNET, RLOGIN, RSH, EXEC, TFTP, TALK, and other network services. The package provides a tiny daemon wrapper program that can be installed without any changes to existing software or to existing configuration files. The wrappers report the name of the client host and of the requested service; the wrappers do not exchange information with the client or server applications, and impose no overhead on the actual conversation between the client and server applications. :-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-: Changes in 7.6-4 since 7.6-2 (-3 unreleased) * new maintainer * Switch to cygport build tool * incorporate debian patches -- see below * build shared library * split into multiple packages !!!! ---- IMPORTANT ---- !!!! END USERS: the new package is compiled WITHOUT -DPARANOID (which enforces remote-host IP address and remote-host name agreement). This is Debian policy, because the paranoid behavior can be enabled at runtime (flexibility is good). This package will install a version of /etc/hosts.allow that re-enables paranoid behavior -- but only if /etc/hosts.allow doesn't exist. If you are upgrading, then you will "lose" paranoid behavior. To re-enable it, add the following line to /etc/hosts.allow: ALL : PARANOID : DENY (btw, paranoia is not /always/ a good thing, even in this context) !!!! ---- IMPORTANT ---- !!!! DEVELOPERS: see the note about STRONGSYMS, below. :-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-: Incorporates the Debian extensions: * cygwrap-0.dll and libwrap.dll.a are available for dynamic linking. * You can blacklist a whole bunch of hosts at once by specifying a file that contains a list of those hosts instead of just naming a host. See the hosts_access(5) manpage. * You can allow or disallow access to a service depending on the exit status of a program. See the hosts_access(5) manpage. * CIDR support in hosts_access(5) functions. * %r and %R parameters in hosts_access(5) functions. * Servers can be matched by port number other than by process name. * IPv6 support: patches are applied, but support is NOT enabled. Waiting on IPv6 support in cygwin. * manpages for installed tools not provided by upstream source Build options (that differ from previous releases) -------------------------------------------------- STYLE = "-DPROCESS_OPTIONS -DACLEXEC" Debian TCP Wrappers use the extended syntax for /etc/hosts.allow and /etc/hosts.deny. This particularly affects spawning other commands on connections, see the hosts_options(5) manpage for more details. FACILITY = LOG_DAEMON SEVERITY = LOG_INFO TCP Wrappers logs as daemon.info (rather than mail.info). This is a change from earlier cygwin releases of tcp_wrappers. VSYSLOG = cygwin has vsyslog built in, since 1.5.6/2004Jan19 (patch applied 2003Sep29) UMASK = -DDAEMON_UMASK=022 NETGROUP = RFC931_TIMEOUT = 10 ACCESS = -DHOSTS_ACCESS TABLES = -DHOSTS_DENY=\"/etc/hosts.deny\" -DHOSTS_ALLOW=\"/etc/hosts.allow\" KILL_OPT = -DKILL_IP_OPTIONS LIBS = -lresolv As it turns out, this library is unecessary and does not impose an additional runtime dependency. However, I left it in as a build dependency for now. EXTRA_CFLAGS = -DSYS_ERRLIST_DEFINED -Dsys_errlist=_sys_errlist -Dsys_nerr=_sys_nerr -DHAVE_STRERROR -DHAVE_STRONGSYMS STRONGSYMS: the cygwin versions of cygwrap-0.dll AND libwrap.a (that is, both the DLL and static library) explicitly provide int deny_severity int allow_severity symbols. This means that clients must NOT define their own versions of these symbols, as is the practice on *nix systems. Instead, clients should rely on the /declaration/ provided in tcpd.h: extern int deny_severity; extern int allow_severity; This may require code changes in clients that link against libwrap, but it was a necessary API change to enable DLL builds on cygwin. :-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-: Enjoy! -- Chuck ==================================================================== To update your installation, click on the "Install Cygwin now" link on the http://cygwin.com/ web page. This downloads setup.exe to your system. Then, run setup and answer all of the questions. *** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO *** If you want to unsubscribe from the cygwin-announce mailing list, look at the "List-Unsubscribe: " tag in the email header of this message. Send email to the address specified there. It will be in the format: cygwin-announce-unsubscribe-you=yourdomain.com@cygwin.com If you need more information on unsubscribing, start reading here: http://sources.redhat.com/lists.html#unsubscribe-simple Please read *all* of the information on unsubscribing that is available starting at this URL.