323744 |
19-Sep-2017 |
avg |
MFC r320151: remove bogus declaration of malloc from tcp_wrappers
The declaration was already inactive when INET6 was enabled and it causes a build error in the other case because of a conflict with the correct definition in stdlib.h. |
311814 |
09-Jan-2017 |
dim |
MFC r257398 (by sbruno):
Quiesce warnings by updating headerfile includes
r257404 | sbruno | 2013-10-30 23:41:18 +0100 (Wed, 30 Oct 2013) | 9 lines
Quiesce two warnings:
1. define the CODE * as const 2. restructure function to eliminate warning about exiting with no return. severity_map() never returns when it can't find an appropriate sysylog facility, and it longjmp()'s away into error code handling. Keep this behavior by stashing the facility value found during our search and checking for -1 if found.
MFC r257405 (by sbruno):
Quiesce warning, which could be a bug IMO, by correctly defining the host_info structure name
MFC r257406 (by sbruno):
Queisce warning about undeclared function usage.
yp_get_default_domain is defined in workaround.c but is not declared in any header file. Tie the declaration to the same #define conditional used when the function is called, NETGROUP
MFC r311459:
Put proper prototypes in tcpd.h
Clang 4.0.0 complains about tcpd.h's not-really-prototypes, e.g.:
/usr/include/tcpd.h:75:24: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] extern int hosts_access(); /* access control */ ^
To fix this, turn these declarations into real prototypes. While here, garbage collect the incompatible rfc931() function from scaffold.c, as it is never used.
Reviewed by: emaste Differential Revision: https://reviews.freebsd.org/D9052
MFC r311461:
Also remove unnecessary extern keywords from tcpd.h.
Noticed by: kib
MFC r311556:
After r311459, some ports can break, because a few of the newly added prototypes in <tcpd.h> use FILE. Pull in a minimal forward declaration of FILE from <stdio.h> to minimize impact. Sorry for the breakage.
Reported by: Shawn Webb <shawn.webb@hardenedbsd.org> |
277281 |
17-Jan-2015 |
pfg |
MFC r272947, r272950:
tcpd: complete function prototypes. tcpd.h: add prototype for hosts_ctl
This clears up at least a build issues on mysql-server ports. While here also replace some spaces with tabs in our headers.
PR: 32808 PR: 42336 |
256281 |
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
243933 |
06-Dec-2012 |
eadler |
Clean up hardcoded ar(1) flags in the tree to use the global ARFLAGS in share/mk/sys.mk instead.
This is part of a medium term project to permit deterministic builds of FreeBSD.
Submitted by: Erik Cederstrand <erik@cederstrand.dk> Reviewed by: imp, toolchain@ Approved by: cperciva MFC after: 2 weeks
|
210386 |
22-Jul-2010 |
rpaulo |
Make these files compile with clang.
Submitted by: Dimitry Andric <dimitry at andric.com>
|
201782 |
08-Jan-2010 |
sobomax |
Allow comment (#) to be placed anywhere in the line, not only at the beginning, so it's consistent with other configuration files.
MFC after: 3 weeks
|
146187 |
13-May-2005 |
ume |
NI_WITHSCOPEID cleanup. Neither RFC 2553 nor RFC 3493 defines NI_WITHSCOPEID, and our getaddrinfo(3) does nothing special for it, now.
|
123895 |
27-Dec-2003 |
ceri |
Correct compilation with "#define really_paranoid".
PR: bin/59674 Submitted by: Vaclav Rehak <vasek@zoom-int.cz>
|
108930 |
08-Jan-2003 |
peter |
Add a declaration that malloc() returns a pointer, not an int. Otherwise this segfaults on ia64. (Cannot cast an int to a pointer). The rest of the code does it this way rather than use system includes....
|
80261 |
24-Jul-2001 |
kris |
This commit was generated by cvs2svn to compensate for changes in r80260, which included commits to RCS files with non-trunk default branches.
|
79249 |
04-Jul-2001 |
kris |
Unbreak "paranoid" host checking, which was broken with the IPv6 code import.
Submitted by: Tony Finch <dot@dotat.at>
|
71045 |
14-Jan-2001 |
dwmalone |
Make tcpwrappers use the magic in syslog.h for getting syslog facility and level names.
Add FreeBSD tag.
PR: 24218 Approved by: markm
|
66329 |
25-Sep-2000 |
ume |
- reject numeric address - validate scope in sockaddr comparison logic
patch was originally submitted by itojun and slightly modified by me.
Reviewed by: itojun, kris
|
66297 |
23-Sep-2000 |
ume |
Don't touch ai_canonname without checking NULL. Current implementation of getaddrinfo() may return NULL ai_canonname. There is no consensus how getaddrinfo() should fill ai_canonname when numeric hostname is given.
Reported by: kris
|
63158 |
14-Jul-2000 |
ume |
Add IPv6 scoped address support. It enables us to control link-local connections by interface like this:
ALL : [fe80::%ed0]/10 : allow ALL : [fe80::]/10 : deny
|
63152 |
14-Jul-2000 |
dwmalone |
Stop the tcp_wrappers ident code sending a request which is split across several packets. This is done by not turning off buffering on the stdio stream for the ident connection. Originally this was done to avoid reading back what you'd just written into the buffer. However ANSI C gives a list of functions which should allow you to safely change direction on a stdio stream, and Wietse found that fseek seemed to be the most portable.
The original patch used a different workaround, but this should be a real fix.
PR: 16086 Reviewed by: wietse@porcupine.org (Original version) Approved by: markm
|
56977 |
03-Feb-2000 |
shin |
Missing tcp_wrapper IPv6 support seemed to be a bug, so commit it.
Now when tcp_wrapper is enabled by inetd -wW, several accesses which should be permitted are refused only for IPv6, if hostname is used to decide the host to be allowed. IPv6 users will be just upset.
About security related concern. -All extensions are wrapped by #ifdef INET6, so people can completely disable the extension by recompile libwrap without INET6 option. -Access via IPv6 is not enabled by default. People need to enable IPv6 access by changing /etc/inetd.conf at first, by adding tcp6 and/or tcp46 entries. -The base of patches are from KAME package and are actually daily used for more than a year in several Japanese IPv6 environments. -Patches are reviewed by markm.
Approved by: jkh
Submitted by: Hajimu UMEMOTO <ume@mahoroba.org> Reviewed by: markm Obtained from: KAME project
|
51495 |
21-Sep-1999 |
sheldonh |
Add the ``blacklist'' feature, which allows a path to a filename to be used as a valid pattern in the access control language.
Patch obtained from ftp://ftp.porcupine.org/pub/security/ .
Requested by: markm
|
45256 |
03-Apr-1999 |
ache |
Since our inetd wrapped now, treat all its services as tcpd-prefixed for tcpdchk
|
44744 |
14-Mar-1999 |
markm |
This commit was generated by cvs2svn to compensate for changes in r44743, which included commits to RCS files with non-trunk default branches.
|