specs/t/tcp_wrappers/tcp_wrappers-vl.spec

%define build_compat32 %{?_with_compat32:1}%{!?_with_compat32:0}
%define LIB_MAJOR 0
%define LIB_MINOR 7
%define LIB_REL 6

Summary:     A security tool which acts as a wrapper for TCP daemons.
Summary(ja): TCP デーモンのラッパとして働くセキュリティツール
Name: tcp_wrappers
Version: 7.6
Release: 40%{?_dist_release}
License: BSD
Group: System Environment/Daemons
Source: ftp://ftp.porcupine.org/pub/security/tcp_wrappers_7.6.tar.gz
Patch0: tcpw7.2-config.patch
Patch1: tcpw7.2-setenv.patch
Patch2: tcpw7.6-netgroup.patch
Patch3: tcp_wrappers-7.6-bug11881.patch
Patch4: tcp_wrappers-7.6-bug17795.patch
Patch5: tcp_wrappers-7.6-bug17847.patch
Patch6: tcp_wrappers-7.6-fixgethostbyname.patch
Patch7: tcp_wrappers-7.6-docu.patch
Patch8: tcp_wrappers-7.6-casesens.patch
Patch9: tcp_wrappers.usagi-ipv6.patch
Patch10: tcp_wrappers.ume-ipv6.patch
Patch11: tcp_wrappers-7.6-shared.patch
Patch12: tcp_wrappers-7.6-sig.patch
Patch13: tcp_wrappers-7.6-strerror.patch
Patch14: tcp_wrappers-7.6-ldflags.patch
Patch15: tcp_wrappers-7.6-fix_sig-bug141110.patch
Patch16: tcp_wrappers-7.6-162412.patch
Patch17: tcp_wrappers-7.6-220015.patch
Patch18: tcp_wrappers-7.6-restore_sigalarm.patch
Patch19: tcp_wrappers-7.6-siglongjmp.patch
Patch20: tcp_wrappers-7.6-sigchld.patch
Patch21: tcp_wrappers-7.6-196326.patch
Patch22: tcp_wrappers_7.6-249430.patch
Patch23: tcp_wrappers-7.6-aclexec.patch
Patch24: tcp_wrappers-7.6-fix-multidef.patch

# required by sin_scope_id in ipv6 patch
BuildRequires: glibc-devel >= 2.2		
BuildRoot: %{_tmppath}/%{name}-%{version}-root


%description
The tcp_wrappers package provides small daemon programs which can
monitor and filter incoming requests for systat, finger, FTP, telnet,
rlogin, rsh, exec, tftp, talk and other network services.

Install the tcp_wrappers program if you need a security tool for
filtering incoming network services requests.

%description -l ja
tcp_wrapper パッケージには小さなデーモンプログラムが収められており，
systat, finger, FTP, telnet, rlogin, rsh, exec, tftp, talk, その他
様々なネットワークサービスに対する外部からの要求を監視し，フィルタリング
することが出来ます．

ネットワークサービスに対する外部からのリクエストをフィルタリング
出来るセキュリティツールが必要ならば tcp_wrappers パッケージを
インストールして下さい．


## to build compat32 for x86_64 architecture support
%package -n compat32-%{name}
Summary:     A security tool which acts as a wrapper for TCP daemons.
Summary(ja): TCP デーモンのラッパとして働くセキュリティツール
Group: System Environment/Daemons

%description -n compat32-%{name}
The tcp_wrappers package provides small daemon programs which can
monitor and filter incoming requests for systat, finger, FTP, telnet,
rlogin, rsh, exec, tftp, talk and other network services.

Install the tcp_wrappers program if you need a security tool for
filtering incoming network services requests.


%prep
%setup -q -n tcp_wrappers_7.6
%patch0 -p1 -b .config
%patch1 -p1 -b .setenv
%patch2 -p1 -b .netgroup
%patch3 -p1 -b .bug11881
%patch4 -p1 -b .bug17795
%patch5 -p1 -b .bug17847
%patch6 -p1 -b .fixgethostbyname
%patch7 -p1 -b .docu
%patch8 -p1 -b .man
%patch9 -p1 -b .usagi-ipv6
%patch10 -p1 -b .ume-ipv6
%patch11 -p1 -b .shared
%patch12 -p1 -b .sig
%patch13 -p1 -b .strerror
%patch14 -p1 -b .cflags
%patch15 -p1 -b .fix_sig
%patch16 -p1 -b .162412
%patch17 -p1 -b .220015
%patch18 -p1 -b .restore_sigalarm
%patch19 -p1 -b .siglongjmp
%patch20 -p1 -b .sigchld
%patch21 -p1 -b .196326
%patch22 -p1 -b .249430
%patch23 -p1 -b .aclexec
%patch24 -p1 -b .multidef

# Disable static library creation by default.
%define with_static 0

%build
make RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fPIC -DPIC -D_REENTRANT -DHAVE_STRERROR -DACLEXEC" \
     LDFLAGS="-pie" MAJOR=%{LIB_MAJOR} MINOR=%{LIB_MINOR} REL=%{LIB_REL} linux

%install
[ -n "$RPM_BUILD_ROOT" -a "$RPM_BUILD_ROOT" != / ] && rm -rf $RPM_BUILD_ROOT
mkdir -p ${RPM_BUILD_ROOT}%{_includedir}
mkdir -p ${RPM_BUILD_ROOT}%{_libdir}
mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man{3,5,8}
mkdir -p ${RPM_BUILD_ROOT}%{_sbindir}

cp hosts_access.3 ${RPM_BUILD_ROOT}%{_mandir}/man3
cp hosts_access.5 hosts_options.5 ${RPM_BUILD_ROOT}%{_mandir}/man5
cp tcpd.8 tcpdchk.8 tcpdmatch.8 ${RPM_BUILD_ROOT}%{_mandir}/man8
ln -sf hosts_access.5 ${RPM_BUILD_ROOT}%{_mandir}/man5/hosts.allow.5
ln -sf hosts_access.5 ${RPM_BUILD_ROOT}%{_mandir}/man5/hosts.deny.5
%if %{with_static}
cp -a libwrap.a ${RPM_BUILD_ROOT}%{_libdir}
%endif
cp -a libwrap.so* ${RPM_BUILD_ROOT}%{_libdir}
install -p -m644 tcpd.h ${RPM_BUILD_ROOT}%{_includedir}
install -m755 safe_finger ${RPM_BUILD_ROOT}%{_sbindir}
install -m711 tcpd ${RPM_BUILD_ROOT}%{_sbindir}
install -m755 try-from ${RPM_BUILD_ROOT}%{_sbindir}

## XXX remove utilities that expect /etc/inetd.conf (#16059).
##install -m755 tcpdchk ${RPM_BUILD_ROOT}%{_sbindir}
##install -m755 tcpdmatch ${RPM_BUILD_ROOT}%{_sbindir}
#rm -f ${RPM_BUILD_ROOT}%{_mandir}/man8/tcpdmatch.*
#rm -f ${RPM_BUILD_ROOT}%{_mandir}/man8/tcpdchk.*

## keep tcpdchk and tcpdmatch included here
## until xinetd is introduced for Vine Linux....
##
install -m755 tcpdchk $RPM_BUILD_ROOT%{_sbindir}
install -m755 tcpdmatch $RPM_BUILD_ROOT%{_sbindir}

%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig

%post -n compat32-%{name} -p /sbin/ldconfig
%postun -n compat32-%{name} -p /sbin/ldconfig

%clean
[ -n "$RPM_BUILD_ROOT" -a "$RPM_BUILD_ROOT" != / ] && rm -rf $RPM_BUILD_ROOT

%files
%defattr(-,root,root)
%doc BLURB CHANGES README* DISCLAIMER Banners.Makefile
%{_mandir}/man[358]/*
%{_includedir}/*
%if %{with_static}
%{_libdir}/*.a
%endif
%{_libdir}/*.so
%{_libdir}/*.so.*
%{_sbindir}/*

%if %{build_compat32}
%files -n compat32-%{name}
%defattr(-,root,root)
%if %{with_static}
%{_libdir}/*.a
%endif
%{_libdir}/*.so
%{_libdir}/*.so.*
%endif

%changelog
* Mon Jul  7 2014 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 7.6-40
- rebuilt with current environment.

* Tue Aug 07 2012 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 7.6-39
- added Patch23 from debian (aclexec support).
- added Patch24 (fix multiple definition).

* Sun Apr 17 2011 Shu KONNO <owa@bg.wakwak.com> 7.6-38
- rebuilt with rpm-4.8.1-3

* Fri Feb 19 2010 Ryoichi INAGAKI <ryo1@bc.wakwak.com> 7.6-37
- s/BuildPrereq/BuildRequires/
- added Patch14-22 from FC
  * Wed Jul 25 2007 Tomas Janousek <tjanouse@redhat.com> - 7.6-49
  - fix for a.b.c.d/255.255.255.255 - fixes #249430
  * Thu Jun 28 2007 Tomas Janousek <tjanouse@redhat.com> - 7.6-48
  - compare localhost and localhost.localdomain as the same
  * Wed Jun 06 2007 Tomas Janousek <tjanouse@redhat.com> - 7.6-47
  - fix the hostname resolving patch for x86_64
  * Fri May 25 2007 Tomas Janousek <tjanouse@redhat.com> - 7.6-45
  - unblock and catch SIGCHLD from spawned shell commands, fixes #112975
  * Mon Apr 16 2007 Tomas Janousek <tjanouse@redhat.com> - 7.6-44
  - added restore_sigalarm and siglongjmp patches from Debian, fixes #205129
  * Fri Mar 09 2007 Tomas Janousek <tjanouse@redhat.com> - 7.6-43
  - resolve hostnames in hosts.{allow,deny}, should fix a bunch of issues with
    IPv4/6
  * Tue Jan 24 2006 Thomas Woerner <twoerner@redhat.com> 7.6-40
  - fixed uninitialized fp in function inet_cfg (#162412)
  * Fri May  6 2005 Thomas Woerner <twoerner@redhat.com> 7.6-39
  - fixed sig patch (#141110). Thanks to Nikita Shulga for the patch

* Mon May 04 2009 NAKAMURA Kenta <kenta@vinelinux.org> 7.6-36
- removed unnecessary %%if %{build_compat32} statements
- removed the static library libwrap.a by default

* Wed Jul 09 2008 Daisuke SUZUKI <daisuke@linux.or.jp> 7.6-35
- new versioning policy
- spec in UTF-8

* Fri Feb 17 2006 Shu KONNO <owa@bg.wakwak.com> 7.6-34vl3
- added compat32-* packages for x86_64 architecture support
- fixed tcp_wrappers-7.6-shared.patch (which changed gcc to $CC)

* Wed Nov 03 2004 Daisuke SUZUKI <daisuke@linux.or.jp> 7.6-34vl2
- new upstream release
- add libwrap.so* to %%files

* Fri Jul  4 2003 Ryoichi INAGAKI <ryo1@bc.wakwak.com> 7.6-34vl1
- based on 7.6-34 from Rawhide, applied some patches
- rebuild with new toolchains
- s/Copyright/License/

* Wed Jan 10 2001 MATSUBAYASHI 'Shaolin' Kohji <shaolin@rhythmaning.org>
- 7.6-17vl0
- based on 7.6-17 from Rawhide
- added Japanese summary and description
- keep tcpdmatch and tcpchk still until xinetd is introduced for Vine
  (if so in the future, these two program should be removed again...)

* Sat Dec 30 2000 Jeff Johnson <jbj@redhat.com>
- permit hosts.{allow,deny} to be assembled from included components (#17795).
- permit '*' and '?' wildcard matches on hostnames (#17847).

* Sun Nov 19 2000 Bill Nottingham <notting@redhat.com>
- ia64 needs -fPIC too

* Mon Aug 14 2000 Jeff Johnson <jbj@redhat.com>
- remove utilities that expect /etc/inetd.conf (#16059).

* Thu Jul 27 2000 Jeff Johnson <jbj@redhat.com>
- security hardening (#11881).

* Wed Jul 12 2000 Prospector <bugzilla@redhat.com>
- automatic rebuild

* Tue Jun  6 2000 Jeff Johnson <jbj@redhat.com>
- FHS packaging.

* Tue May 16 2000 Chris Evans <chris@ferret.lmh.ox.ac.uk>
- Make tcpd mode -rwx--x--x as a security hardening measure

* Mon Feb  7 2000 Jeff Johnson <jbj@redhat.com>
- compress man pages.

* Mon Aug 23 1999 Jeff Johnson <jbj@redhat.com>
- add netgroup support (#3940).

* Wed May 26 1999 Jeff Johnson <jbj@redhat.com>
- compile on sparc with -fPIC.

* Sun Mar 21 1999 Cristian Gafton <gafton@redhat.com> 
- auto rebuild in the new build environment (release 7)

* Wed Dec 30 1998 Cristian Gafton <gafton@redhat.com>
- build for glibc 2.1

* Sat Aug 22 1998 Jeff Johnson <jbj@redhat.com>
- close setenv bug (problem #690)
- spec file cleanup

* Thu Jun 25 1998 Alan Cox <alan@redhat.com>
- Erp where did the Dec 05 patch escape to

* Thu May 07 1998 Prospector System <bugs@redhat.com>
- translations modified for de, fr, tr

* Fri Dec 05 1997 Erik Troan <ewt@redhat.com>
- don't build setenv.o module -- it just breaks things

* Wed Oct 29 1997 Marc Ewing <marc@redhat.com>
- upgrade to 7.6

* Thu Jul 17 1997 Erik Troan <ewt@redhat.com>
- built against glibc

* Mon Mar 03 1997 Erik Troan <ewt@redhat.com>
- Upgraded to version 7.5
- Uses a build root