[ANNOUNCEMENT] Updated: tcp_wrappers-7.6-4 [New: libwrap-devel-7.6-4, libwrap0-7.6-4]

Charles Wilson cygwin@cwilson.fastmail.fm
Mon Feb 25 07:20:00 GMT 2008

tcp_wrappers provides host-based access restrictions on tcp services: 
facilities for monitoring and filtering incoming requests for the SSHD, 
network services.

The package provides a tiny daemon wrapper program that can be installed 
without any changes to existing software or to existing configuration 
files.  The wrappers report the name of the client host and of the 
requested service; the wrappers do not exchange information with the 
client or server applications, and impose no overhead on the actual 
conversation between the client and server applications.


Changes in 7.6-4 since 7.6-2 (-3 unreleased)

* new maintainer
* Switch to cygport build tool
* incorporate debian patches -- see below
* build shared library
* split into multiple packages

!!!! ---- IMPORTANT ---- !!!!
END USERS: the new package is compiled WITHOUT -DPARANOID (which 
enforces remote-host IP address and remote-host name agreement). This is 
Debian policy, because the paranoid behavior can be enabled at runtime 
(flexibility is good).  This package will install a version of 
/etc/hosts.allow that re-enables paranoid behavior -- but only if 
/etc/hosts.allow doesn't exist.

If you are upgrading, then you will "lose" paranoid behavior. To 
re-enable it, add the following line to /etc/hosts.allow:

(btw, paranoia is not /always/ a good thing, even in this context)

!!!! ---- IMPORTANT ---- !!!!
DEVELOPERS: see the note about STRONGSYMS, below.


Incorporates the Debian extensions:

     * cygwrap-0.dll and libwrap.dll.a are available for dynamic linking.

     * You can blacklist a whole bunch of hosts at once by specifying a
       file that contains a list of those hosts instead of just naming
       a host. See the hosts_access(5) manpage.

     * You can allow or disallow access to a service depending on the
       exit status of a program. See the hosts_access(5) manpage.

     * CIDR support in hosts_access(5) functions.

     * %r and %R parameters in hosts_access(5) functions.

     * Servers can be matched by port number other than by process name.

     * IPv6 support: patches are applied, but support is NOT enabled.
       Waiting on IPv6 support in cygwin.

     * manpages for installed tools not provided by upstream source

Build options (that differ from previous releases)


         Debian TCP Wrappers use the extended syntax for /etc/hosts.allow
         and /etc/hosts.deny. This particularly affects spawning other
         commands on connections, see the hosts_options(5) manpage for
         more details.


         TCP Wrappers logs as daemon.info (rather than mail.info).
         This is a change from earlier cygwin releases of tcp_wrappers.

VSYSLOG         =

         cygwin has vsyslog built in, since 1.5.6/2004Jan19
         (patch applied 2003Sep29)

UMASK           = -DDAEMON_UMASK=022
NETGROUP        =

RFC931_TIMEOUT  = 10
TABLES          = -DHOSTS_DENY=\"/etc/hosts.deny\"

LIBS            = -lresolv

         As it turns out, this library is unecessary and does not
         impose an additional runtime dependency. However, I left
         it in as a build dependency for now.

EXTRA_CFLAGS    = -DSYS_ERRLIST_DEFINED -Dsys_errlist=_sys_errlist
                   -Dsys_nerr=_sys_nerr -DHAVE_STRERROR -DHAVE_STRONGSYMS

         STRONGSYMS: the cygwin versions of cygwrap-0.dll AND libwrap.a
         (that is, both the DLL and static library) explicitly provide
             int deny_severity
             int allow_severity
         symbols.  This means that clients must NOT define their own
         versions of these symbols, as is the practice on *nix systems.
         Instead, clients should rely on the /declaration/ provided in
             extern int deny_severity;
             extern int allow_severity;
         This may require code changes in clients that link against
         libwrap, but it was a necessary API change to enable DLL
         builds on cygwin.





To update your installation, click on the "Install Cygwin now" link on
the http://cygwin.com/ web page.  This downloads setup.exe to your
system.  Then, run setup and answer all of the questions.


If you want to unsubscribe from the cygwin-announce mailing list, look
at the "List-Unsubscribe: " tag in the email header of this message.
Send email to the address specified there.  It will be in the format:


If you need more information on unsubscribing, start reading here:


Please read *all* of the information on unsubscribing that is available
starting at this URL.

Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

More information about the Cygwin mailing list