openbsd-inetd (0.20080125-6) debian-dir only changes

Summary

 debian/README.source            |    7 
 debian/changelog                |  148 ++++++++++++++++++++
 debian/compat                   |    1 
 debian/control                  |   22 ++
 debian/copyright                |   13 +
 debian/openbsd-inetd.init       |   86 +++++++++++
 debian/openbsd-inetd.postinst   |   10 +
 debian/openbsd-inetd.preinst    |  101 +++++++++++++
 debian/patches/buftuning        |  165 ++++++++++++++++++++++
 debian/patches/discard_env      |  123 ++++++++++++++++
 debian/patches/global_queuelen  |   49 ++++++
 debian/patches/libwrap          |  144 +++++++++++++++++++
 debian/patches/makefile         |   19 ++
 debian/patches/misc_portability |  296 ++++++++++++++++++++++++++++++++++++++++
 debian/patches/nodaemon         |   70 +++++++++
 debian/patches/print_pause_time |   14 +
 debian/patches/series           |   14 +
 debian/patches/setproctitle     |  184 ++++++++++++++++++++++++
 debian/patches/tcp46            |   50 ++++++
 debian/patches/test             |   18 ++
 debian/rules                    |   53 +++++++
 21 files changed, 1587 insertions(+)

    
download this patch

Patch contents

--- openbsd-inetd-0.20080125.orig/debian/changelog
+++ openbsd-inetd-0.20080125/debian/changelog
@@ -0,0 +1,148 @@
+openbsd-inetd (0.20080125-6) unstable; urgency=medium
+
+  * Added --oknodo to the init script, this time for real. (Closes: #592582)
+
+ -- Marco d'Itri <md@linux.it>  Mon, 30 Aug 2010 00:02:27 +0200
+
+openbsd-inetd (0.20080125-5) unstable; urgency=medium
+
+  * Added --oknodo to the init script. (Closes: #592582)
+
+ -- Marco d'Itri <md@linux.it>  Mon, 16 Aug 2010 21:33:09 +0200
+
+openbsd-inetd (0.20080125-4) unstable; urgency=low
+
+  * Use the hardening-includes package to build with hardening flags.
+  * Do not call the patch-generated makefile in the clean target.
+    (Closes: #538690)
+
+ -- Marco d'Itri <md@linux.it>  Mon, 21 Dec 2009 03:26:02 +0100
+
+openbsd-inetd (0.20080125-3) unstable; urgency=medium
+
+  * Added support for the "status" action to the init script. (Closes: #526375)
+  * inetd.8: documented that the service name may be a port number as well.
+    (Closes: #519283)
+  * Demoted to optional priority.
+
+ -- Marco d'Itri <md@linux.it>  Sat, 04 Jul 2009 17:18:05 +0200
+
+openbsd-inetd (0.20080125-2) unstable; urgency=high
+
+  * Added dh_md5sums to debian/rules, since apparently people nowadays
+    believe again that it is a good idea. (Closes: #484483)
+  * Fixed the init script to povide "openbsd-inetd" instead of "inetd".
+    (Closes: #507119)
+  * Updated patches misc_portability and setproctitle with some missing
+    prototypes.
+  * Updated patch misc_portability with missing arguments to two syslog(3)
+    calls.
+  * Updated patch libwrap to fix a possibly uninitialized variable.
+    The last three fixes are courtesy of Denis Zaitsev.
+
+ -- Marco d'Itri <md@linux.it>  Mon, 15 Dec 2008 02:00:52 +0100
+
+openbsd-inetd (0.20080125-1) unstable; urgency=low
+
+  * New CVS snapshot.
+  * Package painfully converted to quilt.
+  * Fixed a typo in debian/control. (Closes: #125181)
+  * Fixed a typo in the init script. (Closes: #465613, #465732)
+  * Delete /etc/rc[2345].d/S20inetd too when upgrading from netkit-inetd.
+    (Closes: #416010)
+  * Do not use log_warning_msg in the init script when inetd.conf is emtpy,
+    this is not something deserving extra attention. (Closes: #435658)
+  * Document in inetd(8) that datagram services must read some network
+    input or inetd will continue spawning them.
+    Many thanks to James Cameron for the analysis. (Closes: #436803)
+  * Use a real characters class instead of character ranges with grep
+    in the init script, because some locales have weird ranges.
+    Spotted by Meelis Roos. (Closes: #458564)
+
+ -- Marco d'Itri <md@linux.it>  Sun, 20 Apr 2008 15:12:31 +0200
+
+openbsd-inetd (0.20050402-6) unstable; urgency=high
+
+  * Try again to fix #386469 by stopping the daemon in postinst before
+    starting it, because update-inetd run by the maintainer script of a
+    different package may have restarted it after the prerm ran on upgrade.
+    Patch courtesy of Steve Langasek. (Closes: #386469)
+
+ -- Marco d'Itri <md@linux.it>  Wed, 21 Mar 2007 19:07:01 +0100
+
+openbsd-inetd (0.20050402-5) unstable; urgency=medium
+
+  * Try again to fix #386469, this time by removing from the init script
+    stop target the --exec argument to start-stop-daemon, which is known
+    to be broken and generally a bad idea.
+
+ -- Marco d'Itri <md@linux.it>  Sun, 25 Feb 2007 21:28:18 +0100
+
+openbsd-inetd (0.20050402-4) unstable; urgency=medium
+
+  * Fix inetd to build on hurd. (Closes: #393829)
+  * Accept UDP connections on all ports. (Closes: #389854)
+  * Try harder to remove the netkit-inetd conffiles and kill the old inetd
+    to prevent postinst failing. (Closes: #386469)
+
+ -- Marco d'Itri <md@linux.it>  Sat,  6 Jan 2007 18:33:42 +0100
+
+openbsd-inetd (0.20050402-3) unstable; urgency=medium
+
+  * Depend on update-inetd and provide inet-superserver.
+  * Converted the init script to use the LSB logging functions.
+    (Closes: #384879)
+  * Added LSB dependency info to the init script. (Closes: #386629)
+  * Fixed a typo in the package description. (Closes: #390232)
+
+ -- Marco d'Itri <md@linux.it>  Sun, 10 Sep 2006 13:46:23 +0200
+
+openbsd-inetd (0.20050402-2) unstable; urgency=medium
+
+  * Added a sleep command to the init script restart section.
+    (Closes: #376716)
+  * Added -E option not to clobber the environment, contribute by
+    Ian Jackson. (Closes: #355005)
+  * Priority raised to standard.
+
+ -- Marco d'Itri <md@linux.it>  Thu, 17 Aug 2006 18:53:39 +0200
+
+openbsd-inetd (0.20050402-1) unstable; urgency=low
+
+  * New CVS snapshot.
+    + Fixes the permissions of UNIX domain sockets. (Closes: #309537)
+
+ -- Marco d'Itri <md@linux.it>  Sun, 22 May 2005 18:51:03 +0200
+
+openbsd-inetd (0.20040915-1) unstable; urgency=low
+
+  * New CVS snapshot.
+    + Fixes gcc 4.0 FTBFS. (Closes: #287860)
+  * Made the init script source /etc/default/openbsd-inetd, if present.
+    (Closes: #251224)
+  * Documented in inetd(8) that switching between binding to INADDR_ANY and
+    to a specific address requires restarting the daemon. (Closes: #242392)
+  * Added code to create the requested type of IPv6 socket using
+    setsockopt(IPPROTO_IPV6). This requires a modern 2.4 or 2.6 kernel.
+  * Added Conflicts+Replaces+Provides: netkit-inetd to fully replace it.
+    prerm will unlink netkit-inetd's conffiles and the init script is
+    named openbsd-inetd to allow purging netkit-inetd.
+    Alternative solutions to both issues are welcome.
+  * Changed the default inetd.conf to satisfy people who think that every
+    listening socket is a security hole: no internal services are enabled
+    by default. This means that the daemon will not even be started by the
+    init script until some service is enabled in inetd.conf.
+  * Removed from the default inetd.conf the already-commented examples
+    of the internal services which are actually dangerous to run.
+
+ -- Marco d'Itri <md@linux.it>  Sun,  2 Jan 2005 02:40:43 +0100
+
+openbsd-inetd (0.20020802-1) unstable; urgency=low
+
+  * New package.
+  * Pre/postinstall scripts borrowed from aj's netkit-inetd package.
+  * This package fixes many bugs in netkit-inetd, among them:
+    #10813, #32579, #55052, #66752, #143539, #143815, #143816, #125181,
+    #45907, #82241, #96544, #110673.
+
+ -- Marco d'Itri <md@linux.it>  Tue, 20 Aug 2002 15:51:39 +0200
--- openbsd-inetd-0.20080125.orig/debian/README.source
+++ openbsd-inetd-0.20080125/debian/README.source
@@ -0,0 +1,7 @@
+mkdir openbsd-inetd
+cd openbsd-inetd
+cvs -d anoncvs@anoncvs1.usa.openbsd.org:/cvs/src/usr.sbin/inetd/ co .
+cvs2cl
+rm -rf CVS
+cd ..
+mv openbsd-inetd openbsd-inetd-0...
--- openbsd-inetd-0.20080125.orig/debian/openbsd-inetd.init
+++ openbsd-inetd-0.20080125/debian/openbsd-inetd.init
@@ -0,0 +1,86 @@
+#!/bin/sh -e
+### BEGIN INIT INFO
+# Provides:          openbsd-inetd
+# Required-Start:    $local_fs $remote_fs
+# Required-Stop:     $local_fs $remote_fs
+# Should-Start:      $syslog
+# Should-Stop:       $syslog
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Start or stop the inetd daemon.
+### END INIT INFO
+
+DAEMON=/usr/sbin/inetd
+
+[ -x $DAEMON -a -e /etc/inetd.conf ] || exit 0
+
+[ -e /etc/default/openbsd-inetd ] && . /etc/default/openbsd-inetd
+
+. /lib/lsb/init-functions
+
+checkportmap () {
+  if ! grep -v -s "^ *#" /etc/inetd.conf | grep -q -s 'rpc/'; then
+    return 0
+  fi
+
+  if [ ! -x /usr/bin/rpcinfo ]; then
+    log_action_msg "WARNING: rpcinfo not available - RPC services may be unavailable!"
+    log_action_msg "         (Commenting out the rpc services in inetd.conf will"
+    log_action_msg "         disable this message)"
+  elif ! /usr/bin/rpcinfo -u localhost portmapper >/dev/null 2>&1; then
+    log_action_msg "WARNING: portmapper inactive - RPC services unavailable!"
+    log_action_msg "         (Commenting out the rpc services in inetd.conf will"
+    log_action_msg "         disable this message)"
+  fi
+} 
+
+checknoservices () {
+    if ! grep -q "^[[:alnum:]/]" /etc/inetd.conf; then
+	log_action_msg "Not starting internet superserver: no services enabled"
+	exit 0
+    fi
+}
+
+case "$1" in
+    start)
+	checknoservices
+        checkportmap
+	log_daemon_msg "Starting internet superserver" "inetd"
+	start-stop-daemon --start --quiet --pidfile /var/run/inetd.pid \
+	    --oknodo --exec $DAEMON -- $OPTIONS
+	log_end_msg 0
+	;;
+    stop)
+	log_daemon_msg "Stopping internet superserver" "inetd"
+	start-stop-daemon --stop --quiet --pidfile /var/run/inetd.pid \
+	    --oknodo
+	log_end_msg 0
+	;;
+    reload|force-reload)
+	log_daemon_msg "Reloading internet superserver" "inetd"
+	start-stop-daemon --stop --quiet --pidfile /var/run/inetd.pid \
+	    --oknodo --signal 1
+	log_end_msg 0
+	;;
+    restart)
+	checkportmap
+	log_daemon_msg "Restarting internet superserver" "inetd"
+	start-stop-daemon --stop --quiet --pidfile /var/run/inetd.pid \
+	    --oknodo
+	checknoservices
+	sleep 1
+	start-stop-daemon --start --quiet --pidfile /var/run/inetd.pid \
+	    --exec $DAEMON -- $OPTIONS
+	log_end_msg 0
+	;;
+    status)
+	status_of_proc -p /var/run/inetd.pid $DAEMON inetd && exit 0 || exit $?
+	;;
+    *)
+	echo "Usage: /etc/init.d/openbsd-inetd {start|stop|reload|force-reload|restart|status}"
+	exit 2
+	;;
+esac
+
+exit 0
+
--- openbsd-inetd-0.20080125.orig/debian/control
+++ openbsd-inetd-0.20080125/debian/control
@@ -0,0 +1,22 @@
+Source: openbsd-inetd
+Section: net
+Priority: optional
+Maintainer: Marco d'Itri <md@linux.it>
+Build-Depends: debhelper (>= 5.0), quilt (>= 0.40), hardening-includes, libwrap0-dev
+Standards-Version: 3.9.1
+
+Package: openbsd-inetd
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, lsb-base (>= 3.2-13), update-inetd, tcpd
+Conflicts: netkit-inetd
+Replaces: netkit-inetd
+Provides: inet-superserver, netkit-inetd
+Description: The OpenBSD Internet Superserver
+ The inetd server is a network daemon program that specializes in managing
+ incoming network connections. Its configuration file tells it what
+ program needs to be run when an incoming connection is received. Any
+ service port may be configured for either of the tcp or udp protocols.
+ .
+ This is a port of the OpenBSD daemon with some debian-specific features.
+ This package supports IPv6, built-in libwrap access control, binding to
+ specific addresses, UNIX domain sockets and socket buffers tuning.
--- openbsd-inetd-0.20080125.orig/debian/compat
+++ openbsd-inetd-0.20080125/debian/compat
@@ -0,0 +1 @@
+5
--- openbsd-inetd-0.20080125.orig/debian/openbsd-inetd.preinst
+++ openbsd-inetd-0.20080125/debian/openbsd-inetd.preinst
@@ -0,0 +1,101 @@
+#!/bin/sh -e
+
+# create a new /etc/inetd.conf file if it doesn't already exist
+create_inetd() {
+  [ -e /etc/inetd.conf ] && return 0
+
+  cat <<EOF > /etc/inetd.conf
+# /etc/inetd.conf:  see inetd(8) for further informations.
+#
+# Internet superserver configuration database
+#
+#
+# Lines starting with "#:LABEL:" or "#<off>#" should not
+# be changed unless you know what you are doing!
+#
+# If you want to disable an entry so it isn't touched during
+# package updates just comment it out with a single '#' character.
+#
+# Packages should modify this file by using update-inetd(8)
+#
+# <service_name> <sock_type> <proto> <flags> <user> <server_path> <args>
+#
+#:INTERNAL: Internal services
+#discard		stream	tcp	nowait	root	internal
+#discard		dgram	udp	wait	root	internal
+#daytime		stream	tcp	nowait	root	internal
+#time		stream	tcp	nowait	root	internal
+
+#:STANDARD: These are standard services.
+
+#:BSD: Shell, login, exec and talk are BSD protocols.
+
+#:MAIL: Mail, news and uucp services.
+
+#:INFO: Info services
+
+#:BOOT: TFTP service is provided primarily for booting.  Most sites
+#       run this only on machines acting as "boot servers."
+
+#:RPC: RPC based services
+
+#:HAM-RADIO: amateur-radio services
+
+#:OTHER: Other services
+
+EOF
+
+  chmod 644 /etc/inetd.conf
+}
+
+upgrade_from_old_inetd() {
+  if [ "$2" ] && dpkg --compare-versions "$2" ge 0.20040915-1; then
+    return 0
+  fi
+
+  # XXX the binary will change after removing the diversions, so we want
+  # to be sure that the daemon has been stopped by that time
+  start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/inetd.pid
+
+  # remove the diversions created by old versions of this package
+  DIVERT="/usr/sbin/inetd /usr/share/man/man8/inetd.8.gz /usr/share/man/man5/inetd.conf.5.gz"
+  for file in $DIVERT; do
+    [ -e $file.netkit ] || continue
+    rm -f $file
+    dpkg-divert --package openbsd-inetd --remove --divert $file.netkit $file
+  done
+}
+
+upgrade_from_netkit_inetd() {
+  if [ -e /etc/cron.daily/netkit-inetd ]; then
+    rm -f /etc/cron.daily/netkit-inetd
+  fi
+  if [ -e /etc/init.d/inetd ]; then
+    rm -f /etc/init.d/inetd /etc/rc[2345].d/S20inetd
+  fi
+
+  # be sure to kill the netkit-inetd daemon, which may still be active if
+  # the moon is wrongly aligned
+  if [ -e /var/run/inetd.pid ]; then
+    start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/inetd.pid
+  fi
+}
+
+case "$1" in
+    install)
+    create_inetd
+    upgrade_from_netkit_inetd
+    ;;
+
+    upgrade|abort-upgrade)
+    upgrade_from_old_inetd "$@"
+    ;;
+
+    *)
+    echo "$0 called with unknown argument '$1'" >&2
+    exit 1
+    ;;
+esac
+
+#DEBHELPER#
+
--- openbsd-inetd-0.20080125.orig/debian/rules
+++ openbsd-inetd-0.20080125/debian/rules
@@ -0,0 +1,53 @@
+#!/usr/bin/make -f
+SHELL+= -e
+
+QUILT_STAMPFN := debian/.stamp-patched
+include /usr/share/quilt/quilt.make
+
+include /usr/share/hardening-includes/hardening.make
+CFLAGS += $(HARDENING_CFLAGS)
+LDFLAGS += $(HARDENING_LDFLAGS)
+
+D := $(CURDIR)/debian/openbsd-inetd
+
+clean: unpatch
+	dh_testdir
+	rm -f debian/.stamp-*
+	rm -f inetd *.o
+	dh_clean
+
+build: debian/.stamp-build
+debian/.stamp-build: $(QUILT_STAMPFN)
+	dh_testdir
+	$(MAKE) -f Makefile.debian
+	touch $@
+
+binary-arch: checkroot build
+	dh_testdir
+	dh_clean
+
+	dh_installdirs usr/sbin/ usr/share/man/man5
+	dh_installdocs
+	dh_installman inetd.8
+	dh_installchangelogs ChangeLog
+	dh_link usr/share/man/man8/inetd.8.gz \
+			usr/share/man/man5/inetd.conf.5.gz
+	install --mode=755 inetd $D/usr/sbin/
+	dh_installinit --update-rcd-params="defaults 20" #--name=inetd
+	dh_strip
+	dh_compress
+	dh_fixperms
+	dh_shlibdeps
+	dh_installdeb
+	dh_gencontrol
+	dh_md5sums
+	dh_builddeb
+	
+binary:	binary-arch
+
+binary-indep:
+
+checkroot:
+	test root = "`whoami`"
+
+.PHONY: binary binary-arch binary-indep build clean checkroot
--- openbsd-inetd-0.20080125.orig/debian/copyright
+++ openbsd-inetd-0.20080125/debian/copyright
@@ -0,0 +1,13 @@
+This is a port of the original OpenBSD inetd daemon downloaded from CVS.
+Some features have been merged from the NetBSD source tree.
+
+ * Copyright (c) 1983,1991 The Regents of the University of California.
+ * Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com>
+
+It has a standard 3-clauses BSD license (/usr/share/common-licenses/BSD).
+
+setproctitle.c and discard_stupid_environment() come from netkit 0.17,
+patched by the USAGI project.
+
+strlcpy.c comes from the openbsd source tree, slightly edited.
+
--- openbsd-inetd-0.20080125.orig/debian/openbsd-inetd.postinst
+++ openbsd-inetd-0.20080125/debian/openbsd-inetd.postinst
@@ -0,0 +1,10 @@
+#!/bin/sh -e
+
+if [ -x "/etc/init.d/openbsd-inetd" ] && which invoke-rc.d >/dev/null 2>&1; then
+	# Ignore any errors, this should be best-effort as it should not
+	# normally be needed in the first place. See #386469 for details.
+	invoke-rc.d openbsd-inetd stop || true
+fi
+
+#DEBHELPER#
+
--- openbsd-inetd-0.20080125.orig/debian/patches/misc_portability
+++ openbsd-inetd-0.20080125/debian/patches/misc_portability
@@ -0,0 +1,296 @@
+--- a/inetd.8
++++ b/inetd.8
+@@ -149,7 +149,8 @@ The
+ .Em service name
+ entry is the name of a valid service in
+ the file
+-.Pa /etc/services .
++.Pa /etc/services 
++or a port number.
+ For
+ .Dq internal
+ services (discussed below), the service
+@@ -166,7 +167,7 @@ The part on the right of the
+ is the RPC version number.
+ This can simply be a single numeric argument or a range of versions.
+ A range is bounded by the low version to the high version -
+-.Dq rusers/1-3 .
++.Dq rusers/1\-3 .
+ For
+ .Ux
+ domain sockets this field specifies the path name of the socket.
+@@ -186,7 +187,8 @@ reliably delivered message, or sequenced
+ The
+ .Em protocol
+ must be a valid protocol as given in
+-.Pa /etc/protocols .
++.Pa /etc/protocols or
++.Dq unix .
+ Examples might be
+ .Dq tcp
+ or
+@@ -378,9 +380,7 @@ If you have only one server on
+ only IPv6 traffic will be routed to the server.
+ .El
+ .Sh SEE ALSO
+-.Xr comsat 8 ,
+ .Xr fingerd 8 ,
+-.Xr ftp-proxy 8 ,
+ .Xr ftpd 8 ,
+ .Xr identd 8 ,
+ .Xr rshd 8 ,
+@@ -395,7 +395,23 @@ Support for Sun-RPC
+ based services is modelled after that
+ provided by SunOS 4.1.
+ IPv6 support was added by the KAME project in 1999.
++.Pp
++Marco d'Itri ported this code from OpenBSD in summer 2002 and added
++socket buffers tuning and libwrap support from the NetBSD source tree.
+ .Sh BUGS
++On Linux systems, the daemon cannot reload its configuration and needs
++to be restarted when the host address for a service is changed between
++.Dq \&*
++and a specific address.
++.Pp
++Server programs used with
++.Dq dgram
++.Dq udp
++.Dq nowait
++must read from the network socket, or
++.Nm inetd
++will spawn processes until the maximum is reached.
++.Pp
+ Host address specifiers, while they make conceptual sense for RPC
+ services, do not work entirely correctly.
+ This is largely because the
+--- a/inetd.c
++++ b/inetd.c
+@@ -139,6 +139,7 @@ static const char rcsid[] = "$OpenBSD: i
+ #include <sys/un.h>
+ #include <sys/file.h>
+ #include <sys/wait.h>
++#include <time.h>
+ #include <sys/time.h>
+ #include <sys/resource.h>
+ 
+@@ -157,13 +158,18 @@ static const char rcsid[] = "$OpenBSD: i
+ #include <stdlib.h>
+ #include <unistd.h>
+ #include <string.h>
++#ifdef HAVE_SETUSERCONTEXT
+ #include <login_cap.h>
++#endif
++#ifdef HAVE_GETIFADDRS
+ #include <ifaddrs.h>
++#endif
+ #include <rpc/rpc.h>
+ #include <rpc/pmap_clnt.h>
+-#include <rpcsvc/nfs_prot.h>
+ #include "pathnames.h"
+ 
++size_t strlcpy(char *, const char *, size_t);
++
+ #define	TOOMANY		256		/* don't start more than TOOMANY */
+ #define	CNT_INTVL	60		/* servers in CNT_INTVL sec. */
+ #define	RETRYTIME	(60*10)		/* retry after bind or server fail */
+@@ -340,7 +346,6 @@ main(int argc, char *argv[])
+ 		switch (ch) {
+ 		case 'd':
+ 			debug = 1;
+-			options |= SO_DEBUG;
+ 			break;
+ 		case 'R': {	/* invocation rate */
+ 			char *p;
+@@ -385,9 +390,13 @@ main(int argc, char *argv[])
+ 	umask(022);
+ 	if (debug == 0) {
+ 		daemon(0, 0);
++#ifdef HAVE_SETLOGIN
+ 		if (uid == 0)
+ 			(void) setlogin("");
++#endif
+ 	}
++	if (debug && uid == 0)
++		options |= SO_DEBUG;
+ 
+ 	if (uid == 0) {
+ 		gid_t gid = getgid();
+@@ -432,6 +441,15 @@ main(int argc, char *argv[])
+ 	sa.sa_handler = SIG_IGN;
+ 	sigaction(SIGPIPE, &sa, &sapipe);
+ 
++	/* space for daemons to overwrite environment for ps */
++	{
++#define DUMMYSIZE 100
++		char dummy[DUMMYSIZE];
++		memset(dummy, 'x', DUMMYSIZE - 1);
++		dummy[DUMMYSIZE - 1] = '\0';
++		setenv("inetd_dummy", dummy, 1);
++	}
++
+ 	for (;;) {
+ 		int n, ctrl = -1;
+ 
+@@ -587,9 +605,6 @@ dg_badinput(struct sockaddr *sa)
+ 		return 0;
+ 	}
+ 
+-	if (port < IPPORT_RESERVED || port == NFS_PORT)
+-		goto bad;
+-
+ 	return (0);
+ 
+ bad:
+@@ -599,6 +614,7 @@ bad:
+ int
+ dg_broadcast(struct in_addr *in)
+ {
++#ifdef HAVE_GETIFADDRS
+ 	struct ifaddrs *ifa, *ifap;
+ 	struct sockaddr_in *sin;
+ 
+@@ -615,6 +631,7 @@ dg_broadcast(struct in_addr *in)
+ 		}
+ 	}
+ 	freeifaddrs(ifap);
++#endif
+ 	return (0);
+ }
+ 
+@@ -1861,7 +1878,7 @@ print_service(char *action, struct servt
+ 	fprintf(stderr,
+ 	    " wait.max=%hd.%d user:group=%s:%s builtin=%lx server=%s\n",
+ 	    sep->se_wait, sep->se_max, sep->se_user,
+-	    sep->se_group ? sep->se_group : "wheel",
++	    sep->se_group ? sep->se_group : "(default)",
+ 	    (long)sep->se_bi, sep->se_server);
+ }
+ 
+@@ -1969,6 +1986,7 @@ spawn(struct servtab *sep, int ctrl)
+ 				if (uid != pwd->pw_uid)
+ 					exit(1);
+ 			} else {
++#ifdef HAVE_SETUSERCONTEXT
+ 				tmpint = LOGIN_SETALL &
+ 				    ~(LOGIN_SETGROUP|LOGIN_SETLOGIN);
+ 				if (pwd->pw_uid)
+@@ -1984,6 +2002,53 @@ spawn(struct servtab *sep, int ctrl)
+ 					    sep->se_service, sep->se_proto);
+ 					exit(1);
+ 				}
++#else
++				/* what about setpriority(2), setrlimit(2),
++				 * and umask(2)? The $PATH is cleared.
++				 */
++				if (pwd->pw_uid) {
++				    if (sep->se_group)
++					pwd->pw_gid = grp->gr_gid;
++				    if (setgid(pwd->pw_gid) < 0) {
++					syslog(LOG_ERR,
++					    "%s/%s: can't set gid %d: %m",
++					    sep->se_service, sep->se_proto,
++					    pwd->pw_gid);
++					exit(1);
++				    }
++				    if (initgroups(pwd->pw_name, pwd->pw_gid)
++					    < 0) {
++					syslog(LOG_ERR,
++					    "%s/%s: can't initgroups(%s): %m",
++					    sep->se_service, sep->se_proto,
++					    pwd->pw_name);
++					exit(1);
++				    }
++				    if (setuid(pwd->pw_uid) < 0) {
++					syslog(LOG_ERR,
++						"%s/%s: can't set uid %d: %m",
++						sep->se_service, sep->se_proto,
++						pwd->pw_uid);
++					exit(1);
++				    }
++				} else if (sep->se_group) {
++				    if (setgid(pwd->pw_gid) < 0) {
++					syslog(LOG_ERR,
++					    "%s/%s: can't set gid %d: %m",
++					    sep->se_service, sep->se_proto,
++					    pwd->pw_gid);
++					exit(1);
++				    }
++				    if (initgroups(pwd->pw_name, pwd->pw_gid)
++					    < 0) {
++					syslog(LOG_ERR,
++					    "%s/%s: can't initgroups(%s): %m",
++					    sep->se_service, sep->se_proto,
++					    pwd->pw_name);
++					exit(1);
++				    }
++				}
++#endif
+ 			}
+ 			if (debug)
+ 				fprintf(stderr, "%ld execv %s\n",
+--- /dev/null
++++ b/strlcpy.c
+@@ -0,0 +1,63 @@
++/*	$OpenBSD: strlcpy.c,v 1.4 1999/05/01 18:56:41 millert Exp $	*/
++
++/*
++ * Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com>
++ * All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ * 3. The name of the author may not be used to endorse or promote products
++ *    derived from this software without specific prior written permission.
++ *
++ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
++ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
++ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
++ * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
++ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
++ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
++ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
++ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
++ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
++ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ *
++ * (Old style prototype traslated)
++ */
++
++#include <sys/types.h>
++#include <string.h>
++
++/*
++ * Copy src to string dst of size siz.  At most siz-1 characters
++ * will be copied.  Always NUL terminates (unless siz == 0).
++ * Returns strlen(src); if retval >= siz, truncation occurred.
++ */
++size_t strlcpy(char *dst, const char *src, size_t siz)
++{
++	register char *d = dst;
++	register const char *s = src;
++	register size_t n = siz;
++
++	/* Copy as many bytes as will fit */
++	if (n != 0 && --n != 0) {
++		do {
++			if ((*d++ = *s++) == 0)
++				break;
++		} while (--n != 0);
++	}
++
++	/* Not enough room in dst, add NUL and traverse rest of src */
++	if (n == 0) {
++		if (siz != 0)
++			*d = '\0';		/* NUL-terminate dst */
++		while (*s++)
++			;
++	}
++
++	return(s - src - 1);	/* count does not include NUL */
++}
--- openbsd-inetd-0.20080125.orig/debian/patches/discard_env
+++ openbsd-inetd-0.20080125/debian/patches/discard_env
@@ -0,0 +1,123 @@
+--- a/inetd.c
++++ b/inetd.c
+@@ -301,6 +301,7 @@ int	bump_nofile(void);
+ struct servtab *enter(struct servtab *);
+ int	matchconf(struct servtab *, struct servtab *);
+ int	dg_broadcast(struct in_addr *in);
++void	discard_stupid_environment(void);
+ 
+ #define NUMINT	(sizeof(intab) / sizeof(struct inent))
+ char	*CONFIG = _PATH_INETDCONF;
+@@ -333,6 +334,7 @@ main(int argc, char *argv[], char *envp[
+ {
+ 	fd_set *fdsrp = NULL;
+ 	int readablen = 0, ch;
++	int keepenv = 0;
+ 	struct servtab *sep;
+ 	extern char *optarg;
+ 	extern int optind;
+@@ -342,11 +344,14 @@ main(int argc, char *argv[], char *envp[
+ 
+ 	initsetproctitle(argc, argv, envp);
+ 
+-	while ((ch = getopt(argc, argv, "dR:")) != -1)
++	while ((ch = getopt(argc, argv, "dER:")) != -1)
+ 		switch (ch) {
+ 		case 'd':
+ 			debug = 1;
+ 			break;
++		case 'E':
++			keepenv = 1;
++			break;
+ 		case 'R': {	/* invocation rate */
+ 			char *p;
+ 			int val;
+@@ -364,13 +369,17 @@ main(int argc, char *argv[], char *envp[
+ 		case '?':
+ 		default:
+ 			fprintf(stderr,
+-			    "usage: %s [-d] [-R rate] [configuration file]\n",
++			    "usage: %s [-dE] [-R rate] [configuration file]\n",
+ 			    progname);
+ 			exit(1);
+ 		}
+ 	argc -= optind;
+ 	argv += optind;
+ 
++	/* This must be called _after_ initsetproctitle and arg parsing */
++	if (!keepenv)
++		discard_stupid_environment();
++
+ 	uid = getuid();
+ 	if (uid != 0)
+ 		CONFIG = NULL;
+@@ -2071,3 +2080,45 @@ spawn(struct servtab *sep, int ctrl)
+ 	if (!sep->se_wait && sep->se_socktype == SOCK_STREAM)
+ 		close(ctrl);
+ }
++
++/* from netkit+USAGI */
++void
++discard_stupid_environment(void)
++{
++	static const char *const junk[] = {
++		/* these are prefixes */
++		"CVS",
++		"DISPLAY=",
++		"EDITOR=",
++		"GROUP=",
++		"HOME=",
++		"IFS=",
++		"LD_",
++		"LOGNAME=",
++		"MAIL=",
++		"PATH=",
++		"PRINTER=",
++		"PWD=",
++		"SHELL=",
++		"SHLVL=",
++		"SSH",
++		"TERM",
++		"TMP",
++		"USER=",
++		"VISUAL=",
++		NULL
++		};
++
++	int i, k = 0;
++
++	for (i = 0; __environ[i]; i++) {
++		int found = 0, j;
++
++		for (j = 0; junk[j]; j++)
++			if (!strncmp(__environ[i], junk[j], strlen(junk[j])))
++				found = 1;
++		if (!found)
++			__environ[k++] = __environ[i];
++	}
++	__environ[k] = NULL;
++}
+--- a/inetd.8
++++ b/inetd.8
+@@ -38,6 +38,7 @@
+ .Sh SYNOPSIS
+ .Nm inetd
+ .Op Fl d
++.Op Fl E
+ .Op Fl R Ar rate
+ .Op Ar configuration file
+ .Sh DESCRIPTION
+@@ -62,6 +63,13 @@ The options are as follows:
+ .Bl -tag -width Ds
+ .It Fl d
+ Turns on debugging.
++.It Fl E
++Prevents
++.Nm inetd
++from laundering the environment.  Without this option a selection of
++potentially harmful environent variables, including
++.Pa PATH ,
++will be removed and not inherited by services.
+ .It Fl R Ar rate
+ Specify the maximum number of times a service can be invoked
+ in one minute; the default is 256.
--- openbsd-inetd-0.20080125.orig/debian/patches/test
+++ openbsd-inetd-0.20080125/debian/patches/test
@@ -0,0 +1,18 @@
+--- /dev/null
++++ b/test.conf
+@@ -0,0 +1,15 @@
++localhost:1111	stream	tcp4	nowait	md	/usr/sbin/tcpd	/usr/sbin/try-from
++#1111	stream	tcp6	nowait	md	/usr/sbin/tcpd	/usr/sbin/try-from
++
++ip6-localhost:2222	stream	tcp46	nowait	md	/usr/sbin/tcpd	/usr/sbin/in.telnetd
++
++2220	stream	tcp46	nowait	md	/usr/sbin/tcpd	/usr/sbin/try-from
++2221	stream	tcp	nowait	md	/usr/sbin/tcpd	/usr/sbin/try-from
++
++2224	stream	tcp4	nowait.3 md	/usr/sbin/tcpd	/usr/sbin/try-from
++
++2226	stream	tcp6	nowait	md	/usr/sbin/tcpd	/usr/sbin/try-from
++
++9999	stream  tcp6    nowait  md	/bin/false false
++
++#/tmp/sock	stream	unix	nowait	md	/usr/sbin/try-from
--- openbsd-inetd-0.20080125.orig/debian/patches/setproctitle
+++ openbsd-inetd-0.20080125/debian/patches/setproctitle
@@ -0,0 +1,184 @@
+--- a/inetd.c
++++ b/inetd.c
+@@ -167,6 +167,7 @@ static const char rcsid[] = "$OpenBSD: i
+ #include <rpc/rpc.h>
+ #include <rpc/pmap_clnt.h>
+ #include "pathnames.h"
++#include "setproctitle.h"
+ 
+ size_t strlcpy(char *, const char *, size_t);
+ 
+@@ -331,7 +332,7 @@ fd_grow(fd_set **fdsp, int *bytes, int f
+ struct sigaction sa, sapipe;
+ 
+ int
+-main(int argc, char *argv[])
++main(int argc, char *argv[], char *envp[])
+ {
+ 	fd_set *fdsrp = NULL;
+ 	int readablen = 0, ch;
+@@ -342,6 +343,8 @@ main(int argc, char *argv[])
+ 	progname = strrchr(argv[0], '/');
+ 	progname = progname ? progname + 1 : argv[0];
+ 
++	initsetproctitle(argc, argv, envp);
++
+ 	while ((ch = getopt(argc, argv, "dR:")) != -1)
+ 		switch (ch) {
+ 		case 'd':
+--- /dev/null
++++ b/setproctitle.c
+@@ -0,0 +1,146 @@
++/*
++ * setproctitle implementation for linux.
++ * Stolen from sendmail 8.7.4 and bashed around by David A. Holland
++ */
++
++/*
++ * Copyright (c) 1983, 1995 Eric P. Allman
++ * Copyright (c) 1988, 1993
++ *	The Regents of the University of California.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ * 3. All advertising materials mentioning features or use of this software
++ *    must display the following acknowledgement:
++ *	This product includes software developed by the University of
++ *	California, Berkeley and its contributors.
++ * 4. Neither the name of the University nor the names of its contributors
++ *    may be used to endorse or promote products derived from this software
++ *    without specific prior written permission.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
++ * SUCH DAMAGE.
++ *
++ * From: @(#)conf.c	8.243 (Berkeley) 11/20/95
++ */
++char setproctitle_rcsid[] =
++  "$Id: setproctitle.c,v 1.3 1997/05/19 12:58:15 dholland Exp $";
++
++#include <stdlib.h>
++#include <string.h>
++#include <stdarg.h>
++#include <unistd.h>
++#include <stdio.h>
++
++#include "setproctitle.h"
++/*
++**  SETPROCTITLE -- set process title for ps
++**
++**	Parameters:
++**		fmt -- a printf style format string.
++**		a, b, c -- possible parameters to fmt.
++**
++**	Returns:
++**		none.
++**
++**	Side Effects:
++**		Clobbers argv of our main procedure so ps(1) will
++**		display the title.
++*/
++
++
++/*
++**  Pointers for setproctitle.
++**	This allows "ps" listings to give more useful information.
++*/
++
++static char **Argv = NULL;		/* pointer to argument vector */
++static char *LastArgv = NULL;		/* end of argv */
++static char Argv0[128];			/* program name */
++
++void
++initsetproctitle(int argc, char **argv, char **envp)
++{
++	register int i;
++	char *tmp;
++
++	/*
++        **  Move the environment so setproctitle can use the space at
++	**  the top of memory.
++	*/
++
++	for (i = 0; envp[i] != NULL; i++)
++		continue;
++	__environ = (char **) malloc(sizeof (char *) * (i + 1));
++	for (i = 0; envp[i] != NULL; i++)
++		__environ[i] = strdup(envp[i]);
++	__environ[i] = NULL;
++
++	/*
++	**  Save start and extent of argv for setproctitle.
++	*/
++
++	Argv = argv;
++	if (i > 0)
++		LastArgv = envp[i - 1] + strlen(envp[i - 1]);
++	else
++		LastArgv = argv[argc - 1] + strlen(argv[argc - 1]);
++
++	tmp = strrchr(argv[0], '/');
++	if (!tmp) tmp = argv[0];
++	else tmp++;
++	strncpy(Argv0, tmp, sizeof(Argv0));
++	/* remember to take away one or we go outside the array space */
++	Argv0[sizeof(Argv0) - 1] = 0;
++}
++
++void
++setproctitle(const char *fmt, ...)
++{
++	register char *p;
++	register int i;
++	static char buf[2048];
++	va_list ap;
++
++	p = buf;
++
++	/* print progname: heading for grep */
++	/* This can't overflow buf due to the relative size of Argv0. */
++	(void) strcpy(p, Argv0);
++	(void) strcat(p, ": ");
++	p += strlen(p);
++
++	/* print the argument string */
++	va_start(ap, fmt);
++	(void) vsnprintf(p, sizeof(buf) - (p - buf), fmt, ap);
++	va_end(ap);
++
++	i = strlen(buf);
++
++	if (i > LastArgv - Argv[0] - 2)
++	{
++		i = LastArgv - Argv[0] - 2;
++		buf[i] = '\0';
++	}
++	(void) strcpy(Argv[0], buf);
++	p = &Argv[0][i];
++	while (p < LastArgv)
++		*p++ = ' ';
++	Argv[1] = NULL;
++}
++
+--- /dev/null
++++ b/setproctitle.h
+@@ -0,0 +1,4 @@
++/* Call this from main. */
++void initsetproctitle(int argc, char **argv, char **envp);
++
++void setproctitle(const char *fmt, ...);
--- openbsd-inetd-0.20080125.orig/debian/patches/libwrap
+++ openbsd-inetd-0.20080125/debian/patches/libwrap
@@ -0,0 +1,144 @@
+--- a/inetd.c
++++ b/inetd.c
+@@ -175,6 +175,11 @@ size_t strlcpy(char *, const char *, siz
+ #define	CNT_INTVL	60		/* servers in CNT_INTVL sec. */
+ #define	RETRYTIME	(60*10)		/* retry after bind or server fail */
+ 
++#ifdef LIBWRAP
++# include <tcpd.h>
++int lflag = 0;
++#endif
++
+ int	 debug = 0;
+ int	 nsock, maxsock;
+ fd_set	*allsockp;
+@@ -347,7 +352,7 @@ main(int argc, char *argv[], char *envp[
+ 
+ 	initsetproctitle(argc, argv, envp);
+ 
+-	while ((ch = getopt(argc, argv, "dER:")) != -1)
++	while ((ch = getopt(argc, argv, "dElR:")) != -1)
+ 		switch (ch) {
+ 		case 'd':
+ 			debug = 1;
+@@ -355,6 +360,15 @@ main(int argc, char *argv[], char *envp[
+ 		case 'E':
+ 			keepenv = 1;
+ 			break;
++		case 'l':
++#ifdef LIBWRAP
++			lflag = 1;
++			break;
++#else
++			fprintf(stderr, "%s: libwrap support not enabled",
++			    progname);
++			exit(1);
++#endif
+ 		case 'R': {	/* invocation rate */
+ 			char *p;
+ 			int val;
+@@ -372,7 +386,7 @@ main(int argc, char *argv[], char *envp[
+ 		case '?':
+ 		default:
+ 			fprintf(stderr,
+-			    "usage: %s [-dE] [-R rate] [configuration file]\n",
++			    "usage: %s [-dEl] [-R rate] [configuration file]\n",
+ 			    progname);
+ 			exit(1);
+ 		}
+@@ -1970,6 +1984,47 @@ spawn(struct servtab *sep, int ctrl)
+ 	}
+ 	sigprocmask(SIG_SETMASK, &emptymask, NULL);
+ 	if (pid == 0) {
++#ifdef LIBWRAP
++		if (lflag && !sep->se_wait && sep->se_socktype == SOCK_STREAM) {
++			struct request_info req;
++			char *service;
++
++			/* do not execute tcpd if it is in the config */
++			if (strcmp(sep->se_server, "/usr/sbin/tcpd") == 0) {
++				char *p, *name;
++
++				free(sep->se_server);
++				name = sep->se_server = sep->se_argv[0];
++				for (p = name; *p; p++)
++					if (*p == '/')
++						name = p + 1;
++				sep->se_argv[0] = newstr(name);
++			}
++
++			request_init(&req, RQ_DAEMON, sep->se_argv[0],
++			    RQ_FILE, ctrl, NULL);
++			fromhost(&req);
++			if (getnameinfo(&sep->se_ctrladdr,
++			    sizeof(sep->se_ctrladdr), NULL, 0, buf,
++			    sizeof(buf), 0) != 0) {
++				/* shouldn't happen */
++				snprintf(buf, sizeof buf, "%d",
++				    ntohs(sep->se_ctrladdr_in.sin_port));
++			}
++			service = buf;
++			if (!hosts_access(&req)) {
++				syslog(deny_severity, "refused connection"
++				    " from %.500s, service %s (%s)",
++				    eval_client(&req), service, sep->se_proto);
++				if (sep->se_socktype != SOCK_STREAM)
++					recv(0, buf, sizeof (buf), 0);
++				exit(1);
++			}
++			syslog(allow_severity,
++			    "connection from %.500s, service %s (%s)",
++			    eval_client(&req), service, sep->se_proto);
++		}
++#endif
+ 		if (sep->se_bi)
+ 			(*sep->se_bi->bi_fn)(ctrl, sep);
+ 		else {
+--- a/inetd.8
++++ b/inetd.8
+@@ -39,6 +39,7 @@
+ .Nm inetd
+ .Op Fl d
+ .Op Fl E
++.Op Fl l
+ .Op Fl R Ar rate
+ .Op Ar configuration file
+ .Sh DESCRIPTION
+@@ -70,6 +71,13 @@ from laundering the environment.  Withou
+ potentially harmful environent variables, including
+ .Pa PATH ,
+ will be removed and not inherited by services.
++.It Fl l
++Turns on libwrap connection logging and access control.
++Internal services cannot be wrapped.  When enabled,
++.Pa /usr/sbin/tcpd
++is silently not executed even if present in
++.Pa /etc/inetd.conf
++and instead libwrap is called directly by inetd.
+ .It Fl R Ar rate
+ Specify the maximum number of times a service can be invoked
+ in one minute; the default is 256.
+@@ -353,6 +361,23 @@ is reread.
+ creates a file
+ .Em /var/run/inetd.pid
+ that contains its process identifier.
++.Ss libwrap
++Support for
++.Tn TCP
++wrappers is included with
++.Nm
++to provide built-in tcpd-like access control functionality.
++An external tcpd program is not needed.
++You do not need to change the
++.Pa /etc/inetd.conf
++server-program entry to enable this capability.
++.Nm
++uses
++.Pa /etc/hosts.allow
++and
++.Pa /etc/hosts.deny
++for access control facility configurations, as described in
++.Xr hosts_access 5 .
+ .Ss IPv6 TCP/UDP behavior
+ If you wish to run a server for IPv4 and IPv6 traffic,
+ you'll need to run two separate processes for the same server program,
--- openbsd-inetd-0.20080125.orig/debian/patches/global_queuelen
+++ openbsd-inetd-0.20080125/debian/patches/global_queuelen
@@ -0,0 +1,49 @@
+--- a/inetd.c
++++ b/inetd.c
+@@ -178,6 +178,7 @@ int lflag = 0;
+ #endif
+ 
+ int	 debug = 0;
++int	 global_queuelen = 128;
+ int	 nsock, maxsock;
+ fd_set	*allsockp;
+ int	 allsockn;
+@@ -350,7 +351,7 @@ main(int argc, char *argv[], char *envp[
+ 
+ 	initsetproctitle(argc, argv, envp);
+ 
+-	while ((ch = getopt(argc, argv, "dEilR:")) != -1)
++	while ((ch = getopt(argc, argv, "dEilq:R:")) != -1)
+ 		switch (ch) {
+ 		case 'd':
+ 			debug = 1;
+@@ -370,6 +371,11 @@ main(int argc, char *argv[], char *envp[
+ 			    progname);
+ 			exit(1);
+ #endif
++		case 'q':
++			global_queuelen = atoi(optarg);
++			if (global_queuelen < 10)
++				global_queuelen = 10;
++			break;
+ 		case 'R': {	/* invocation rate */
+ 			char *p;
+ 			int val;
+@@ -387,7 +393,7 @@ main(int argc, char *argv[], char *envp[
+ 		case '?':
+ 		default:
+ 			fprintf(stderr,
+-			    "usage: %s [-dEil] [-R rate] [configuration file]\n",
++			    "usage: %s [-dEil] [-q len] [-R rate] [configuration file]\n",
+ 			    progname);
+ 			exit(1);
+ 		}
+@@ -1072,7 +1078,7 @@ setsockopt(fd, SOL_SOCKET, opt, &on, siz
+ 		return;
+ 	}
+ 	if (sep->se_socktype == SOCK_STREAM)
+-		listen(sep->se_fd, 10);
++		listen(sep->se_fd, global_queuelen);
+ 
+ 	fd_grow(&allsockp, &allsockn, sep->se_fd);
+ 	FD_SET(sep->se_fd, allsockp);
--- openbsd-inetd-0.20080125.orig/debian/patches/nodaemon
+++ openbsd-inetd-0.20080125/debian/patches/nodaemon
@@ -0,0 +1,70 @@
+--- a/inetd.8
++++ b/inetd.8
+@@ -39,6 +39,7 @@
+ .Nm inetd
+ .Op Fl d
+ .Op Fl E
++.Op Fl i
+ .Op Fl l
+ .Op Fl R Ar rate
+ .Op Ar configuration file
+@@ -71,6 +72,8 @@ from laundering the environment.  Withou
+ potentially harmful environent variables, including
+ .Pa PATH ,
+ will be removed and not inherited by services.
++.It Fl d
++Makes the program not daemonize itself.
+ .It Fl l
+ Turns on libwrap connection logging and access control.
+ Internal services cannot be wrapped.  When enabled,
+--- a/inetd.c
++++ b/inetd.c
+@@ -343,6 +343,7 @@ main(int argc, char *argv[], char *envp[
+ 	fd_set *fdsrp = NULL;
+ 	int readablen = 0, ch;
+ 	int keepenv = 0;
++	int nodaemon = 0;
+ 	struct servtab *sep;
+ 	extern char *optarg;
+ 	extern int optind;
+@@ -352,7 +353,7 @@ main(int argc, char *argv[], char *envp[
+ 
+ 	initsetproctitle(argc, argv, envp);
+ 
+-	while ((ch = getopt(argc, argv, "dElR:")) != -1)
++	while ((ch = getopt(argc, argv, "dEilR:")) != -1)
+ 		switch (ch) {
+ 		case 'd':
+ 			debug = 1;
+@@ -360,6 +361,9 @@ main(int argc, char *argv[], char *envp[
+ 		case 'E':
+ 			keepenv = 1;
+ 			break;
++		case 'i':
++			nodaemon = 1;
++			break;
+ 		case 'l':
+ #ifdef LIBWRAP
+ 			lflag = 1;
+@@ -386,7 +390,7 @@ main(int argc, char *argv[], char *envp[
+ 		case '?':
+ 		default:
+ 			fprintf(stderr,
+-			    "usage: %s [-dEl] [-R rate] [configuration file]\n",
++			    "usage: %s [-dEil] [-R rate] [configuration file]\n",
+ 			    progname);
+ 			exit(1);
+ 		}
+@@ -415,7 +419,11 @@ main(int argc, char *argv[], char *envp[
+ 
+ 	umask(022);
+ 	if (debug == 0) {
+-		daemon(0, 0);
++		if (nodaemon == 0)
++			if (daemon(0, 0) < 0) {
++				syslog(LOG_ERR, "daemon(0, 0): %m");
++				exit(1);
++			}
+ #ifdef HAVE_SETLOGIN
+ 		if (uid == 0)
+ 			(void) setlogin("");
--- openbsd-inetd-0.20080125.orig/debian/patches/tcp46
+++ openbsd-inetd-0.20080125/debian/patches/tcp46
@@ -0,0 +1,50 @@
+--- a/inetd.8
++++ b/inetd.8
+@@ -413,6 +413,11 @@ and IPv6 traffic will go to server on
+ If you have only one server on
+ .Dq tcp6 ,
+ only IPv6 traffic will be routed to the server.
++.Pp
++The special
++.Dq tcp46
++parameter can be used for obsolete servers which require to receive IPv4
++connections mapped in an IPv6 socket. Its usage is discouraged.
+ .El
+ .Sh SEE ALSO
+ .Xr fingerd 8 ,
+--- a/inetd.c
++++ b/inetd.c
+@@ -826,10 +826,14 @@ doconfig(void)
+ 
+ 				if (!port) {
+ 					/* XXX */
++					char *p;
+ 					strncpy(protoname, sep->se_proto,
+ 						sizeof(protoname));
+-					if (isdigit(protoname[strlen(protoname) - 1]))
+-						protoname[strlen(protoname) - 1] = '\0';
++					for (p = protoname; *p; p++)
++						if (isdigit(*p)) {
++							*p = '\0';
++							break;
++						}
+ 					sp = getservbyname(sep->se_service,
+ 					    protoname);
+ 					if (sp == 0) {
+@@ -1023,6 +1027,16 @@ setup(struct servtab *sep)
+ 		    sep->se_service, sep->se_proto);
+ 		return;
+ 	}
++	if (strncmp(sep->se_proto, "tcp6", 4) == 0) {
++		if (setsockopt(sep->se_fd, IPPROTO_IPV6, IPV6_V6ONLY, &on,
++			    sizeof (on)) < 0)
++			syslog(LOG_ERR, "setsockopt (IPV6_V6ONLY): %m");
++	} else if (strncmp(sep->se_proto, "tcp46", 5) == 0) {
++		int off = 0;
++		if (setsockopt(sep->se_fd, IPPROTO_IPV6, IPV6_V6ONLY, &off,
++			    sizeof (off)) < 0)
++			syslog(LOG_ERR, "setsockopt (IPV6_V6ONLY): %m");
++	}
+ #define	turnon(fd, opt) \
+ setsockopt(fd, SOL_SOCKET, opt, &on, sizeof (on))
+ 	if (strncmp(sep->se_proto, "tcp", 3) == 0 && (options & SO_DEBUG) &&
--- openbsd-inetd-0.20080125.orig/debian/patches/print_pause_time
+++ openbsd-inetd-0.20080125/debian/patches/print_pause_time
@@ -0,0 +1,14 @@
+--- a/inetd.c
++++ b/inetd.c
+@@ -1956,8 +1956,9 @@ spawn(struct servtab *sep, int ctrl)
+ 					return;
+ 				}
+ 				syslog(LOG_ERR,
+-				    "%s/%s server failing (looping), service terminated",
+-				    sep->se_service, sep->se_proto);
++				    "%s/%s server failing (looping), service terminated for %d min",
++				    sep->se_service, sep->se_proto,
++				    RETRYTIME/60);
+ 				if (!sep->se_wait &&
+ 				    sep->se_socktype == SOCK_STREAM)
+ 					close(ctrl);
--- openbsd-inetd-0.20080125.orig/debian/patches/makefile
+++ openbsd-inetd-0.20080125/debian/patches/makefile
@@ -0,0 +1,19 @@
+--- /dev/null
++++ b/Makefile.debian
+@@ -0,0 +1,16 @@
++DEFS := -DLIBWRAP
++LIBS := -lwrap
++
++inetd_OBJECTS := inetd.o setproctitle.o strlcpy.o
++
++all: inetd
++
++.c.o:
++	$(CC) $(DEFS) $(CFLAGS) -c $<
++
++inetd: $(inetd_OBJECTS)
++	$(CC) $(LDFLAGS) -o $@ $^ $(LIBS)
++
++clean:
++	rm -f inetd inetd.o setproctitle.o strlcpy.o
++
--- openbsd-inetd-0.20080125.orig/debian/patches/series
+++ openbsd-inetd-0.20080125/debian/patches/series
@@ -0,0 +1,14 @@
+# portability
+makefile
+test
+misc_portability
+setproctitle
+
+# features
+discard_env
+libwrap
+nodaemon
+global_queuelen
+print_pause_time
+tcp46
+buftuning
--- openbsd-inetd-0.20080125.orig/debian/patches/buftuning
+++ openbsd-inetd-0.20080125/debian/patches/buftuning
@@ -0,0 +1,165 @@
+--- a/inetd.8
++++ b/inetd.8
+@@ -107,7 +107,7 @@ The fields of the configuration file are
+ .Bd -unfilled -offset indent
+ service name
+ socket type
+-protocol
++protocol[,sndbuf=size][,rcvbuf=size]
+ wait/nowait[.max]
+ user[.group] or user[:group]
+ server program
+@@ -119,7 +119,7 @@ based service, the entry would contain t
+ .Bd -unfilled -offset indent
+ service name/version
+ socket type
+-rpc/protocol
++rpc/protocol[,sndbuf=size][,rcvbuf=size]
+ wait/nowait[.max]
+ user[.group] or user[:group]
+ server program
+@@ -234,6 +234,30 @@ is used to specify a socket in the
+ .Ux
+ domain.
+ .Pp
++In addition to the protocol, the configuration file may specify the
++send and receive socket buffer sizes for the listening socket.
++This is especially useful for
++.Tn TCP
++as the window scale factor, which is based on the receive socket
++buffer size, is advertised when the connection handshake occurs,
++thus the socket buffer size for the server must be set on the listen socket.
++By increasing the socket buffer sizes, better
++.Tn TCP
++performance may be realized in some situations.
++The socket buffer sizes are specified by appending their values to
++the protocol specification as follows:
++.Bd -literal -offset indent
++tcp,rcvbuf=16384
++tcp,sndbuf=64k
++tcp,rcvbuf=64k,sndbuf=1m
++.Ed
++.Pp
++A literal value may be specified, or modified using
++.Sq k
++to indicate kilobytes or
++.Sq m
++to indicate megabytes.
++.Pp
+ The
+ .Em wait/nowait
+ entry is used to tell
+--- a/inetd.c
++++ b/inetd.c
+@@ -206,6 +206,8 @@ struct	servtab {
+ 	int	se_socktype;		/* type of socket to use */
+ 	int	se_family;		/* address family */
+ 	char	*se_proto;		/* protocol used */
++	int	se_sndbuf;		/* sndbuf size */
++	int	se_rcvbuf;		/* rcvbuf size */
+ 	int	se_rpcprog;		/* rpc program number */
+ 	int	se_rpcversl;		/* rpc program lowest version */
+ 	int	se_rpcversh;		/* rpc program highest version */
+@@ -1252,6 +1254,8 @@ getconfigent(void)
+ {
+ 	struct servtab *sep, *tsep;
+ 	char *arg, *cp, *hostdelim, *s;
++	char *cp0, *buf0, *buf1, *sz0, *sz1;
++	int val;
+ 	int argc;
+ 
+ 	sep = (struct servtab *) malloc(sizeof(struct servtab));
+@@ -1327,6 +1331,93 @@ more:
+ 
+ 	sep->se_proto = newstr(arg);
+ 
++#define	MALFORMED(arg) \
++do { \
++	syslog(LOG_ERR, "%s: malformed buffer size option `%s'", \
++	    sep->se_service, (arg)); \
++	goto more; \
++} while (0)
++
++#define	GETVAL(arg) \
++do { \
++	if (!isdigit(*(arg))) \
++		MALFORMED(arg); \
++	val = strtol((arg), &cp0, 10); \
++	if (cp0 != NULL) { \
++		if (cp0[1] != '\0') \
++			MALFORMED((arg)); \
++		if (cp0[0] == 'k') \
++			val *= 1024; \
++		if (cp0[0] == 'm') \
++			val *= 1024 * 1024; \
++	} \
++	if (val < 1) { \
++		syslog(LOG_ERR, "%s: invalid buffer size `%s'", \
++		    sep->se_service, (arg)); \
++		goto more; \
++	} \
++} while (0)
++
++#define	ASSIGN(arg) \
++do { \
++	if (strcmp((arg), "sndbuf") == 0) \
++		sep->se_sndbuf = val; \
++	else if (strcmp((arg), "rcvbuf") == 0) \
++		sep->se_rcvbuf = val; \
++	else \
++		MALFORMED((arg)); \
++} while (0)
++
++	/*
++	 * Extract the send and receive buffer sizes before parsing
++	 * the protocol.
++	 */
++	sep->se_sndbuf = sep->se_rcvbuf = 0;
++	buf0 = buf1 = sz0 = sz1 = NULL;
++	if ((buf0 = strchr(sep->se_proto, ',')) != NULL) {
++		/* Skip the , */
++		*buf0++ = '\0';
++
++		/* Check to see if another socket buffer size was specified. */
++		if ((buf1 = strchr(buf0, ',')) != NULL) {
++			/* Skip the , */
++			*buf1++ = '\0';
++
++			/* Make sure a 3rd one wasn't specified. */
++			if (strchr(buf1, ',') != NULL) {
++				syslog(LOG_ERR, "%s: too many buffer sizes",
++				    sep->se_service);
++				goto more;
++			}
++
++			/* Locate the size. */
++			if ((sz1 = strchr(buf1, '=')) == NULL)
++				MALFORMED(buf1);
++
++			/* Skip the = */
++			*sz1++ = '\0';
++		}
++
++		/* Locate the size. */
++		if ((sz0 = strchr(buf0, '=')) == NULL)
++			MALFORMED(buf0);
++
++		/* Skip the = */
++		*sz0++ = '\0';
++
++		GETVAL(sz0);
++		ASSIGN(buf0);
++
++		if (buf1 != NULL) {
++			GETVAL(sz1);
++			ASSIGN(buf1);
++		}
++	}
++
++#undef ASSIGN
++#undef GETVAL
++#undef MALFORMED
++
+ 	if (strcmp(sep->se_proto, "unix") == 0) {
+ 		sep->se_family = AF_UNIX;
+ 	} else {