--- openbsd-inetd-0.20080125.orig/debian/changelog
+++ openbsd-inetd-0.20080125/debian/changelog
@@ -0,0 +1,148 @@
+openbsd-inetd (0.20080125-6) unstable; urgency=medium
+
+ * Added --oknodo to the init script, this time for real. (Closes: #592582)
+
+ -- Marco d'Itri <md@linux.it> Mon, 30 Aug 2010 00:02:27 +0200
+
+openbsd-inetd (0.20080125-5) unstable; urgency=medium
+
+ * Added --oknodo to the init script. (Closes: #592582)
+
+ -- Marco d'Itri <md@linux.it> Mon, 16 Aug 2010 21:33:09 +0200
+
+openbsd-inetd (0.20080125-4) unstable; urgency=low
+
+ * Use the hardening-includes package to build with hardening flags.
+ * Do not call the patch-generated makefile in the clean target.
+ (Closes: #538690)
+
+ -- Marco d'Itri <md@linux.it> Mon, 21 Dec 2009 03:26:02 +0100
+
+openbsd-inetd (0.20080125-3) unstable; urgency=medium
+
+ * Added support for the "status" action to the init script. (Closes: #526375)
+ * inetd.8: documented that the service name may be a port number as well.
+ (Closes: #519283)
+ * Demoted to optional priority.
+
+ -- Marco d'Itri <md@linux.it> Sat, 04 Jul 2009 17:18:05 +0200
+
+openbsd-inetd (0.20080125-2) unstable; urgency=high
+
+ * Added dh_md5sums to debian/rules, since apparently people nowadays
+ believe again that it is a good idea. (Closes: #484483)
+ * Fixed the init script to povide "openbsd-inetd" instead of "inetd".
+ (Closes: #507119)
+ * Updated patches misc_portability and setproctitle with some missing
+ prototypes.
+ * Updated patch misc_portability with missing arguments to two syslog(3)
+ calls.
+ * Updated patch libwrap to fix a possibly uninitialized variable.
+ The last three fixes are courtesy of Denis Zaitsev.
+
+ -- Marco d'Itri <md@linux.it> Mon, 15 Dec 2008 02:00:52 +0100
+
+openbsd-inetd (0.20080125-1) unstable; urgency=low
+
+ * New CVS snapshot.
+ * Package painfully converted to quilt.
+ * Fixed a typo in debian/control. (Closes: #125181)
+ * Fixed a typo in the init script. (Closes: #465613, #465732)
+ * Delete /etc/rc[2345].d/S20inetd too when upgrading from netkit-inetd.
+ (Closes: #416010)
+ * Do not use log_warning_msg in the init script when inetd.conf is emtpy,
+ this is not something deserving extra attention. (Closes: #435658)
+ * Document in inetd(8) that datagram services must read some network
+ input or inetd will continue spawning them.
+ Many thanks to James Cameron for the analysis. (Closes: #436803)
+ * Use a real characters class instead of character ranges with grep
+ in the init script, because some locales have weird ranges.
+ Spotted by Meelis Roos. (Closes: #458564)
+
+ -- Marco d'Itri <md@linux.it> Sun, 20 Apr 2008 15:12:31 +0200
+
+openbsd-inetd (0.20050402-6) unstable; urgency=high
+
+ * Try again to fix #386469 by stopping the daemon in postinst before
+ starting it, because update-inetd run by the maintainer script of a
+ different package may have restarted it after the prerm ran on upgrade.
+ Patch courtesy of Steve Langasek. (Closes: #386469)
+
+ -- Marco d'Itri <md@linux.it> Wed, 21 Mar 2007 19:07:01 +0100
+
+openbsd-inetd (0.20050402-5) unstable; urgency=medium
+
+ * Try again to fix #386469, this time by removing from the init script
+ stop target the --exec argument to start-stop-daemon, which is known
+ to be broken and generally a bad idea.
+
+ -- Marco d'Itri <md@linux.it> Sun, 25 Feb 2007 21:28:18 +0100
+
+openbsd-inetd (0.20050402-4) unstable; urgency=medium
+
+ * Fix inetd to build on hurd. (Closes: #393829)
+ * Accept UDP connections on all ports. (Closes: #389854)
+ * Try harder to remove the netkit-inetd conffiles and kill the old inetd
+ to prevent postinst failing. (Closes: #386469)
+
+ -- Marco d'Itri <md@linux.it> Sat, 6 Jan 2007 18:33:42 +0100
+
+openbsd-inetd (0.20050402-3) unstable; urgency=medium
+
+ * Depend on update-inetd and provide inet-superserver.
+ * Converted the init script to use the LSB logging functions.
+ (Closes: #384879)
+ * Added LSB dependency info to the init script. (Closes: #386629)
+ * Fixed a typo in the package description. (Closes: #390232)
+
+ -- Marco d'Itri <md@linux.it> Sun, 10 Sep 2006 13:46:23 +0200
+
+openbsd-inetd (0.20050402-2) unstable; urgency=medium
+
+ * Added a sleep command to the init script restart section.
+ (Closes: #376716)
+ * Added -E option not to clobber the environment, contribute by
+ Ian Jackson. (Closes: #355005)
+ * Priority raised to standard.
+
+ -- Marco d'Itri <md@linux.it> Thu, 17 Aug 2006 18:53:39 +0200
+
+openbsd-inetd (0.20050402-1) unstable; urgency=low
+
+ * New CVS snapshot.
+ + Fixes the permissions of UNIX domain sockets. (Closes: #309537)
+
+ -- Marco d'Itri <md@linux.it> Sun, 22 May 2005 18:51:03 +0200
+
+openbsd-inetd (0.20040915-1) unstable; urgency=low
+
+ * New CVS snapshot.
+ + Fixes gcc 4.0 FTBFS. (Closes: #287860)
+ * Made the init script source /etc/default/openbsd-inetd, if present.
+ (Closes: #251224)
+ * Documented in inetd(8) that switching between binding to INADDR_ANY and
+ to a specific address requires restarting the daemon. (Closes: #242392)
+ * Added code to create the requested type of IPv6 socket using
+ setsockopt(IPPROTO_IPV6). This requires a modern 2.4 or 2.6 kernel.
+ * Added Conflicts+Replaces+Provides: netkit-inetd to fully replace it.
+ prerm will unlink netkit-inetd's conffiles and the init script is
+ named openbsd-inetd to allow purging netkit-inetd.
+ Alternative solutions to both issues are welcome.
+ * Changed the default inetd.conf to satisfy people who think that every
+ listening socket is a security hole: no internal services are enabled
+ by default. This means that the daemon will not even be started by the
+ init script until some service is enabled in inetd.conf.
+ * Removed from the default inetd.conf the already-commented examples
+ of the internal services which are actually dangerous to run.
+
+ -- Marco d'Itri <md@linux.it> Sun, 2 Jan 2005 02:40:43 +0100
+
+openbsd-inetd (0.20020802-1) unstable; urgency=low
+
+ * New package.
+ * Pre/postinstall scripts borrowed from aj's netkit-inetd package.
+ * This package fixes many bugs in netkit-inetd, among them:
+ #10813, #32579, #55052, #66752, #143539, #143815, #143816, #125181,
+ #45907, #82241, #96544, #110673.
+
+ -- Marco d'Itri <md@linux.it> Tue, 20 Aug 2002 15:51:39 +0200
--- openbsd-inetd-0.20080125.orig/debian/README.source
+++ openbsd-inetd-0.20080125/debian/README.source
@@ -0,0 +1,7 @@
+mkdir openbsd-inetd
+cd openbsd-inetd
+cvs -d anoncvs@anoncvs1.usa.openbsd.org:/cvs/src/usr.sbin/inetd/ co .
+cvs2cl
+rm -rf CVS
+cd ..
+mv openbsd-inetd openbsd-inetd-0...
--- openbsd-inetd-0.20080125.orig/debian/openbsd-inetd.init
+++ openbsd-inetd-0.20080125/debian/openbsd-inetd.init
@@ -0,0 +1,86 @@
+#!/bin/sh -e
+### BEGIN INIT INFO
+# Provides: openbsd-inetd
+# Required-Start: $local_fs $remote_fs
+# Required-Stop: $local_fs $remote_fs
+# Should-Start: $syslog
+# Should-Stop: $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Start or stop the inetd daemon.
+### END INIT INFO
+
+DAEMON=/usr/sbin/inetd
+
+[ -x $DAEMON -a -e /etc/inetd.conf ] || exit 0
+
+[ -e /etc/default/openbsd-inetd ] && . /etc/default/openbsd-inetd
+
+. /lib/lsb/init-functions
+
+checkportmap () {
+ if ! grep -v -s "^ *#" /etc/inetd.conf | grep -q -s 'rpc/'; then
+ return 0
+ fi
+
+ if [ ! -x /usr/bin/rpcinfo ]; then
+ log_action_msg "WARNING: rpcinfo not available - RPC services may be unavailable!"
+ log_action_msg " (Commenting out the rpc services in inetd.conf will"
+ log_action_msg " disable this message)"
+ elif ! /usr/bin/rpcinfo -u localhost portmapper >/dev/null 2>&1; then
+ log_action_msg "WARNING: portmapper inactive - RPC services unavailable!"
+ log_action_msg " (Commenting out the rpc services in inetd.conf will"
+ log_action_msg " disable this message)"
+ fi
+}
+
+checknoservices () {
+ if ! grep -q "^[[:alnum:]/]" /etc/inetd.conf; then
+ log_action_msg "Not starting internet superserver: no services enabled"
+ exit 0
+ fi
+}
+
+case "$1" in
+ start)
+ checknoservices
+ checkportmap
+ log_daemon_msg "Starting internet superserver" "inetd"
+ start-stop-daemon --start --quiet --pidfile /var/run/inetd.pid \
+ --oknodo --exec $DAEMON -- $OPTIONS
+ log_end_msg 0
+ ;;
+ stop)
+ log_daemon_msg "Stopping internet superserver" "inetd"
+ start-stop-daemon --stop --quiet --pidfile /var/run/inetd.pid \
+ --oknodo
+ log_end_msg 0
+ ;;
+ reload|force-reload)
+ log_daemon_msg "Reloading internet superserver" "inetd"
+ start-stop-daemon --stop --quiet --pidfile /var/run/inetd.pid \
+ --oknodo --signal 1
+ log_end_msg 0
+ ;;
+ restart)
+ checkportmap
+ log_daemon_msg "Restarting internet superserver" "inetd"
+ start-stop-daemon --stop --quiet --pidfile /var/run/inetd.pid \
+ --oknodo
+ checknoservices
+ sleep 1
+ start-stop-daemon --start --quiet --pidfile /var/run/inetd.pid \
+ --exec $DAEMON -- $OPTIONS
+ log_end_msg 0
+ ;;
+ status)
+ status_of_proc -p /var/run/inetd.pid $DAEMON inetd && exit 0 || exit $?
+ ;;
+ *)
+ echo "Usage: /etc/init.d/openbsd-inetd {start|stop|reload|force-reload|restart|status}"
+ exit 2
+ ;;
+esac
+
+exit 0
+
--- openbsd-inetd-0.20080125.orig/debian/control
+++ openbsd-inetd-0.20080125/debian/control
@@ -0,0 +1,22 @@
+Source: openbsd-inetd
+Section: net
+Priority: optional
+Maintainer: Marco d'Itri <md@linux.it>
+Build-Depends: debhelper (>= 5.0), quilt (>= 0.40), hardening-includes, libwrap0-dev
+Standards-Version: 3.9.1
+
+Package: openbsd-inetd
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, lsb-base (>= 3.2-13), update-inetd, tcpd
+Conflicts: netkit-inetd
+Replaces: netkit-inetd
+Provides: inet-superserver, netkit-inetd
+Description: The OpenBSD Internet Superserver
+ The inetd server is a network daemon program that specializes in managing
+ incoming network connections. Its configuration file tells it what
+ program needs to be run when an incoming connection is received. Any
+ service port may be configured for either of the tcp or udp protocols.
+ .
+ This is a port of the OpenBSD daemon with some debian-specific features.
+ This package supports IPv6, built-in libwrap access control, binding to
+ specific addresses, UNIX domain sockets and socket buffers tuning.
--- openbsd-inetd-0.20080125.orig/debian/compat
+++ openbsd-inetd-0.20080125/debian/compat
@@ -0,0 +1 @@
+5
--- openbsd-inetd-0.20080125.orig/debian/openbsd-inetd.preinst
+++ openbsd-inetd-0.20080125/debian/openbsd-inetd.preinst
@@ -0,0 +1,101 @@
+#!/bin/sh -e
+
+# create a new /etc/inetd.conf file if it doesn't already exist
+create_inetd() {
+ [ -e /etc/inetd.conf ] && return 0
+
+ cat <<EOF > /etc/inetd.conf
+# /etc/inetd.conf: see inetd(8) for further informations.
+#
+# Internet superserver configuration database
+#
+#
+# Lines starting with "#:LABEL:" or "#<off>#" should not
+# be changed unless you know what you are doing!
+#
+# If you want to disable an entry so it isn't touched during
+# package updates just comment it out with a single '#' character.
+#
+# Packages should modify this file by using update-inetd(8)
+#
+# <service_name> <sock_type> <proto> <flags> <user> <server_path> <args>
+#
+#:INTERNAL: Internal services
+#discard stream tcp nowait root internal
+#discard dgram udp wait root internal
+#daytime stream tcp nowait root internal
+#time stream tcp nowait root internal
+
+#:STANDARD: These are standard services.
+
+#:BSD: Shell, login, exec and talk are BSD protocols.
+
+#:MAIL: Mail, news and uucp services.
+
+#:INFO: Info services
+
+#:BOOT: TFTP service is provided primarily for booting. Most sites
+# run this only on machines acting as "boot servers."
+
+#:RPC: RPC based services
+
+#:HAM-RADIO: amateur-radio services
+
+#:OTHER: Other services
+
+EOF
+
+ chmod 644 /etc/inetd.conf
+}
+
+upgrade_from_old_inetd() {
+ if [ "$2" ] && dpkg --compare-versions "$2" ge 0.20040915-1; then
+ return 0
+ fi
+
+ # XXX the binary will change after removing the diversions, so we want
+ # to be sure that the daemon has been stopped by that time
+ start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/inetd.pid
+
+ # remove the diversions created by old versions of this package
+ DIVERT="/usr/sbin/inetd /usr/share/man/man8/inetd.8.gz /usr/share/man/man5/inetd.conf.5.gz"
+ for file in $DIVERT; do
+ [ -e $file.netkit ] || continue
+ rm -f $file
+ dpkg-divert --package openbsd-inetd --remove --divert $file.netkit $file
+ done
+}
+
+upgrade_from_netkit_inetd() {
+ if [ -e /etc/cron.daily/netkit-inetd ]; then
+ rm -f /etc/cron.daily/netkit-inetd
+ fi
+ if [ -e /etc/init.d/inetd ]; then
+ rm -f /etc/init.d/inetd /etc/rc[2345].d/S20inetd
+ fi
+
+ # be sure to kill the netkit-inetd daemon, which may still be active if
+ # the moon is wrongly aligned
+ if [ -e /var/run/inetd.pid ]; then
+ start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/inetd.pid
+ fi
+}
+
+case "$1" in
+ install)
+ create_inetd
+ upgrade_from_netkit_inetd
+ ;;
+
+ upgrade|abort-upgrade)
+ upgrade_from_old_inetd "$@"
+ ;;
+
+ *)
+ echo "$0 called with unknown argument '$1'" >&2
+ exit 1
+ ;;
+esac
+
+#DEBHELPER#
+
--- openbsd-inetd-0.20080125.orig/debian/rules
+++ openbsd-inetd-0.20080125/debian/rules
@@ -0,0 +1,53 @@
+#!/usr/bin/make -f
+SHELL+= -e
+
+QUILT_STAMPFN := debian/.stamp-patched
+include /usr/share/quilt/quilt.make
+
+include /usr/share/hardening-includes/hardening.make
+CFLAGS += $(HARDENING_CFLAGS)
+LDFLAGS += $(HARDENING_LDFLAGS)
+
+D := $(CURDIR)/debian/openbsd-inetd
+
+clean: unpatch
+ dh_testdir
+ rm -f debian/.stamp-*
+ rm -f inetd *.o
+ dh_clean
+
+build: debian/.stamp-build
+debian/.stamp-build: $(QUILT_STAMPFN)
+ dh_testdir
+ $(MAKE) -f Makefile.debian
+ touch $@
+
+binary-arch: checkroot build
+ dh_testdir
+ dh_clean
+
+ dh_installdirs usr/sbin/ usr/share/man/man5
+ dh_installdocs
+ dh_installman inetd.8
+ dh_installchangelogs ChangeLog
+ dh_link usr/share/man/man8/inetd.8.gz \
+ usr/share/man/man5/inetd.conf.5.gz
+ install --mode=755 inetd $D/usr/sbin/
+ dh_installinit --update-rcd-params="defaults 20" #--name=inetd
+ dh_strip
+ dh_compress
+ dh_fixperms
+ dh_shlibdeps
+ dh_installdeb
+ dh_gencontrol
+ dh_md5sums
+ dh_builddeb
+
+binary: binary-arch
+
+binary-indep:
+
+checkroot:
+ test root = "`whoami`"
+
+.PHONY: binary binary-arch binary-indep build clean checkroot
--- openbsd-inetd-0.20080125.orig/debian/copyright
+++ openbsd-inetd-0.20080125/debian/copyright
@@ -0,0 +1,13 @@
+This is a port of the original OpenBSD inetd daemon downloaded from CVS.
+Some features have been merged from the NetBSD source tree.
+
+ * Copyright (c) 1983,1991 The Regents of the University of California.
+ * Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com>
+
+It has a standard 3-clauses BSD license (/usr/share/common-licenses/BSD).
+
+setproctitle.c and discard_stupid_environment() come from netkit 0.17,
+patched by the USAGI project.
+
+strlcpy.c comes from the openbsd source tree, slightly edited.
+
--- openbsd-inetd-0.20080125.orig/debian/openbsd-inetd.postinst
+++ openbsd-inetd-0.20080125/debian/openbsd-inetd.postinst
@@ -0,0 +1,10 @@
+#!/bin/sh -e
+
+if [ -x "/etc/init.d/openbsd-inetd" ] && which invoke-rc.d >/dev/null 2>&1; then
+ # Ignore any errors, this should be best-effort as it should not
+ # normally be needed in the first place. See #386469 for details.
+ invoke-rc.d openbsd-inetd stop || true
+fi
+
+#DEBHELPER#
+
--- openbsd-inetd-0.20080125.orig/debian/patches/misc_portability
+++ openbsd-inetd-0.20080125/debian/patches/misc_portability
@@ -0,0 +1,296 @@
+--- a/inetd.8
++++ b/inetd.8
+@@ -149,7 +149,8 @@ The
+ .Em service name
+ entry is the name of a valid service in
+ the file
+-.Pa /etc/services .
++.Pa /etc/services
++or a port number.
+ For
+ .Dq internal
+ services (discussed below), the service
+@@ -166,7 +167,7 @@ The part on the right of the
+ is the RPC version number.
+ This can simply be a single numeric argument or a range of versions.
+ A range is bounded by the low version to the high version -
+-.Dq rusers/1-3 .
++.Dq rusers/1\-3 .
+ For
+ .Ux
+ domain sockets this field specifies the path name of the socket.
+@@ -186,7 +187,8 @@ reliably delivered message, or sequenced
+ The
+ .Em protocol
+ must be a valid protocol as given in
+-.Pa /etc/protocols .
++.Pa /etc/protocols or
++.Dq unix .
+ Examples might be
+ .Dq tcp
+ or
+@@ -378,9 +380,7 @@ If you have only one server on
+ only IPv6 traffic will be routed to the server.
+ .El
+ .Sh SEE ALSO
+-.Xr comsat 8 ,
+ .Xr fingerd 8 ,
+-.Xr ftp-proxy 8 ,
+ .Xr ftpd 8 ,
+ .Xr identd 8 ,
+ .Xr rshd 8 ,
+@@ -395,7 +395,23 @@ Support for Sun-RPC
+ based services is modelled after that
+ provided by SunOS 4.1.
+ IPv6 support was added by the KAME project in 1999.
++.Pp
++Marco d'Itri ported this code from OpenBSD in summer 2002 and added
++socket buffers tuning and libwrap support from the NetBSD source tree.
+ .Sh BUGS
++On Linux systems, the daemon cannot reload its configuration and needs
++to be restarted when the host address for a service is changed between
++.Dq \&*
++and a specific address.
++.Pp
++Server programs used with
++.Dq dgram
++.Dq udp
++.Dq nowait
++must read from the network socket, or
++.Nm inetd
++will spawn processes until the maximum is reached.
++.Pp
+ Host address specifiers, while they make conceptual sense for RPC
+ services, do not work entirely correctly.
+ This is largely because the
+--- a/inetd.c
++++ b/inetd.c
+@@ -139,6 +139,7 @@ static const char rcsid[] = "$OpenBSD: i
+ #include <sys/un.h>
+ #include <sys/file.h>
+ #include <sys/wait.h>
++#include <time.h>
+ #include <sys/time.h>
+ #include <sys/resource.h>
+
+@@ -157,13 +158,18 @@ static const char rcsid[] = "$OpenBSD: i
+ #include <stdlib.h>
+ #include <unistd.h>
+ #include <string.h>
++#ifdef HAVE_SETUSERCONTEXT
+ #include <login_cap.h>
++#endif
++#ifdef HAVE_GETIFADDRS
+ #include <ifaddrs.h>
++#endif
+ #include <rpc/rpc.h>
+ #include <rpc/pmap_clnt.h>
+-#include <rpcsvc/nfs_prot.h>
+ #include "pathnames.h"
+
++size_t strlcpy(char *, const char *, size_t);
++
+ #define TOOMANY 256 /* don't start more than TOOMANY */
+ #define CNT_INTVL 60 /* servers in CNT_INTVL sec. */
+ #define RETRYTIME (60*10) /* retry after bind or server fail */
+@@ -340,7 +346,6 @@ main(int argc, char *argv[])
+ switch (ch) {
+ case 'd':
+ debug = 1;
+- options |= SO_DEBUG;
+ break;
+ case 'R': { /* invocation rate */
+ char *p;
+@@ -385,9 +390,13 @@ main(int argc, char *argv[])
+ umask(022);
+ if (debug == 0) {
+ daemon(0, 0);
++#ifdef HAVE_SETLOGIN
+ if (uid == 0)
+ (void) setlogin("");
++#endif
+ }
++ if (debug && uid == 0)
++ options |= SO_DEBUG;
+
+ if (uid == 0) {
+ gid_t gid = getgid();
+@@ -432,6 +441,15 @@ main(int argc, char *argv[])
+ sa.sa_handler = SIG_IGN;
+ sigaction(SIGPIPE, &sa, &sapipe);
+
++ /* space for daemons to overwrite environment for ps */
++ {
++#define DUMMYSIZE 100
++ char dummy[DUMMYSIZE];
++ memset(dummy, 'x', DUMMYSIZE - 1);
++ dummy[DUMMYSIZE - 1] = '\0';
++ setenv("inetd_dummy", dummy, 1);
++ }
++
+ for (;;) {
+ int n, ctrl = -1;
+
+@@ -587,9 +605,6 @@ dg_badinput(struct sockaddr *sa)
+ return 0;
+ }
+
+- if (port < IPPORT_RESERVED || port == NFS_PORT)
+- goto bad;
+-
+ return (0);
+
+ bad:
+@@ -599,6 +614,7 @@ bad:
+ int
+ dg_broadcast(struct in_addr *in)
+ {
++#ifdef HAVE_GETIFADDRS
+ struct ifaddrs *ifa, *ifap;
+ struct sockaddr_in *sin;
+
+@@ -615,6 +631,7 @@ dg_broadcast(struct in_addr *in)
+ }
+ }
+ freeifaddrs(ifap);
++#endif
+ return (0);
+ }
+
+@@ -1861,7 +1878,7 @@ print_service(char *action, struct servt
+ fprintf(stderr,
+ " wait.max=%hd.%d user:group=%s:%s builtin=%lx server=%s\n",
+ sep->se_wait, sep->se_max, sep->se_user,
+- sep->se_group ? sep->se_group : "wheel",
++ sep->se_group ? sep->se_group : "(default)",
+ (long)sep->se_bi, sep->se_server);
+ }
+
+@@ -1969,6 +1986,7 @@ spawn(struct servtab *sep, int ctrl)
+ if (uid != pwd->pw_uid)
+ exit(1);
+ } else {
++#ifdef HAVE_SETUSERCONTEXT
+ tmpint = LOGIN_SETALL &
+ ~(LOGIN_SETGROUP|LOGIN_SETLOGIN);
+ if (pwd->pw_uid)
+@@ -1984,6 +2002,53 @@ spawn(struct servtab *sep, int ctrl)
+ sep->se_service, sep->se_proto);
+ exit(1);
+ }
++#else
++ /* what about setpriority(2), setrlimit(2),
++ * and umask(2)? The $PATH is cleared.
++ */
++ if (pwd->pw_uid) {
++ if (sep->se_group)
++ pwd->pw_gid = grp->gr_gid;
++ if (setgid(pwd->pw_gid) < 0) {
++ syslog(LOG_ERR,
++ "%s/%s: can't set gid %d: %m",
++ sep->se_service, sep->se_proto,
++ pwd->pw_gid);
++ exit(1);
++ }
++ if (initgroups(pwd->pw_name, pwd->pw_gid)
++ < 0) {
++ syslog(LOG_ERR,
++ "%s/%s: can't initgroups(%s): %m",
++ sep->se_service, sep->se_proto,
++ pwd->pw_name);
++ exit(1);
++ }
++ if (setuid(pwd->pw_uid) < 0) {
++ syslog(LOG_ERR,
++ "%s/%s: can't set uid %d: %m",
++ sep->se_service, sep->se_proto,
++ pwd->pw_uid);
++ exit(1);
++ }
++ } else if (sep->se_group) {
++ if (setgid(pwd->pw_gid) < 0) {
++ syslog(LOG_ERR,
++ "%s/%s: can't set gid %d: %m",
++ sep->se_service, sep->se_proto,
++ pwd->pw_gid);
++ exit(1);
++ }
++ if (initgroups(pwd->pw_name, pwd->pw_gid)
++ < 0) {
++ syslog(LOG_ERR,
++ "%s/%s: can't initgroups(%s): %m",
++ sep->se_service, sep->se_proto,
++ pwd->pw_name);
++ exit(1);
++ }
++ }
++#endif
+ }
+ if (debug)
+ fprintf(stderr, "%ld execv %s\n",
+--- /dev/null
++++ b/strlcpy.c
+@@ -0,0 +1,63 @@
++/* $OpenBSD: strlcpy.c,v 1.4 1999/05/01 18:56:41 millert Exp $ */
++
++/*
++ * Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com>
++ * All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in the
++ * documentation and/or other materials provided with the distribution.
++ * 3. The name of the author may not be used to endorse or promote products
++ * derived from this software without specific prior written permission.
++ *
++ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
++ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
++ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
++ * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
++ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
++ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
++ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
++ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
++ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
++ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ *
++ * (Old style prototype traslated)
++ */
++
++#include <sys/types.h>
++#include <string.h>
++
++/*
++ * Copy src to string dst of size siz. At most siz-1 characters
++ * will be copied. Always NUL terminates (unless siz == 0).
++ * Returns strlen(src); if retval >= siz, truncation occurred.
++ */
++size_t strlcpy(char *dst, const char *src, size_t siz)
++{
++ register char *d = dst;
++ register const char *s = src;
++ register size_t n = siz;
++
++ /* Copy as many bytes as will fit */
++ if (n != 0 && --n != 0) {
++ do {
++ if ((*d++ = *s++) == 0)
++ break;
++ } while (--n != 0);
++ }
++
++ /* Not enough room in dst, add NUL and traverse rest of src */
++ if (n == 0) {
++ if (siz != 0)
++ *d = '\0'; /* NUL-terminate dst */
++ while (*s++)
++ ;
++ }
++
++ return(s - src - 1); /* count does not include NUL */
++}
--- openbsd-inetd-0.20080125.orig/debian/patches/discard_env
+++ openbsd-inetd-0.20080125/debian/patches/discard_env
@@ -0,0 +1,123 @@
+--- a/inetd.c
++++ b/inetd.c
+@@ -301,6 +301,7 @@ int bump_nofile(void);
+ struct servtab *enter(struct servtab *);
+ int matchconf(struct servtab *, struct servtab *);
+ int dg_broadcast(struct in_addr *in);
++void discard_stupid_environment(void);
+
+ #define NUMINT (sizeof(intab) / sizeof(struct inent))
+ char *CONFIG = _PATH_INETDCONF;
+@@ -333,6 +334,7 @@ main(int argc, char *argv[], char *envp[
+ {
+ fd_set *fdsrp = NULL;
+ int readablen = 0, ch;
++ int keepenv = 0;
+ struct servtab *sep;
+ extern char *optarg;
+ extern int optind;
+@@ -342,11 +344,14 @@ main(int argc, char *argv[], char *envp[
+
+ initsetproctitle(argc, argv, envp);
+
+- while ((ch = getopt(argc, argv, "dR:")) != -1)
++ while ((ch = getopt(argc, argv, "dER:")) != -1)
+ switch (ch) {
+ case 'd':
+ debug = 1;
+ break;
++ case 'E':
++ keepenv = 1;
++ break;
+ case 'R': { /* invocation rate */
+ char *p;
+ int val;
+@@ -364,13 +369,17 @@ main(int argc, char *argv[], char *envp[
+ case '?':
+ default:
+ fprintf(stderr,
+- "usage: %s [-d] [-R rate] [configuration file]\n",
++ "usage: %s [-dE] [-R rate] [configuration file]\n",
+ progname);
+ exit(1);
+ }
+ argc -= optind;
+ argv += optind;
+
++ /* This must be called _after_ initsetproctitle and arg parsing */
++ if (!keepenv)
++ discard_stupid_environment();
++
+ uid = getuid();
+ if (uid != 0)
+ CONFIG = NULL;
+@@ -2071,3 +2080,45 @@ spawn(struct servtab *sep, int ctrl)
+ if (!sep->se_wait && sep->se_socktype == SOCK_STREAM)
+ close(ctrl);
+ }
++
++/* from netkit+USAGI */
++void
++discard_stupid_environment(void)
++{
++ static const char *const junk[] = {
++ /* these are prefixes */
++ "CVS",
++ "DISPLAY=",
++ "EDITOR=",
++ "GROUP=",
++ "HOME=",
++ "IFS=",
++ "LD_",
++ "LOGNAME=",
++ "MAIL=",
++ "PATH=",
++ "PRINTER=",
++ "PWD=",
++ "SHELL=",
++ "SHLVL=",
++ "SSH",
++ "TERM",
++ "TMP",
++ "USER=",
++ "VISUAL=",
++ NULL
++ };
++
++ int i, k = 0;
++
++ for (i = 0; __environ[i]; i++) {
++ int found = 0, j;
++
++ for (j = 0; junk[j]; j++)
++ if (!strncmp(__environ[i], junk[j], strlen(junk[j])))
++ found = 1;
++ if (!found)
++ __environ[k++] = __environ[i];
++ }
++ __environ[k] = NULL;
++}
+--- a/inetd.8
++++ b/inetd.8
+@@ -38,6 +38,7 @@
+ .Sh SYNOPSIS
+ .Nm inetd
+ .Op Fl d
++.Op Fl E
+ .Op Fl R Ar rate
+ .Op Ar configuration file
+ .Sh DESCRIPTION
+@@ -62,6 +63,13 @@ The options are as follows:
+ .Bl -tag -width Ds
+ .It Fl d
+ Turns on debugging.
++.It Fl E
++Prevents
++.Nm inetd
++from laundering the environment. Without this option a selection of
++potentially harmful environent variables, including
++.Pa PATH ,
++will be removed and not inherited by services.
+ .It Fl R Ar rate
+ Specify the maximum number of times a service can be invoked
+ in one minute; the default is 256.
--- openbsd-inetd-0.20080125.orig/debian/patches/test
+++ openbsd-inetd-0.20080125/debian/patches/test
@@ -0,0 +1,18 @@
+--- /dev/null
++++ b/test.conf
+@@ -0,0 +1,15 @@
++localhost:1111 stream tcp4 nowait md /usr/sbin/tcpd /usr/sbin/try-from
++#1111 stream tcp6 nowait md /usr/sbin/tcpd /usr/sbin/try-from
++
++ip6-localhost:2222 stream tcp46 nowait md /usr/sbin/tcpd /usr/sbin/in.telnetd
++
++2220 stream tcp46 nowait md /usr/sbin/tcpd /usr/sbin/try-from
++2221 stream tcp nowait md /usr/sbin/tcpd /usr/sbin/try-from
++
++2224 stream tcp4 nowait.3 md /usr/sbin/tcpd /usr/sbin/try-from
++
++2226 stream tcp6 nowait md /usr/sbin/tcpd /usr/sbin/try-from
++
++9999 stream tcp6 nowait md /bin/false false
++
++#/tmp/sock stream unix nowait md /usr/sbin/try-from
--- openbsd-inetd-0.20080125.orig/debian/patches/setproctitle
+++ openbsd-inetd-0.20080125/debian/patches/setproctitle
@@ -0,0 +1,184 @@
+--- a/inetd.c
++++ b/inetd.c
+@@ -167,6 +167,7 @@ static const char rcsid[] = "$OpenBSD: i
+ #include <rpc/rpc.h>
+ #include <rpc/pmap_clnt.h>
+ #include "pathnames.h"
++#include "setproctitle.h"
+
+ size_t strlcpy(char *, const char *, size_t);
+
+@@ -331,7 +332,7 @@ fd_grow(fd_set **fdsp, int *bytes, int f
+ struct sigaction sa, sapipe;
+
+ int
+-main(int argc, char *argv[])
++main(int argc, char *argv[], char *envp[])
+ {
+ fd_set *fdsrp = NULL;
+ int readablen = 0, ch;
+@@ -342,6 +343,8 @@ main(int argc, char *argv[])
+ progname = strrchr(argv[0], '/');
+ progname = progname ? progname + 1 : argv[0];
+
++ initsetproctitle(argc, argv, envp);
++
+ while ((ch = getopt(argc, argv, "dR:")) != -1)
+ switch (ch) {
+ case 'd':
+--- /dev/null
++++ b/setproctitle.c
+@@ -0,0 +1,146 @@
++/*
++ * setproctitle implementation for linux.
++ * Stolen from sendmail 8.7.4 and bashed around by David A. Holland
++ */
++
++/*
++ * Copyright (c) 1983, 1995 Eric P. Allman
++ * Copyright (c) 1988, 1993
++ * The Regents of the University of California. All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in the
++ * documentation and/or other materials provided with the distribution.
++ * 3. All advertising materials mentioning features or use of this software
++ * must display the following acknowledgement:
++ * This product includes software developed by the University of
++ * California, Berkeley and its contributors.
++ * 4. Neither the name of the University nor the names of its contributors
++ * may be used to endorse or promote products derived from this software
++ * without specific prior written permission.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
++ * SUCH DAMAGE.
++ *
++ * From: @(#)conf.c 8.243 (Berkeley) 11/20/95
++ */
++char setproctitle_rcsid[] =
++ "$Id: setproctitle.c,v 1.3 1997/05/19 12:58:15 dholland Exp $";
++
++#include <stdlib.h>
++#include <string.h>
++#include <stdarg.h>
++#include <unistd.h>
++#include <stdio.h>
++
++#include "setproctitle.h"
++/*
++** SETPROCTITLE -- set process title for ps
++**
++** Parameters:
++** fmt -- a printf style format string.
++** a, b, c -- possible parameters to fmt.
++**
++** Returns:
++** none.
++**
++** Side Effects:
++** Clobbers argv of our main procedure so ps(1) will
++** display the title.
++*/
++
++
++/*
++** Pointers for setproctitle.
++** This allows "ps" listings to give more useful information.
++*/
++
++static char **Argv = NULL; /* pointer to argument vector */
++static char *LastArgv = NULL; /* end of argv */
++static char Argv0[128]; /* program name */
++
++void
++initsetproctitle(int argc, char **argv, char **envp)
++{
++ register int i;
++ char *tmp;
++
++ /*
++ ** Move the environment so setproctitle can use the space at
++ ** the top of memory.
++ */
++
++ for (i = 0; envp[i] != NULL; i++)
++ continue;
++ __environ = (char **) malloc(sizeof (char *) * (i + 1));
++ for (i = 0; envp[i] != NULL; i++)
++ __environ[i] = strdup(envp[i]);
++ __environ[i] = NULL;
++
++ /*
++ ** Save start and extent of argv for setproctitle.
++ */
++
++ Argv = argv;
++ if (i > 0)
++ LastArgv = envp[i - 1] + strlen(envp[i - 1]);
++ else
++ LastArgv = argv[argc - 1] + strlen(argv[argc - 1]);
++
++ tmp = strrchr(argv[0], '/');
++ if (!tmp) tmp = argv[0];
++ else tmp++;
++ strncpy(Argv0, tmp, sizeof(Argv0));
++ /* remember to take away one or we go outside the array space */
++ Argv0[sizeof(Argv0) - 1] = 0;
++}
++
++void
++setproctitle(const char *fmt, ...)
++{
++ register char *p;
++ register int i;
++ static char buf[2048];
++ va_list ap;
++
++ p = buf;
++
++ /* print progname: heading for grep */
++ /* This can't overflow buf due to the relative size of Argv0. */
++ (void) strcpy(p, Argv0);
++ (void) strcat(p, ": ");
++ p += strlen(p);
++
++ /* print the argument string */
++ va_start(ap, fmt);
++ (void) vsnprintf(p, sizeof(buf) - (p - buf), fmt, ap);
++ va_end(ap);
++
++ i = strlen(buf);
++
++ if (i > LastArgv - Argv[0] - 2)
++ {
++ i = LastArgv - Argv[0] - 2;
++ buf[i] = '\0';
++ }
++ (void) strcpy(Argv[0], buf);
++ p = &Argv[0][i];
++ while (p < LastArgv)
++ *p++ = ' ';
++ Argv[1] = NULL;
++}
++
+--- /dev/null
++++ b/setproctitle.h
+@@ -0,0 +1,4 @@
++/* Call this from main. */
++void initsetproctitle(int argc, char **argv, char **envp);
++
++void setproctitle(const char *fmt, ...);
--- openbsd-inetd-0.20080125.orig/debian/patches/libwrap
+++ openbsd-inetd-0.20080125/debian/patches/libwrap
@@ -0,0 +1,144 @@
+--- a/inetd.c
++++ b/inetd.c
+@@ -175,6 +175,11 @@ size_t strlcpy(char *, const char *, siz
+ #define CNT_INTVL 60 /* servers in CNT_INTVL sec. */
+ #define RETRYTIME (60*10) /* retry after bind or server fail */
+
++#ifdef LIBWRAP
++# include <tcpd.h>
++int lflag = 0;
++#endif
++
+ int debug = 0;
+ int nsock, maxsock;
+ fd_set *allsockp;
+@@ -347,7 +352,7 @@ main(int argc, char *argv[], char *envp[
+
+ initsetproctitle(argc, argv, envp);
+
+- while ((ch = getopt(argc, argv, "dER:")) != -1)
++ while ((ch = getopt(argc, argv, "dElR:")) != -1)
+ switch (ch) {
+ case 'd':
+ debug = 1;
+@@ -355,6 +360,15 @@ main(int argc, char *argv[], char *envp[
+ case 'E':
+ keepenv = 1;
+ break;
++ case 'l':
++#ifdef LIBWRAP
++ lflag = 1;
++ break;
++#else
++ fprintf(stderr, "%s: libwrap support not enabled",
++ progname);
++ exit(1);
++#endif
+ case 'R': { /* invocation rate */
+ char *p;
+ int val;
+@@ -372,7 +386,7 @@ main(int argc, char *argv[], char *envp[
+ case '?':
+ default:
+ fprintf(stderr,
+- "usage: %s [-dE] [-R rate] [configuration file]\n",
++ "usage: %s [-dEl] [-R rate] [configuration file]\n",
+ progname);
+ exit(1);
+ }
+@@ -1970,6 +1984,47 @@ spawn(struct servtab *sep, int ctrl)
+ }
+ sigprocmask(SIG_SETMASK, &emptymask, NULL);
+ if (pid == 0) {
++#ifdef LIBWRAP
++ if (lflag && !sep->se_wait && sep->se_socktype == SOCK_STREAM) {
++ struct request_info req;
++ char *service;
++
++ /* do not execute tcpd if it is in the config */
++ if (strcmp(sep->se_server, "/usr/sbin/tcpd") == 0) {
++ char *p, *name;
++
++ free(sep->se_server);
++ name = sep->se_server = sep->se_argv[0];
++ for (p = name; *p; p++)
++ if (*p == '/')
++ name = p + 1;
++ sep->se_argv[0] = newstr(name);
++ }
++
++ request_init(&req, RQ_DAEMON, sep->se_argv[0],
++ RQ_FILE, ctrl, NULL);
++ fromhost(&req);
++ if (getnameinfo(&sep->se_ctrladdr,
++ sizeof(sep->se_ctrladdr), NULL, 0, buf,
++ sizeof(buf), 0) != 0) {
++ /* shouldn't happen */
++ snprintf(buf, sizeof buf, "%d",
++ ntohs(sep->se_ctrladdr_in.sin_port));
++ }
++ service = buf;
++ if (!hosts_access(&req)) {
++ syslog(deny_severity, "refused connection"
++ " from %.500s, service %s (%s)",
++ eval_client(&req), service, sep->se_proto);
++ if (sep->se_socktype != SOCK_STREAM)
++ recv(0, buf, sizeof (buf), 0);
++ exit(1);
++ }
++ syslog(allow_severity,
++ "connection from %.500s, service %s (%s)",
++ eval_client(&req), service, sep->se_proto);
++ }
++#endif
+ if (sep->se_bi)
+ (*sep->se_bi->bi_fn)(ctrl, sep);
+ else {
+--- a/inetd.8
++++ b/inetd.8
+@@ -39,6 +39,7 @@
+ .Nm inetd
+ .Op Fl d
+ .Op Fl E
++.Op Fl l
+ .Op Fl R Ar rate
+ .Op Ar configuration file
+ .Sh DESCRIPTION
+@@ -70,6 +71,13 @@ from laundering the environment. Withou
+ potentially harmful environent variables, including
+ .Pa PATH ,
+ will be removed and not inherited by services.
++.It Fl l
++Turns on libwrap connection logging and access control.
++Internal services cannot be wrapped. When enabled,
++.Pa /usr/sbin/tcpd
++is silently not executed even if present in
++.Pa /etc/inetd.conf
++and instead libwrap is called directly by inetd.
+ .It Fl R Ar rate
+ Specify the maximum number of times a service can be invoked
+ in one minute; the default is 256.
+@@ -353,6 +361,23 @@ is reread.
+ creates a file
+ .Em /var/run/inetd.pid
+ that contains its process identifier.
++.Ss libwrap
++Support for
++.Tn TCP
++wrappers is included with
++.Nm
++to provide built-in tcpd-like access control functionality.
++An external tcpd program is not needed.
++You do not need to change the
++.Pa /etc/inetd.conf
++server-program entry to enable this capability.
++.Nm
++uses
++.Pa /etc/hosts.allow
++and
++.Pa /etc/hosts.deny
++for access control facility configurations, as described in
++.Xr hosts_access 5 .
+ .Ss IPv6 TCP/UDP behavior
+ If you wish to run a server for IPv4 and IPv6 traffic,
+ you'll need to run two separate processes for the same server program,
--- openbsd-inetd-0.20080125.orig/debian/patches/global_queuelen
+++ openbsd-inetd-0.20080125/debian/patches/global_queuelen
@@ -0,0 +1,49 @@
+--- a/inetd.c
++++ b/inetd.c
+@@ -178,6 +178,7 @@ int lflag = 0;
+ #endif
+
+ int debug = 0;
++int global_queuelen = 128;
+ int nsock, maxsock;
+ fd_set *allsockp;
+ int allsockn;
+@@ -350,7 +351,7 @@ main(int argc, char *argv[], char *envp[
+
+ initsetproctitle(argc, argv, envp);
+
+- while ((ch = getopt(argc, argv, "dEilR:")) != -1)
++ while ((ch = getopt(argc, argv, "dEilq:R:")) != -1)
+ switch (ch) {
+ case 'd':
+ debug = 1;
+@@ -370,6 +371,11 @@ main(int argc, char *argv[], char *envp[
+ progname);
+ exit(1);
+ #endif
++ case 'q':
++ global_queuelen = atoi(optarg);
++ if (global_queuelen < 10)
++ global_queuelen = 10;
++ break;
+ case 'R': { /* invocation rate */
+ char *p;
+ int val;
+@@ -387,7 +393,7 @@ main(int argc, char *argv[], char *envp[
+ case '?':
+ default:
+ fprintf(stderr,
+- "usage: %s [-dEil] [-R rate] [configuration file]\n",
++ "usage: %s [-dEil] [-q len] [-R rate] [configuration file]\n",
+ progname);
+ exit(1);
+ }
+@@ -1072,7 +1078,7 @@ setsockopt(fd, SOL_SOCKET, opt, &on, siz
+ return;
+ }
+ if (sep->se_socktype == SOCK_STREAM)
+- listen(sep->se_fd, 10);
++ listen(sep->se_fd, global_queuelen);
+
+ fd_grow(&allsockp, &allsockn, sep->se_fd);
+ FD_SET(sep->se_fd, allsockp);
--- openbsd-inetd-0.20080125.orig/debian/patches/nodaemon
+++ openbsd-inetd-0.20080125/debian/patches/nodaemon
@@ -0,0 +1,70 @@
+--- a/inetd.8
++++ b/inetd.8
+@@ -39,6 +39,7 @@
+ .Nm inetd
+ .Op Fl d
+ .Op Fl E
++.Op Fl i
+ .Op Fl l
+ .Op Fl R Ar rate
+ .Op Ar configuration file
+@@ -71,6 +72,8 @@ from laundering the environment. Withou
+ potentially harmful environent variables, including
+ .Pa PATH ,
+ will be removed and not inherited by services.
++.It Fl d
++Makes the program not daemonize itself.
+ .It Fl l
+ Turns on libwrap connection logging and access control.
+ Internal services cannot be wrapped. When enabled,
+--- a/inetd.c
++++ b/inetd.c
+@@ -343,6 +343,7 @@ main(int argc, char *argv[], char *envp[
+ fd_set *fdsrp = NULL;
+ int readablen = 0, ch;
+ int keepenv = 0;
++ int nodaemon = 0;
+ struct servtab *sep;
+ extern char *optarg;
+ extern int optind;
+@@ -352,7 +353,7 @@ main(int argc, char *argv[], char *envp[
+
+ initsetproctitle(argc, argv, envp);
+
+- while ((ch = getopt(argc, argv, "dElR:")) != -1)
++ while ((ch = getopt(argc, argv, "dEilR:")) != -1)
+ switch (ch) {
+ case 'd':
+ debug = 1;
+@@ -360,6 +361,9 @@ main(int argc, char *argv[], char *envp[
+ case 'E':
+ keepenv = 1;
+ break;
++ case 'i':
++ nodaemon = 1;
++ break;
+ case 'l':
+ #ifdef LIBWRAP
+ lflag = 1;
+@@ -386,7 +390,7 @@ main(int argc, char *argv[], char *envp[
+ case '?':
+ default:
+ fprintf(stderr,
+- "usage: %s [-dEl] [-R rate] [configuration file]\n",
++ "usage: %s [-dEil] [-R rate] [configuration file]\n",
+ progname);
+ exit(1);
+ }
+@@ -415,7 +419,11 @@ main(int argc, char *argv[], char *envp[
+
+ umask(022);
+ if (debug == 0) {
+- daemon(0, 0);
++ if (nodaemon == 0)
++ if (daemon(0, 0) < 0) {
++ syslog(LOG_ERR, "daemon(0, 0): %m");
++ exit(1);
++ }
+ #ifdef HAVE_SETLOGIN
+ if (uid == 0)
+ (void) setlogin("");
--- openbsd-inetd-0.20080125.orig/debian/patches/tcp46
+++ openbsd-inetd-0.20080125/debian/patches/tcp46
@@ -0,0 +1,50 @@
+--- a/inetd.8
++++ b/inetd.8
+@@ -413,6 +413,11 @@ and IPv6 traffic will go to server on
+ If you have only one server on
+ .Dq tcp6 ,
+ only IPv6 traffic will be routed to the server.
++.Pp
++The special
++.Dq tcp46
++parameter can be used for obsolete servers which require to receive IPv4
++connections mapped in an IPv6 socket. Its usage is discouraged.
+ .El
+ .Sh SEE ALSO
+ .Xr fingerd 8 ,
+--- a/inetd.c
++++ b/inetd.c
+@@ -826,10 +826,14 @@ doconfig(void)
+
+ if (!port) {
+ /* XXX */
++ char *p;
+ strncpy(protoname, sep->se_proto,
+ sizeof(protoname));
+- if (isdigit(protoname[strlen(protoname) - 1]))
+- protoname[strlen(protoname) - 1] = '\0';
++ for (p = protoname; *p; p++)
++ if (isdigit(*p)) {
++ *p = '\0';
++ break;
++ }
+ sp = getservbyname(sep->se_service,
+ protoname);
+ if (sp == 0) {
+@@ -1023,6 +1027,16 @@ setup(struct servtab *sep)
+ sep->se_service, sep->se_proto);
+ return;
+ }
++ if (strncmp(sep->se_proto, "tcp6", 4) == 0) {
++ if (setsockopt(sep->se_fd, IPPROTO_IPV6, IPV6_V6ONLY, &on,
++ sizeof (on)) < 0)
++ syslog(LOG_ERR, "setsockopt (IPV6_V6ONLY): %m");
++ } else if (strncmp(sep->se_proto, "tcp46", 5) == 0) {
++ int off = 0;
++ if (setsockopt(sep->se_fd, IPPROTO_IPV6, IPV6_V6ONLY, &off,
++ sizeof (off)) < 0)
++ syslog(LOG_ERR, "setsockopt (IPV6_V6ONLY): %m");
++ }
+ #define turnon(fd, opt) \
+ setsockopt(fd, SOL_SOCKET, opt, &on, sizeof (on))
+ if (strncmp(sep->se_proto, "tcp", 3) == 0 && (options & SO_DEBUG) &&
--- openbsd-inetd-0.20080125.orig/debian/patches/print_pause_time
+++ openbsd-inetd-0.20080125/debian/patches/print_pause_time
@@ -0,0 +1,14 @@
+--- a/inetd.c
++++ b/inetd.c
+@@ -1956,8 +1956,9 @@ spawn(struct servtab *sep, int ctrl)
+ return;
+ }
+ syslog(LOG_ERR,
+- "%s/%s server failing (looping), service terminated",
+- sep->se_service, sep->se_proto);
++ "%s/%s server failing (looping), service terminated for %d min",
++ sep->se_service, sep->se_proto,
++ RETRYTIME/60);
+ if (!sep->se_wait &&
+ sep->se_socktype == SOCK_STREAM)
+ close(ctrl);
--- openbsd-inetd-0.20080125.orig/debian/patches/makefile
+++ openbsd-inetd-0.20080125/debian/patches/makefile
@@ -0,0 +1,19 @@
+--- /dev/null
++++ b/Makefile.debian
+@@ -0,0 +1,16 @@
++DEFS := -DLIBWRAP
++LIBS := -lwrap
++
++inetd_OBJECTS := inetd.o setproctitle.o strlcpy.o
++
++all: inetd
++
++.c.o:
++ $(CC) $(DEFS) $(CFLAGS) -c $<
++
++inetd: $(inetd_OBJECTS)
++ $(CC) $(LDFLAGS) -o $@ $^ $(LIBS)
++
++clean:
++ rm -f inetd inetd.o setproctitle.o strlcpy.o
++
--- openbsd-inetd-0.20080125.orig/debian/patches/series
+++ openbsd-inetd-0.20080125/debian/patches/series
@@ -0,0 +1,14 @@
+# portability
+makefile
+test
+misc_portability
+setproctitle
+
+# features
+discard_env
+libwrap
+nodaemon
+global_queuelen
+print_pause_time
+tcp46
+buftuning
--- openbsd-inetd-0.20080125.orig/debian/patches/buftuning
+++ openbsd-inetd-0.20080125/debian/patches/buftuning
@@ -0,0 +1,165 @@
+--- a/inetd.8
++++ b/inetd.8
+@@ -107,7 +107,7 @@ The fields of the configuration file are
+ .Bd -unfilled -offset indent
+ service name
+ socket type
+-protocol
++protocol[,sndbuf=size][,rcvbuf=size]
+ wait/nowait[.max]
+ user[.group] or user[:group]
+ server program
+@@ -119,7 +119,7 @@ based service, the entry would contain t
+ .Bd -unfilled -offset indent
+ service name/version
+ socket type
+-rpc/protocol
++rpc/protocol[,sndbuf=size][,rcvbuf=size]
+ wait/nowait[.max]
+ user[.group] or user[:group]
+ server program
+@@ -234,6 +234,30 @@ is used to specify a socket in the
+ .Ux
+ domain.
+ .Pp
++In addition to the protocol, the configuration file may specify the
++send and receive socket buffer sizes for the listening socket.
++This is especially useful for
++.Tn TCP
++as the window scale factor, which is based on the receive socket
++buffer size, is advertised when the connection handshake occurs,
++thus the socket buffer size for the server must be set on the listen socket.
++By increasing the socket buffer sizes, better
++.Tn TCP
++performance may be realized in some situations.
++The socket buffer sizes are specified by appending their values to
++the protocol specification as follows:
++.Bd -literal -offset indent
++tcp,rcvbuf=16384
++tcp,sndbuf=64k
++tcp,rcvbuf=64k,sndbuf=1m
++.Ed
++.Pp
++A literal value may be specified, or modified using
++.Sq k
++to indicate kilobytes or
++.Sq m
++to indicate megabytes.
++.Pp
+ The
+ .Em wait/nowait
+ entry is used to tell
+--- a/inetd.c
++++ b/inetd.c
+@@ -206,6 +206,8 @@ struct servtab {
+ int se_socktype; /* type of socket to use */
+ int se_family; /* address family */
+ char *se_proto; /* protocol used */
++ int se_sndbuf; /* sndbuf size */
++ int se_rcvbuf; /* rcvbuf size */
+ int se_rpcprog; /* rpc program number */
+ int se_rpcversl; /* rpc program lowest version */
+ int se_rpcversh; /* rpc program highest version */
+@@ -1252,6 +1254,8 @@ getconfigent(void)
+ {
+ struct servtab *sep, *tsep;
+ char *arg, *cp, *hostdelim, *s;
++ char *cp0, *buf0, *buf1, *sz0, *sz1;
++ int val;
+ int argc;
+
+ sep = (struct servtab *) malloc(sizeof(struct servtab));
+@@ -1327,6 +1331,93 @@ more:
+
+ sep->se_proto = newstr(arg);
+
++#define MALFORMED(arg) \
++do { \
++ syslog(LOG_ERR, "%s: malformed buffer size option `%s'", \
++ sep->se_service, (arg)); \
++ goto more; \
++} while (0)
++
++#define GETVAL(arg) \
++do { \
++ if (!isdigit(*(arg))) \
++ MALFORMED(arg); \
++ val = strtol((arg), &cp0, 10); \
++ if (cp0 != NULL) { \
++ if (cp0[1] != '\0') \
++ MALFORMED((arg)); \
++ if (cp0[0] == 'k') \
++ val *= 1024; \
++ if (cp0[0] == 'm') \
++ val *= 1024 * 1024; \
++ } \
++ if (val < 1) { \
++ syslog(LOG_ERR, "%s: invalid buffer size `%s'", \
++ sep->se_service, (arg)); \
++ goto more; \
++ } \
++} while (0)
++
++#define ASSIGN(arg) \
++do { \
++ if (strcmp((arg), "sndbuf") == 0) \
++ sep->se_sndbuf = val; \
++ else if (strcmp((arg), "rcvbuf") == 0) \
++ sep->se_rcvbuf = val; \
++ else \
++ MALFORMED((arg)); \
++} while (0)
++
++ /*
++ * Extract the send and receive buffer sizes before parsing
++ * the protocol.
++ */
++ sep->se_sndbuf = sep->se_rcvbuf = 0;
++ buf0 = buf1 = sz0 = sz1 = NULL;
++ if ((buf0 = strchr(sep->se_proto, ',')) != NULL) {
++ /* Skip the , */
++ *buf0++ = '\0';
++
++ /* Check to see if another socket buffer size was specified. */
++ if ((buf1 = strchr(buf0, ',')) != NULL) {
++ /* Skip the , */
++ *buf1++ = '\0';
++
++ /* Make sure a 3rd one wasn't specified. */
++ if (strchr(buf1, ',') != NULL) {
++ syslog(LOG_ERR, "%s: too many buffer sizes",
++ sep->se_service);
++ goto more;
++ }
++
++ /* Locate the size. */
++ if ((sz1 = strchr(buf1, '=')) == NULL)
++ MALFORMED(buf1);
++
++ /* Skip the = */
++ *sz1++ = '\0';
++ }
++
++ /* Locate the size. */
++ if ((sz0 = strchr(buf0, '=')) == NULL)
++ MALFORMED(buf0);
++
++ /* Skip the = */
++ *sz0++ = '\0';
++
++ GETVAL(sz0);
++ ASSIGN(buf0);
++
++ if (buf1 != NULL) {
++ GETVAL(sz1);
++ ASSIGN(buf1);
++ }
++ }
++
++#undef ASSIGN
++#undef GETVAL
++#undef MALFORMED
++
+ if (strcmp(sep->se_proto, "unix") == 0) {
+ sep->se_family = AF_UNIX;
+ } else {
![[patchlogo]](http://patch-tracker.debian.org/static/img/swirlpatch.png)