--- openbsd-inetd-0.20080125.orig/debian/changelog +++ openbsd-inetd-0.20080125/debian/changelog @@ -0,0 +1,148 @@ +openbsd-inetd (0.20080125-6) unstable; urgency=medium + + * Added --oknodo to the init script, this time for real. (Closes: #592582) + + -- Marco d'Itri Mon, 30 Aug 2010 00:02:27 +0200 + +openbsd-inetd (0.20080125-5) unstable; urgency=medium + + * Added --oknodo to the init script. (Closes: #592582) + + -- Marco d'Itri Mon, 16 Aug 2010 21:33:09 +0200 + +openbsd-inetd (0.20080125-4) unstable; urgency=low + + * Use the hardening-includes package to build with hardening flags. + * Do not call the patch-generated makefile in the clean target. + (Closes: #538690) + + -- Marco d'Itri Mon, 21 Dec 2009 03:26:02 +0100 + +openbsd-inetd (0.20080125-3) unstable; urgency=medium + + * Added support for the "status" action to the init script. (Closes: #526375) + * inetd.8: documented that the service name may be a port number as well. + (Closes: #519283) + * Demoted to optional priority. + + -- Marco d'Itri Sat, 04 Jul 2009 17:18:05 +0200 + +openbsd-inetd (0.20080125-2) unstable; urgency=high + + * Added dh_md5sums to debian/rules, since apparently people nowadays + believe again that it is a good idea. (Closes: #484483) + * Fixed the init script to povide "openbsd-inetd" instead of "inetd". + (Closes: #507119) + * Updated patches misc_portability and setproctitle with some missing + prototypes. + * Updated patch misc_portability with missing arguments to two syslog(3) + calls. + * Updated patch libwrap to fix a possibly uninitialized variable. + The last three fixes are courtesy of Denis Zaitsev. + + -- Marco d'Itri Mon, 15 Dec 2008 02:00:52 +0100 + +openbsd-inetd (0.20080125-1) unstable; urgency=low + + * New CVS snapshot. + * Package painfully converted to quilt. + * Fixed a typo in debian/control. (Closes: #125181) + * Fixed a typo in the init script. (Closes: #465613, #465732) + * Delete /etc/rc[2345].d/S20inetd too when upgrading from netkit-inetd. + (Closes: #416010) + * Do not use log_warning_msg in the init script when inetd.conf is emtpy, + this is not something deserving extra attention. (Closes: #435658) + * Document in inetd(8) that datagram services must read some network + input or inetd will continue spawning them. + Many thanks to James Cameron for the analysis. (Closes: #436803) + * Use a real characters class instead of character ranges with grep + in the init script, because some locales have weird ranges. + Spotted by Meelis Roos. (Closes: #458564) + + -- Marco d'Itri Sun, 20 Apr 2008 15:12:31 +0200 + +openbsd-inetd (0.20050402-6) unstable; urgency=high + + * Try again to fix #386469 by stopping the daemon in postinst before + starting it, because update-inetd run by the maintainer script of a + different package may have restarted it after the prerm ran on upgrade. + Patch courtesy of Steve Langasek. (Closes: #386469) + + -- Marco d'Itri Wed, 21 Mar 2007 19:07:01 +0100 + +openbsd-inetd (0.20050402-5) unstable; urgency=medium + + * Try again to fix #386469, this time by removing from the init script + stop target the --exec argument to start-stop-daemon, which is known + to be broken and generally a bad idea. + + -- Marco d'Itri Sun, 25 Feb 2007 21:28:18 +0100 + +openbsd-inetd (0.20050402-4) unstable; urgency=medium + + * Fix inetd to build on hurd. (Closes: #393829) + * Accept UDP connections on all ports. (Closes: #389854) + * Try harder to remove the netkit-inetd conffiles and kill the old inetd + to prevent postinst failing. (Closes: #386469) + + -- Marco d'Itri Sat, 6 Jan 2007 18:33:42 +0100 + +openbsd-inetd (0.20050402-3) unstable; urgency=medium + + * Depend on update-inetd and provide inet-superserver. + * Converted the init script to use the LSB logging functions. + (Closes: #384879) + * Added LSB dependency info to the init script. (Closes: #386629) + * Fixed a typo in the package description. (Closes: #390232) + + -- Marco d'Itri Sun, 10 Sep 2006 13:46:23 +0200 + +openbsd-inetd (0.20050402-2) unstable; urgency=medium + + * Added a sleep command to the init script restart section. + (Closes: #376716) + * Added -E option not to clobber the environment, contribute by + Ian Jackson. (Closes: #355005) + * Priority raised to standard. + + -- Marco d'Itri Thu, 17 Aug 2006 18:53:39 +0200 + +openbsd-inetd (0.20050402-1) unstable; urgency=low + + * New CVS snapshot. + + Fixes the permissions of UNIX domain sockets. (Closes: #309537) + + -- Marco d'Itri Sun, 22 May 2005 18:51:03 +0200 + +openbsd-inetd (0.20040915-1) unstable; urgency=low + + * New CVS snapshot. + + Fixes gcc 4.0 FTBFS. (Closes: #287860) + * Made the init script source /etc/default/openbsd-inetd, if present. + (Closes: #251224) + * Documented in inetd(8) that switching between binding to INADDR_ANY and + to a specific address requires restarting the daemon. (Closes: #242392) + * Added code to create the requested type of IPv6 socket using + setsockopt(IPPROTO_IPV6). This requires a modern 2.4 or 2.6 kernel. + * Added Conflicts+Replaces+Provides: netkit-inetd to fully replace it. + prerm will unlink netkit-inetd's conffiles and the init script is + named openbsd-inetd to allow purging netkit-inetd. + Alternative solutions to both issues are welcome. + * Changed the default inetd.conf to satisfy people who think that every + listening socket is a security hole: no internal services are enabled + by default. This means that the daemon will not even be started by the + init script until some service is enabled in inetd.conf. + * Removed from the default inetd.conf the already-commented examples + of the internal services which are actually dangerous to run. + + -- Marco d'Itri Sun, 2 Jan 2005 02:40:43 +0100 + +openbsd-inetd (0.20020802-1) unstable; urgency=low + + * New package. + * Pre/postinstall scripts borrowed from aj's netkit-inetd package. + * This package fixes many bugs in netkit-inetd, among them: + #10813, #32579, #55052, #66752, #143539, #143815, #143816, #125181, + #45907, #82241, #96544, #110673. + + -- Marco d'Itri Tue, 20 Aug 2002 15:51:39 +0200 --- openbsd-inetd-0.20080125.orig/debian/README.source +++ openbsd-inetd-0.20080125/debian/README.source @@ -0,0 +1,7 @@ +mkdir openbsd-inetd +cd openbsd-inetd +cvs -d anoncvs@anoncvs1.usa.openbsd.org:/cvs/src/usr.sbin/inetd/ co . +cvs2cl +rm -rf CVS +cd .. +mv openbsd-inetd openbsd-inetd-0... --- openbsd-inetd-0.20080125.orig/debian/openbsd-inetd.init +++ openbsd-inetd-0.20080125/debian/openbsd-inetd.init @@ -0,0 +1,86 @@ +#!/bin/sh -e +### BEGIN INIT INFO +# Provides: openbsd-inetd +# Required-Start: $local_fs $remote_fs +# Required-Stop: $local_fs $remote_fs +# Should-Start: $syslog +# Should-Stop: $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start or stop the inetd daemon. +### END INIT INFO + +DAEMON=/usr/sbin/inetd + +[ -x $DAEMON -a -e /etc/inetd.conf ] || exit 0 + +[ -e /etc/default/openbsd-inetd ] && . /etc/default/openbsd-inetd + +. /lib/lsb/init-functions + +checkportmap () { + if ! grep -v -s "^ *#" /etc/inetd.conf | grep -q -s 'rpc/'; then + return 0 + fi + + if [ ! -x /usr/bin/rpcinfo ]; then + log_action_msg "WARNING: rpcinfo not available - RPC services may be unavailable!" + log_action_msg " (Commenting out the rpc services in inetd.conf will" + log_action_msg " disable this message)" + elif ! /usr/bin/rpcinfo -u localhost portmapper >/dev/null 2>&1; then + log_action_msg "WARNING: portmapper inactive - RPC services unavailable!" + log_action_msg " (Commenting out the rpc services in inetd.conf will" + log_action_msg " disable this message)" + fi +} + +checknoservices () { + if ! grep -q "^[[:alnum:]/]" /etc/inetd.conf; then + log_action_msg "Not starting internet superserver: no services enabled" + exit 0 + fi +} + +case "$1" in + start) + checknoservices + checkportmap + log_daemon_msg "Starting internet superserver" "inetd" + start-stop-daemon --start --quiet --pidfile /var/run/inetd.pid \ + --oknodo --exec $DAEMON -- $OPTIONS + log_end_msg 0 + ;; + stop) + log_daemon_msg "Stopping internet superserver" "inetd" + start-stop-daemon --stop --quiet --pidfile /var/run/inetd.pid \ + --oknodo + log_end_msg 0 + ;; + reload|force-reload) + log_daemon_msg "Reloading internet superserver" "inetd" + start-stop-daemon --stop --quiet --pidfile /var/run/inetd.pid \ + --oknodo --signal 1 + log_end_msg 0 + ;; + restart) + checkportmap + log_daemon_msg "Restarting internet superserver" "inetd" + start-stop-daemon --stop --quiet --pidfile /var/run/inetd.pid \ + --oknodo + checknoservices + sleep 1 + start-stop-daemon --start --quiet --pidfile /var/run/inetd.pid \ + --exec $DAEMON -- $OPTIONS + log_end_msg 0 + ;; + status) + status_of_proc -p /var/run/inetd.pid $DAEMON inetd && exit 0 || exit $? + ;; + *) + echo "Usage: /etc/init.d/openbsd-inetd {start|stop|reload|force-reload|restart|status}" + exit 2 + ;; +esac + +exit 0 + --- openbsd-inetd-0.20080125.orig/debian/control +++ openbsd-inetd-0.20080125/debian/control @@ -0,0 +1,22 @@ +Source: openbsd-inetd +Section: net +Priority: optional +Maintainer: Marco d'Itri +Build-Depends: debhelper (>= 5.0), quilt (>= 0.40), hardening-includes, libwrap0-dev +Standards-Version: 3.9.1 + +Package: openbsd-inetd +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, lsb-base (>= 3.2-13), update-inetd, tcpd +Conflicts: netkit-inetd +Replaces: netkit-inetd +Provides: inet-superserver, netkit-inetd +Description: The OpenBSD Internet Superserver + The inetd server is a network daemon program that specializes in managing + incoming network connections. Its configuration file tells it what + program needs to be run when an incoming connection is received. Any + service port may be configured for either of the tcp or udp protocols. + . + This is a port of the OpenBSD daemon with some debian-specific features. + This package supports IPv6, built-in libwrap access control, binding to + specific addresses, UNIX domain sockets and socket buffers tuning. --- openbsd-inetd-0.20080125.orig/debian/compat +++ openbsd-inetd-0.20080125/debian/compat @@ -0,0 +1 @@ +5 --- openbsd-inetd-0.20080125.orig/debian/openbsd-inetd.preinst +++ openbsd-inetd-0.20080125/debian/openbsd-inetd.preinst @@ -0,0 +1,101 @@ +#!/bin/sh -e + +# create a new /etc/inetd.conf file if it doesn't already exist +create_inetd() { + [ -e /etc/inetd.conf ] && return 0 + + cat < /etc/inetd.conf +# /etc/inetd.conf: see inetd(8) for further informations. +# +# Internet superserver configuration database +# +# +# Lines starting with "#:LABEL:" or "##" should not +# be changed unless you know what you are doing! +# +# If you want to disable an entry so it isn't touched during +# package updates just comment it out with a single '#' character. +# +# Packages should modify this file by using update-inetd(8) +# +# +# +#:INTERNAL: Internal services +#discard stream tcp nowait root internal +#discard dgram udp wait root internal +#daytime stream tcp nowait root internal +#time stream tcp nowait root internal + +#:STANDARD: These are standard services. + +#:BSD: Shell, login, exec and talk are BSD protocols. + +#:MAIL: Mail, news and uucp services. + +#:INFO: Info services + +#:BOOT: TFTP service is provided primarily for booting. Most sites +# run this only on machines acting as "boot servers." + +#:RPC: RPC based services + +#:HAM-RADIO: amateur-radio services + +#:OTHER: Other services + +EOF + + chmod 644 /etc/inetd.conf +} + +upgrade_from_old_inetd() { + if [ "$2" ] && dpkg --compare-versions "$2" ge 0.20040915-1; then + return 0 + fi + + # XXX the binary will change after removing the diversions, so we want + # to be sure that the daemon has been stopped by that time + start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/inetd.pid + + # remove the diversions created by old versions of this package + DIVERT="/usr/sbin/inetd /usr/share/man/man8/inetd.8.gz /usr/share/man/man5/inetd.conf.5.gz" + for file in $DIVERT; do + [ -e $file.netkit ] || continue + rm -f $file + dpkg-divert --package openbsd-inetd --remove --divert $file.netkit $file + done +} + +upgrade_from_netkit_inetd() { + if [ -e /etc/cron.daily/netkit-inetd ]; then + rm -f /etc/cron.daily/netkit-inetd + fi + if [ -e /etc/init.d/inetd ]; then + rm -f /etc/init.d/inetd /etc/rc[2345].d/S20inetd + fi + + # be sure to kill the netkit-inetd daemon, which may still be active if + # the moon is wrongly aligned + if [ -e /var/run/inetd.pid ]; then + start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/inetd.pid + fi +} + +case "$1" in + install) + create_inetd + upgrade_from_netkit_inetd + ;; + + upgrade|abort-upgrade) + upgrade_from_old_inetd "$@" + ;; + + *) + echo "$0 called with unknown argument '$1'" >&2 + exit 1 + ;; +esac + +#DEBHELPER# + --- openbsd-inetd-0.20080125.orig/debian/rules +++ openbsd-inetd-0.20080125/debian/rules @@ -0,0 +1,53 @@ +#!/usr/bin/make -f +SHELL+= -e + +QUILT_STAMPFN := debian/.stamp-patched +include /usr/share/quilt/quilt.make + +include /usr/share/hardening-includes/hardening.make +CFLAGS += $(HARDENING_CFLAGS) +LDFLAGS += $(HARDENING_LDFLAGS) + +D := $(CURDIR)/debian/openbsd-inetd + +clean: unpatch + dh_testdir + rm -f debian/.stamp-* + rm -f inetd *.o + dh_clean + +build: debian/.stamp-build +debian/.stamp-build: $(QUILT_STAMPFN) + dh_testdir + $(MAKE) -f Makefile.debian + touch $@ + +binary-arch: checkroot build + dh_testdir + dh_clean + + dh_installdirs usr/sbin/ usr/share/man/man5 + dh_installdocs + dh_installman inetd.8 + dh_installchangelogs ChangeLog + dh_link usr/share/man/man8/inetd.8.gz \ + usr/share/man/man5/inetd.conf.5.gz + install --mode=755 inetd $D/usr/sbin/ + dh_installinit --update-rcd-params="defaults 20" #--name=inetd + dh_strip + dh_compress + dh_fixperms + dh_shlibdeps + dh_installdeb + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-arch + +binary-indep: + +checkroot: + test root = "`whoami`" + +.PHONY: binary binary-arch binary-indep build clean checkroot --- openbsd-inetd-0.20080125.orig/debian/copyright +++ openbsd-inetd-0.20080125/debian/copyright @@ -0,0 +1,13 @@ +This is a port of the original OpenBSD inetd daemon downloaded from CVS. +Some features have been merged from the NetBSD source tree. + + * Copyright (c) 1983,1991 The Regents of the University of California. + * Copyright (c) 1998 Todd C. Miller + +It has a standard 3-clauses BSD license (/usr/share/common-licenses/BSD). + +setproctitle.c and discard_stupid_environment() come from netkit 0.17, +patched by the USAGI project. + +strlcpy.c comes from the openbsd source tree, slightly edited. + --- openbsd-inetd-0.20080125.orig/debian/openbsd-inetd.postinst +++ openbsd-inetd-0.20080125/debian/openbsd-inetd.postinst @@ -0,0 +1,10 @@ +#!/bin/sh -e + +if [ -x "/etc/init.d/openbsd-inetd" ] && which invoke-rc.d >/dev/null 2>&1; then + # Ignore any errors, this should be best-effort as it should not + # normally be needed in the first place. See #386469 for details. + invoke-rc.d openbsd-inetd stop || true +fi + +#DEBHELPER# + --- openbsd-inetd-0.20080125.orig/debian/patches/misc_portability +++ openbsd-inetd-0.20080125/debian/patches/misc_portability @@ -0,0 +1,296 @@ +--- a/inetd.8 ++++ b/inetd.8 +@@ -149,7 +149,8 @@ The + .Em service name + entry is the name of a valid service in + the file +-.Pa /etc/services . ++.Pa /etc/services ++or a port number. + For + .Dq internal + services (discussed below), the service +@@ -166,7 +167,7 @@ The part on the right of the + is the RPC version number. + This can simply be a single numeric argument or a range of versions. + A range is bounded by the low version to the high version - +-.Dq rusers/1-3 . ++.Dq rusers/1\-3 . + For + .Ux + domain sockets this field specifies the path name of the socket. +@@ -186,7 +187,8 @@ reliably delivered message, or sequenced + The + .Em protocol + must be a valid protocol as given in +-.Pa /etc/protocols . ++.Pa /etc/protocols or ++.Dq unix . + Examples might be + .Dq tcp + or +@@ -378,9 +380,7 @@ If you have only one server on + only IPv6 traffic will be routed to the server. + .El + .Sh SEE ALSO +-.Xr comsat 8 , + .Xr fingerd 8 , +-.Xr ftp-proxy 8 , + .Xr ftpd 8 , + .Xr identd 8 , + .Xr rshd 8 , +@@ -395,7 +395,23 @@ Support for Sun-RPC + based services is modelled after that + provided by SunOS 4.1. + IPv6 support was added by the KAME project in 1999. ++.Pp ++Marco d'Itri ported this code from OpenBSD in summer 2002 and added ++socket buffers tuning and libwrap support from the NetBSD source tree. + .Sh BUGS ++On Linux systems, the daemon cannot reload its configuration and needs ++to be restarted when the host address for a service is changed between ++.Dq \&* ++and a specific address. ++.Pp ++Server programs used with ++.Dq dgram ++.Dq udp ++.Dq nowait ++must read from the network socket, or ++.Nm inetd ++will spawn processes until the maximum is reached. ++.Pp + Host address specifiers, while they make conceptual sense for RPC + services, do not work entirely correctly. + This is largely because the +--- a/inetd.c ++++ b/inetd.c +@@ -139,6 +139,7 @@ static const char rcsid[] = "$OpenBSD: i + #include + #include + #include ++#include + #include + #include + +@@ -157,13 +158,18 @@ static const char rcsid[] = "$OpenBSD: i + #include + #include + #include ++#ifdef HAVE_SETUSERCONTEXT + #include ++#endif ++#ifdef HAVE_GETIFADDRS + #include ++#endif + #include + #include +-#include + #include "pathnames.h" + ++size_t strlcpy(char *, const char *, size_t); ++ + #define TOOMANY 256 /* don't start more than TOOMANY */ + #define CNT_INTVL 60 /* servers in CNT_INTVL sec. */ + #define RETRYTIME (60*10) /* retry after bind or server fail */ +@@ -340,7 +346,6 @@ main(int argc, char *argv[]) + switch (ch) { + case 'd': + debug = 1; +- options |= SO_DEBUG; + break; + case 'R': { /* invocation rate */ + char *p; +@@ -385,9 +390,13 @@ main(int argc, char *argv[]) + umask(022); + if (debug == 0) { + daemon(0, 0); ++#ifdef HAVE_SETLOGIN + if (uid == 0) + (void) setlogin(""); ++#endif + } ++ if (debug && uid == 0) ++ options |= SO_DEBUG; + + if (uid == 0) { + gid_t gid = getgid(); +@@ -432,6 +441,15 @@ main(int argc, char *argv[]) + sa.sa_handler = SIG_IGN; + sigaction(SIGPIPE, &sa, &sapipe); + ++ /* space for daemons to overwrite environment for ps */ ++ { ++#define DUMMYSIZE 100 ++ char dummy[DUMMYSIZE]; ++ memset(dummy, 'x', DUMMYSIZE - 1); ++ dummy[DUMMYSIZE - 1] = '\0'; ++ setenv("inetd_dummy", dummy, 1); ++ } ++ + for (;;) { + int n, ctrl = -1; + +@@ -587,9 +605,6 @@ dg_badinput(struct sockaddr *sa) + return 0; + } + +- if (port < IPPORT_RESERVED || port == NFS_PORT) +- goto bad; +- + return (0); + + bad: +@@ -599,6 +614,7 @@ bad: + int + dg_broadcast(struct in_addr *in) + { ++#ifdef HAVE_GETIFADDRS + struct ifaddrs *ifa, *ifap; + struct sockaddr_in *sin; + +@@ -615,6 +631,7 @@ dg_broadcast(struct in_addr *in) + } + } + freeifaddrs(ifap); ++#endif + return (0); + } + +@@ -1861,7 +1878,7 @@ print_service(char *action, struct servt + fprintf(stderr, + " wait.max=%hd.%d user:group=%s:%s builtin=%lx server=%s\n", + sep->se_wait, sep->se_max, sep->se_user, +- sep->se_group ? sep->se_group : "wheel", ++ sep->se_group ? sep->se_group : "(default)", + (long)sep->se_bi, sep->se_server); + } + +@@ -1969,6 +1986,7 @@ spawn(struct servtab *sep, int ctrl) + if (uid != pwd->pw_uid) + exit(1); + } else { ++#ifdef HAVE_SETUSERCONTEXT + tmpint = LOGIN_SETALL & + ~(LOGIN_SETGROUP|LOGIN_SETLOGIN); + if (pwd->pw_uid) +@@ -1984,6 +2002,53 @@ spawn(struct servtab *sep, int ctrl) + sep->se_service, sep->se_proto); + exit(1); + } ++#else ++ /* what about setpriority(2), setrlimit(2), ++ * and umask(2)? The $PATH is cleared. ++ */ ++ if (pwd->pw_uid) { ++ if (sep->se_group) ++ pwd->pw_gid = grp->gr_gid; ++ if (setgid(pwd->pw_gid) < 0) { ++ syslog(LOG_ERR, ++ "%s/%s: can't set gid %d: %m", ++ sep->se_service, sep->se_proto, ++ pwd->pw_gid); ++ exit(1); ++ } ++ if (initgroups(pwd->pw_name, pwd->pw_gid) ++ < 0) { ++ syslog(LOG_ERR, ++ "%s/%s: can't initgroups(%s): %m", ++ sep->se_service, sep->se_proto, ++ pwd->pw_name); ++ exit(1); ++ } ++ if (setuid(pwd->pw_uid) < 0) { ++ syslog(LOG_ERR, ++ "%s/%s: can't set uid %d: %m", ++ sep->se_service, sep->se_proto, ++ pwd->pw_uid); ++ exit(1); ++ } ++ } else if (sep->se_group) { ++ if (setgid(pwd->pw_gid) < 0) { ++ syslog(LOG_ERR, ++ "%s/%s: can't set gid %d: %m", ++ sep->se_service, sep->se_proto, ++ pwd->pw_gid); ++ exit(1); ++ } ++ if (initgroups(pwd->pw_name, pwd->pw_gid) ++ < 0) { ++ syslog(LOG_ERR, ++ "%s/%s: can't initgroups(%s): %m", ++ sep->se_service, sep->se_proto, ++ pwd->pw_name); ++ exit(1); ++ } ++ } ++#endif + } + if (debug) + fprintf(stderr, "%ld execv %s\n", +--- /dev/null ++++ b/strlcpy.c +@@ -0,0 +1,63 @@ ++/* $OpenBSD: strlcpy.c,v 1.4 1999/05/01 18:56:41 millert Exp $ */ ++ ++/* ++ * Copyright (c) 1998 Todd C. Miller ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. The name of the author may not be used to endorse or promote products ++ * derived from this software without specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, ++ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY ++ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ++ * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, ++ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, ++ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; ++ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, ++ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR ++ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ++ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ++ * (Old style prototype traslated) ++ */ ++ ++#include ++#include ++ ++/* ++ * Copy src to string dst of size siz. At most siz-1 characters ++ * will be copied. Always NUL terminates (unless siz == 0). ++ * Returns strlen(src); if retval >= siz, truncation occurred. ++ */ ++size_t strlcpy(char *dst, const char *src, size_t siz) ++{ ++ register char *d = dst; ++ register const char *s = src; ++ register size_t n = siz; ++ ++ /* Copy as many bytes as will fit */ ++ if (n != 0 && --n != 0) { ++ do { ++ if ((*d++ = *s++) == 0) ++ break; ++ } while (--n != 0); ++ } ++ ++ /* Not enough room in dst, add NUL and traverse rest of src */ ++ if (n == 0) { ++ if (siz != 0) ++ *d = '\0'; /* NUL-terminate dst */ ++ while (*s++) ++ ; ++ } ++ ++ return(s - src - 1); /* count does not include NUL */ ++} --- openbsd-inetd-0.20080125.orig/debian/patches/discard_env +++ openbsd-inetd-0.20080125/debian/patches/discard_env @@ -0,0 +1,123 @@ +--- a/inetd.c ++++ b/inetd.c +@@ -301,6 +301,7 @@ int bump_nofile(void); + struct servtab *enter(struct servtab *); + int matchconf(struct servtab *, struct servtab *); + int dg_broadcast(struct in_addr *in); ++void discard_stupid_environment(void); + + #define NUMINT (sizeof(intab) / sizeof(struct inent)) + char *CONFIG = _PATH_INETDCONF; +@@ -333,6 +334,7 @@ main(int argc, char *argv[], char *envp[ + { + fd_set *fdsrp = NULL; + int readablen = 0, ch; ++ int keepenv = 0; + struct servtab *sep; + extern char *optarg; + extern int optind; +@@ -342,11 +344,14 @@ main(int argc, char *argv[], char *envp[ + + initsetproctitle(argc, argv, envp); + +- while ((ch = getopt(argc, argv, "dR:")) != -1) ++ while ((ch = getopt(argc, argv, "dER:")) != -1) + switch (ch) { + case 'd': + debug = 1; + break; ++ case 'E': ++ keepenv = 1; ++ break; + case 'R': { /* invocation rate */ + char *p; + int val; +@@ -364,13 +369,17 @@ main(int argc, char *argv[], char *envp[ + case '?': + default: + fprintf(stderr, +- "usage: %s [-d] [-R rate] [configuration file]\n", ++ "usage: %s [-dE] [-R rate] [configuration file]\n", + progname); + exit(1); + } + argc -= optind; + argv += optind; + ++ /* This must be called _after_ initsetproctitle and arg parsing */ ++ if (!keepenv) ++ discard_stupid_environment(); ++ + uid = getuid(); + if (uid != 0) + CONFIG = NULL; +@@ -2071,3 +2080,45 @@ spawn(struct servtab *sep, int ctrl) + if (!sep->se_wait && sep->se_socktype == SOCK_STREAM) + close(ctrl); + } ++ ++/* from netkit+USAGI */ ++void ++discard_stupid_environment(void) ++{ ++ static const char *const junk[] = { ++ /* these are prefixes */ ++ "CVS", ++ "DISPLAY=", ++ "EDITOR=", ++ "GROUP=", ++ "HOME=", ++ "IFS=", ++ "LD_", ++ "LOGNAME=", ++ "MAIL=", ++ "PATH=", ++ "PRINTER=", ++ "PWD=", ++ "SHELL=", ++ "SHLVL=", ++ "SSH", ++ "TERM", ++ "TMP", ++ "USER=", ++ "VISUAL=", ++ NULL ++ }; ++ ++ int i, k = 0; ++ ++ for (i = 0; __environ[i]; i++) { ++ int found = 0, j; ++ ++ for (j = 0; junk[j]; j++) ++ if (!strncmp(__environ[i], junk[j], strlen(junk[j]))) ++ found = 1; ++ if (!found) ++ __environ[k++] = __environ[i]; ++ } ++ __environ[k] = NULL; ++} +--- a/inetd.8 ++++ b/inetd.8 +@@ -38,6 +38,7 @@ + .Sh SYNOPSIS + .Nm inetd + .Op Fl d ++.Op Fl E + .Op Fl R Ar rate + .Op Ar configuration file + .Sh DESCRIPTION +@@ -62,6 +63,13 @@ The options are as follows: + .Bl -tag -width Ds + .It Fl d + Turns on debugging. ++.It Fl E ++Prevents ++.Nm inetd ++from laundering the environment. Without this option a selection of ++potentially harmful environent variables, including ++.Pa PATH , ++will be removed and not inherited by services. + .It Fl R Ar rate + Specify the maximum number of times a service can be invoked + in one minute; the default is 256. --- openbsd-inetd-0.20080125.orig/debian/patches/test +++ openbsd-inetd-0.20080125/debian/patches/test @@ -0,0 +1,18 @@ +--- /dev/null ++++ b/test.conf +@@ -0,0 +1,15 @@ ++localhost:1111 stream tcp4 nowait md /usr/sbin/tcpd /usr/sbin/try-from ++#1111 stream tcp6 nowait md /usr/sbin/tcpd /usr/sbin/try-from ++ ++ip6-localhost:2222 stream tcp46 nowait md /usr/sbin/tcpd /usr/sbin/in.telnetd ++ ++2220 stream tcp46 nowait md /usr/sbin/tcpd /usr/sbin/try-from ++2221 stream tcp nowait md /usr/sbin/tcpd /usr/sbin/try-from ++ ++2224 stream tcp4 nowait.3 md /usr/sbin/tcpd /usr/sbin/try-from ++ ++2226 stream tcp6 nowait md /usr/sbin/tcpd /usr/sbin/try-from ++ ++9999 stream tcp6 nowait md /bin/false false ++ ++#/tmp/sock stream unix nowait md /usr/sbin/try-from --- openbsd-inetd-0.20080125.orig/debian/patches/setproctitle +++ openbsd-inetd-0.20080125/debian/patches/setproctitle @@ -0,0 +1,184 @@ +--- a/inetd.c ++++ b/inetd.c +@@ -167,6 +167,7 @@ static const char rcsid[] = "$OpenBSD: i + #include + #include + #include "pathnames.h" ++#include "setproctitle.h" + + size_t strlcpy(char *, const char *, size_t); + +@@ -331,7 +332,7 @@ fd_grow(fd_set **fdsp, int *bytes, int f + struct sigaction sa, sapipe; + + int +-main(int argc, char *argv[]) ++main(int argc, char *argv[], char *envp[]) + { + fd_set *fdsrp = NULL; + int readablen = 0, ch; +@@ -342,6 +343,8 @@ main(int argc, char *argv[]) + progname = strrchr(argv[0], '/'); + progname = progname ? progname + 1 : argv[0]; + ++ initsetproctitle(argc, argv, envp); ++ + while ((ch = getopt(argc, argv, "dR:")) != -1) + switch (ch) { + case 'd': +--- /dev/null ++++ b/setproctitle.c +@@ -0,0 +1,146 @@ ++/* ++ * setproctitle implementation for linux. ++ * Stolen from sendmail 8.7.4 and bashed around by David A. Holland ++ */ ++ ++/* ++ * Copyright (c) 1983, 1995 Eric P. Allman ++ * Copyright (c) 1988, 1993 ++ * The Regents of the University of California. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * This product includes software developed by the University of ++ * California, Berkeley and its contributors. ++ * 4. Neither the name of the University nor the names of its contributors ++ * may be used to endorse or promote products derived from this software ++ * without specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * From: @(#)conf.c 8.243 (Berkeley) 11/20/95 ++ */ ++char setproctitle_rcsid[] = ++ "$Id: setproctitle.c,v 1.3 1997/05/19 12:58:15 dholland Exp $"; ++ ++#include ++#include ++#include ++#include ++#include ++ ++#include "setproctitle.h" ++/* ++** SETPROCTITLE -- set process title for ps ++** ++** Parameters: ++** fmt -- a printf style format string. ++** a, b, c -- possible parameters to fmt. ++** ++** Returns: ++** none. ++** ++** Side Effects: ++** Clobbers argv of our main procedure so ps(1) will ++** display the title. ++*/ ++ ++ ++/* ++** Pointers for setproctitle. ++** This allows "ps" listings to give more useful information. ++*/ ++ ++static char **Argv = NULL; /* pointer to argument vector */ ++static char *LastArgv = NULL; /* end of argv */ ++static char Argv0[128]; /* program name */ ++ ++void ++initsetproctitle(int argc, char **argv, char **envp) ++{ ++ register int i; ++ char *tmp; ++ ++ /* ++ ** Move the environment so setproctitle can use the space at ++ ** the top of memory. ++ */ ++ ++ for (i = 0; envp[i] != NULL; i++) ++ continue; ++ __environ = (char **) malloc(sizeof (char *) * (i + 1)); ++ for (i = 0; envp[i] != NULL; i++) ++ __environ[i] = strdup(envp[i]); ++ __environ[i] = NULL; ++ ++ /* ++ ** Save start and extent of argv for setproctitle. ++ */ ++ ++ Argv = argv; ++ if (i > 0) ++ LastArgv = envp[i - 1] + strlen(envp[i - 1]); ++ else ++ LastArgv = argv[argc - 1] + strlen(argv[argc - 1]); ++ ++ tmp = strrchr(argv[0], '/'); ++ if (!tmp) tmp = argv[0]; ++ else tmp++; ++ strncpy(Argv0, tmp, sizeof(Argv0)); ++ /* remember to take away one or we go outside the array space */ ++ Argv0[sizeof(Argv0) - 1] = 0; ++} ++ ++void ++setproctitle(const char *fmt, ...) ++{ ++ register char *p; ++ register int i; ++ static char buf[2048]; ++ va_list ap; ++ ++ p = buf; ++ ++ /* print progname: heading for grep */ ++ /* This can't overflow buf due to the relative size of Argv0. */ ++ (void) strcpy(p, Argv0); ++ (void) strcat(p, ": "); ++ p += strlen(p); ++ ++ /* print the argument string */ ++ va_start(ap, fmt); ++ (void) vsnprintf(p, sizeof(buf) - (p - buf), fmt, ap); ++ va_end(ap); ++ ++ i = strlen(buf); ++ ++ if (i > LastArgv - Argv[0] - 2) ++ { ++ i = LastArgv - Argv[0] - 2; ++ buf[i] = '\0'; ++ } ++ (void) strcpy(Argv[0], buf); ++ p = &Argv[0][i]; ++ while (p < LastArgv) ++ *p++ = ' '; ++ Argv[1] = NULL; ++} ++ +--- /dev/null ++++ b/setproctitle.h +@@ -0,0 +1,4 @@ ++/* Call this from main. */ ++void initsetproctitle(int argc, char **argv, char **envp); ++ ++void setproctitle(const char *fmt, ...); --- openbsd-inetd-0.20080125.orig/debian/patches/libwrap +++ openbsd-inetd-0.20080125/debian/patches/libwrap @@ -0,0 +1,144 @@ +--- a/inetd.c ++++ b/inetd.c +@@ -175,6 +175,11 @@ size_t strlcpy(char *, const char *, siz + #define CNT_INTVL 60 /* servers in CNT_INTVL sec. */ + #define RETRYTIME (60*10) /* retry after bind or server fail */ + ++#ifdef LIBWRAP ++# include ++int lflag = 0; ++#endif ++ + int debug = 0; + int nsock, maxsock; + fd_set *allsockp; +@@ -347,7 +352,7 @@ main(int argc, char *argv[], char *envp[ + + initsetproctitle(argc, argv, envp); + +- while ((ch = getopt(argc, argv, "dER:")) != -1) ++ while ((ch = getopt(argc, argv, "dElR:")) != -1) + switch (ch) { + case 'd': + debug = 1; +@@ -355,6 +360,15 @@ main(int argc, char *argv[], char *envp[ + case 'E': + keepenv = 1; + break; ++ case 'l': ++#ifdef LIBWRAP ++ lflag = 1; ++ break; ++#else ++ fprintf(stderr, "%s: libwrap support not enabled", ++ progname); ++ exit(1); ++#endif + case 'R': { /* invocation rate */ + char *p; + int val; +@@ -372,7 +386,7 @@ main(int argc, char *argv[], char *envp[ + case '?': + default: + fprintf(stderr, +- "usage: %s [-dE] [-R rate] [configuration file]\n", ++ "usage: %s [-dEl] [-R rate] [configuration file]\n", + progname); + exit(1); + } +@@ -1970,6 +1984,47 @@ spawn(struct servtab *sep, int ctrl) + } + sigprocmask(SIG_SETMASK, &emptymask, NULL); + if (pid == 0) { ++#ifdef LIBWRAP ++ if (lflag && !sep->se_wait && sep->se_socktype == SOCK_STREAM) { ++ struct request_info req; ++ char *service; ++ ++ /* do not execute tcpd if it is in the config */ ++ if (strcmp(sep->se_server, "/usr/sbin/tcpd") == 0) { ++ char *p, *name; ++ ++ free(sep->se_server); ++ name = sep->se_server = sep->se_argv[0]; ++ for (p = name; *p; p++) ++ if (*p == '/') ++ name = p + 1; ++ sep->se_argv[0] = newstr(name); ++ } ++ ++ request_init(&req, RQ_DAEMON, sep->se_argv[0], ++ RQ_FILE, ctrl, NULL); ++ fromhost(&req); ++ if (getnameinfo(&sep->se_ctrladdr, ++ sizeof(sep->se_ctrladdr), NULL, 0, buf, ++ sizeof(buf), 0) != 0) { ++ /* shouldn't happen */ ++ snprintf(buf, sizeof buf, "%d", ++ ntohs(sep->se_ctrladdr_in.sin_port)); ++ } ++ service = buf; ++ if (!hosts_access(&req)) { ++ syslog(deny_severity, "refused connection" ++ " from %.500s, service %s (%s)", ++ eval_client(&req), service, sep->se_proto); ++ if (sep->se_socktype != SOCK_STREAM) ++ recv(0, buf, sizeof (buf), 0); ++ exit(1); ++ } ++ syslog(allow_severity, ++ "connection from %.500s, service %s (%s)", ++ eval_client(&req), service, sep->se_proto); ++ } ++#endif + if (sep->se_bi) + (*sep->se_bi->bi_fn)(ctrl, sep); + else { +--- a/inetd.8 ++++ b/inetd.8 +@@ -39,6 +39,7 @@ + .Nm inetd + .Op Fl d + .Op Fl E ++.Op Fl l + .Op Fl R Ar rate + .Op Ar configuration file + .Sh DESCRIPTION +@@ -70,6 +71,13 @@ from laundering the environment. Withou + potentially harmful environent variables, including + .Pa PATH , + will be removed and not inherited by services. ++.It Fl l ++Turns on libwrap connection logging and access control. ++Internal services cannot be wrapped. When enabled, ++.Pa /usr/sbin/tcpd ++is silently not executed even if present in ++.Pa /etc/inetd.conf ++and instead libwrap is called directly by inetd. + .It Fl R Ar rate + Specify the maximum number of times a service can be invoked + in one minute; the default is 256. +@@ -353,6 +361,23 @@ is reread. + creates a file + .Em /var/run/inetd.pid + that contains its process identifier. ++.Ss libwrap ++Support for ++.Tn TCP ++wrappers is included with ++.Nm ++to provide built-in tcpd-like access control functionality. ++An external tcpd program is not needed. ++You do not need to change the ++.Pa /etc/inetd.conf ++server-program entry to enable this capability. ++.Nm ++uses ++.Pa /etc/hosts.allow ++and ++.Pa /etc/hosts.deny ++for access control facility configurations, as described in ++.Xr hosts_access 5 . + .Ss IPv6 TCP/UDP behavior + If you wish to run a server for IPv4 and IPv6 traffic, + you'll need to run two separate processes for the same server program, --- openbsd-inetd-0.20080125.orig/debian/patches/global_queuelen +++ openbsd-inetd-0.20080125/debian/patches/global_queuelen @@ -0,0 +1,49 @@ +--- a/inetd.c ++++ b/inetd.c +@@ -178,6 +178,7 @@ int lflag = 0; + #endif + + int debug = 0; ++int global_queuelen = 128; + int nsock, maxsock; + fd_set *allsockp; + int allsockn; +@@ -350,7 +351,7 @@ main(int argc, char *argv[], char *envp[ + + initsetproctitle(argc, argv, envp); + +- while ((ch = getopt(argc, argv, "dEilR:")) != -1) ++ while ((ch = getopt(argc, argv, "dEilq:R:")) != -1) + switch (ch) { + case 'd': + debug = 1; +@@ -370,6 +371,11 @@ main(int argc, char *argv[], char *envp[ + progname); + exit(1); + #endif ++ case 'q': ++ global_queuelen = atoi(optarg); ++ if (global_queuelen < 10) ++ global_queuelen = 10; ++ break; + case 'R': { /* invocation rate */ + char *p; + int val; +@@ -387,7 +393,7 @@ main(int argc, char *argv[], char *envp[ + case '?': + default: + fprintf(stderr, +- "usage: %s [-dEil] [-R rate] [configuration file]\n", ++ "usage: %s [-dEil] [-q len] [-R rate] [configuration file]\n", + progname); + exit(1); + } +@@ -1072,7 +1078,7 @@ setsockopt(fd, SOL_SOCKET, opt, &on, siz + return; + } + if (sep->se_socktype == SOCK_STREAM) +- listen(sep->se_fd, 10); ++ listen(sep->se_fd, global_queuelen); + + fd_grow(&allsockp, &allsockn, sep->se_fd); + FD_SET(sep->se_fd, allsockp); --- openbsd-inetd-0.20080125.orig/debian/patches/nodaemon +++ openbsd-inetd-0.20080125/debian/patches/nodaemon @@ -0,0 +1,70 @@ +--- a/inetd.8 ++++ b/inetd.8 +@@ -39,6 +39,7 @@ + .Nm inetd + .Op Fl d + .Op Fl E ++.Op Fl i + .Op Fl l + .Op Fl R Ar rate + .Op Ar configuration file +@@ -71,6 +72,8 @@ from laundering the environment. Withou + potentially harmful environent variables, including + .Pa PATH , + will be removed and not inherited by services. ++.It Fl d ++Makes the program not daemonize itself. + .It Fl l + Turns on libwrap connection logging and access control. + Internal services cannot be wrapped. When enabled, +--- a/inetd.c ++++ b/inetd.c +@@ -343,6 +343,7 @@ main(int argc, char *argv[], char *envp[ + fd_set *fdsrp = NULL; + int readablen = 0, ch; + int keepenv = 0; ++ int nodaemon = 0; + struct servtab *sep; + extern char *optarg; + extern int optind; +@@ -352,7 +353,7 @@ main(int argc, char *argv[], char *envp[ + + initsetproctitle(argc, argv, envp); + +- while ((ch = getopt(argc, argv, "dElR:")) != -1) ++ while ((ch = getopt(argc, argv, "dEilR:")) != -1) + switch (ch) { + case 'd': + debug = 1; +@@ -360,6 +361,9 @@ main(int argc, char *argv[], char *envp[ + case 'E': + keepenv = 1; + break; ++ case 'i': ++ nodaemon = 1; ++ break; + case 'l': + #ifdef LIBWRAP + lflag = 1; +@@ -386,7 +390,7 @@ main(int argc, char *argv[], char *envp[ + case '?': + default: + fprintf(stderr, +- "usage: %s [-dEl] [-R rate] [configuration file]\n", ++ "usage: %s [-dEil] [-R rate] [configuration file]\n", + progname); + exit(1); + } +@@ -415,7 +419,11 @@ main(int argc, char *argv[], char *envp[ + + umask(022); + if (debug == 0) { +- daemon(0, 0); ++ if (nodaemon == 0) ++ if (daemon(0, 0) < 0) { ++ syslog(LOG_ERR, "daemon(0, 0): %m"); ++ exit(1); ++ } + #ifdef HAVE_SETLOGIN + if (uid == 0) + (void) setlogin(""); --- openbsd-inetd-0.20080125.orig/debian/patches/tcp46 +++ openbsd-inetd-0.20080125/debian/patches/tcp46 @@ -0,0 +1,50 @@ +--- a/inetd.8 ++++ b/inetd.8 +@@ -413,6 +413,11 @@ and IPv6 traffic will go to server on + If you have only one server on + .Dq tcp6 , + only IPv6 traffic will be routed to the server. ++.Pp ++The special ++.Dq tcp46 ++parameter can be used for obsolete servers which require to receive IPv4 ++connections mapped in an IPv6 socket. Its usage is discouraged. + .El + .Sh SEE ALSO + .Xr fingerd 8 , +--- a/inetd.c ++++ b/inetd.c +@@ -826,10 +826,14 @@ doconfig(void) + + if (!port) { + /* XXX */ ++ char *p; + strncpy(protoname, sep->se_proto, + sizeof(protoname)); +- if (isdigit(protoname[strlen(protoname) - 1])) +- protoname[strlen(protoname) - 1] = '\0'; ++ for (p = protoname; *p; p++) ++ if (isdigit(*p)) { ++ *p = '\0'; ++ break; ++ } + sp = getservbyname(sep->se_service, + protoname); + if (sp == 0) { +@@ -1023,6 +1027,16 @@ setup(struct servtab *sep) + sep->se_service, sep->se_proto); + return; + } ++ if (strncmp(sep->se_proto, "tcp6", 4) == 0) { ++ if (setsockopt(sep->se_fd, IPPROTO_IPV6, IPV6_V6ONLY, &on, ++ sizeof (on)) < 0) ++ syslog(LOG_ERR, "setsockopt (IPV6_V6ONLY): %m"); ++ } else if (strncmp(sep->se_proto, "tcp46", 5) == 0) { ++ int off = 0; ++ if (setsockopt(sep->se_fd, IPPROTO_IPV6, IPV6_V6ONLY, &off, ++ sizeof (off)) < 0) ++ syslog(LOG_ERR, "setsockopt (IPV6_V6ONLY): %m"); ++ } + #define turnon(fd, opt) \ + setsockopt(fd, SOL_SOCKET, opt, &on, sizeof (on)) + if (strncmp(sep->se_proto, "tcp", 3) == 0 && (options & SO_DEBUG) && --- openbsd-inetd-0.20080125.orig/debian/patches/print_pause_time +++ openbsd-inetd-0.20080125/debian/patches/print_pause_time @@ -0,0 +1,14 @@ +--- a/inetd.c ++++ b/inetd.c +@@ -1956,8 +1956,9 @@ spawn(struct servtab *sep, int ctrl) + return; + } + syslog(LOG_ERR, +- "%s/%s server failing (looping), service terminated", +- sep->se_service, sep->se_proto); ++ "%s/%s server failing (looping), service terminated for %d min", ++ sep->se_service, sep->se_proto, ++ RETRYTIME/60); + if (!sep->se_wait && + sep->se_socktype == SOCK_STREAM) + close(ctrl); --- openbsd-inetd-0.20080125.orig/debian/patches/makefile +++ openbsd-inetd-0.20080125/debian/patches/makefile @@ -0,0 +1,19 @@ +--- /dev/null ++++ b/Makefile.debian +@@ -0,0 +1,16 @@ ++DEFS := -DLIBWRAP ++LIBS := -lwrap ++ ++inetd_OBJECTS := inetd.o setproctitle.o strlcpy.o ++ ++all: inetd ++ ++.c.o: ++ $(CC) $(DEFS) $(CFLAGS) -c $< ++ ++inetd: $(inetd_OBJECTS) ++ $(CC) $(LDFLAGS) -o $@ $^ $(LIBS) ++ ++clean: ++ rm -f inetd inetd.o setproctitle.o strlcpy.o ++ --- openbsd-inetd-0.20080125.orig/debian/patches/series +++ openbsd-inetd-0.20080125/debian/patches/series @@ -0,0 +1,14 @@ +# portability +makefile +test +misc_portability +setproctitle + +# features +discard_env +libwrap +nodaemon +global_queuelen +print_pause_time +tcp46 +buftuning --- openbsd-inetd-0.20080125.orig/debian/patches/buftuning +++ openbsd-inetd-0.20080125/debian/patches/buftuning @@ -0,0 +1,165 @@ +--- a/inetd.8 ++++ b/inetd.8 +@@ -107,7 +107,7 @@ The fields of the configuration file are + .Bd -unfilled -offset indent + service name + socket type +-protocol ++protocol[,sndbuf=size][,rcvbuf=size] + wait/nowait[.max] + user[.group] or user[:group] + server program +@@ -119,7 +119,7 @@ based service, the entry would contain t + .Bd -unfilled -offset indent + service name/version + socket type +-rpc/protocol ++rpc/protocol[,sndbuf=size][,rcvbuf=size] + wait/nowait[.max] + user[.group] or user[:group] + server program +@@ -234,6 +234,30 @@ is used to specify a socket in the + .Ux + domain. + .Pp ++In addition to the protocol, the configuration file may specify the ++send and receive socket buffer sizes for the listening socket. ++This is especially useful for ++.Tn TCP ++as the window scale factor, which is based on the receive socket ++buffer size, is advertised when the connection handshake occurs, ++thus the socket buffer size for the server must be set on the listen socket. ++By increasing the socket buffer sizes, better ++.Tn TCP ++performance may be realized in some situations. ++The socket buffer sizes are specified by appending their values to ++the protocol specification as follows: ++.Bd -literal -offset indent ++tcp,rcvbuf=16384 ++tcp,sndbuf=64k ++tcp,rcvbuf=64k,sndbuf=1m ++.Ed ++.Pp ++A literal value may be specified, or modified using ++.Sq k ++to indicate kilobytes or ++.Sq m ++to indicate megabytes. ++.Pp + The + .Em wait/nowait + entry is used to tell +--- a/inetd.c ++++ b/inetd.c +@@ -206,6 +206,8 @@ struct servtab { + int se_socktype; /* type of socket to use */ + int se_family; /* address family */ + char *se_proto; /* protocol used */ ++ int se_sndbuf; /* sndbuf size */ ++ int se_rcvbuf; /* rcvbuf size */ + int se_rpcprog; /* rpc program number */ + int se_rpcversl; /* rpc program lowest version */ + int se_rpcversh; /* rpc program highest version */ +@@ -1252,6 +1254,8 @@ getconfigent(void) + { + struct servtab *sep, *tsep; + char *arg, *cp, *hostdelim, *s; ++ char *cp0, *buf0, *buf1, *sz0, *sz1; ++ int val; + int argc; + + sep = (struct servtab *) malloc(sizeof(struct servtab)); +@@ -1327,6 +1331,93 @@ more: + + sep->se_proto = newstr(arg); + ++#define MALFORMED(arg) \ ++do { \ ++ syslog(LOG_ERR, "%s: malformed buffer size option `%s'", \ ++ sep->se_service, (arg)); \ ++ goto more; \ ++} while (0) ++ ++#define GETVAL(arg) \ ++do { \ ++ if (!isdigit(*(arg))) \ ++ MALFORMED(arg); \ ++ val = strtol((arg), &cp0, 10); \ ++ if (cp0 != NULL) { \ ++ if (cp0[1] != '\0') \ ++ MALFORMED((arg)); \ ++ if (cp0[0] == 'k') \ ++ val *= 1024; \ ++ if (cp0[0] == 'm') \ ++ val *= 1024 * 1024; \ ++ } \ ++ if (val < 1) { \ ++ syslog(LOG_ERR, "%s: invalid buffer size `%s'", \ ++ sep->se_service, (arg)); \ ++ goto more; \ ++ } \ ++} while (0) ++ ++#define ASSIGN(arg) \ ++do { \ ++ if (strcmp((arg), "sndbuf") == 0) \ ++ sep->se_sndbuf = val; \ ++ else if (strcmp((arg), "rcvbuf") == 0) \ ++ sep->se_rcvbuf = val; \ ++ else \ ++ MALFORMED((arg)); \ ++} while (0) ++ ++ /* ++ * Extract the send and receive buffer sizes before parsing ++ * the protocol. ++ */ ++ sep->se_sndbuf = sep->se_rcvbuf = 0; ++ buf0 = buf1 = sz0 = sz1 = NULL; ++ if ((buf0 = strchr(sep->se_proto, ',')) != NULL) { ++ /* Skip the , */ ++ *buf0++ = '\0'; ++ ++ /* Check to see if another socket buffer size was specified. */ ++ if ((buf1 = strchr(buf0, ',')) != NULL) { ++ /* Skip the , */ ++ *buf1++ = '\0'; ++ ++ /* Make sure a 3rd one wasn't specified. */ ++ if (strchr(buf1, ',') != NULL) { ++ syslog(LOG_ERR, "%s: too many buffer sizes", ++ sep->se_service); ++ goto more; ++ } ++ ++ /* Locate the size. */ ++ if ((sz1 = strchr(buf1, '=')) == NULL) ++ MALFORMED(buf1); ++ ++ /* Skip the = */ ++ *sz1++ = '\0'; ++ } ++ ++ /* Locate the size. */ ++ if ((sz0 = strchr(buf0, '=')) == NULL) ++ MALFORMED(buf0); ++ ++ /* Skip the = */ ++ *sz0++ = '\0'; ++ ++ GETVAL(sz0); ++ ASSIGN(buf0); ++ ++ if (buf1 != NULL) { ++ GETVAL(sz1); ++ ASSIGN(buf1); ++ } ++ } ++ ++#undef ASSIGN ++#undef GETVAL ++#undef MALFORMED ++ + if (strcmp(sep->se_proto, "unix") == 0) { + sep->se_family = AF_UNIX; + } else {