diff --git a/.tcp_wrappers.metadata b/.tcp_wrappers.metadata
new file mode 100644
index 0000000..4ad80d1
--- /dev/null
+++ b/.tcp_wrappers.metadata
@@ -0,0 +1 @@
+e82e269337223a001118e5084b05c6c53fe53dc5 SOURCES/tcp_wrappers_7.6-ipv6.4.tar.gz
diff --git a/README.md b/README.md
deleted file mode 100644
index 0e7897f..0000000
--- a/README.md
+++ /dev/null
@@ -1,5 +0,0 @@
-The master branch has no content
-
-Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6
-
-If you find this file in a distro specific branch, it means that no content has been checked in yet
diff --git a/SOURCES/tcp_wrappers-7.6-162412.patch b/SOURCES/tcp_wrappers-7.6-162412.patch
new file mode 100644
index 0000000..5f19db5
--- /dev/null
+++ b/SOURCES/tcp_wrappers-7.6-162412.patch
@@ -0,0 +1,12 @@
+diff -up tcp_wrappers_7.6/inetcf.c.patch16 tcp_wrappers_7.6/inetcf.c
+--- tcp_wrappers_7.6/inetcf.c.patch16 2008-08-29 09:45:12.000000000 +0200
++++ tcp_wrappers_7.6/inetcf.c 2008-08-29 09:45:12.000000000 +0200
+@@ -61,7 +61,7 @@ char *inet_cfg(conf)
+ char *conf;
+ {
+ char buf[BUFSIZ];
+- FILE *fp;
++ FILE *fp = NULL;
+ char *service;
+ char *protocol;
+ char *user;
diff --git a/SOURCES/tcp_wrappers-7.6-196326.patch b/SOURCES/tcp_wrappers-7.6-196326.patch
new file mode 100644
index 0000000..bd98250
--- /dev/null
+++ b/SOURCES/tcp_wrappers-7.6-196326.patch
@@ -0,0 +1,13 @@
+diff -up tcp_wrappers_7.6/hosts_access.c.patch21 tcp_wrappers_7.6/hosts_access.c
+--- tcp_wrappers_7.6/hosts_access.c.patch21 2008-08-29 09:45:12.000000000 +0200
++++ tcp_wrappers_7.6/hosts_access.c 2008-08-29 09:45:12.000000000 +0200
+@@ -391,6 +391,9 @@ char *string;
+ return (STR_NE(string, unknown));
+ } else if (tok[(n = strlen(tok)) - 1] == '.') { /* prefix */
+ return (STRN_EQ(tok, string, n));
++ } else if ((STR_EQ(tok, "localhost") || STR_EQ(tok, "localhost.localdomain"))
++ && (STR_EQ(string, "localhost") || STR_EQ(string, "localhost.localdomain"))) {
++ return (YES); /* these localhosts are equivalent */
+ } else { /* exact match */
+ return (STR_EQ(tok, string));
+ }
diff --git a/SOURCES/tcp_wrappers-7.6-220015.patch b/SOURCES/tcp_wrappers-7.6-220015.patch
new file mode 100644
index 0000000..77f5d07
--- /dev/null
+++ b/SOURCES/tcp_wrappers-7.6-220015.patch
@@ -0,0 +1,88 @@
+diff -up tcp_wrappers_7.6/hosts_ctl.c.patch17 tcp_wrappers_7.6/hosts_ctl.c
+--- tcp_wrappers_7.6/hosts_ctl.c.patch17 1994-12-28 17:42:28.000000000 +0100
++++ tcp_wrappers_7.6/hosts_ctl.c 2008-08-29 09:45:12.000000000 +0200
+@@ -29,10 +29,12 @@ char *user;
+ {
+ struct request_info request;
+
+- return (hosts_access(request_init(&request,
+- RQ_DAEMON, daemon,
+- RQ_CLIENT_NAME, name,
+- RQ_CLIENT_ADDR, addr,
+- RQ_USER, user,
+- 0)));
++ request_init(&request, RQ_DAEMON, daemon,
++ RQ_CLIENT_NAME, name,
++ RQ_CLIENT_ADDR, addr,
++ RQ_USER, user,
++ 0);
++ sock_hostnofd(&request);
++
++ return (hosts_access(&request));
+ }
+diff -up tcp_wrappers_7.6/socket.c.patch17 tcp_wrappers_7.6/socket.c
+--- tcp_wrappers_7.6/socket.c.patch17 2008-08-29 09:45:12.000000000 +0200
++++ tcp_wrappers_7.6/socket.c 2008-08-29 09:45:12.000000000 +0200
+@@ -130,6 +130,51 @@ struct request_info *request;
+ request->server->sin = &server;
+ }
+
++/* sock_hostnofd - look up endpoint addresses and install conversion methods */
++
++void sock_hostnofd(request)
++struct request_info *request;
++{
++ static struct sockaddr_storage client;
++ struct addrinfo hints, *res;
++ int ret;
++ char *host;
++
++ /* If the address field is non-empty and non-unknown and if the hostname
++ * field is empty or unknown, use the address field to get the sockaddr
++ * and hostname. */
++ if (strlen(request->client->addr) &&
++ HOSTNAME_KNOWN(request->client->addr) &&
++ (!strlen(request->client->name) ||
++ !HOSTNAME_KNOWN(request->client->name)))
++ host = request->client->addr;
++ else
++ return;
++
++ memset(&hints, 0, sizeof(hints));
++ hints.ai_family = AF_INET6;
++ hints.ai_socktype = SOCK_STREAM;
++ hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST;
++
++ ret = getaddrinfo(host, NULL, &hints, &res);
++ if (ret != 0) {
++ hints.ai_family = AF_INET;
++ ret = getaddrinfo(host, NULL, &hints, &res);
++ }
++
++ if (ret != 0) {
++ tcpd_warn("can't resolve hostname (%s): %s", host, gai_strerror(ret));
++ } else {
++ sock_methods(request);
++
++ memcpy(&client, res->ai_addr, res->ai_addrlen);
++ request->client->sin = (struct sockaddr *)&client;
++ freeaddrinfo(res);
++
++ request->client->name[0] = 0;
++ }
++}
++
+ /* sock_hostaddr - map endpoint address to printable form */
+
+ void sock_hostaddr(host)
+diff -up tcp_wrappers_7.6/tcpd.h.patch17 tcp_wrappers_7.6/tcpd.h
+--- tcp_wrappers_7.6/tcpd.h.patch17 2008-08-29 09:45:12.000000000 +0200
++++ tcp_wrappers_7.6/tcpd.h 2008-08-29 09:45:12.000000000 +0200
+@@ -167,6 +167,7 @@ extern char *eval_server __P((struct req
+
+ /* look up endpoint addresses */
+ extern void sock_host __P((struct request_info *));
++extern void sock_hostnofd __P((struct request_info *));
+ /* translate address to hostname */
+ extern void sock_hostname __P((struct host_info *));
+ /* address to printable address */
diff --git a/SOURCES/tcp_wrappers-7.6-altformat.patch b/SOURCES/tcp_wrappers-7.6-altformat.patch
new file mode 100644
index 0000000..91da9bd
--- /dev/null
+++ b/SOURCES/tcp_wrappers-7.6-altformat.patch
@@ -0,0 +1,33 @@
+diff -up tcp_wrappers_7.6-ipv6.4/hosts_access.c.altformat tcp_wrappers_7.6-ipv6.4/hosts_access.c
+--- tcp_wrappers_7.6-ipv6.4/hosts_access.c.altformat 2013-08-15 18:46:30.398827866 +0200
++++ tcp_wrappers_7.6-ipv6.4/hosts_access.c 2013-08-15 18:50:03.099748732 +0200
+@@ -326,11 +326,15 @@ struct host_info *host;
+ if (cbr = strchr(tok, ']'))
+ *cbr = '\0';
+
++ if (cbr == NULL) {
++ tcpd_warn("bad IP6 address specification");
++ return (NO);
++ }
+ /*
+ * A /nnn prefix specifies how many bits of the address we
+ * need to check.
+ */
+- if (slash = strchr(tok, '/')) {
++ if ((slash = strchr(tok, '/')) || (slash = strchr(cbr+1, '/'))) {
+ *slash = '\0';
+ mask = atoi(slash+1);
+ if (mask < 0 || mask > IPV6_ABITS) {
+diff -up tcp_wrappers_7.6-ipv6.4/tcpdchk.c.altformat tcp_wrappers_7.6-ipv6.4/tcpdchk.c
+--- tcp_wrappers_7.6-ipv6.4/tcpdchk.c.altformat 1999-10-28 08:38:06.000000000 +0200
++++ tcp_wrappers_7.6-ipv6.4/tcpdchk.c 2013-08-15 18:46:30.399827870 +0200
+@@ -430,6 +430,9 @@ char *pat;
+ int err = 0;
+ int mask = IPV6_ABITS;
+
++ if (!slash)
++ slash = strchr(cbr+1, '/');
++
+ if (slash != NULL) {
+ *slash = '\0';
+ mask = atoi(slash + 1);
diff --git a/SOURCES/tcp_wrappers-7.6-bug11881.patch b/SOURCES/tcp_wrappers-7.6-bug11881.patch
new file mode 100644
index 0000000..082825a
--- /dev/null
+++ b/SOURCES/tcp_wrappers-7.6-bug11881.patch
@@ -0,0 +1,37 @@
+diff -up tcp_wrappers_7.6/eval.c.patch4 tcp_wrappers_7.6/eval.c
+--- tcp_wrappers_7.6/eval.c.patch4 1995-01-30 19:51:46.000000000 +0100
++++ tcp_wrappers_7.6/eval.c 2008-08-29 09:45:12.000000000 +0200
+@@ -111,7 +111,7 @@ struct request_info *request;
+ return (hostinfo);
+ #endif
+ if (STR_NE(eval_user(request), unknown)) {
+- sprintf(both, "%s@%s", request->user, hostinfo);
++ snprintf(both, sizeof(both), "%s@%s", request->user, hostinfo);
+ return (both);
+ } else {
+ return (hostinfo);
+@@ -128,7 +128,7 @@ struct request_info *request;
+ char *daemon = eval_daemon(request);
+
+ if (STR_NE(host, unknown)) {
+- sprintf(both, "%s@%s", daemon, host);
++ snprintf(both, sizeof(both), "%s@%s", daemon, host);
+ return (both);
+ } else {
+ return (daemon);
+diff -up tcp_wrappers_7.6/tcpd.c.patch4 tcp_wrappers_7.6/tcpd.c
+--- tcp_wrappers_7.6/tcpd.c.patch4 1996-02-11 17:01:33.000000000 +0100
++++ tcp_wrappers_7.6/tcpd.c 2008-08-29 09:45:12.000000000 +0200
+@@ -60,10 +60,10 @@ char **argv;
+ */
+
+ if (argv[0][0] == '/') {
+- strcpy(path, argv[0]);
++ strncpy(path, argv[0], sizeof(path));
+ argv[0] = strrchr(argv[0], '/') + 1;
+ } else {
+- sprintf(path, "%s/%s", REAL_DAEMON_DIR, argv[0]);
++ snprintf(path, sizeof(path), "%s/%s", REAL_DAEMON_DIR, argv[0]);
+ }
+
+ /*
diff --git a/SOURCES/tcp_wrappers-7.6-bug17795.patch b/SOURCES/tcp_wrappers-7.6-bug17795.patch
new file mode 100644
index 0000000..c3bddd3
--- /dev/null
+++ b/SOURCES/tcp_wrappers-7.6-bug17795.patch
@@ -0,0 +1,56 @@
+diff -up tcp_wrappers_7.6/hosts_access.5.patch5 tcp_wrappers_7.6/hosts_access.5
+--- tcp_wrappers_7.6/hosts_access.5.patch5 1995-01-30 19:51:47.000000000 +0100
++++ tcp_wrappers_7.6/hosts_access.5 2008-08-29 09:45:12.000000000 +0200
+@@ -89,6 +89,13 @@ An expression of the form `n.n.n.n/m.m.m
+ bitwise AND of the address and the `mask\'. For example, the net/mask
+ pattern `131.155.72.0/255.255.254.0\' matches every address in the
+ range `131.155.72.0\' through `131.155.73.255\'.
++.IP \(bu
++A string that begins with a `/\' character is treated as a file
++name. A host name or address is matched if it matches any host name
++or address pattern listed in the named file. The file format is
++zero or more lines with zero or more host name or address patterns
++separated by whitespace. A file name pattern can be used anywhere
++a host name or address pattern can be used.
+ .SH WILDCARDS
+ The access control language supports explicit wildcards:
+ .IP ALL
+diff -up tcp_wrappers_7.6/hosts_access.c.patch5 tcp_wrappers_7.6/hosts_access.c
+--- tcp_wrappers_7.6/hosts_access.c.patch5 1997-02-12 02:13:23.000000000 +0100
++++ tcp_wrappers_7.6/hosts_access.c 2008-08-29 09:45:12.000000000 +0200
+@@ -240,6 +240,26 @@ struct request_info *request;
+ }
+ }
+
++/* hostfile_match - look up host patterns from file */
++
++static int hostfile_match(path, host)
++char *path;
++struct hosts_info *host;
++{
++ char tok[BUFSIZ];
++ int match = NO;
++ FILE *fp;
++
++ if ((fp = fopen(path, "r")) != 0) {
++ while (fscanf(fp, "%s", tok) == 1 && !(match = host_match(tok, host)))
++ /* void */ ;
++ fclose(fp);
++ } else if (errno != ENOENT) {
++ tcpd_warn("open %s: %m", path);
++ }
++ return (match);
++}
++
+ /* host_match - match host name and/or address against pattern */
+
+ static int host_match(tok, host)
+@@ -267,6 +287,8 @@ struct host_info *host;
+ tcpd_warn("netgroup support is disabled"); /* not tcpd_jump() */
+ return (NO);
+ #endif
++ } else if (tok[0] == '/') { /* /file hack */
++ return (hostfile_match(tok, host));
+ } else if (STR_EQ(tok, "KNOWN")) { /* check address and name */
+ char *name = eval_hostname(host);
+ return (STR_NE(eval_hostaddr(host), unknown) && HOSTNAME_KNOWN(name));
diff --git a/SOURCES/tcp_wrappers-7.6-bug17847.patch b/SOURCES/tcp_wrappers-7.6-bug17847.patch
new file mode 100644
index 0000000..eede2e7
--- /dev/null
+++ b/SOURCES/tcp_wrappers-7.6-bug17847.patch
@@ -0,0 +1,102 @@
+--- tcp_wrappers_7.6/hosts_access.5.patch6 2013-01-23 11:10:00.545081410 +0100
++++ tcp_wrappers_7.6/hosts_access.5 2013-01-23 11:10:00.549081436 +0100
+@@ -96,6 +96,10 @@ or address pattern listed in the named f
+ zero or more lines with zero or more host name or address patterns
+ separated by whitespace. A file name pattern can be used anywhere
+ a host name or address pattern can be used.
++.IP \(bu
++Wildcards `*\' and `?\' can be used to match hostnames or IP addresses. This
++method of matching cannot be used in conjunction with `net/mask\' matching,
++hostname matching beginning with `.\' or IP address matching ending with `.\'.
+ .SH WILDCARDS
+ The access control language supports explicit wildcards:
+ .IP ALL
+--- tcp_wrappers_7.6/hosts_access.c.patch6 2013-01-23 11:10:00.546081416 +0100
++++ tcp_wrappers_7.6/hosts_access.c 2013-01-23 11:12:28.519925230 +0100
+@@ -376,6 +376,11 @@ char *string;
+ {
+ int n;
+
++#ifndef DISABLE_WILDCARD_MATCHING
++ if (strchr(tok, '*') || strchr(tok,'?')) { /* contains '*' or '?' */
++ return (match_pattern_ylo(string,tok));
++ } else
++#endif
+ if (tok[0] == '.') { /* suffix */
+ n = strlen(string) - strlen(tok);
+ return (n > 0 && STR_EQ(tok, string + n));
+@@ -417,6 +422,74 @@ char *string;
+ return ((addr & mask) == net);
+ }
+
++#ifndef DISABLE_WILDCARD_MATCHING
++/* Note: this feature has been adapted in a pretty straightforward way
++ from Tatu Ylonen's last SSH version under free license by
++ Pekka Savola <pekkas@netcore.fi>.
++
++ Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
++*/
++
++/* Returns true if the given string matches the pattern (which may contain
++ ? and * as wildcards), and zero if it does not match. */
++
++int match_pattern_ylo(const char *s, const char *pattern)
++{
++ while (1)
++ {
++ /* If at end of pattern, accept if also at end of string. */
++ if (!*pattern)
++ return !*s;
++
++ /* Process '*'. */
++ if (*pattern == '*')
++ {
++ /* Skip the asterisk. */
++ pattern++;
++
++ /* If at end of pattern, accept immediately. */
++ if (!*pattern)
++ return 1;
++
++ /* If next character in pattern is known, optimize. */
++ if (*pattern != '?' && *pattern != '*')
++ {
++ /* Look instances of the next character in pattern, and try
++ to match starting from those. */
++ for (; *s; s++)
++ if (*s == *pattern &&
++ match_pattern_ylo(s + 1, pattern + 1))
++ return 1;
++ /* Failed. */
++ return 0;
++ }
++
++ /* Move ahead one character at a time and try to match at each
++ position. */
++ for (; *s; s++)
++ if (match_pattern_ylo(s, pattern))
++ return 1;
++ /* Failed. */
++ return 0;
++ }
++
++ /* There must be at least one more character in the string. If we are
++ at the end, fail. */
++ if (!*s)
++ return 0;
++
++ /* Check if the next character of the string is acceptable. */
++ if (*pattern != '?' && *pattern != *s)
++ return 0;
++
++ /* Move to the next character, both in string and in pattern. */
++ s++;
++ pattern++;
++ }
++ /*NOTREACHED*/
++}
++#endif /* DISABLE_WILDCARD_MATCHING */
++
+ #ifdef HAVE_IPV6
+ /*
+ * Function that zeros all but the first "maskbits" bits of the IPV6 address
diff --git a/SOURCES/tcp_wrappers-7.6-bug698464.patch b/SOURCES/tcp_wrappers-7.6-bug698464.patch
new file mode 100644
index 0000000..2b3bfb8
--- /dev/null
+++ b/SOURCES/tcp_wrappers-7.6-bug698464.patch
@@ -0,0 +1,69 @@
+--- tcp_wrappers_7.6/hosts_access.5.orig 2011-04-20 16:10:25.000000000 -0600
++++ tcp_wrappers_7.6/hosts_access.5 2011-04-20 16:29:50.000000000 -0600
+@@ -90,6 +90,9 @@ bitwise AND of the address and the `mask
+ pattern `131.155.72.0/255.255.254.0\' matches every address in the
+ range `131.155.72.0\' through `131.155.73.255\'.
+ .IP \(bu
++An expression of the form `n.n.n.n/m\' is interpreted as a
++`net/prefixlen\' pair, as below, for IPv4 addresses.
++.IP \(bu
+ An expression of the form `[n:n:n:n:n:n:n:n/m]\' is interpreted as a
+ `[net/prefixlen]\' pair. An IPv6 host address is matched if
+ `prefixlen\' bits of `net\' is equal to the `prefixlen\' bits of the
+--- tcp_wrappers_7.6/tcpd.h.orig 2011-04-20 16:10:25.000000000 -0600
++++ tcp_wrappers_7.6/tcpd.h 2011-04-20 16:11:56.000000000 -0600
+@@ -164,6 +164,7 @@ extern void refuse __P((struct request_i
+ extern char *xgets __P((char *, int, FILE *)); /* fgets() on steroids */
+ extern char *split_at __P((char *, int)); /* strchr() and split */
+ extern unsigned long dot_quad_addr __P((char *)); /* restricted inet_addr() */
++extern unsigned long prefix_to_netmask __P((char *)); /* 0-32 prefix length */
+ extern int numeric_addr __P((char *, union gen_addr *, int *, int *)); /* IP4/IP6 inet_addr (restricted) */
+ extern struct hostent *tcpd_gethostbyname __P((char *, int));
+ /* IP4/IP6 gethostbyname */
+--- tcp_wrappers_7.6/misc.c.orig 2011-04-20 16:10:25.000000000 -0600
++++ tcp_wrappers_7.6/misc.c 2011-04-20 16:13:39.000000000 -0600
+@@ -16,6 +16,7 @@ static char sccsic[] = "@(#) misc.c 1.2
+ #include <string.h>
+ #include <ctype.h>
+ #include <netdb.h>
++#include <stdlib.h>
+
+ #include "tcpd.h"
+
+@@ -214,3 +215,21 @@ char *str;
+ }
+ }
+ #endif /* HAVE_IPV6 */
++
++/* prefix_to_netmask - convert prefix (0-32) to netmask */
++
++unsigned long prefix_to_netmask(str)
++char *str;
++{
++ unsigned long prefix;
++ char *endptr;
++
++ if (!isdigit(str[0]))
++ return INADDR_NONE;
++
++ prefix = strtoul(str, &endptr, 10);
++ if ((endptr == str) || (*endptr != '\0') || (prefix > 32))
++ return INADDR_NONE;
++
++ return htonl(~0UL << (32 - prefix));
++}
+--- tcp_wrappers_7.6/hosts_access.c.orig 2011-04-20 16:10:25.000000000 -0600
++++ tcp_wrappers_7.6/hosts_access.c 2011-04-20 16:21:07.000000000 -0600
+@@ -420,8 +420,11 @@ char *string;
+ return (NO);
+ if ((net = dot_quad_addr(net_tok)) == INADDR_NONE
+ || ((mask = dot_quad_addr(mask_tok)) == INADDR_NONE
+- && strcmp(mask_tok, "255.255.255.255"))) {
++ && strcmp(mask_tok, "255.255.255.255")
++ && (mask = prefix_to_netmask(mask_tok)) == INADDR_NONE
++ && strcmp(mask_tok, "32"))) {
+ /* 255.255.255.255 == INADDR_NONE, separate check needed. TJ. */
++ /* 32 == INADDR_NONE, separate check needed. philipp */
+ tcpd_warn("bad net/mask expression: %s/%s", net_tok, mask_tok);
+ return (NO); /* not tcpd_jump() */
+ }
diff --git a/SOURCES/tcp_wrappers-7.6-docu.patch b/SOURCES/tcp_wrappers-7.6-docu.patch
new file mode 100644
index 0000000..dbfa75d
--- /dev/null
+++ b/SOURCES/tcp_wrappers-7.6-docu.patch
@@ -0,0 +1,12 @@
+diff -up tcp_wrappers_7.6/hosts_access.5.patch8 tcp_wrappers_7.6/hosts_access.5
+--- tcp_wrappers_7.6/hosts_access.5.patch8 2008-08-29 09:45:12.000000000 +0200
++++ tcp_wrappers_7.6/hosts_access.5 2008-08-29 09:45:12.000000000 +0200
+@@ -333,7 +333,7 @@ in.tftpd: LOCAL, .my.domain
+ /etc/hosts.deny:
+ .in +3
+ .nf
+-in.tftpd: ALL: (/some/where/safe_finger -l @%h | \\
++in.tftpd: ALL: spawn (/some/where/safe_finger -l @%h | \\
+ /usr/ucb/mail -s %d-%h root) &
+ .fi
+ .PP
diff --git a/SOURCES/tcp_wrappers-7.6-fix_sig-bug141110.patch b/SOURCES/tcp_wrappers-7.6-fix_sig-bug141110.patch
new file mode 100644
index 0000000..9d5c936
--- /dev/null
+++ b/SOURCES/tcp_wrappers-7.6-fix_sig-bug141110.patch
@@ -0,0 +1,21 @@
+diff -up tcp_wrappers_7.6/hosts_access.c.patch15 tcp_wrappers_7.6/hosts_access.c
+--- tcp_wrappers_7.6/hosts_access.c.patch15 2008-08-29 09:45:12.000000000 +0200
++++ tcp_wrappers_7.6/hosts_access.c 2008-08-29 09:45:12.000000000 +0200
+@@ -127,7 +127,7 @@ struct request_info *request;
+ verdict = setjmp(tcpd_buf);
+ if (verdict != 0)
+ return (verdict == AC_PERMIT);
+- if (table_match(hosts_allow_table, request))
++ if (table_match(hosts_allow_table, request) == YES)
+ return (YES);
+ if (table_match(hosts_deny_table, request) == NO)
+ return (YES);
+@@ -177,7 +177,7 @@ struct request_info *request;
+ tcpd_warn("cannot open %s: %m", table);
+ match = ERR;
+ }
+- if (match) {
++ if (match == YES) {
+ if (hosts_access_verbose > 1)
+ syslog(LOG_DEBUG, "matched: %s line %d",
+ tcpd_context.file, tcpd_context.line);
diff --git a/SOURCES/tcp_wrappers-7.6-fixgethostbyname.patch b/SOURCES/tcp_wrappers-7.6-fixgethostbyname.patch
new file mode 100644
index 0000000..efb4ebe
--- /dev/null
+++ b/SOURCES/tcp_wrappers-7.6-fixgethostbyname.patch
@@ -0,0 +1,27 @@
+--- tcp_wrappers_7.6-ipv6.4/socket.c.patch7 1999-10-27 15:23:14.000000000 +0200
++++ tcp_wrappers_7.6-ipv6.4/socket.c 2013-01-23 11:41:48.776857327 +0100
+@@ -54,6 +54,8 @@ int af;
+ {
+ char dot_name[MAXHOSTNAMELEN + 1];
+
++ struct hostent *hp;
++
+ /*
+ * Don't append dots to unqualified names. Such names are likely to come
+ * from local hosts files or from NIS.
+@@ -62,8 +64,13 @@ int af;
+ if (strchr(name, '.') == 0 || strlen(name) >= MAXHOSTNAMELEN - 1) {
+ return (tcpd_gethostbyname(name, af));
+ } else {
+- sprintf(dot_name, "%s.", name);
+- return (tcpd_gethostbyname(dot_name, af));
++ sprintf(dot_name, "%s.", name);
++ hp = tcpd_gethostbyname(dot_name, af);
++ if (hp)
++ return hp;
++
++ else
++ return tcpd_gethostbyname(name, af);
+ }
+ }
+
diff --git a/SOURCES/tcp_wrappers-7.6-inetdconf.patch b/SOURCES/tcp_wrappers-7.6-inetdconf.patch
new file mode 100644
index 0000000..85d2cff
--- /dev/null
+++ b/SOURCES/tcp_wrappers-7.6-inetdconf.patch
@@ -0,0 +1,79 @@
+diff -up tcp_wrappers_7.6/tcpdmatch.8.inetdconf tcp_wrappers_7.6/tcpdmatch.8
+--- tcp_wrappers_7.6/tcpdmatch.8.inetdconf 2010-06-16 14:39:32.000000000 +0200
++++ tcp_wrappers_7.6/tcpdmatch.8 2010-06-16 14:42:25.000000000 +0200
+@@ -2,9 +2,9 @@
+ .SH NAME
+ tcpdmatch \- tcp wrapper oracle
+ .SH SYNOPSYS
+-tcpdmatch [-d] [-i inet_conf] daemon client
++tcpdmatch [-d] daemon client
+ .sp
+-tcpdmatch [-d] [-i inet_conf] daemon[@server] [user@]client
++tcpdmatch [-d] daemon[@server] [user@]client
+ .SH DESCRIPTION
+ .PP
+ \fItcpdmatch\fR predicts how the tcp wrapper would handle a specific
+@@ -48,10 +48,6 @@ The default user name is `unknown'.
+ .IP -d
+ Examine \fIhosts.allow\fR and \fIhosts.deny\fR files in the current
+ directory instead of the default ones.
+-.IP "-i inet_conf"
+-Specify this option when \fItcpdmatch\fR is unable to find your
+-\fIinetd.conf\fR or \fItlid.conf\fR network configuration file, or when
+-you suspect that the program uses the wrong one.
+ .SH EXAMPLES
+ To predict how \fItcpd\fR would handle a telnet request from the local
+ system:
+@@ -82,11 +78,8 @@ The default locations of the \fItcpd\fR
+ .SH SEE ALSO
+ .na
+ .nf
+-tcpdchk(8), tcpd configuration checker
+ hosts_access(5), format of the tcpd access control tables.
+ hosts_options(5), format of the language extensions.
+-inetd.conf(5), format of the inetd control file.
+-tlid.conf(5), format of the tlid control file.
+ .SH AUTHORS
+ .na
+ .nf
+diff -up tcp_wrappers_7.6/tcpdmatch.c.inetdconf tcp_wrappers_7.6/tcpdmatch.c
+--- tcp_wrappers_7.6/tcpdmatch.c.inetdconf 2010-06-16 14:37:09.000000000 +0200
++++ tcp_wrappers_7.6/tcpdmatch.c 2010-06-16 14:39:18.000000000 +0200
+@@ -140,25 +140,6 @@ char **argv;
+ }
+
+ /*
+- * Analyze the inetd (or tlid) configuration file, so that we can warn
+- * the user about services that may not be wrapped, services that are not
+- * configured, or services that are wrapped in an incorrect manner. Allow
+- * for services that are not run from inetd, or that have tcpd access
+- * control built into them.
+- */
+- inetcf = inet_cfg(inetcf);
+- inet_set("portmap", WR_NOT);
+- inet_set("rpcbind", WR_NOT);
+- switch (inet_get(daemon)) {
+- case WR_UNKNOWN:
+- tcpd_warn("%s: no such process name in %s", daemon, inetcf);
+- break;
+- case WR_NOT:
+- tcpd_warn("%s: service possibly not wrapped", daemon);
+- break;
+- }
+-
+- /*
+ * Check accessibility of access control files.
+ */
+ (void) check_path(hosts_allow_table, &st);
+@@ -319,10 +300,9 @@ char **argv;
+ static void usage(myname)
+ char *myname;
+ {
+- fprintf(stderr, "usage: %s [-d] [-i inet_conf] daemon[@host] [user@]host\n",
++ fprintf(stderr, "usage: %s [-d] daemon[@host] [user@]host\n",
+ myname);
+ fprintf(stderr, " -d: use allow/deny files in current directory\n");
+- fprintf(stderr, " -i: location of inetd.conf file\n");
+ exit(1);
+ }
+
diff --git a/SOURCES/tcp_wrappers-7.6-initgroups.patch b/SOURCES/tcp_wrappers-7.6-initgroups.patch
new file mode 100644
index 0000000..5bc5beb
--- /dev/null
+++ b/SOURCES/tcp_wrappers-7.6-initgroups.patch
@@ -0,0 +1,62 @@
+diff -up tcp_wrappers_7.6/options.c.initgroups tcp_wrappers_7.6/options.c
+--- tcp_wrappers_7.6/options.c.initgroups 2011-08-11 23:10:43.610418714 +0200
++++ tcp_wrappers_7.6/options.c 2011-08-12 05:51:17.748481294 +0200
+@@ -256,8 +256,12 @@ struct request_info *request;
+ tcpd_jump("unknown group: \"%s\"", value);
+ endgrent();
+
+- if (dry_run == 0 && setgid(grp->gr_gid))
+- tcpd_jump("setgid(%s): %m", value);
++ if (dry_run != 0) {
++ if (setgid(grp->gr_gid))
++ tcpd_jump("setgid(%s): %m", value);
++ if (setgroups(0, NULL))
++ tcpd_jump("setgroups(%s): %m", value);
++ }
+ }
+
+ /* user_option - switch user id */
+@@ -271,15 +275,26 @@ struct request_info *request;
+ struct passwd *pwd;
+ struct passwd *getpwnam();
+ char *group;
++ int defaultgroup = 0;
+
+ if ((group = split_at(value, '.')) != 0)
+ group_option(group, request);
++ else
++ defaultgroup = 1;
+ if ((pwd = getpwnam(value)) == 0)
+ tcpd_jump("unknown user: \"%s\"", value);
+ endpwent();
+
+- if (dry_run == 0 && setuid(pwd->pw_uid))
+- tcpd_jump("setuid(%s): %m", value);
++ if (dry_run != 0) {
++ if (setuid(pwd->pw_uid))
++ tcpd_jump("setuid(%s): %m", value);
++ if (defaultgroup) {
++ if (setgid(pwd->pw_gid))
++ tcpd_jump("setgid(%s): %m", value);
++ if (initgroups(value, pwd->pw_gid))
++ tcpd_jump("initgroups(%s): %m", value);
++ }
++ }
+ }
+
+ /* umask_option - set file creation mask */
+diff -up tcp_wrappers_7.6/safe_finger.c.initgroups tcp_wrappers_7.6/safe_finger.c
+--- tcp_wrappers_7.6/safe_finger.c.initgroups 2011-08-12 05:54:06.068606291 +0200
++++ tcp_wrappers_7.6/safe_finger.c 2011-08-12 05:55:34.835483785 +0200
+@@ -66,9 +66,11 @@ char **argv;
+ if (getuid() == 0 || geteuid() == 0) {
+ if ((pwd = getpwnam(UNPRIV_NAME)) && pwd->pw_uid > 0) {
+ setgid(pwd->pw_gid);
++ initgroups(UNPRIV_NAME, pwd->pw_gid);
+ setuid(pwd->pw_uid);
+ } else {
+ setgid(UNPRIV_UGID);
++ setgroups(0, NULL);
+ setuid(UNPRIV_UGID);
+ }
+ }
diff --git a/SOURCES/tcp_wrappers-7.6-ldflags.patch b/SOURCES/tcp_wrappers-7.6-ldflags.patch
new file mode 100644
index 0000000..5d676f8
--- /dev/null
+++ b/SOURCES/tcp_wrappers-7.6-ldflags.patch
@@ -0,0 +1,36 @@
+diff -up tcp_wrappers_7.6/Makefile.patch14 tcp_wrappers_7.6/Makefile
+--- tcp_wrappers_7.6/Makefile.patch14 2008-08-29 09:45:12.000000000 +0200
++++ tcp_wrappers_7.6/Makefile 2008-08-29 09:45:12.000000000 +0200
+@@ -732,26 +732,26 @@ $(SHLIB): $(LIB_OBJ)
+ ln -s $(SHLIB).$(MAJOR).$(MINOR).$(REL) $(SHLIB)
+
+ tcpd: tcpd.o $(LIB)
+- $(CC) $(CFLAGS) -o $@ tcpd.o $(LIB) $(LIBS)
++ $(CC) $(CFLAGS) -o $@ tcpd.o $(LDFLAGS) $(LIB) $(LIBS)
+
+ miscd: miscd.o $(LIB)
+- $(CC) $(CFLAGS) -o $@ miscd.o $(LIB) $(LIBS)
++ $(CC) $(CFLAGS) -o $@ miscd.o $(LDFLAGS) $(LIB) $(LIBS)
+
+ safe_finger: safe_finger.o $(LIB)
+- $(CC) $(CFLAGS) -o $@ safe_finger.o $(LIB) $(LIBS)
++ $(CC) $(CFLAGS) -o $@ safe_finger.o $(LDFLAGS) $(LIB) $(LIBS)
+
+ TCPDMATCH_OBJ = tcpdmatch.o fakelog.o inetcf.o scaffold.o
+
+ tcpdmatch: $(TCPDMATCH_OBJ) $(LIB)
+- $(CC) $(CFLAGS) -o $@ $(TCPDMATCH_OBJ) $(LIB) $(LIBS)
++ $(CC) $(CFLAGS) -o $@ $(TCPDMATCH_OBJ) $(LDFLAGS) $(LIB) $(LIBS)
+
+ try-from: try-from.o fakelog.o $(LIB)
+- $(CC) $(CFLAGS) -o $@ try-from.o fakelog.o $(LIB) $(LIBS)
++ $(CC) $(CFLAGS) -o $@ try-from.o fakelog.o $(LDFLAGS) $(LIB) $(LIBS)
+
+ TCPDCHK_OBJ = tcpdchk.o fakelog.o inetcf.o scaffold.o
+
+ tcpdchk: $(TCPDCHK_OBJ) $(LIB)
+- $(CC) $(CFLAGS) -o $@ $(TCPDCHK_OBJ) $(LIB) $(LIBS)
++ $(CC) $(CFLAGS) -o $@ $(TCPDCHK_OBJ) $(LDFLAGS) $(LIB) $(LIBS)
+
+ shar: $(KIT)
+ @shar $(KIT)
diff --git a/SOURCES/tcp_wrappers-7.6-man.patch b/SOURCES/tcp_wrappers-7.6-man.patch
new file mode 100644
index 0000000..6ca5429
--- /dev/null
+++ b/SOURCES/tcp_wrappers-7.6-man.patch
@@ -0,0 +1,71 @@
+diff -up tcp_wrappers_7.6/Makefile.man tcp_wrappers_7.6/Makefile
+diff -up tcp_wrappers_7.6/safe_finger.8.man tcp_wrappers_7.6/safe_finger.8
+--- tcp_wrappers_7.6/safe_finger.8.man 2010-02-05 09:19:38.000000000 +0100
++++ tcp_wrappers_7.6/safe_finger.8 2010-02-05 09:11:12.000000000 +0100
+@@ -0,0 +1,34 @@
++.TH SAFE_FINGER 8 "21th June 1997" Linux "Linux Programmer's Manual"
++.SH NAME
++safe_finger \- finger client wrapper that protects against nasty stuff
++from finger servers
++.SH SYNOPSIS
++.B safe_finger [finger_options]
++.SH DESCRIPTION
++The
++.B safe_finger
++command protects against nasty stuff from finger servers. Use this
++program for automatic reverse finger probes from the
++.B tcp_wrapper
++.B (tcpd)
++, not the raw finger command. The
++.B safe_finger
++command makes sure that the finger client is not run with root
++privileges. It also runs the finger client with a defined PATH
++environment.
++.B safe_finger
++will also protect you from problems caused by the output of some
++finger servers. The problem: some programs may react to stuff in
++the first column. Other programs may get upset by thrash anywhere
++on a line. File systems may fill up as the finger server keeps
++sending data. Text editors may bomb out on extremely long lines.
++The finger server may take forever because it is somehow wedged.
++.B safe_finger
++takes care of all this badness.
++.SH SEE ALSO
++.BR hosts_access (5),
++.BR hosts_options (5),
++.BR tcpd (8)
++.SH AUTHOR
++Wietse Venema, Eindhoven University of Technology, The Netherlands.
++
+diff -up tcp_wrappers_7.6/try-from.8.man tcp_wrappers_7.6/try-from.8
+--- tcp_wrappers_7.6/try-from.8.man 2010-02-05 09:20:00.000000000 +0100
++++ tcp_wrappers_7.6/try-from.8 2010-02-05 09:12:54.000000000 +0100
+@@ -0,0 +1,28 @@
++.TH TRY-FROM 8 "21th June 1997" Linux "Linux Programmer's Manual"
++.SH NAME
++try-from \- test program for the tcp_wrapper
++.SH SYNOPSIS
++.B try-from
++.SH DESCRIPTION
++The
++.B try\-from
++command can be called via a remote shell command to find out
++if the hostname and address are properly recognized
++by the
++.B tcp_wrapper
++library, if username lookup works, and (SysV only) if the TLI
++on top of IP heuristics work. Diagnostics are reported through
++.BR syslog (3)
++and redirected to stderr.
++
++Example:
++
++rsh host /some/where/try\-from
++
++.SH SEE ALSO
++.BR hosts_access (5),
++.BR hosts_options (5),
++.BR tcpd (8)
++.SH AUTHOR
++Wietse Venema, Eindhoven University of Technology, The Netherlands.
++
diff --git a/SOURCES/tcp_wrappers-7.6-relro.patch b/SOURCES/tcp_wrappers-7.6-relro.patch
new file mode 100644
index 0000000..a892540
--- /dev/null
+++ b/SOURCES/tcp_wrappers-7.6-relro.patch
@@ -0,0 +1,12 @@
+diff -up tcp_wrappers_7.6/Makefile.relro tcp_wrappers_7.6/Makefile
+--- tcp_wrappers_7.6/Makefile.relro 2011-08-10 03:33:25.457892277 +0200
++++ tcp_wrappers_7.6/Makefile 2011-08-10 03:33:39.565892352 +0200
+@@ -726,7 +726,7 @@ $(LIB): $(LIB_OBJ)
+ -$(RANLIB) $(LIB)
+
+ $(SHLIB): $(LIB_OBJ)
+- gcc -shared -fPIC -Wl,-soname -Wl,$(SHLIB).$(MAJOR) \
++ gcc -shared -fPIC -Wl,-z,relro -Wl,-soname -Wl,$(SHLIB).$(MAJOR) \
+ -o $(SHLIB).$(MAJOR).$(MINOR).$(REL) $^ $(LIBS)
+ ln -s $(SHLIB).$(MAJOR).$(MINOR).$(REL) $(SHLIB).$(MAJOR)
+ ln -s $(SHLIB).$(MAJOR).$(MINOR).$(REL) $(SHLIB)
diff --git a/SOURCES/tcp_wrappers-7.6-shared.patch b/SOURCES/tcp_wrappers-7.6-shared.patch
new file mode 100644
index 0000000..3971717
--- /dev/null
+++ b/SOURCES/tcp_wrappers-7.6-shared.patch
@@ -0,0 +1,267 @@
+diff -up tcp_wrappers_7.6/Makefile.patch11 tcp_wrappers_7.6/Makefile
+--- tcp_wrappers_7.6/Makefile.patch11 2008-08-29 09:45:12.000000000 +0200
++++ tcp_wrappers_7.6/Makefile 2008-08-29 09:45:12.000000000 +0200
+@@ -150,8 +150,8 @@ netbsd:
+
+ linux:
+ @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
+- LIBS="-lnsl" RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \
+- NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DUSE_STRERROR -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER -Dss_family=__ss_family -Dss_len=__ss_len" all
++ LIBS="-lnsl" RANLIB=ranlib ARFLAGS=rv AUX_OBJ=weak_symbols.o \
++ NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -fPIC -DPIC -D_REENTRANT -DUSE_STRERROR -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER -Dss_family=__ss_family -Dss_len=__ss_len -DHAVE_WEAKSYMS" all
+
+ linux-old:
+ @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
+@@ -249,7 +249,7 @@ tandem:
+
+ # Amdahl UTS 2.1.5 (Richard.Richmond@bridge.bst.bls.com)
+ uts215:
+- @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
++ @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
+ LIBS="-lsocket" RANLIB=echo \
+ ARFLAGS=rv AUX_OBJ=setenv.o NETGROUP=-DNO_NETGROUP TLI= all
+
+@@ -706,8 +706,9 @@ KIT = README miscd.c tcpd.c fromhost.c h
+ scaffold.h tcpdmatch.8 README.NIS
+
+ LIB = libwrap.a
++SHLIB = libwrap.so
+
+-all other: config-check tcpd tcpdmatch try-from safe_finger tcpdchk
++all other: config-check tcpd tcpdmatch try-from safe_finger tcpdchk $(SHLIB)
+
+ # Invalidate all object files when the compiler options (CFLAGS) have changed.
+
+@@ -724,6 +725,12 @@ $(LIB): $(LIB_OBJ)
+ $(AR) $(ARFLAGS) $(LIB) $(LIB_OBJ)
+ -$(RANLIB) $(LIB)
+
++$(SHLIB): $(LIB_OBJ)
++ gcc -shared -fPIC -Wl,-soname -Wl,$(SHLIB).$(MAJOR) \
++ -o $(SHLIB).$(MAJOR).$(MINOR).$(REL) $^ $(LIBS)
++ ln -s $(SHLIB).$(MAJOR).$(MINOR).$(REL) $(SHLIB).$(MAJOR)
++ ln -s $(SHLIB).$(MAJOR).$(MINOR).$(REL) $(SHLIB)
++
+ tcpd: tcpd.o $(LIB)
+ $(CC) $(CFLAGS) -o $@ tcpd.o $(LIB) $(LIBS)
+
+@@ -906,5 +913,6 @@ update.o: cflags
+ update.o: mystdarg.h
+ update.o: tcpd.h
+ vfprintf.o: cflags
++weak_symbols.o: tcpd.h
+ workarounds.o: cflags
+ workarounds.o: tcpd.h
+diff -up tcp_wrappers_7.6/tcpd.h.patch11 tcp_wrappers_7.6/tcpd.h
+--- tcp_wrappers_7.6/tcpd.h.patch11 2008-08-29 09:45:12.000000000 +0200
++++ tcp_wrappers_7.6/tcpd.h 2008-08-29 09:45:12.000000000 +0200
+@@ -4,6 +4,25 @@
+ * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
+ */
+
++#ifndef _TCPWRAPPERS_TCPD_H
++#define _TCPWRAPPERS_TCPD_H
++
++/* someone else may have defined this */
++#undef __P
++
++/* use prototypes if we have an ANSI C compiler or are using C++ */
++#if defined(__STDC__) || defined(__cplusplus)
++#define __P(args) args
++#else
++#define __P(args) ()
++#endif
++
++/* Need definitions of struct sockaddr_in and FILE. */
++#include <netinet/in.h>
++#include <stdio.h>
++
++__BEGIN_DECLS
++
+ /* Structure to describe one communications endpoint. */
+
+ #define STRING_LENGTH 128 /* hosts, users, processes */
+@@ -92,10 +111,10 @@ struct request_info {
+ char pid[10]; /* access via eval_pid(request) */
+ struct host_info client[1]; /* client endpoint info */
+ struct host_info server[1]; /* server endpoint info */
+- void (*sink) (); /* datagram sink function or 0 */
+- void (*hostname) (); /* address to printable hostname */
+- void (*hostaddr) (); /* address to printable address */
+- void (*cleanup) (); /* cleanup function or 0 */
++ void (*sink) __P((int)); /* datagram sink function or 0 */
++ void (*hostname) __P((struct host_info *)); /* address to printable hostname */
++ void (*hostaddr) __P((struct host_info *)); /* address to printable address */
++ void (*cleanup) __P((struct request_info *)); /* cleanup function or 0 */
+ struct netconfig *config; /* netdir handle */
+ };
+
+@@ -132,33 +151,38 @@ extern char paranoid[];
+ /* Global functions. */
+
+ #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
+-extern void fromhost(); /* get/validate client host info */
++extern void fromhost __P((struct request_info *)); /* get/validate client host info */
+ #else
+ #define fromhost sock_host /* no TLI support needed */
+ #endif
+
+-extern int hosts_access(); /* access control */
+-extern void shell_cmd(); /* execute shell command */
+-extern char *percent_x(); /* do %<char> expansion */
+-extern void rfc931(); /* client name from RFC 931 daemon */
+-extern void clean_exit(); /* clean up and exit */
+-extern void refuse(); /* clean up and exit */
+-extern char *xgets(); /* fgets() on steroids */
+-extern char *split_at(); /* strchr() and split */
+-extern unsigned long dot_quad_addr(); /* restricted inet_addr() */
+-extern int numeric_addr(); /* IP4/IP6 inet_addr (restricted) */
+-extern struct hostent *tcpd_gethostbyname();
++extern void shell_cmd __P((char *)); /* execute shell command */
++extern char *percent_x __P((char *, int, char *, struct request_info *)); /* do %<char> expansion */
++extern void rfc931 __P((struct sockaddr_gen *, struct sockaddr_gen *, char *)); /* client name from RFC 931 daemon */
++extern void clean_exit __P((struct request_info *)); /* clean up and exit */
++extern void refuse __P((struct request_info *)); /* clean up and exit */
++extern char *xgets __P((char *, int, FILE *)); /* fgets() on steroids */
++extern char *split_at __P((char *, int)); /* strchr() and split */
++extern unsigned long dot_quad_addr __P((char *)); /* restricted inet_addr() */
++extern int numeric_addr __P((char *, union gen_addr *, int *, int *)); /* IP4/IP6 inet_addr (restricted) */
++extern struct hostent *tcpd_gethostbyname __P((char *, int));
+ /* IP4/IP6 gethostbyname */
+ #ifdef HAVE_IPV6
+-extern char *skip_ipv6_addrs(); /* skip over colons in IPv6 addrs */
++extern char *skip_ipv6_addrs __P((char *)); /* skip over colons in IPv6 addrs */
+ #else
+ #define skip_ipv6_addrs(x) x
+ #endif
+
+ /* Global variables. */
+
++#ifdef HAVE_WEAKSYMS
++extern int allow_severity __attribute__ ((weak)); /* for connection logging */
++extern int deny_severity __attribute__ ((weak)); /* for connection logging */
++#else
+ extern int allow_severity; /* for connection logging */
+ extern int deny_severity; /* for connection logging */
++#endif
++
+ extern char *hosts_allow_table; /* for verification mode redirection */
+ extern char *hosts_deny_table; /* for verification mode redirection */
+ extern int hosts_access_verbose; /* for verbose matching mode */
+@@ -171,9 +195,14 @@ extern int resident; /* > 0 if residen
+ */
+
+ #ifdef __STDC__
++extern int hosts_access(struct request_info *request);
++extern int hosts_ctl(char *daemon, char *client_name, char *client_addr,
++ char *client_user);
+ extern struct request_info *request_init(struct request_info *,...);
+ extern struct request_info *request_set(struct request_info *,...);
+ #else
++extern int hosts_access();
++extern int hosts_ctl();
+ extern struct request_info *request_init(); /* initialize request */
+ extern struct request_info *request_set(); /* update request structure */
+ #endif
+@@ -196,27 +225,31 @@ extern struct request_info *request_set(
+ * host_info structures serve as caches for the lookup results.
+ */
+
+-extern char *eval_user(); /* client user */
+-extern char *eval_hostname(); /* printable hostname */
+-extern char *eval_hostaddr(); /* printable host address */
+-extern char *eval_hostinfo(); /* host name or address */
+-extern char *eval_client(); /* whatever is available */
+-extern char *eval_server(); /* whatever is available */
++extern char *eval_user __P((struct request_info *)); /* client user */
++extern char *eval_hostname __P((struct host_info *)); /* printable hostname */
++extern char *eval_hostaddr __P((struct host_info *)); /* printable host address */
++extern char *eval_hostinfo __P((struct host_info *)); /* host name or address */
++extern char *eval_client __P((struct request_info *)); /* whatever is available */
++extern char *eval_server __P((struct request_info *)); /* whatever is available */
+ #define eval_daemon(r) ((r)->daemon) /* daemon process name */
+ #define eval_pid(r) ((r)->pid) /* process id */
+
+ /* Socket-specific methods, including DNS hostname lookups. */
+
+-extern void sock_host(); /* look up endpoint addresses */
+-extern void sock_hostname(); /* translate address to hostname */
+-extern void sock_hostaddr(); /* address to printable address */
++/* look up endpoint addresses */
++extern void sock_host __P((struct request_info *));
++/* translate address to hostname */
++extern void sock_hostname __P((struct host_info *));
++/* address to printable address */
++extern void sock_hostaddr __P((struct host_info *));
++
+ #define sock_methods(r) \
+ { (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; }
+
+ /* The System V Transport-Level Interface (TLI) interface. */
+
+ #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
+-extern void tli_host(); /* look up endpoint addresses etc. */
++extern void tli_host __P((struct request_info *)); /* look up endpoint addresses etc. */
+ #endif
+
+ /*
+@@ -257,7 +290,7 @@ extern struct tcpd_context tcpd_context;
+ * behavior.
+ */
+
+-extern void process_options(); /* execute options */
++extern void process_options __P((char *, struct request_info *)); /* execute options */
+ extern int dry_run; /* verification flag */
+
+ /* Bug workarounds. */
+@@ -296,3 +329,7 @@ extern char *fix_strtok();
+ #define strtok my_strtok
+ extern char *my_strtok();
+ #endif
++
++__END_DECLS
++
++#endif /* tcpd.h */
+diff -up /dev/null tcp_wrappers_7.6/weak_symbols.c
+--- /dev/null 2008-08-29 10:35:15.589003986 +0200
++++ tcp_wrappers_7.6/weak_symbols.c 2008-08-29 09:45:12.000000000 +0200
+@@ -0,0 +1,11 @@
++ /*
++ * @(#) weak_symbols.h 1.5 99/12/29 23:50
++ *
++ * Author: Anthony Towns <ajt@debian.org>
++ */
++
++#ifdef HAVE_WEAKSYMS
++#include <syslog.h>
++int deny_severity = LOG_WARNING;
++int allow_severity = SEVERITY;
++#endif
+diff -up tcp_wrappers_7.6/scaffold.c.patch11 tcp_wrappers_7.6/scaffold.c
+--- tcp_wrappers_7.6/scaffold.c.patch11 2013-01-28 11:08:48.598273563 +0100
++++ tcp_wrappers_7.6/scaffold.c 2013-01-28 11:08:56.069316992 +0100
+@@ -25,7 +25,7 @@ static char sccs_id[] = "@(#) scaffold.c
+ #define INADDR_NONE (-1) /* XXX should be 0xffffffff */
+ #endif
+
+-extern char *malloc();
++extern void *malloc(size_t);
+
+ /* Application-specific. */
+
+@@ -180,10 +180,12 @@ struct request_info *request;
+
+ /* ARGSUSED */
+
+-void rfc931(request)
+-struct request_info *request;
++void rfc931(rmt_sin, our_sin, dest)
++struct sockaddr_gen *rmt_sin;
++struct sockaddr_gen *our_sin;
++char *dest;
+ {
+- strcpy(request->user, unknown);
++ strcpy(dest, unknown);
+ }
+
+ /* check_path - examine accessibility */
diff --git a/SOURCES/tcp_wrappers-7.6-sig.patch b/SOURCES/tcp_wrappers-7.6-sig.patch
new file mode 100644
index 0000000..c247301
--- /dev/null
+++ b/SOURCES/tcp_wrappers-7.6-sig.patch
@@ -0,0 +1,40 @@
+diff -up tcp_wrappers_7.6/hosts_access.c.patch12 tcp_wrappers_7.6/hosts_access.c
+--- tcp_wrappers_7.6/hosts_access.c.patch12 2008-08-29 09:45:12.000000000 +0200
++++ tcp_wrappers_7.6/hosts_access.c 2008-08-29 09:45:12.000000000 +0200
+@@ -66,6 +66,7 @@ static char sep[] = ", \t\r\n";
+
+ #define YES 1
+ #define NO 0
++#define ERR -1
+
+ /*
+ * These variables are globally visible so that they can be redirected in
+@@ -106,7 +107,6 @@ int hosts_access(request)
+ struct request_info *request;
+ {
+ int verdict;
+-
+ /*
+ * If the (daemon, client) pair is matched by an entry in the file
+ * /etc/hosts.allow, access is granted. Otherwise, if the (daemon,
+@@ -129,9 +129,9 @@ struct request_info *request;
+ return (verdict == AC_PERMIT);
+ if (table_match(hosts_allow_table, request))
+ return (YES);
+- if (table_match(hosts_deny_table, request))
+- return (NO);
+- return (YES);
++ if (table_match(hosts_deny_table, request) == NO)
++ return (YES);
++ return (NO);
+ }
+
+ /* table_match - match table entries with (daemon, client) pair */
+@@ -175,6 +175,7 @@ struct request_info *request;
+ (void) fclose(fp);
+ } else if (errno != ENOENT) {
+ tcpd_warn("cannot open %s: %m", table);
++ match = ERR;
+ }
+ if (match) {
+ if (hosts_access_verbose > 1)
diff --git a/SOURCES/tcp_wrappers-7.6-sigchld.patch b/SOURCES/tcp_wrappers-7.6-sigchld.patch
new file mode 100644
index 0000000..2256a01
--- /dev/null
+++ b/SOURCES/tcp_wrappers-7.6-sigchld.patch
@@ -0,0 +1,88 @@
+diff -up tcp_wrappers_7.6/shell_cmd.c.patch20 tcp_wrappers_7.6/shell_cmd.c
+--- tcp_wrappers_7.6/shell_cmd.c.patch20 1994-12-28 17:42:44.000000000 +0100
++++ tcp_wrappers_7.6/shell_cmd.c 2008-08-29 09:45:12.000000000 +0200
+@@ -20,6 +20,11 @@ static char sccsid[] = "@(#) shell_cmd.c
+ #include <stdio.h>
+ #include <syslog.h>
+ #include <string.h>
++#include <errno.h>
++#include <unistd.h>
++#include <sys/wait.h>
++#include <sys/stat.h>
++#include <fcntl.h>
+
+ extern void exit();
+
+@@ -31,13 +36,42 @@ extern void exit();
+
+ static void do_child();
+
++/*
++ * The sigchld handler. If there is a SIGCHLD caused by a child other than
++ * ours, we set a flag and raise the signal later.
++ */
++volatile static int foreign_sigchld;
++volatile static int our_child_pid;
++static void sigchld(int sig, siginfo_t *si, void *unused)
++{
++ if (si && si->si_pid != our_child_pid)
++ foreign_sigchld = 1;
++}
++
+ /* shell_cmd - execute shell command */
+
+ void shell_cmd(command)
+ char *command;
+ {
+ int child_pid;
+- int wait_pid;
++
++ struct sigaction new_action, old_action;
++ sigset_t new_mask, old_mask, empty_mask;
++
++ new_action.sa_sigaction = &sigchld;
++ new_action.sa_flags = SA_SIGINFO;
++ sigemptyset(&new_action.sa_mask);
++ sigemptyset(&new_mask);
++ sigemptyset(&empty_mask);
++ sigaddset(&new_mask, SIGCHLD);
++
++ /*
++ * Set the variables for handler, set the handler and block the signal
++ * until we have the pid.
++ */
++ foreign_sigchld = 0; our_child_pid = 0;
++ sigprocmask(SIG_BLOCK, &new_mask, &old_mask);
++ sigaction(SIGCHLD, &new_action, &old_action);
+
+ /*
+ * Most of the work is done within the child process, to minimize the
+@@ -49,12 +83,26 @@ char *command;
+ tcpd_warn("cannot fork: %m");
+ break;
+ case 00: /* child */
++ /* Clear the blocked mask for the child not to be surprised. */
++ sigprocmask(SIG_SETMASK, &empty_mask, 0);
+ do_child(command);
+ /* NOTREACHED */
+ default: /* parent */
+- while ((wait_pid = wait((int *) 0)) != -1 && wait_pid != child_pid)
+- /* void */ ;
++ our_child_pid = child_pid;
++ sigprocmask(SIG_UNBLOCK, &new_mask, 0);
++ while (waitpid(child_pid, (int *) 0, 0) == -1 && errno == EINTR);
+ }
++
++ /*
++ * Revert the signal mask and the SIGCHLD handler.
++ */
++ sigprocmask(SIG_SETMASK, &old_mask, 0);
++ sigaction(SIGCHLD, &old_action, 0);
++
++ /* If there was a foreign SIGCHLD, raise it after we have restored the old
++ * mask and handler. */
++ if (foreign_sigchld)
++ raise(SIGCHLD);
+ }
+
+ /* do_child - exec command with { stdin, stdout, stderr } to /dev/null */
diff --git a/SOURCES/tcp_wrappers-7.6-siglongjmp.patch b/SOURCES/tcp_wrappers-7.6-siglongjmp.patch
new file mode 100644
index 0000000..924d4fb
--- /dev/null
+++ b/SOURCES/tcp_wrappers-7.6-siglongjmp.patch
@@ -0,0 +1,30 @@
+diff -up tcp_wrappers_7.6/rfc931.c.patch19 tcp_wrappers_7.6/rfc931.c
+--- tcp_wrappers_7.6/rfc931.c.patch19 2008-08-29 09:45:12.000000000 +0200
++++ tcp_wrappers_7.6/rfc931.c 2008-08-29 09:45:12.000000000 +0200
+@@ -33,7 +33,7 @@ static char sccsid[] = "@(#) rfc931.c 1.
+
+ int rfc931_timeout = RFC931_TIMEOUT;/* Global so it can be changed */
+
+-static jmp_buf timebuf;
++static sigjmp_buf timebuf;
+
+ /* fsocket - open stdio stream on top of socket */
+
+@@ -62,7 +62,7 @@ int protocol;
+ static void timeout(sig)
+ int sig;
+ {
+- longjmp(timebuf, sig);
++ siglongjmp(timebuf, sig);
+ }
+
+ /* rfc931 - return remote user name, given socket structures */
+@@ -135,7 +135,7 @@ char *dest;
+ * Set up a timer so we won't get stuck while waiting for the server.
+ */
+
+- if (setjmp(timebuf) == 0) {
++ if (sigsetjmp(timebuf, 1) == 0) {
+ /* Save SIGALRM timer and handler. Sudheer Abdul-Salam, SUN. */
+ saved_timeout = alarm(0);
+ nact.sa_handler = timeout;
diff --git a/SOURCES/tcp_wrappers-7.6-uchart_fix.patch b/SOURCES/tcp_wrappers-7.6-uchart_fix.patch
new file mode 100644
index 0000000..5ac0788
--- /dev/null
+++ b/SOURCES/tcp_wrappers-7.6-uchart_fix.patch
@@ -0,0 +1,21 @@
+diff -up tcp_wrappers_7.6-ipv6.4/hosts_access.c.ucharpatch tcp_wrappers_7.6-ipv6.4/hosts_access.c
+--- tcp_wrappers_7.6-ipv6.4/hosts_access.c.ucharpatch 2013-01-28 10:19:20.424857730 +0100
++++ tcp_wrappers_7.6-ipv6.4/hosts_access.c 2013-01-28 10:19:44.719991745 +0100
+@@ -514,7 +514,7 @@ static void ipv6_mask(in6p, maskbits)
+ struct in6_addr *in6p;
+ int maskbits;
+ {
+- uchar_t *p = (uchar_t*) in6p;
++ unsigned char *p = (unsigned char*) in6p;
+
+ if (maskbits < 0 || maskbits >= IPV6_ABITS)
+ return;
+@@ -525,7 +525,7 @@ int maskbits;
+ if (maskbits != 0)
+ *p++ &= 0xff << (8 - maskbits);
+
+- while (p < (((uchar_t*) in6p)) + sizeof(*in6p))
++ while (p < (((unsigned char*) in6p)) + sizeof(*in6p))
+ *p++ = 0;
+ }
+ #endif
diff --git a/SOURCES/tcp_wrappers-7.6-warnings.patch b/SOURCES/tcp_wrappers-7.6-warnings.patch
new file mode 100644
index 0000000..a12ced5
--- /dev/null
+++ b/SOURCES/tcp_wrappers-7.6-warnings.patch
@@ -0,0 +1,568 @@
+diff -up tcp_wrappers_7.6-ipv6.4/clean_exit.c.warnings tcp_wrappers_7.6-ipv6.4/clean_exit.c
+--- tcp_wrappers_7.6-ipv6.4/clean_exit.c.warnings 1994-12-28 17:42:20.000000000 +0100
++++ tcp_wrappers_7.6-ipv6.4/clean_exit.c 2013-08-15 18:51:57.533244197 +0200
+@@ -13,6 +13,7 @@ static char sccsid[] = "@(#) clean_exit.
+ #endif
+
+ #include <stdio.h>
++#include <unistd.h>
+
+ extern void exit();
+
+diff -up tcp_wrappers_7.6-ipv6.4/fakelog.c.warnings tcp_wrappers_7.6-ipv6.4/fakelog.c
+--- tcp_wrappers_7.6-ipv6.4/fakelog.c.warnings 1994-12-28 17:42:22.000000000 +0100
++++ tcp_wrappers_7.6-ipv6.4/fakelog.c 2013-08-15 18:51:57.533244197 +0200
+@@ -17,6 +17,7 @@ static char sccsid[] = "@(#) fakelog.c 1
+
+ /* ARGSUSED */
+
++void
+ openlog(name, logopt, facility)
+ char *name;
+ int logopt;
+@@ -27,6 +28,7 @@ int facility;
+
+ /* vsyslog - format one record */
+
++void
+ vsyslog(severity, fmt, ap)
+ int severity;
+ char *fmt;
+@@ -43,6 +45,7 @@ va_list ap;
+
+ /* VARARGS */
+
++void
+ VARARGS(syslog, int, severity)
+ {
+ va_list ap;
+@@ -56,6 +59,7 @@ VARARGS(syslog, int, severity)
+
+ /* closelog - dummy */
+
++void
+ closelog()
+ {
+ /* void */
+diff -up tcp_wrappers_7.6-ipv6.4/fix_options.c.warnings tcp_wrappers_7.6-ipv6.4/fix_options.c
+--- tcp_wrappers_7.6-ipv6.4/fix_options.c.warnings 2013-08-15 18:51:57.446243821 +0200
++++ tcp_wrappers_7.6-ipv6.4/fix_options.c 2013-08-15 18:51:57.534244202 +0200
+@@ -32,13 +32,15 @@ static char sccsid[] = "@(#) fix_options
+
+ /* fix_options - get rid of IP-level socket options */
+
++void
+ fix_options(request)
+ struct request_info *request;
+ {
+ #ifdef IP_OPTIONS
+ unsigned char optbuf[BUFFER_SIZE / 3], *cp;
+ char lbuf[BUFFER_SIZE], *lp;
+- int optsize = sizeof(optbuf), ipproto;
++ unsigned int optsize = sizeof(optbuf);
++ int ipproto;
+ struct protoent *ip;
+ int fd = request->fd;
+ unsigned int opt;
+@@ -46,7 +48,7 @@ struct request_info *request;
+ struct in_addr dummy;
+ #ifdef HAVE_IPV6
+ struct sockaddr_storage ss;
+- int sslen;
++ unsigned int sslen;
+
+ /*
+ * check if this is AF_INET socket
+diff -up tcp_wrappers_7.6-ipv6.4/hosts_access.c.warnings tcp_wrappers_7.6-ipv6.4/hosts_access.c
+--- tcp_wrappers_7.6-ipv6.4/hosts_access.c.warnings 2013-08-15 18:51:57.529244180 +0200
++++ tcp_wrappers_7.6-ipv6.4/hosts_access.c 2013-08-15 18:51:57.535244206 +0200
+@@ -33,6 +33,9 @@ static char sccsid[] = "@(#) hosts_acces
+ #include <errno.h>
+ #include <setjmp.h>
+ #include <string.h>
++#include <stdlib.h>
++#include <rpcsvc/ypclnt.h>
++#include <netdb.h>
+
+ extern char *fgets();
+ extern int errno;
+@@ -49,6 +52,8 @@ extern int errno;
+
+ extern jmp_buf tcpd_buf;
+
++int match_pattern_ylo(const char *, const char *);
++
+ /* Delimiters for lists of daemons or clients. */
+
+ static char sep[] = ", \t\r\n";
+diff -up tcp_wrappers_7.6-ipv6.4/inetcf.c.warnings tcp_wrappers_7.6-ipv6.4/inetcf.c
+--- tcp_wrappers_7.6-ipv6.4/inetcf.c.warnings 2013-08-15 18:51:57.474243942 +0200
++++ tcp_wrappers_7.6-ipv6.4/inetcf.c 2013-08-15 18:51:57.535244206 +0200
+@@ -42,6 +42,8 @@ char *inet_files[] = {
+ static void inet_chk();
+ static char *base_name();
+
++int check_path(char *, struct stat *);
++
+ /*
+ * Structure with everything we know about a service.
+ */
+diff -up tcp_wrappers_7.6-ipv6.4/options.c.warnings tcp_wrappers_7.6-ipv6.4/options.c
+--- tcp_wrappers_7.6-ipv6.4/options.c.warnings 2013-08-15 18:51:57.520244141 +0200
++++ tcp_wrappers_7.6-ipv6.4/options.c 2013-08-15 18:51:57.536244211 +0200
+@@ -41,12 +41,14 @@ static char sccsid[] = "@(#) options.c 1
+ #include <netinet/in.h>
+ #include <netdb.h>
+ #include <stdio.h>
++#include <stdlib.h>
+ #include <syslog.h>
+ #include <pwd.h>
+ #include <grp.h>
+ #include <ctype.h>
+ #include <setjmp.h>
+ #include <string.h>
++#include <unistd.h>
+
+ #ifndef MAXPATHNAMELEN
+ #define MAXPATHNAMELEN BUFSIZ
+@@ -108,21 +110,21 @@ struct option {
+ /* List of known keywords. Add yours here. */
+
+ static struct option option_table[] = {
+- "user", user_option, NEED_ARG,
+- "group", group_option, NEED_ARG,
+- "umask", umask_option, NEED_ARG,
+- "linger", linger_option, NEED_ARG,
+- "keepalive", keepalive_option, 0,
+- "spawn", spawn_option, NEED_ARG | EXPAND_ARG,
+- "twist", twist_option, NEED_ARG | EXPAND_ARG | USE_LAST,
+- "rfc931", rfc931_option, OPT_ARG,
+- "setenv", setenv_option, NEED_ARG | EXPAND_ARG,
+- "nice", nice_option, OPT_ARG,
+- "severity", severity_option, NEED_ARG,
+- "allow", allow_option, USE_LAST,
+- "deny", deny_option, USE_LAST,
+- "banners", banners_option, NEED_ARG,
+- 0,
++ { "user", user_option, NEED_ARG },
++ { "group", group_option, NEED_ARG },
++ { "umask", umask_option, NEED_ARG },
++ { "linger", linger_option, NEED_ARG },
++ { "keepalive", keepalive_option, 0 },
++ { "spawn", spawn_option, NEED_ARG | EXPAND_ARG },
++ { "twist", twist_option, NEED_ARG | EXPAND_ARG | USE_LAST },
++ { "rfc931", rfc931_option, OPT_ARG },
++ { "setenv", setenv_option, NEED_ARG | EXPAND_ARG },
++ { "nice", nice_option, OPT_ARG },
++ { "severity", severity_option, NEED_ARG },
++ { "allow", allow_option, USE_LAST },
++ { "deny", deny_option, USE_LAST },
++ { "banners", banners_option, NEED_ARG },
++ { NULL, NULL, 0 }
+ };
+
+ /* process_options - process access control options */
+@@ -227,13 +229,13 @@ struct request_info *request;
+ sprintf(path, "%s/%s", value, eval_daemon(request));
+ if ((fp = fopen(path, "r")) != 0) {
+ while ((ch = fgetc(fp)) == 0)
+- write(request->fd, "", 1);
++ if (write(request->fd, "", 1));
+ ungetc(ch, fp);
+ while (fgets(ibuf, sizeof(ibuf) - 1, fp)) {
+ if (split_at(ibuf, '\n'))
+ strcat(ibuf, "\r\n");
+ percent_x(obuf, sizeof(obuf), ibuf, request);
+- write(request->fd, obuf, strlen(obuf));
++ if(write(request->fd, obuf, strlen(obuf)));
+ }
+ fclose(fp);
+ } else if (stat(value, &st) < 0) {
+@@ -462,85 +464,85 @@ struct syslog_names {
+
+ static struct syslog_names log_fac[] = {
+ #ifdef LOG_KERN
+- "kern", LOG_KERN,
++ { "kern", LOG_KERN },
+ #endif
+ #ifdef LOG_USER
+- "user", LOG_USER,
++ { "user", LOG_USER },
+ #endif
+ #ifdef LOG_MAIL
+- "mail", LOG_MAIL,
++ { "mail", LOG_MAIL },
+ #endif
+ #ifdef LOG_DAEMON
+- "daemon", LOG_DAEMON,
++ { "daemon", LOG_DAEMON },
+ #endif
+ #ifdef LOG_AUTH
+- "auth", LOG_AUTH,
++ { "auth", LOG_AUTH },
+ #endif
+ #ifdef LOG_LPR
+- "lpr", LOG_LPR,
++ { "lpr", LOG_LPR },
+ #endif
+ #ifdef LOG_NEWS
+- "news", LOG_NEWS,
++ { "news", LOG_NEWS },
+ #endif
+ #ifdef LOG_UUCP
+- "uucp", LOG_UUCP,
++ { "uucp", LOG_UUCP },
+ #endif
+ #ifdef LOG_CRON
+- "cron", LOG_CRON,
++ { "cron", LOG_CRON },
+ #endif
+ #ifdef LOG_LOCAL0
+- "local0", LOG_LOCAL0,
++ { "local0", LOG_LOCAL0 },
+ #endif
+ #ifdef LOG_LOCAL1
+- "local1", LOG_LOCAL1,
++ { "local1", LOG_LOCAL1 },
+ #endif
+ #ifdef LOG_LOCAL2
+- "local2", LOG_LOCAL2,
++ { "local2", LOG_LOCAL2 },
+ #endif
+ #ifdef LOG_LOCAL3
+- "local3", LOG_LOCAL3,
++ { "local3", LOG_LOCAL3 },
+ #endif
+ #ifdef LOG_LOCAL4
+- "local4", LOG_LOCAL4,
++ { "local4", LOG_LOCAL4 },
+ #endif
+ #ifdef LOG_LOCAL5
+- "local5", LOG_LOCAL5,
++ { "local5", LOG_LOCAL5 },
+ #endif
+ #ifdef LOG_LOCAL6
+- "local6", LOG_LOCAL6,
++ { "local6", LOG_LOCAL6 },
+ #endif
+ #ifdef LOG_LOCAL7
+- "local7", LOG_LOCAL7,
++ { "local7", LOG_LOCAL7 },
+ #endif
+- 0,
++ { NULL, 0 }
+ };
+
+ static struct syslog_names log_sev[] = {
+ #ifdef LOG_EMERG
+- "emerg", LOG_EMERG,
++ { "emerg", LOG_EMERG },
+ #endif
+ #ifdef LOG_ALERT
+- "alert", LOG_ALERT,
++ { "alert", LOG_ALERT },
+ #endif
+ #ifdef LOG_CRIT
+- "crit", LOG_CRIT,
++ { "crit", LOG_CRIT },
+ #endif
+ #ifdef LOG_ERR
+- "err", LOG_ERR,
++ { "err", LOG_ERR },
+ #endif
+ #ifdef LOG_WARNING
+- "warning", LOG_WARNING,
++ { "warning", LOG_WARNING },
+ #endif
+ #ifdef LOG_NOTICE
+- "notice", LOG_NOTICE,
++ { "notice", LOG_NOTICE },
+ #endif
+ #ifdef LOG_INFO
+- "info", LOG_INFO,
++ { "info", LOG_INFO },
+ #endif
+ #ifdef LOG_DEBUG
+- "debug", LOG_DEBUG,
++ { "debug", LOG_DEBUG },
+ #endif
+- 0,
++ { NULL, 0 }
+ };
+
+ /* severity_map - lookup facility or severity value */
+@@ -601,7 +603,7 @@ char *string;
+ if (src[0] == 0)
+ return (0);
+
+- while (ch = *src) {
++ while ((ch = *src)) {
+ if (ch == ':') {
+ if (*++src == 0)
+ tcpd_warn("rule ends in \":\"");
+diff -up tcp_wrappers_7.6-ipv6.4/percent_m.c.warnings tcp_wrappers_7.6-ipv6.4/percent_m.c
+--- tcp_wrappers_7.6-ipv6.4/percent_m.c.warnings 2003-04-16 16:12:24.000000000 +0200
++++ tcp_wrappers_7.6-ipv6.4/percent_m.c 2013-08-15 18:51:57.536244211 +0200
+@@ -29,7 +29,7 @@ char *ibuf;
+ char *bp = obuf;
+ char *cp = ibuf;
+
+- while (*bp = *cp)
++ while ((*bp = *cp))
+ if (*cp == '%' && cp[1] == 'm') {
+ #ifdef USE_STRERROR
+ strcpy(bp, strerror(errno));
+diff -up tcp_wrappers_7.6-ipv6.4/percent_x.c.warnings tcp_wrappers_7.6-ipv6.4/percent_x.c
+--- tcp_wrappers_7.6-ipv6.4/percent_x.c.warnings 1994-12-28 17:42:38.000000000 +0100
++++ tcp_wrappers_7.6-ipv6.4/percent_x.c 2013-08-15 18:51:57.537244215 +0200
+@@ -19,6 +19,7 @@ static char sccsid[] = "@(#) percent_x.c
+ #include <stdio.h>
+ #include <syslog.h>
+ #include <string.h>
++#include <unistd.h>
+
+ extern void exit();
+
+diff -up tcp_wrappers_7.6-ipv6.4/rfc931.c.warnings tcp_wrappers_7.6-ipv6.4/rfc931.c
+--- tcp_wrappers_7.6-ipv6.4/rfc931.c.warnings 2013-08-15 18:51:57.484243985 +0200
++++ tcp_wrappers_7.6-ipv6.4/rfc931.c 2013-08-15 18:51:57.537244215 +0200
+@@ -23,6 +23,7 @@ static char sccsid[] = "@(#) rfc931.c 1.
+ #include <setjmp.h>
+ #include <signal.h>
+ #include <string.h>
++#include <unistd.h>
+
+ /* Local stuff. */
+
+@@ -81,7 +82,7 @@ char *dest;
+ char *cp;
+ char *result = unknown;
+ FILE *fp;
+- unsigned saved_timeout;
++ unsigned saved_timeout = 0;
+ struct sigaction nact, oact;
+
+ /*
+@@ -165,7 +166,7 @@ char *dest;
+ * protocol, not part of the data.
+ */
+
+- if (cp = strchr(user, '\r'))
++ if ((cp = strchr(user, '\r')))
+ *cp = 0;
+ result = user;
+ }
+diff -up tcp_wrappers_7.6-ipv6.4/safe_finger.c.warnings tcp_wrappers_7.6-ipv6.4/safe_finger.c
+--- tcp_wrappers_7.6-ipv6.4/safe_finger.c.warnings 2013-08-15 18:51:57.521244146 +0200
++++ tcp_wrappers_7.6-ipv6.4/safe_finger.c 2013-08-15 18:51:57.538244219 +0200
+@@ -24,8 +24,13 @@ static char sccsid[] = "@(#) safe_finger
+ #include <sys/stat.h>
+ #include <signal.h>
+ #include <stdio.h>
++#include <stdlib.h>
++#include <unistd.h>
++#include <fcntl.h>
++#include <sys/wait.h>
+ #include <ctype.h>
+ #include <pwd.h>
++#include <grp.h>
+
+ extern void exit();
+
+@@ -40,6 +45,8 @@ char path[] = "PATH=/bin:/usr/bin:/us
+ #define UNPRIV_NAME "nobody" /* Preferred privilege level */
+ #define UNPRIV_UGID 32767 /* Default uid and gid */
+
++int pipe_stdin(char **);
++
+ int finger_pid;
+
+ void cleanup(sig)
+@@ -49,6 +56,7 @@ int sig;
+ exit(0);
+ }
+
++int
+ main(argc, argv)
+ int argc;
+ char **argv;
+@@ -65,13 +73,17 @@ char **argv;
+ */
+ if (getuid() == 0 || geteuid() == 0) {
+ if ((pwd = getpwnam(UNPRIV_NAME)) && pwd->pw_uid > 0) {
+- setgid(pwd->pw_gid);
++ if (setgid(pwd->pw_gid) != 0)
++ return 1;
+ initgroups(UNPRIV_NAME, pwd->pw_gid);
+- setuid(pwd->pw_uid);
++ if (setuid(pwd->pw_uid))
++ return 1;
+ } else {
+- setgid(UNPRIV_UGID);
++ if (setgid(UNPRIV_UGID))
++ return 1;
+ setgroups(0, NULL);
+- setuid(UNPRIV_UGID);
++ if (setuid(UNPRIV_UGID))
++ return 1;
+ }
+ }
+
+diff -up tcp_wrappers_7.6-ipv6.4/scaffold.c.warnings tcp_wrappers_7.6-ipv6.4/scaffold.c
+--- tcp_wrappers_7.6-ipv6.4/scaffold.c.warnings 2013-08-15 18:51:57.457243868 +0200
++++ tcp_wrappers_7.6-ipv6.4/scaffold.c 2013-08-15 18:51:57.538244219 +0200
+@@ -20,6 +20,8 @@ static char sccs_id[] = "@(#) scaffold.c
+ #include <syslog.h>
+ #include <setjmp.h>
+ #include <string.h>
++#include <unistd.h>
++#include <stdlib.h>
+
+ #ifndef INADDR_NONE
+ #define INADDR_NONE (-1) /* XXX should be 0xffffffff */
+diff -up tcp_wrappers_7.6-ipv6.4/socket.c.warnings tcp_wrappers_7.6-ipv6.4/socket.c
+--- tcp_wrappers_7.6-ipv6.4/socket.c.warnings 2013-08-15 18:51:57.479243964 +0200
++++ tcp_wrappers_7.6-ipv6.4/socket.c 2013-08-15 18:52:32.346394921 +0200
+@@ -21,6 +21,7 @@ static char sccsid[] = "@(#) socket.c 1.
+
+ /* System libraries. */
+
++#include <arpa/inet.h>
+ #include <sys/types.h>
+ #include <sys/param.h>
+ #include <sys/socket.h>
+@@ -84,7 +85,7 @@ struct request_info *request;
+ {
+ static struct sockaddr_gen client;
+ static struct sockaddr_gen server;
+- int len;
++ unsigned len;
+ char buf[BUFSIZ];
+ int fd = request->fd;
+
+@@ -168,7 +169,7 @@ struct request_info *request;
+ sock_methods(request);
+
+ memcpy(&client, res->ai_addr, res->ai_addrlen);
+- request->client->sin = (struct sockaddr *)&client;
++ request->client->sin = (struct sockaddr_gen *)&client;
+ freeaddrinfo(res);
+
+ request->client->name[0] = 0;
+@@ -293,7 +294,7 @@ int fd;
+ {
+ char buf[BUFSIZ];
+ struct sockaddr_in sin;
+- int size = sizeof(sin);
++ unsigned size = sizeof(sin);
+
+ /*
+ * Eat up the not-yet received datagram. Some systems insist on a
+diff -up tcp_wrappers_7.6-ipv6.4/tcpdchk.c.warnings tcp_wrappers_7.6-ipv6.4/tcpdchk.c
+--- tcp_wrappers_7.6-ipv6.4/tcpdchk.c.warnings 2013-08-15 18:51:57.529244180 +0200
++++ tcp_wrappers_7.6-ipv6.4/tcpdchk.c 2013-08-15 18:51:57.540244228 +0200
+@@ -30,6 +30,8 @@ static char sccsid[] = "@(#) tcpdchk.c 1
+ #include <errno.h>
+ #include <netdb.h>
+ #include <string.h>
++#include <unistd.h>
++#include <stdlib.h>
+
+ extern int errno;
+ extern void exit();
+@@ -199,13 +201,15 @@ struct request_info *request;
+ char sv_list[BUFLEN]; /* becomes list of daemons */
+ char *cl_list; /* becomes list of requests */
+ char *sh_cmd; /* becomes optional shell command */
++#ifndef PROCESS_OPTIONS
+ char buf[BUFSIZ];
++#endif
+ int verdict;
+ struct tcpd_context saved_context;
+
+ saved_context = tcpd_context; /* stupid compilers */
+
+- if (fp = fopen(table, "r")) {
++ if ((fp = fopen(table, "r"))) {
+ tcpd_context.file = table;
+ tcpd_context.line = 0;
+ while (xgets(sv_list, sizeof(sv_list), fp)) {
+@@ -331,7 +335,7 @@ char *list;
+ clients = 0;
+ } else {
+ clients++;
+- if (host = split_at(cp + 1, '@')) { /* user@host */
++ if ((host = split_at(cp + 1, '@'))) { /* user@host */
+ check_user(cp);
+ check_host(host);
+ } else {
+@@ -449,7 +453,7 @@ char *pat;
+ if (err)
+ tcpd_warn("bad IP6 address specification: %s", pat);
+ #endif
+- } else if (mask = split_at(pat, '/')) { /* network/netmask */
++ } else if ((mask = split_at(pat, '/'))) { /* network/netmask */
+ if (dot_quad_addr(pat) == INADDR_NONE
+ || dot_quad_addr(mask) == INADDR_NONE)
+ tcpd_warn("%s/%s: bad net/mask pattern", pat, mask);
+diff -up tcp_wrappers_7.6-ipv6.4/tcpd.c.warnings tcp_wrappers_7.6-ipv6.4/tcpd.c
+--- tcp_wrappers_7.6-ipv6.4/tcpd.c.warnings 2013-08-15 18:51:57.450243838 +0200
++++ tcp_wrappers_7.6-ipv6.4/tcpd.c 2013-08-15 18:51:57.540244228 +0200
+@@ -24,6 +24,7 @@ static char sccsid[] = "@(#) tcpd.c 1.10
+ #include <stdio.h>
+ #include <syslog.h>
+ #include <string.h>
++#include <unistd.h>
+
+ #ifndef MAXPATHNAMELEN
+ #define MAXPATHNAMELEN BUFSIZ
+@@ -38,9 +39,12 @@ static char sccsid[] = "@(#) tcpd.c 1.10
+ #include "patchlevel.h"
+ #include "tcpd.h"
+
++void fix_options(struct request_info *);
++
+ int allow_severity = SEVERITY; /* run-time adjustable */
+ int deny_severity = LOG_WARNING; /* ditto */
+
++int
+ main(argc, argv)
+ int argc;
+ char **argv;
+diff -up tcp_wrappers_7.6-ipv6.4/tcpdmatch.c.warnings tcp_wrappers_7.6-ipv6.4/tcpdmatch.c
+--- tcp_wrappers_7.6-ipv6.4/tcpdmatch.c.warnings 2013-08-15 18:51:57.503244068 +0200
++++ tcp_wrappers_7.6-ipv6.4/tcpdmatch.c 2013-08-15 18:51:57.541244232 +0200
+@@ -26,9 +26,11 @@ static char sccsid[] = "@(#) tcpdmatch.c
+ #include <arpa/inet.h>
+ #include <netdb.h>
+ #include <stdio.h>
++#include <stdlib.h>
+ #include <syslog.h>
+ #include <setjmp.h>
+ #include <string.h>
++#include <unistd.h>
+
+ extern void exit();
+ extern int optind;
+diff -up tcp_wrappers_7.6-ipv6.4/try-from.c.warnings tcp_wrappers_7.6-ipv6.4/try-from.c
+--- tcp_wrappers_7.6-ipv6.4/try-from.c.warnings 1994-12-28 17:42:55.000000000 +0100
++++ tcp_wrappers_7.6-ipv6.4/try-from.c 2013-08-15 18:51:57.541244232 +0200
+@@ -37,6 +37,7 @@ static char sccsid[] = "@(#) try-from.c
+ int allow_severity = SEVERITY; /* run-time adjustable */
+ int deny_severity = LOG_WARNING; /* ditto */
+
++int
+ main(argc, argv)
+ int argc;
+ char **argv;
+diff -up tcp_wrappers_7.6-ipv6.4/update.c.warnings tcp_wrappers_7.6-ipv6.4/update.c
+--- tcp_wrappers_7.6-ipv6.4/update.c.warnings 1999-10-27 10:44:39.000000000 +0200
++++ tcp_wrappers_7.6-ipv6.4/update.c 2013-08-15 18:51:57.541244232 +0200
+@@ -22,6 +22,7 @@ static char sccsid[] = "@(#) update.c 1.
+ #include <stdio.h>
+ #include <syslog.h>
+ #include <string.h>
++#include <unistd.h>
+
+ /* Local stuff. */
+
diff --git a/SOURCES/tcp_wrappers-7.6-xgets.patch b/SOURCES/tcp_wrappers-7.6-xgets.patch
new file mode 100644
index 0000000..2c7d81f
--- /dev/null
+++ b/SOURCES/tcp_wrappers-7.6-xgets.patch
@@ -0,0 +1,12 @@
+diff -up tcp_wrappers_7.6/misc.c.xgets tcp_wrappers_7.6/misc.c
+--- tcp_wrappers_7.6/misc.c.xgets 2011-08-15 05:50:26.403091995 -0400
++++ tcp_wrappers_7.6/misc.c 2011-08-15 05:51:02.289091985 -0400
+@@ -35,7 +35,7 @@ FILE *fp;
+ int got;
+ char *start = ptr;
+
+- while (fgets(ptr, len, fp)) {
++ while (len && fgets(ptr, len, fp)) {
+ got = strlen(ptr);
+ if (got >= 1 && ptr[got - 1] == '\n') {
+ tcpd_context.line++;
diff --git a/SOURCES/tcp_wrappers.usagi-ipv6.patch b/SOURCES/tcp_wrappers.usagi-ipv6.patch
new file mode 100644
index 0000000..e3bc707
--- /dev/null
+++ b/SOURCES/tcp_wrappers.usagi-ipv6.patch
@@ -0,0 +1,271 @@
+diff -up tcp_wrappers_7.6/fix_options.c.patch9 tcp_wrappers_7.6/fix_options.c
+--- tcp_wrappers_7.6/fix_options.c.patch9 1997-04-08 02:29:19.000000000 +0200
++++ tcp_wrappers_7.6/fix_options.c 2008-08-29 09:45:12.000000000 +0200
+@@ -11,6 +11,9 @@ static char sccsid[] = "@(#) fix_options
+
+ #include <sys/types.h>
+ #include <sys/param.h>
++#ifdef HAVE_IPV6
++#include <sys/socket.h>
++#endif
+ #include <netinet/in.h>
+ #include <netinet/in_systm.h>
+ #include <netinet/ip.h>
+@@ -41,6 +44,22 @@ struct request_info *request;
+ unsigned int opt;
+ int optlen;
+ struct in_addr dummy;
++#ifdef HAVE_IPV6
++ struct sockaddr_storage ss;
++ int sslen;
++
++ /*
++ * check if this is AF_INET socket
++ * XXX IPv6 support?
++ */
++ sslen = sizeof(ss);
++ if (getsockname(fd, (struct sockaddr *)&ss, &sslen) < 0) {
++ syslog(LOG_ERR, "getpeername: %m");
++ clean_exit(request);
++ }
++ if (ss.ss_family != AF_INET)
++ return;
++#endif
+
+ if ((ip = getprotobyname("ip")) != 0)
+ ipproto = ip->p_proto;
+diff -up tcp_wrappers_7.6/hosts_access.5.patch9 tcp_wrappers_7.6/hosts_access.5
+--- tcp_wrappers_7.6/hosts_access.5.patch9 2008-08-29 09:45:12.000000000 +0200
++++ tcp_wrappers_7.6/hosts_access.5 2008-08-29 09:45:12.000000000 +0200
+@@ -85,11 +85,18 @@ member of the specified netgroup. Netgro
+ for daemon process names or for client user names.
+ .IP \(bu
+ An expression of the form `n.n.n.n/m.m.m.m\' is interpreted as a
+-`net/mask\' pair. A host address is matched if `net\' is equal to the
++`net/mask\' pair. An IPv4 host address is matched if `net\' is equal to the
+ bitwise AND of the address and the `mask\'. For example, the net/mask
+ pattern `131.155.72.0/255.255.254.0\' matches every address in the
+ range `131.155.72.0\' through `131.155.73.255\'.
+ .IP \(bu
++An expression of the form `[n:n:n:n:n:n:n:n/m]\' is interpreted as a
++`[net/prefixlen]\' pair. An IPv6 host address is matched if
++`prefixlen\' bits of `net\' is equal to the `prefixlen\' bits of the
++address. For example, the [net/prefixlen] pattern
++`[3ffe:505:2:1::/64]\' matches every address in the range
++`3ffe:505:2:1::\' through `3ffe:505:2:1:ffff:ffff:ffff:ffff\'.
++.IP \(bu
+ A string that begins with a `/\' character is treated as a file
+ name. A host name or address is matched if it matches any host name
+ or address pattern listed in the named file. The file format is
+diff -up tcp_wrappers_7.6/inetcf.c.patch9 tcp_wrappers_7.6/inetcf.c
+--- tcp_wrappers_7.6/inetcf.c.patch9 1997-02-12 02:13:24.000000000 +0100
++++ tcp_wrappers_7.6/inetcf.c 2008-08-29 09:45:12.000000000 +0200
+@@ -26,6 +26,9 @@ extern void exit();
+ * guesses. Shorter names follow longer ones.
+ */
+ char *inet_files[] = {
++#ifdef HAVE_IPV6
++ "/usr/local/v6/etc/inet6d.conf", /* KAME */
++#endif
+ "/private/etc/inetd.conf", /* NEXT */
+ "/etc/inet/inetd.conf", /* SYSV4 */
+ "/usr/etc/inetd.conf", /* IRIX?? */
+diff -up tcp_wrappers_7.6/Makefile.patch9 tcp_wrappers_7.6/Makefile
+--- tcp_wrappers_7.6/Makefile.patch9 2013-01-25 10:53:33.891349937 +0100
++++ tcp_wrappers_7.6/Makefile 2013-01-25 11:00:57.362801588 +0100
+@@ -21,7 +21,7 @@ what:
+ @echo " dynix epix esix freebsd hpux irix4 irix5 irix6 isc iunix"
+ @echo " linux machten mips(untested) ncrsvr4 netbsd next osf power_unix_211"
+ @echo " ptx-2.x ptx-generic pyramid sco sco-nis sco-od2 sco-os5 sinix sunos4"
+- @echo " sunos40 sunos5 sysv4 tandem ultrix unicos7 unicos8 unixware1 unixware2"
++ @echo " sunos40 sunos5 solaris8 sysv4 tandem ultrix unicos7 unicos8 unixware1 unixware2"
+ @echo " uts215 uxp"
+ @echo
+ @echo "If none of these match your environment, edit the system"
+@@ -138,13 +138,25 @@ epix:
+
+ freebsd:
+ @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
++ LIBS="-L/usr/local/v6/lib -linet6" \
+ LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= NETGROUP= TLI= \
+- EXTRA_CFLAGS=-DUSE_STRERROR VSYSLOG= all
++ EXTRA_CFLAGS="-DUSE_STRERROR -Dss_family=__ss_family -Dss_len=__ss_len" VSYSLOG= all
++
++netbsd:
++ @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
++ LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= NETGROUP= TLI= \
++ EXTRA_CFLAGS="-DSYS_ERRLIST_DEFINED -Dss_family=__ss_family -Dss_len=__ss_len" VSYSLOG= all
+
+ linux:
+ @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
+ LIBS="-lnsl" RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \
+- NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DUSE_STRERROR -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all
++ NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DUSE_STRERROR -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER -Dss_family=__ss_family -Dss_len=__ss_len" all
++
++linux-old:
++ @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
++ LIBS="/usr/inet6/lib/libinet6.a -lresolv" \
++ RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o NETGROUP= TLI= \
++ EXTRA_CFLAGS="-DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER -Dss_family=sin6_family -Dsockaddr_storage=sockaddr_in6 -I/usr/inet6/include" all
+
+ # This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x.
+ hpux hpux8 hpux9 hpux10:
+@@ -197,6 +209,13 @@ sunos5:
+ BUGS="$(BUGS) -DSOLARIS_24_GETHOSTBYNAME_BUG" IPV6="$(IPV6)" \
+ EXTRA_CFLAGS=-DUSE_STRERROR all
+
++# SunOS 5.8 is another SYSV4 variant, but has IPv6 support
++solaris8:
++ @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
++ LIBS="-lsocket -lnsl" RANLIB=echo ARFLAGS=rv VSYSLOG= \
++ NETGROUP=-DNETGROUP AUX_OBJ=setenv.o TLI=-DTLI \
++ EXTRA_CFLAGS="-DNO_CLONE_DEVICE -DINT32_T" all
++
+ # Generic SYSV40
+ esix sysv4:
+ @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
+@@ -392,7 +411,7 @@ AR = ar
+ # the ones provided with this source distribution. The environ.c module
+ # implements setenv(), getenv(), and putenv().
+
+-AUX_OBJ= setenv.o
++#AUX_OBJ= setenv.o
+ #AUX_OBJ= environ.o
+ #AUX_OBJ= environ.o strcasecmp.o
+
+@@ -455,7 +474,7 @@ AUX_OBJ= setenv.o
+ # host name aliases. Compile with -DSOLARIS_24_GETHOSTBYNAME_BUG to work
+ # around this. The workaround does no harm on other Solaris versions.
+
+-BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DLIBC_CALLS_STRTOK
++#BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DLIBC_CALLS_STRTOK
+ #BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DINET_ADDR_BUG
+ #BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DSOLARIS_24_GETHOSTBYNAME_BUG
+
+@@ -473,7 +492,7 @@ BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS
+ # If your system supports vsyslog(), comment out the following definition.
+ # If in doubt leave it in, it won't harm.
+
+-VSYSLOG = -Dvsyslog=myvsyslog
++#VSYSLOG = -Dvsyslog=myvsyslog
+
+ ###############################################################
+ # System dependencies: whether or not your system has IPV6
+@@ -485,7 +504,7 @@ VSYSLOG = -Dvsyslog=myvsyslog
+
+ # If your system does not have getipnodebyname() but uses the obsolete
+ # gethostbyname2() instead, use this (AIX)
+-# IPV6 = -DHAVE_IPV6 -DUSE_GETHOSTBYNAME2
++IPV6 = -DHAVE_IPV6 -DUSE_GETHOSTBYNAME2
+
+ # End of the system dependencies.
+ #################################
+diff -up tcp_wrappers_7.6/misc.c.patch9 tcp_wrappers_7.6/misc.c
+--- tcp_wrappers_7.6/misc.c.patch9 1996-02-11 17:01:30.000000000 +0100
++++ tcp_wrappers_7.6/misc.c 2008-08-29 09:45:12.000000000 +0200
+@@ -58,9 +58,31 @@ int delimiter;
+ {
+ char *cp;
+
++#ifdef HAVE_IPV6
++ int bracket = 0;
++
++ for (cp = string; cp && *cp; cp++) {
++ switch (*cp) {
++ case '[':
++ bracket++;
++ break;
++ case ']':
++ bracket--;
++ break;
++ default:
++ if (bracket == 0 && *cp == delimiter) {
++ *cp++ = 0;
++ return cp;
++ }
++ break;
++ }
++ }
++ return (NULL);
++#else
+ if ((cp = strchr(string, delimiter)) != 0)
+ *cp++ = 0;
+ return (cp);
++#endif
+ }
+
+ /* dot_quad_addr - convert dotted quad to internal form */
+diff -up tcp_wrappers_7.6/refuse.c.patch9 tcp_wrappers_7.6/refuse.c
+--- tcp_wrappers_7.6/refuse.c.patch9 1994-12-28 17:42:40.000000000 +0100
++++ tcp_wrappers_7.6/refuse.c 2008-08-29 09:45:12.000000000 +0200
+@@ -25,7 +25,12 @@ static char sccsid[] = "@(#) refuse.c 1.
+ void refuse(request)
+ struct request_info *request;
+ {
++#ifdef HAVE_IPV6
++ syslog(deny_severity, "refused connect from %s (%s)",
++ eval_client(request), eval_hostaddr(request->client));
++#else
+ syslog(deny_severity, "refused connect from %s", eval_client(request));
++#endif
+ clean_exit(request);
+ /* NOTREACHED */
+ }
+diff -up tcp_wrappers_7.6/rfc931.c.patch9 tcp_wrappers_7.6/rfc931.c
+--- tcp_wrappers_7.6/rfc931.c.patch9 2004-05-04 16:01:01.000000000 +0200
++++ tcp_wrappers_7.6/rfc931.c 2013-01-25 11:08:26.690292897 +0100
+@@ -94,6 +94,12 @@ char *dest;
+ * sockets.
+ */
+
++ /* address family must be the same */
++ if (SGFAM(rmt_sin) != SGFAM(our_sin)) {
++ STRN_CPY(dest, result, STRING_LENGTH);
++ return;
++ }
++
+ if ((fp = fsocket(SGFAM(rmt_sin), SOCK_STREAM, 0)) != 0) {
+ setbuf(fp, (char *) 0);
+
+diff -up tcp_wrappers_7.6/tcpd.c.patch9 tcp_wrappers_7.6/tcpd.c
+--- tcp_wrappers_7.6/tcpd.c.patch9 2008-08-29 09:45:12.000000000 +0200
++++ tcp_wrappers_7.6/tcpd.c 2008-08-29 09:45:12.000000000 +0200
+@@ -120,7 +120,12 @@ char **argv;
+
+ /* Report request and invoke the real daemon program. */
+
++#ifdef HAVE_IPV6
++ syslog(allow_severity, "connect from %s (%s)",
++ eval_client(&request), eval_hostaddr(request.client));
++#else
+ syslog(allow_severity, "connect from %s", eval_client(&request));
++#endif
+ closelog();
+ (void) execv(path, argv);
+ syslog(LOG_ERR, "error: cannot execute %s: %m", path);
+diff -up tcp_wrappers_7.6/workarounds.c.patch9 tcp_wrappers_7.6/workarounds.c
+--- tcp_wrappers_7.6/workarounds.c.patch9 1996-03-19 16:22:26.000000000 +0100
++++ tcp_wrappers_7.6/workarounds.c 2008-08-29 09:45:12.000000000 +0200
+@@ -166,11 +166,22 @@ struct sockaddr *sa;
+ int *len;
+ {
+ int ret;
++#ifdef HAVE_IPV6
++ struct sockaddr *sin = sa;
++#else
+ struct sockaddr_in *sin = (struct sockaddr_in *) sa;
++#endif
+
+ if ((ret = getpeername(sock, sa, len)) >= 0
++#ifdef HAVE_IPV6
++ && ((sin->su_si.si_family == AF_INET6
++ && IN6_IS_ADDR_UNSPECIFIED(&sin->su_sin6.sin6_addr))
++ || (sin->su_si.si_family == AF_INET
++ && sin->su_sin.sin_addr.s_addr == 0))) {
++#else
+ && sa->sa_family == AF_INET
+ && sin->sin_addr.s_addr == 0) {
++#endif
+ errno = ENOTCONN;
+ return (-1);
+ } else {
diff --git a/SOURCES/tcp_wrappers_7.6-249430.patch b/SOURCES/tcp_wrappers_7.6-249430.patch
new file mode 100644
index 0000000..e4b26c6
--- /dev/null
+++ b/SOURCES/tcp_wrappers_7.6-249430.patch
@@ -0,0 +1,14 @@
+diff -up tcp_wrappers_7.6/hosts_access.c.patch22 tcp_wrappers_7.6/hosts_access.c
+--- tcp_wrappers_7.6/hosts_access.c.patch22 2008-08-29 09:45:12.000000000 +0200
++++ tcp_wrappers_7.6/hosts_access.c 2008-08-29 09:45:12.000000000 +0200
+@@ -419,7 +419,9 @@ char *string;
+ if ((addr = dot_quad_addr(string)) == INADDR_NONE)
+ return (NO);
+ if ((net = dot_quad_addr(net_tok)) == INADDR_NONE
+- || (mask = dot_quad_addr(mask_tok)) == INADDR_NONE) {
++ || ((mask = dot_quad_addr(mask_tok)) == INADDR_NONE
++ && strcmp(mask_tok, "255.255.255.255"))) {
++ /* 255.255.255.255 == INADDR_NONE, separate check needed. TJ. */
+ tcpd_warn("bad net/mask expression: %s/%s", net_tok, mask_tok);
+ return (NO); /* not tcpd_jump() */
+ }
diff --git a/SOURCES/tcpw7.2-config.patch b/SOURCES/tcpw7.2-config.patch
new file mode 100644
index 0000000..b612076
--- /dev/null
+++ b/SOURCES/tcpw7.2-config.patch
@@ -0,0 +1,94 @@
+diff -up tcp_wrappers_7.6/Makefile.patch1 tcp_wrappers_7.6/Makefile
+--- tcp_wrappers_7.6/Makefile.patch1 1997-03-21 19:27:21.000000000 +0100
++++ tcp_wrappers_7.6/Makefile 2008-08-29 09:45:12.000000000 +0200
+@@ -44,7 +44,7 @@ what:
+ #REAL_DAEMON_DIR=/usr/etc
+ #
+ # SysV.4 Solaris 2.x OSF AIX
+-#REAL_DAEMON_DIR=/usr/sbin
++REAL_DAEMON_DIR=/usr/sbin
+ #
+ # BSD 4.4
+ #REAL_DAEMON_DIR=/usr/libexec
+@@ -144,7 +144,7 @@ freebsd:
+ linux:
+ @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
+ LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
+- NETGROUP= TLI= EXTRA_CFLAGS="-DBROKEN_SO_LINGER -DUSE_STRERROR" all
++ NETGROUP= TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DUSE_STRERROR -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all
+
+ # This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x.
+ hpux hpux8 hpux9 hpux10:
+@@ -491,7 +491,7 @@ VSYSLOG = -Dvsyslog=myvsyslog
+ # Uncomment the next definition to turn on the language extensions
+ # (examples: allow, deny, banners, twist and spawn).
+ #
+-#STYLE = -DPROCESS_OPTIONS # Enable language extensions.
++STYLE = -DPROCESS_OPTIONS # Enable language extensions.
+
+ ################################################################
+ # Optional: Changing the default disposition of logfile records
+@@ -514,7 +514,8 @@ VSYSLOG = -Dvsyslog=myvsyslog
+ #
+ # The LOG_XXX names below are taken from the /usr/include/syslog.h file.
+
+-FACILITY= LOG_MAIL # LOG_MAIL is what most sendmail daemons use
++#FACILITY= LOG_MAIL # LOG_MAIL is what most sendmail daemons use
++FACILITY= LOG_AUTHPRIV # LOG_AUTHPRIV is more appropriate for RH 2.0
+
+ # The syslog priority at which successful connections are logged.
+
+@@ -531,7 +532,7 @@ SEVERITY= LOG_INFO # LOG_INFO is normall
+ # and with Solaris < 2.4. APPEND_DOT will not work with hostnames taken
+ # from /etc/hosts or from NIS maps. It does work with DNS through NIS.
+ #
+-# DOT= -DAPPEND_DOT
++DOT= -DAPPEND_DOT
+
+ ##################################################
+ # Optional: Always attempt remote username lookups
+@@ -551,7 +552,7 @@ SEVERITY= LOG_INFO # LOG_INFO is normall
+ # still do selective username lookups as documented in the hosts_access.5
+ # and hosts_options.5 manual pages (`nroff -man' format).
+ #
+-#AUTH = -DALWAYS_RFC931
++AUTH = #-DALWAYS_RFC931
+ #
+ # The default username lookup timeout is 10 seconds. This may not be long
+ # enough for slow hosts or networks, but is enough to irritate PC users.
+@@ -610,7 +611,7 @@ TABLES = -DHOSTS_DENY=\"/etc/hosts.deny\
+ # Paranoid mode implies hostname lookup. In order to disable hostname
+ # lookups altogether, see the next section.
+
+-PARANOID= -DPARANOID
++PARANOID= #-DPARANOID
+
+ ########################################
+ # Optional: turning off hostname lookups
+@@ -623,7 +624,7 @@ PARANOID= -DPARANOID
+ # In order to perform selective hostname lookups, disable paranoid
+ # mode (see previous section) and comment out the following definition.
+
+-HOSTNAME= -DALWAYS_HOSTNAME
++HOSTNAME= #-DALWAYS_HOSTNAME
+
+ #############################################
+ # Optional: Turning on host ADDRESS checking
+@@ -649,7 +650,7 @@ HOSTNAME= -DALWAYS_HOSTNAME
+ # source-routed traffic in the kernel. Examples: 4.4BSD derivatives,
+ # Solaris 2.x, and Linux. See your system documentation for details.
+ #
+-# KILL_OPT= -DKILL_IP_OPTIONS
++KILL_OPT= -DKILL_IP_OPTIONS
+
+ ## End configuration options
+ ############################
+@@ -659,7 +660,7 @@ HOSTNAME= -DALWAYS_HOSTNAME
+ SHELL = /bin/sh
+ .c.o:; $(CC) $(CFLAGS) -c $*.c
+
+-CFLAGS = -O -DFACILITY=$(FACILITY) $(ACCESS) $(PARANOID) $(NETGROUP) \
++CFLAGS = -DFACILITY=$(FACILITY) $(ACCESS) $(PARANOID) $(NETGROUP) \
+ $(BUGS) $(SYSTYPE) $(AUTH) $(UMASK) \
+ -DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" $(STYLE) $(KILL_OPT) \
+ -DSEVERITY=$(SEVERITY) -DRFC931_TIMEOUT=$(RFC931_TIMEOUT) \
diff --git a/SOURCES/tcpw7.2-setenv.patch b/SOURCES/tcpw7.2-setenv.patch
new file mode 100644
index 0000000..b855944
--- /dev/null
+++ b/SOURCES/tcpw7.2-setenv.patch
@@ -0,0 +1,12 @@
+diff -up tcp_wrappers_7.6/Makefile.patch2 tcp_wrappers_7.6/Makefile
+--- tcp_wrappers_7.6/Makefile.patch2 2008-08-29 09:45:12.000000000 +0200
++++ tcp_wrappers_7.6/Makefile 2008-08-29 09:45:12.000000000 +0200
+@@ -143,7 +143,7 @@ freebsd:
+
+ linux:
+ @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
+- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
++ LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \
+ NETGROUP= TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DUSE_STRERROR -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all
+
+ # This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x.
diff --git a/SOURCES/tcpw7.6-netgroup.patch b/SOURCES/tcpw7.6-netgroup.patch
new file mode 100644
index 0000000..239b6ed
--- /dev/null
+++ b/SOURCES/tcpw7.6-netgroup.patch
@@ -0,0 +1,14 @@
+diff -up tcp_wrappers_7.6/Makefile.patch3 tcp_wrappers_7.6/Makefile
+--- tcp_wrappers_7.6/Makefile.patch3 2008-08-29 09:45:12.000000000 +0200
++++ tcp_wrappers_7.6/Makefile 2008-08-29 09:45:12.000000000 +0200
+@@ -143,8 +143,8 @@ freebsd:
+
+ linux:
+ @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
+- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \
+- NETGROUP= TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DUSE_STRERROR -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all
++ LIBS="-lnsl" RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \
++ NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DUSE_STRERROR -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all
+
+ # This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x.
+ hpux hpux8 hpux9 hpux10:
diff --git a/SPECS/tcp_wrappers.spec b/SPECS/tcp_wrappers.spec
new file mode 100644
index 0000000..ea0e557
--- /dev/null
+++ b/SPECS/tcp_wrappers.spec
@@ -0,0 +1,418 @@
+Summary: A security tool which acts as a wrapper for TCP daemons
+Name: tcp_wrappers
+Version: 7.6
+Release: 75%{?dist}
+
+%define LIB_MAJOR 0
+%define LIB_MINOR 7
+%define LIB_REL 6
+
+License: BSD
+Group: System Environment/Daemons
+Source: ftp://ftp.porcupine.org/pub/security/%{name}_%{version}-ipv6.4.tar.gz
+URL: ftp://ftp.porcupine.org/pub/security/index.html
+Patch0: tcpw7.2-config.patch
+Patch1: tcpw7.2-setenv.patch
+Patch2: tcpw7.6-netgroup.patch
+Patch3: tcp_wrappers-7.6-bug11881.patch
+Patch4: tcp_wrappers-7.6-bug17795.patch
+Patch5: tcp_wrappers-7.6-bug17847.patch
+Patch6: tcp_wrappers-7.6-fixgethostbyname.patch
+Patch7: tcp_wrappers-7.6-docu.patch
+Patch8: tcp_wrappers-7.6-man.patch
+Patch9: tcp_wrappers.usagi-ipv6.patch
+Patch11: tcp_wrappers-7.6-shared.patch
+Patch12: tcp_wrappers-7.6-sig.patch
+Patch14: tcp_wrappers-7.6-ldflags.patch
+Patch15: tcp_wrappers-7.6-fix_sig-bug141110.patch
+Patch16: tcp_wrappers-7.6-162412.patch
+Patch17: tcp_wrappers-7.6-220015.patch
+Patch19: tcp_wrappers-7.6-siglongjmp.patch
+Patch20: tcp_wrappers-7.6-sigchld.patch
+Patch21: tcp_wrappers-7.6-196326.patch
+Patch22: tcp_wrappers_7.6-249430.patch
+Patch23: tcp_wrappers-7.6-inetdconf.patch
+Patch24: tcp_wrappers-7.6-bug698464.patch
+Patch25: tcp_wrappers-7.6-relro.patch
+Patch26: tcp_wrappers-7.6-xgets.patch
+Patch27: tcp_wrappers-7.6-initgroups.patch
+Patch28: tcp_wrappers-7.6-warnings.patch
+Patch29: tcp_wrappers-7.6-uchart_fix.patch
+Patch30: tcp_wrappers-7.6-altformat.patch
+# required by sin_scope_id in ipv6 patch
+BuildRequires: glibc-devel >= 2.2
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+Requires: tcp_wrappers-libs = %{version}-%{release}
+
+%description
+The tcp_wrappers package provides small daemon programs which can
+monitor and filter incoming requests for systat, finger, FTP, telnet,
+rlogin, rsh, exec, tftp, talk and other network services.
+
+Install the tcp_wrappers program if you need a security tool for
+filtering incoming network services requests.
+
+This version also supports IPv6.
+
+%package libs
+Summary: Libraries for tcp_wrappers
+Group: System Environment/Libraries
+
+%description libs
+tcp_wrappers-libs contains the libraries of the tcp_wrappers package.
+
+%package devel
+Summary: Development libraries and headers for tcp_wrappers
+Group: Development/Libraries
+Requires: tcp_wrappers-libs = %{version}-%{release}
+
+%description devel
+tcp_wrappers-devel contains the libraries and header files needed to
+develop applications with tcp_wrappers support.
+
+%prep
+%setup -q -n %{name}_%{version}-ipv6.4
+%patch0 -p1 -b .config
+%patch1 -p1 -b .setenv
+%patch2 -p1 -b .netgroup
+%patch3 -p1 -b .bug11881
+%patch4 -p1 -b .bug17795
+%patch5 -p1 -b .bug17847
+%patch6 -p1 -b .fixgethostbyname
+%patch7 -p1 -b .docu
+%patch8 -p1 -b .man
+%patch9 -p1 -b .usagi-ipv6
+%patch11 -p1 -b .shared
+%patch12 -p1 -b .sig
+%patch14 -p1 -b .cflags
+%patch15 -p1 -b .fix_sig
+%patch16 -p1 -b .162412
+%patch17 -p1 -b .220015
+%patch19 -p1 -b .siglongjmp
+%patch20 -p1 -b .sigchld
+%patch21 -p1 -b .196326
+%patch22 -p1 -b .249430
+%patch23 -p1 -b .inetdconf
+%patch24 -p1 -b .698464
+%patch25 -p1 -b .relro
+%patch26 -p1 -b .xgets
+%patch27 -p1 -b .initgroups
+%patch29 -p1 -b .uchart_fix
+%patch30 -p1 -b .altformat
+%patch28 -p1 -b .warnings
+
+%build
+make RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fPIC -DPIC -D_REENTRANT -DHAVE_STRERROR" LDFLAGS="-pie -z relro -z now" MAJOR=%{LIB_MAJOR} MINOR=%{LIB_MINOR} REL=%{LIB_REL} linux
+
+
+%install
+rm -rf ${RPM_BUILD_ROOT}
+mkdir -p ${RPM_BUILD_ROOT}%{_includedir}
+mkdir -p ${RPM_BUILD_ROOT}/%{_libdir}
+mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man{3,5,8}
+mkdir -p ${RPM_BUILD_ROOT}%{_sbindir}
+
+install -p -m644 hosts_access.3 ${RPM_BUILD_ROOT}%{_mandir}/man3
+install -p -m644 hosts_access.5 hosts_options.5 ${RPM_BUILD_ROOT}%{_mandir}/man5
+install -p -m644 tcpd.8 tcpdchk.8 tcpdmatch.8 safe_finger.8 try-from.8 ${RPM_BUILD_ROOT}%{_mandir}/man8
+ln -sf hosts_access.5 ${RPM_BUILD_ROOT}%{_mandir}/man5/hosts.allow.5
+ln -sf hosts_access.5 ${RPM_BUILD_ROOT}%{_mandir}/man5/hosts.deny.5
+#cp -a libwrap.a ${RPM_BUILD_ROOT}%{_libdirdir}
+cp -a libwrap.so* ${RPM_BUILD_ROOT}/%{_libdir}
+#install -p -m644 libwrap.so.0.7.6 ${RPM_BUILD_ROOT}/%{_libdir}
+install -p -m644 tcpd.h ${RPM_BUILD_ROOT}%{_includedir}
+install -m755 safe_finger ${RPM_BUILD_ROOT}%{_sbindir}
+install -m755 tcpd ${RPM_BUILD_ROOT}%{_sbindir}
+install -m755 try-from ${RPM_BUILD_ROOT}%{_sbindir}
+install -m755 tcpdmatch ${RPM_BUILD_ROOT}%{_sbindir}
+
+# XXX remove utilities that expect /etc/inetd.conf (#16059).
+#install -m755 tcpdchk ${RPM_BUILD_ROOT}%{_sbindir}
+rm -f ${RPM_BUILD_ROOT}%{_mandir}/man8/tcpdchk.*
+
+%post libs -p /sbin/ldconfig
+
+%postun libs -p /sbin/ldconfig
+
+%clean
+rm -rf ${RPM_BUILD_ROOT}
+
+%files
+%defattr(-,root,root,-)
+%doc BLURB CHANGES README* DISCLAIMER Banners.Makefile
+%{_sbindir}/*
+%{_mandir}/man8/*
+
+%files libs
+%defattr(-,root,root,-)
+%doc BLURB CHANGES README* DISCLAIMER Banners.Makefile
+%{_libdir}/*.so.*
+%{_mandir}/man5/*
+
+%files devel
+%defattr(-,root,root,-)
+%{_includedir}/*
+#%{_libdirdir}/*.a
+%{_libdir}/*.so
+%{_mandir}/man3/*
+
+%changelog
+* Fri Aug 16 2013 Petr Lautrbach <plautrba@redhat.com> 7.6-75
+- cleanup several warnings and fix compiler inet_ntop issue (#977995)
+
+* Tue Jul 09 2013 Petr Lautrbach <plautrba@redhat.com> 7.6-74
+- fix the tcp_wrappers-7.6-altformat.patch (#979009,#981788)
+
+* Fri Feb 8 2013 Viktor Hercinger <vhercing@redhat.com> - 7.6-73
+- Add full relro support
+
+* Fri Feb 8 2013 Viktor Hercinger <vhercing@redhat.com> - 7.6-72
+- Put binaries and libraries under /usr instead of root
+
+* Mon Jan 28 2013 Viktor Hercinger <vhercing@redhat.com> - 7.6-71
+- Updated to version with upstream IPv6 support
+
+* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 7.6-70
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 7.6-69
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Tue Aug 16 2011 Jan F. Chadima <jchadima@redhat.com> - 7.6-68
+- remove most of warnings
+
+* Mon Aug 15 2011 Jan F. Chadima <jchadima@redhat.com> - 7.6-67
+- clean (set up correctly) additional groups
+
+* Mon Aug 15 2011 Jan F. Chadima <jchadima@redhat.com> - 7.6-66
+- repair possible DOS in xgets
+
+* Wed Aug 10 2011 Jan F. Chadima <jchadima@redhat.com> - 7.6-65
+- Add partial relro support for libraries
+
+* Tue May 24 2011 Jan F. Chadima <jchadima@redhat.com> - 7.6-64
+- Improve the support for IPv4 /prefix notation (#698464)
+
+* Wed May 4 2011 Jan F. Chadima <jchadima@redhat.com> - 7.6-61
+- Add support for IPv4 /prefix notation (#698464)
+
+* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 7.6-60
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Wed Jun 16 2010 Jan F. Chadima <jchadima@redhat.com> - 7.6-59
+- Add modified tcpdmatch (#604011)
+
+* Fri Feb 5 2010 Jan F. Chadima <jchadima@redhat.com> - 7.6-58
+- Add manual pages for safe_finger and try-from (#526190)
+
+* Wed Jan 6 2010 Jan F. Chadima <jchadima@redhat.com> - 7.6-57
+- Merge review (#226482)
+
+* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 7.6-56
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Tue Apr 14 2009 Jan F. Chadima <jchadima@redhat.com> - 7.6-55
+- resolving addr when name == "" (repair of patch #220015)
+
+* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 7.6-54
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Fri Aug 29 2008 Jan Safranek <jsafranek@redhat.com> - 7.6-53
+- rediff all patches to get rid of patch fuzz
+
+* Wed Feb 20 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 7.6-52
+- Autorebuild for GCC 4.3
+
+* Tue Oct 16 2007 Tomas Janousek <tjanouse@redhat.com> - 7.6-51
+- review changes
+
+* Fri Aug 24 2007 Tomas Janousek <tjanouse@redhat.com> - 7.6-50
+- license tag update (and rebuild for BuildID, etc.)
+- include docs in the -libs subpackage, as it is the only one installed on most
+ systems (and to comply with the license text)
+
+* Wed Jul 25 2007 Tomas Janousek <tjanouse@redhat.com> - 7.6-49
+- fix for a.b.c.d/255.255.255.255 - fixes #249430
+
+* Thu Jun 28 2007 Tomas Janousek <tjanouse@redhat.com> - 7.6-48
+- dropped the hostname resolving patch
+- resolve the address given to hosts_ctl to hostname, if hostname not given
+- compare localhost and localhost.localdomain as the same
+- fixed a few compile warnings
+
+* Wed Jun 06 2007 Tomas Janousek <tjanouse@redhat.com> - 7.6-47
+- fix the hostname resolving patch for x86_64
+
+* Mon May 28 2007 Tomas Janousek <tjanouse@redhat.com> - 7.6-46
+- modified the fix for #112975 to fix #156373 as well
+
+* Fri May 25 2007 Tomas Janousek <tjanouse@redhat.com> - 7.6-45
+- unblock and catch SIGCHLD from spawned shell commands, fixes #112975
+
+* Mon Apr 16 2007 Tomas Janousek <tjanouse@redhat.com> - 7.6-44
+- added restore_sigalarm and siglongjmp patches from Debian, fixes #205129
+
+* Fri Mar 09 2007 Tomas Janousek <tjanouse@redhat.com> - 7.6-43
+- resolve hostnames in hosts.{allow,deny}, should fix a bunch of issues with
+ IPv4/6
+
+* Thu Mar 08 2007 Tomas Janousek <tjanouse@redhat.com> - 7.6-42.1
+- moved libwrap.so* to /lib
+- removed the static library libwrap.a
+
+* Mon Mar 05 2007 Tomas Janousek <tjanouse@redhat.com> - 7.6-42
+- added Obsoletes field so that the upgrade goes cleanly
+- added dist tag
+
+* Mon Dec 4 2006 Thomas Woerner <twoerner@redhat.com> 7.6-41
+- moved devel libraries, headers and man pages into devel sub package (#193188)
+- new libs sub package for libraries
+- using BuildRequires instead of BuildPreReq
+
+* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 7.6-40.2.1
+- rebuild
+
+* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 7.6-40.2
+- bump again for double-long bug on ppc(64)
+
+* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 7.6-40.1
+- rebuilt for new gcc4.1 snapshot and glibc changes
+
+* Tue Jan 24 2006 Thomas Woerner <twoerner@redhat.com> 7.6-40
+- fixed uninitialized fp in function inet_cfg (#162412)
+
+* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
+- rebuilt
+
+* Fri May 6 2005 Thomas Woerner <twoerner@redhat.com> 7.6-39
+- fixed sig patch (#141110). Thanks to Nikita Shulga for the patch
+
+* Wed Feb 9 2005 Thomas Woerner <twoerner@redhat.com> 7.6-38
+- rebuild
+
+* Thu Oct 7 2004 Thomas Woerner <twoerner@redhat.com> 7.6-37.2
+- new URL and spec file cleanup, patch from Robert Scheck
+
+* Mon Oct 4 2004 Thomas Woerner <twoerner@redhat.com> 7.6-37.1
+- rebuilt
+
+* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
+- rebuilt
+
+* Fri Mar 5 2004 Thomas Woerner <twoerner@redhat.com> 7.6-36
+- pied tcpd
+
+* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>
+- rebuilt
+
+* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
+- rebuilt
+
+* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
+- rebuilt
+
+* Sun Feb 16 2003 Florian La Roche <Florian.LaRoche@redhat.de>
+- use strerror #84312
+
+* Tue Feb 11 2003 Harald Hoyer <harald@redhat.de> 7.6-33
+- revert Nalins weak version
+- link libwrap.so against libnsl, on which it depends
+
+* Mon Feb 10 2003 Nalin Dahyabhai <nalin@redhat.com> 7.6-32
+- link libwrap.so against libnsl, on which it depends
+- add default (weak) versions of allow_severity and deny_severity to the shared
+ library so that configure tests can find it correctly
+
+* Mon Feb 10 2003 Harald Hoyer <harald@redhat.de> 7.6-29
+- shared library generated and added #75494
+- added security patch tcp_wrappers-7.6-sig.patch
+- compile and link with -fPIC -DPIC
+
+* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
+- rebuilt
+
+* Tue Jan 7 2003 Jeff Johnson <jbj@redhat.com> 7.6-25
+- don't include -debuginfo files in package.
+
+* Tue Nov 19 2002 Tim Powers <timp@redhat.com>
+- rebuild on all arches
+
+* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
+- automated rebuild
+
+* Tue Jun 11 2002 Florian La Roche <Florian.LaRoche@redhat.de>
+- fix #61192
+- added Patch8 to fix #17847
+- update IPv6 patch
+
+* Thu May 23 2002 Tim Powers <timp@redhat.com>
+- automated rebuild
+
+* Wed Jan 09 2002 Tim Powers <timp@redhat.com>
+- automated rebuild
+
+* Sun Mar 11 2001 Pekka Savola <pekkas@netcore.fi>
+- Add IPv6 patch from USAGI, enable it.
+
+* Mon Feb 5 2001 Preston Brown <pbrown@redhat.com>
+- fix gethostbyname to work better with dot "." notation (#16949)
+
+* Sat Dec 30 2000 Jeff Johnson <jbj@redhat.com>
+- permit hosts.{allow,deny} to be assembled from included components (#17795).
+- permit '*' and '?' wildcard matches on hostnames (#17847).
+
+* Sun Nov 19 2000 Bill Nottingham <notting@redhat.com>
+- ia64 needs -fPIC too
+
+* Mon Aug 14 2000 Jeff Johnson <jbj@redhat.com>
+- remove utilities that expect /etc/inetd.conf (#16059).
+
+* Thu Jul 27 2000 Jeff Johnson <jbj@redhat.com>
+- security hardening (#11881).
+
+* Wed Jul 12 2000 Prospector <bugzilla@redhat.com>
+- automatic rebuild
+
+* Tue Jun 6 2000 Jeff Johnson <jbj@redhat.com>
+- FHS packaging.
+
+* Tue May 16 2000 Chris Evans <chris@ferret.lmh.ox.ac.uk>
+- Make tcpd mode -rwx--x--x as a security hardening measure
+
+* Mon Feb 7 2000 Jeff Johnson <jbj@redhat.com>
+- compress man pages.
+
+* Mon Aug 23 1999 Jeff Johnson <jbj@redhat.com>
+- add netgroup support (#3940).
+
+* Wed May 26 1999 Jeff Johnson <jbj@redhat.com>
+- compile on sparc with -fPIC.
+
+* Sun Mar 21 1999 Cristian Gafton <gafton@redhat.com>
+- auto rebuild in the new build environment (release 7)
+
+* Wed Dec 30 1998 Cristian Gafton <gafton@redhat.com>
+- build for glibc 2.1
+
+* Sat Aug 22 1998 Jeff Johnson <jbj@redhat.com>
+- close setenv bug (problem #690)
+- spec file cleanup
+
+* Thu Jun 25 1998 Alan Cox <alan@redhat.com>
+- Erp where did the Dec 05 patch escape to
+
+* Thu May 07 1998 Prospector System <bugs@redhat.com>
+- translations modified for de, fr, tr
+
+* Fri Dec 05 1997 Erik Troan <ewt@redhat.com>
+- don't build setenv.o module -- it just breaks things
+
+* Wed Oct 29 1997 Marc Ewing <marc@redhat.com>
+- upgrade to 7.6
+
+* Thu Jul 17 1997 Erik Troan <ewt@redhat.com>
+- built against glibc
+
+* Mon Mar 03 1997 Erik Troan <ewt@redhat.com>
+- Upgraded to version 7.5
+- Uses a build root