updated to upstream ipv6 support

2013-01-28 13:51:32 +01:00 · 2013-01-28 13:51:32 +01:00 · cf076b1867
parent 3ae92873be
commit cf076b1867
20 changed files with 271 additions and 1343 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,2 @@
 tcp_wrappers_7.6.tar.gz
+tcp_wrappers_7.6-ipv6.4.tar.gz
--- a/2
+++ b/2
@ -1 +1 @@
-e6fa25f71226d090f34de3f6b122fb5a  tcp_wrappers_7.6.tar.gz
+ccbc2676977c31bbd43783abfbf2fdcf  tcp_wrappers_7.6-ipv6.4.tar.gz
--- a/tcp_wrappers-7.6-196326.patch
+++ b/tcp_wrappers-7.6-196326.patch
@ -1,7 +1,7 @@
 diff -up tcp_wrappers_7.6/hosts_access.c.patch21 tcp_wrappers_7.6/hosts_access.c
 --- tcp_wrappers_7.6/hosts_access.c.patch21	2008-08-29 09:45:12.000000000 +0200
 +++ tcp_wrappers_7.6/hosts_access.c	2008-08-29 09:45:12.000000000 +0200
-@@ -346,6 +346,9 @@ char   *string;
+@@ -391,6 +391,9 @@ char   *string;
 	return (STR_NE(string, unknown));
     } else if (tok[(n = strlen(tok)) - 1] == '.') {	/* prefix */
 	return (STRN_EQ(tok, string, n));
@ -9,5 +9,5 @@ diff -up tcp_wrappers_7.6/hosts_access.c.patch21 tcp_wrappers_7.6/hosts_access.c
 +	    && (STR_EQ(string, "localhost") || STR_EQ(string, "localhost.localdomain"))) {
 +	return (YES); /* these localhosts are equivalent */
     } else {					/* exact match */
- #ifdef INET6
- 	struct addrinfo hints, *res;
+ 	return (STR_EQ(tok, string));
+     }
--- a/tcp_wrappers-7.6-220015.patch
+++ b/tcp_wrappers-7.6-220015.patch
@ -23,8 +23,8 @@ diff -up tcp_wrappers_7.6/hosts_ctl.c.patch17 tcp_wrappers_7.6/hosts_ctl.c
 diff -up tcp_wrappers_7.6/socket.c.patch17 tcp_wrappers_7.6/socket.c
 --- tcp_wrappers_7.6/socket.c.patch17	2008-08-29 09:45:12.000000000 +0200
 +++ tcp_wrappers_7.6/socket.c	2008-08-29 09:45:12.000000000 +0200
-@@ -147,6 +147,51 @@ struct request_info *request;
- #endif
+@@ -130,6 +130,51 @@ struct request_info *request;
+     request->server->sin = &server;
 }
 
 +/* sock_hostnofd - look up endpoint addresses and install conversion methods */
--- a/tcp_wrappers-7.6-altformat.patch
+++ b/tcp_wrappers-7.6-altformat.patch
@ -0,0 +1,37 @@
+diff -up tcp_wrappers_7.6-ipv6.4/hosts_access.c.altformat tcp_wrappers_7.6-ipv6.4/hosts_access.c
+--- tcp_wrappers_7.6-ipv6.4/hosts_access.c.altformat	2013-01-28 13:22:09.986535601 +0100
+++ tcp_wrappers_7.6-ipv6.4/hosts_access.c	2013-01-28 13:42:12.142650817 +0100
+@@ -333,9 +333,9 @@ struct host_info *host;
+ 
+ 	    /*
+ 	     * A /nnn prefix specifies how many bits of the address we
+-	     * need to check. 
+	     * need to check.
+ 	     */
+-	    if ((slash = strchr(tok, '/'))) {
+	    if ((slash = strchr(tok, '/')) || (slash = strchr(cbr+1, '/'))) {
+ 		*slash = '\0';
+ 		mask = atoi(slash+1);
+ 		if (mask < 0 || mask > IPV6_ABITS) {
+@@ -349,6 +349,8 @@ struct host_info *host;
+ 		}
+ 	    }
+ 
+	    printf("IPv6 addr/mask: %s/%s\n", tok+1, slash+1);
+
+ 	    if (cbr == NULL || inet_pton(AF_INET6, tok+1, &in6) != 1) {
+ 		tcpd_warn("bad IP6 address specification");
+ 		return (NO);
+diff -up tcp_wrappers_7.6-ipv6.4/tcpdchk.c.altformat tcp_wrappers_7.6-ipv6.4/tcpdchk.c
+--- tcp_wrappers_7.6-ipv6.4/tcpdchk.c.altformat	2013-01-28 13:44:44.786549981 +0100
+++ tcp_wrappers_7.6-ipv6.4/tcpdchk.c	2013-01-28 13:44:58.419629764 +0100
+@@ -434,6 +434,9 @@ char   *pat;
+ 	    int err = 0;
+ 	    int mask = IPV6_ABITS;
+ 
+	    if (!slash)
+	      slash = strchr(cbr+1, '/');
+
+ 	    if (slash != NULL) {
+ 		*slash = '\0';
+ 		mask = atoi(slash + 1);
--- a/tcp_wrappers-7.6-bug17847.patch
+++ b/tcp_wrappers-7.6-bug17847.patch
@ -1,6 +1,5 @@
-diff -up tcp_wrappers_7.6/hosts_access.5.patch6 tcp_wrappers_7.6/hosts_access.5
--- tcp_wrappers_7.6/hosts_access.5.patch6	2008-08-29 09:45:12.000000000 +0200
-+++ tcp_wrappers_7.6/hosts_access.5	2008-08-29 09:45:12.000000000 +0200
+--- tcp_wrappers_7.6/hosts_access.5.patch6	2013-01-23 11:10:00.545081410 +0100
+++ tcp_wrappers_7.6/hosts_access.5	2013-01-23 11:10:00.549081436 +0100
@@ -96,6 +96,10 @@ or address pattern listed in the named f
 zero or more lines with zero or more host name or address patterns
 separated by whitespace.  A file name pattern can be used anywhere
@ -12,10 +11,9 @@ diff -up tcp_wrappers_7.6/hosts_access.5.patch6 tcp_wrappers_7.6/hosts_access.5
 .SH WILDCARDS
 The access control language supports explicit wildcards:
 .IP ALL
-diff -up tcp_wrappers_7.6/hosts_access.c.patch6 tcp_wrappers_7.6/hosts_access.c
--- tcp_wrappers_7.6/hosts_access.c.patch6	2008-08-29 09:45:12.000000000 +0200
-+++ tcp_wrappers_7.6/hosts_access.c	2008-08-29 09:45:12.000000000 +0200
-@@ -311,6 +311,11 @@ char   *string;
+--- tcp_wrappers_7.6/hosts_access.c.patch6	2013-01-23 11:10:00.546081416 +0100
+++ tcp_wrappers_7.6/hosts_access.c	2013-01-23 11:12:28.519925230 +0100
+@@ -376,6 +376,11 @@ char   *string;
 {
     int     n;
 
@ -27,11 +25,10 @@ diff -up tcp_wrappers_7.6/hosts_access.c.patch6 tcp_wrappers_7.6/hosts_access.c
     if (tok[0] == '.') {			/* suffix */
 	n = strlen(string) - strlen(tok);
 	return (n > 0 && STR_EQ(tok, string + n));
-@@ -351,3 +356,71 @@ char   *string;
-     }
+@@ -417,6 +422,74 @@ char   *string;
     return ((addr & mask) == net);
 }
-+
+ 
 +#ifndef DISABLE_WILDCARD_MATCHING
 +/* Note: this feature has been adapted in a pretty straightforward way
 +   from Tatu Ylonen's last SSH version under free license by 
@ -99,3 +96,7 @@ diff -up tcp_wrappers_7.6/hosts_access.c.patch6 tcp_wrappers_7.6/hosts_access.c
 +  /*NOTREACHED*/
 +}
 +#endif /* DISABLE_WILDCARD_MATCHING */
+
+ #ifdef HAVE_IPV6
+ /*
+  * Function that zeros all but the first "maskbits" bits of the IPV6 address
--- a/tcp_wrappers-7.6-bug698464.patch
+++ b/tcp_wrappers-7.6-bug698464.patch
@ -7,34 +7,33 @@
 +An expression of the form `n.n.n.n/m\' is interpreted as a
 +`net/prefixlen\' pair, as below, for IPv4 addresses.
 +.IP \(bu
- An expression of the form `[n:n:n:n:n:n:n:n]/m\' is interpreted as a
- `[net]/prefixlen\' pair. An IPv6 host address is matched if
+ An expression of the form `[n:n:n:n:n:n:n:n/m]\' is interpreted as a
+ `[net/prefixlen]\' pair. An IPv6 host address is matched if
 `prefixlen\' bits of `net\' is equal to the `prefixlen\' bits of the
 --- tcp_wrappers_7.6/tcpd.h.orig	2011-04-20 16:10:25.000000000 -0600
 +++ tcp_wrappers_7.6/tcpd.h	2011-04-20 16:11:56.000000000 -0600
-@@ -101,6 +101,7 @@ extern void refuse __P((struct request_i
- extern char *xgets __P((char *, int, FILE *));	/* fgets() on steroids */
- extern char *split_at __P((char *, int));	/* strchr() and split */
- extern unsigned long dot_quad_addr __P((char *)); /* restricted inet_addr() */
+@@ -164,6 +164,7 @@ extern void refuse __P((struct request_i
+ extern char *xgets __P((char *, int, FILE *));			/* fgets() on steroids */
+ extern char *split_at __P((char *, int));		/* strchr() and split */
+ extern unsigned long dot_quad_addr __P((char *));	/* restricted inet_addr() */
 +extern unsigned long prefix_to_netmask __P((char *)); /* 0-32 prefix length */
- 
- /* Global variables. */
- 
+ extern int numeric_addr __P((char *, union gen_addr *, int *, int *));		/* IP4/IP6 inet_addr (restricted) */
+ extern struct hostent *tcpd_gethostbyname __P((char *, int));
+ 					/* IP4/IP6 gethostbyname */
 --- tcp_wrappers_7.6/misc.c.orig	2011-04-20 16:10:25.000000000 -0600
 +++ tcp_wrappers_7.6/misc.c	2011-04-20 16:13:39.000000000 -0600
-@@ -14,6 +14,8 @@
- #include <arpa/inet.h>
- #include <stdio.h>
+@@ -16,6 +16,7 @@ static char sccsic[] = "@(#) misc.c 1.2
 #include <string.h>
-+#include <ctype.h>
+ #include <ctype.h>
+ #include <netdb.h>
 +#include <stdlib.h>
 
 #include "tcpd.h"
 
-@@ -107,3 +107,22 @@ char   *str;
+@@ -214,3 +215,21 @@ char *str;
     }
-     return (runs == 4 ? inet_addr(str) : INADDR_NONE);
 }
+ #endif /* HAVE_IPV6 */
 +
 +/* prefix_to_netmask - convert prefix (0-32) to netmask */
 +
@ -53,10 +52,9 @@
 +
 +    return htonl(~0UL << (32 - prefix));
 +}
-+
 --- tcp_wrappers_7.6/hosts_access.c.orig	2011-04-20 16:10:25.000000000 -0600
 +++ tcp_wrappers_7.6/hosts_access.c	2011-04-20 16:21:07.000000000 -0600
-@@ -427,8 +427,11 @@ char   *string;
+@@ -420,8 +420,11 @@ char   *string;
 	return (NO);
     if ((net = dot_quad_addr(net_tok)) == INADDR_NONE
 	|| ((mask = dot_quad_addr(mask_tok)) == INADDR_NONE
@ -66,6 +64,6 @@
 +	    && strcmp(mask_tok, "32"))) {
 	/* 255.255.255.255 == INADDR_NONE, separate check needed. TJ. */
 +	/* 32 == INADDR_NONE, separate check needed. philipp */
- #ifndef INET6
 	tcpd_warn("bad net/mask expression: %s/%s", net_tok, mask_tok);
- #endif
+ 	return (NO);				/* not tcpd_jump() */
+     }
--- a/tcp_wrappers-7.6-fixgethostbyname.patch
+++ b/tcp_wrappers-7.6-fixgethostbyname.patch
@ -1,28 +1,27 @@
-diff -up tcp_wrappers_7.6/socket.c.patch7 tcp_wrappers_7.6/socket.c
--- tcp_wrappers_7.6/socket.c.patch7	1997-03-21 19:27:25.000000000 +0100
-+++ tcp_wrappers_7.6/socket.c	2008-08-29 09:45:12.000000000 +0200
-@@ -52,7 +52,8 @@ static struct hostent *gethostbyname_dot
- char   *name;
+--- tcp_wrappers_7.6-ipv6.4/socket.c.patch7	1999-10-27 15:23:14.000000000 +0200
+++ tcp_wrappers_7.6-ipv6.4/socket.c	2013-01-23 11:41:48.776857327 +0100
+@@ -54,6 +54,8 @@ int af;
 {
     char    dot_name[MAXHOSTNAMELEN + 1];
-
+ 
 +    struct hostent *hp;
-+    
+
     /*
      * Don't append dots to unqualified names. Such names are likely to come
      * from local hosts files or from NIS.
-@@ -61,8 +62,12 @@ char   *name;
+@@ -62,8 +64,13 @@ int af;
     if (strchr(name, '.') == 0 || strlen(name) >= MAXHOSTNAMELEN - 1) {
- 	return (gethostbyname(name));
+ 	return (tcpd_gethostbyname(name, af));
     } else {
 -	sprintf(dot_name, "%s.", name);
-	return (gethostbyname(dot_name));
+-	return (tcpd_gethostbyname(dot_name, af));
 +        sprintf(dot_name, "%s.", name);
-+        hp = gethostbyname(dot_name);
-+	if (hp)
-+	    return hp;
-+	else
-+	    return (gethostbyname(name));
+        hp = tcpd_gethostbyname(dot_name, af);
+        if (hp)
+            return hp;
+
+        else
+            return tcpd_gethostbyname(name, af);
     }
 }
 
--- a/tcp_wrappers-7.6-restore_sigalarm.patch
+++ b/tcp_wrappers-7.6-restore_sigalarm.patch
@ -1,37 +0,0 @@
-diff -up tcp_wrappers_7.6/rfc931.c.patch18 tcp_wrappers_7.6/rfc931.c
--- tcp_wrappers_7.6/rfc931.c.patch18	2008-08-29 09:45:12.000000000 +0200
-+++ tcp_wrappers_7.6/rfc931.c	2008-08-29 09:45:12.000000000 +0200
-@@ -92,6 +92,8 @@ char   *dest;
-     char   *cp;
-     char   *result = unknown;
-     FILE   *fp;
-+    unsigned saved_timeout;
-+    struct sigaction nact, oact;
- 
- #ifdef INET6
-     /* address family must be the same */
-@@ -134,7 +136,12 @@ char   *dest;
- 	 */
- 
- 	if (setjmp(timebuf) == 0) {
-	    signal(SIGALRM, timeout);
-+	    /* Save SIGALRM timer and handler. Sudheer Abdul-Salam, SUN. */
-+	    saved_timeout = alarm(0);
-+	    nact.sa_handler = timeout;
-+	    nact.sa_flags = 0;
-+	    (void) sigemptyset(&nact.sa_mask);
-+	    (void) sigaction(SIGALRM, &nact, &oact);
- 	    alarm(rfc931_timeout);
- 
- 	    /*
-@@ -223,6 +230,10 @@ char   *dest;
- 	    }
- 	    alarm(0);
- 	}
-+	/* Restore SIGALRM timer and handler. Sudheer Abdul-Salam, SUN. */
-+	(void) sigaction(SIGALRM, &oact, NULL);
-+	if (saved_timeout > 0)
-+	    alarm(saved_timeout);
- 	fclose(fp);
-     }
-     STRN_CPY(dest, result, STRING_LENGTH);
--- a/tcp_wrappers-7.6-shared.patch
+++ b/tcp_wrappers-7.6-shared.patch
@ -6,9 +6,9 @@ diff -up tcp_wrappers_7.6/Makefile.patch11 tcp_wrappers_7.6/Makefile
 linux:
 	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
 -	LIBS="-lnsl" RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \
-	NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER -DINET6=1 -Dss_family=__ss_family -Dss_len=__ss_len" all
+-	NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DUSE_STRERROR -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER -Dss_family=__ss_family -Dss_len=__ss_len" all
 +	LIBS="-lnsl" RANLIB=ranlib ARFLAGS=rv AUX_OBJ=weak_symbols.o \
-+	NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS)  -fPIC -DPIC -D_REENTRANT -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER -DINET6=1 -Dss_family=__ss_family -Dss_len=__ss_len -DHAVE_WEAKSYMS" all
+	NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS)  -fPIC -DPIC -D_REENTRANT -DUSE_STRERROR -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER -Dss_family=__ss_family -Dss_len=__ss_len -DHAVE_WEAKSYMS" all
 
 linux-old:
 	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
@ -52,30 +52,6 @@ diff -up tcp_wrappers_7.6/Makefile.patch11 tcp_wrappers_7.6/Makefile
 +weak_symbols.o: tcpd.h
 workarounds.o: cflags
 workarounds.o: tcpd.h
-diff -up tcp_wrappers_7.6/scaffold.c.patch11 tcp_wrappers_7.6/scaffold.c
--- tcp_wrappers_7.6/scaffold.c.patch11	2008-08-29 09:45:12.000000000 +0200
-+++ tcp_wrappers_7.6/scaffold.c	2008-08-29 09:45:12.000000000 +0200
-@@ -237,10 +237,17 @@ struct request_info *request;
- 
- /* ARGSUSED */
- 
-void    rfc931(request)
-struct request_info *request;
-+void    rfc931(rmt_sin, our_sin, dest)
-+#ifndef INET6
-+struct sockaddr_in *rmt_sin;
-+struct sockaddr_in *our_sin;
-+#else
-+struct sockaddr *rmt_sin;
-+struct sockaddr *our_sin;
-+#endif
-+char   *dest;
- {
-    strcpy(request->user, unknown);
-+    strcpy(dest, unknown);
- }
- 
- /* check_path - examine accessibility */
 diff -up tcp_wrappers_7.6/tcpd.h.patch11 tcp_wrappers_7.6/tcpd.h
 --- tcp_wrappers_7.6/tcpd.h.patch11	2008-08-29 09:45:12.000000000 +0200
 +++ tcp_wrappers_7.6/tcpd.h	2008-08-29 09:45:12.000000000 +0200
@ -105,7 +81,7 @@ diff -up tcp_wrappers_7.6/tcpd.h.patch11 tcp_wrappers_7.6/tcpd.h
 /* Structure to describe one communications endpoint. */
 
 #define STRING_LENGTH	128		/* hosts, users, processes */
-@@ -29,10 +48,10 @@ struct request_info {
+@@ -92,10 +111,10 @@ struct request_info {
     char    pid[10];			/* access via eval_pid(request) */
     struct host_info client[1];		/* client endpoint info */
     struct host_info server[1];		/* server endpoint info */
@ -120,12 +96,12 @@ diff -up tcp_wrappers_7.6/tcpd.h.patch11 tcp_wrappers_7.6/tcpd.h
     struct netconfig *config;		/* netdir handle */
 };
 
-@@ -65,25 +84,34 @@ extern char paranoid[];
+@@ -132,33 +151,38 @@ extern char paranoid[];
 /* Global functions. */
 
 #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
 -extern void fromhost();			/* get/validate client host info */
-+extern void fromhost __P((struct request_info *));	/* get/validate client host info */
+extern void fromhost __P((struct request_info *));			/* get/validate client host info */
 #else
 #define fromhost sock_host		/* no TLI support needed */
 #endif
@ -139,18 +115,25 @@ diff -up tcp_wrappers_7.6/tcpd.h.patch11 tcp_wrappers_7.6/tcpd.h
 -extern char *xgets();			/* fgets() on steroids */
 -extern char *split_at();		/* strchr() and split */
 -extern unsigned long dot_quad_addr();	/* restricted inet_addr() */
-+extern void shell_cmd __P((char *));	/* execute shell command */
-+extern char *percent_x __P((char *, int, char *, struct request_info *)); /* do %<char> expansion */
-+#ifdef INET6
-+extern void rfc931 __P((struct sockaddr *, struct sockaddr *, char *)); /* client name from RFC 931 daemon */
-+#else
-+extern void rfc931 __P((struct sockaddr_in *, struct sockaddr_in *, char *)); /* client name from RFC 931 daemon */
-+#endif
-+extern void clean_exit __P((struct request_info *)); /* clean up and exit */
-+extern void refuse __P((struct request_info *));	/* clean up and exit */
-+extern char *xgets __P((char *, int, FILE *));	/* fgets() on steroids */
-+extern char *split_at __P((char *, int));	/* strchr() and split */
-+extern unsigned long dot_quad_addr __P((char *)); /* restricted inet_addr() */
+-extern int numeric_addr();		/* IP4/IP6 inet_addr (restricted) */
+-extern struct hostent *tcpd_gethostbyname();
+extern void shell_cmd __P((char *));		/* execute shell command */
+extern char *percent_x __P((char *, int, char *, struct request_info *));		/* do %<char> expansion */
+extern void rfc931 __P((struct sockaddr_gen *, struct sockaddr_gen *, char *));			/* client name from RFC 931 daemon */
+extern void clean_exit __P((struct request_info *));		/* clean up and exit */
+extern void refuse __P((struct request_info *));			/* clean up and exit */
+extern char *xgets __P((char *, int, FILE *));			/* fgets() on steroids */
+extern char *split_at __P((char *, int));		/* strchr() and split */
+extern unsigned long dot_quad_addr __P((char *));	/* restricted inet_addr() */
+extern int numeric_addr __P((char *, union gen_addr *, int *, int *));		/* IP4/IP6 inet_addr (restricted) */
+extern struct hostent *tcpd_gethostbyname __P((char *, int));
+ 					/* IP4/IP6 gethostbyname */
+ #ifdef HAVE_IPV6
+-extern char *skip_ipv6_addrs();		/* skip over colons in IPv6 addrs */
+extern char *skip_ipv6_addrs __P((char *));		/* skip over colons in IPv6 addrs */
+ #else
+ #define skip_ipv6_addrs(x)	x
+ #endif
 
 /* Global variables. */
 
@ -165,7 +148,7 @@ diff -up tcp_wrappers_7.6/tcpd.h.patch11 tcp_wrappers_7.6/tcpd.h
 extern char *hosts_allow_table;		/* for verification mode redirection */
 extern char *hosts_deny_table;		/* for verification mode redirection */
 extern int hosts_access_verbose;	/* for verbose matching mode */
-@@ -96,9 +124,14 @@ extern int resident;			/* > 0 if residen
+@@ -171,9 +195,14 @@ extern int resident;			/* > 0 if residen
   */
 
 #ifdef __STDC__
@ -180,7 +163,7 @@ diff -up tcp_wrappers_7.6/tcpd.h.patch11 tcp_wrappers_7.6/tcpd.h
 extern struct request_info *request_init();	/* initialize request */
 extern struct request_info *request_set();	/* update request structure */
 #endif
-@@ -121,27 +154,31 @@ extern struct request_info *request_set(
+@@ -196,27 +225,31 @@ extern struct request_info *request_set(
   * host_info structures serve as caches for the lookup results.
   */
 
@ -222,7 +205,7 @@ diff -up tcp_wrappers_7.6/tcpd.h.patch11 tcp_wrappers_7.6/tcpd.h
 #endif
 
  /*
-@@ -182,7 +219,7 @@ extern struct tcpd_context tcpd_context;
+@@ -257,7 +290,7 @@ extern struct tcpd_context tcpd_context;
   * behavior.
   */
 
@ -231,7 +214,7 @@ diff -up tcp_wrappers_7.6/tcpd.h.patch11 tcp_wrappers_7.6/tcpd.h
 extern int dry_run;			/* verification flag */
 
 /* Bug workarounds. */
-@@ -221,3 +258,7 @@ extern char *fix_strtok();
+@@ -296,3 +329,7 @@ extern char *fix_strtok();
 #define strtok	my_strtok
 extern char *my_strtok();
 #endif
@ -254,3 +237,31 @@ diff -up /dev/null tcp_wrappers_7.6/weak_symbols.c
 +int deny_severity = LOG_WARNING;
 +int allow_severity = SEVERITY; 
 +#endif
+diff -up tcp_wrappers_7.6/scaffold.c.patch11 tcp_wrappers_7.6/scaffold.c
+--- tcp_wrappers_7.6/scaffold.c.patch11	2013-01-28 11:08:48.598273563 +0100
+++ tcp_wrappers_7.6/scaffold.c	2013-01-28 11:08:56.069316992 +0100
+@@ -25,7 +25,7 @@ static char sccs_id[] = "@(#) scaffold.c
+ #define	INADDR_NONE	(-1)		/* XXX should be 0xffffffff */
+ #endif
+ 
+-extern char *malloc();
+extern void *malloc(size_t);
+ 
+ /* Application-specific. */
+ 
+@@ -180,10 +180,12 @@ struct request_info *request;
+ 
+ /* ARGSUSED */
+ 
+-void    rfc931(request)
+-struct request_info *request;
+void    rfc931(rmt_sin, our_sin, dest)
+struct sockaddr_gen *rmt_sin;
+struct sockaddr_gen *our_sin;
+char   *dest;
+ {
+-    strcpy(request->user, unknown);
+    strcpy(dest, unknown);
+ }
+ 
+ /* check_path - examine accessibility */
--- a/tcp_wrappers-7.6-strerror.patch
+++ b/tcp_wrappers-7.6-strerror.patch
@ -1,28 +0,0 @@
-diff -up tcp_wrappers_7.6/percent_m.c.patch13 tcp_wrappers_7.6/percent_m.c
--- tcp_wrappers_7.6/percent_m.c.patch13	1994-12-28 17:42:37.000000000 +0100
-+++ tcp_wrappers_7.6/percent_m.c	2008-08-29 09:45:12.000000000 +0200
-@@ -13,7 +13,7 @@ static char sccsid[] = "@(#) percent_m.c
- #include <string.h>
- 
- extern int errno;
-#ifndef SYS_ERRLIST_DEFINED
-+#if !defined(SYS_ERRLIST_DEFINED) && !defined(HAVE_STRERROR)
- extern char *sys_errlist[];
- extern int sys_nerr;
- #endif
-@@ -29,11 +29,15 @@ char   *ibuf;
- 
-     while (*bp = *cp)
- 	if (*cp == '%' && cp[1] == 'm') {
-+#ifdef HAVE_STRERROR
-+            strcpy(bp, strerror(errno));
-+#else
- 	    if (errno < sys_nerr && errno > 0) {
- 		strcpy(bp, sys_errlist[errno]);
- 	    } else {
- 		sprintf(bp, "Unknown error %d", errno);
- 	    }
-+#endif
- 	    bp += strlen(bp);
- 	    cp += 2;
- 	} else {
--- a/tcp_wrappers-7.6-uchart_fix.patch
+++ b/tcp_wrappers-7.6-uchart_fix.patch
@ -0,0 +1,21 @@
+diff -up tcp_wrappers_7.6-ipv6.4/hosts_access.c.ucharpatch tcp_wrappers_7.6-ipv6.4/hosts_access.c
+--- tcp_wrappers_7.6-ipv6.4/hosts_access.c.ucharpatch	2013-01-28 10:19:20.424857730 +0100
+++ tcp_wrappers_7.6-ipv6.4/hosts_access.c	2013-01-28 10:19:44.719991745 +0100
+@@ -514,7 +514,7 @@ static void ipv6_mask(in6p, maskbits)
+ struct in6_addr *in6p;
+ int maskbits;
+ {
+-    uchar_t *p = (uchar_t*) in6p;
+    unsigned char *p = (unsigned char*) in6p;
+ 
+     if (maskbits < 0 || maskbits >= IPV6_ABITS)
+ 	return;
+@@ -525,7 +525,7 @@ int maskbits;
+     if (maskbits != 0)
+ 	*p++ &= 0xff << (8 - maskbits);
+ 
+-    while (p < (((uchar_t*) in6p)) + sizeof(*in6p))
+    while (p < (((unsigned char*) in6p)) + sizeof(*in6p))
+ 	*p++ = 0;
+ }
+ #endif
--- a/tcp_wrappers-7.6-warnings.patch
+++ b/tcp_wrappers-7.6-warnings.patch
@ -66,7 +66,7 @@ diff -up tcp_wrappers_7.6/fix_options.c.warnings tcp_wrappers_7.6/fix_options.c
     unsigned int opt;
@@ -46,7 +48,7 @@ struct request_info *request;
     struct in_addr dummy;
- #ifdef INET6
+ #ifdef HAVE_IPV6
     struct sockaddr_storage ss;
 -    int sslen;
 +    unsigned int sslen;
@ -76,15 +76,16 @@ diff -up tcp_wrappers_7.6/fix_options.c.warnings tcp_wrappers_7.6/fix_options.c
 diff -up tcp_wrappers_7.6/hosts_access.c.warnings tcp_wrappers_7.6/hosts_access.c
 --- tcp_wrappers_7.6/hosts_access.c.warnings	2011-08-16 10:29:50.233418824 +0200
 +++ tcp_wrappers_7.6/hosts_access.c	2011-08-16 10:29:51.653475947 +0200
-@@ -39,6 +39,8 @@ static char sccsid[] = "@(#) hosts_acces
+@@ -33,6 +33,9 @@ static char sccsid[] = "@(#) hosts_acces
 #include <errno.h>
 #include <setjmp.h>
 #include <string.h>
 +#include <stdlib.h>
 +#include <rpcsvc/ypclnt.h>
- #ifdef INET6
- #include <netdb.h>
- #endif
+#include <netdb.h>
+ 
+ extern char *fgets();
+ extern int errno;
@@ -58,6 +60,8 @@ extern int errno;
 
 extern jmp_buf tcpd_buf;
@ -94,6 +95,23 @@ diff -up tcp_wrappers_7.6/hosts_access.c.warnings tcp_wrappers_7.6/hosts_access.
 /* Delimiters for lists of daemons or clients. */
 
 static char sep[] = ", \t\r\n";
+@@ -323,14 +328,14 @@ struct host_info *host;
+ 		hip = &host->sin->sg_sin6.sin6_addr;
+ 	    }
+ 
+-	    if (cbr = strchr(tok, ']'))
+	    if ((cbr = strchr(tok, ']')))
+ 		*cbr = '\0';
+ 
+ 	    /*
+ 	     * A /nnn prefix specifies how many bits of the address we
+ 	     * need to check. 
+ 	     */
+-	    if (slash = strchr(tok, '/')) {
+	    if ((slash = strchr(tok, '/'))) {
+ 		*slash = '\0';
+ 		mask = atoi(slash+1);
+ 		if (mask < 0 || mask > IPV6_ABITS) {
 diff -up tcp_wrappers_7.6/inetcf.c.warnings tcp_wrappers_7.6/inetcf.c
 --- tcp_wrappers_7.6/inetcf.c.warnings	2011-08-16 10:29:48.117418621 +0200
 +++ tcp_wrappers_7.6/inetcf.c	2011-08-16 10:29:51.752605633 +0200
@ -309,8 +327,8 @@ diff -up tcp_wrappers_7.6/percent_m.c.warnings tcp_wrappers_7.6/percent_m.c
 -    while (*bp = *cp)
 +    while ((*bp = *cp))
 	if (*cp == '%' && cp[1] == 'm') {
- #ifdef HAVE_STRERROR
-             strcpy(bp, strerror(errno));
+ #ifdef USE_STRERROR
+ 	    strcpy(bp, strerror(errno));
 diff -up tcp_wrappers_7.6/percent_x.c.warnings tcp_wrappers_7.6/percent_x.c
 --- tcp_wrappers_7.6/percent_x.c.warnings	1994-12-28 17:42:38.000000000 +0100
 +++ tcp_wrappers_7.6/percent_x.c	2011-08-16 10:29:52.116485510 +0200
@ -341,7 +359,7 @@ diff -up tcp_wrappers_7.6/rfc931.c.warnings tcp_wrappers_7.6/rfc931.c
 +    unsigned saved_timeout = 0;
     struct sigaction nact, oact;
 
- #ifdef INET6
+     /*
@@ -223,7 +224,7 @@ char   *dest;
 		     * protocol, not part of the data.
 		     */
@ -397,43 +415,24 @@ diff -up tcp_wrappers_7.6/scaffold.c.warnings tcp_wrappers_7.6/scaffold.c
 
 #ifndef INADDR_NONE
 #define	INADDR_NONE	(-1)		/* XXX should be 0xffffffff */
-@@ -174,7 +176,9 @@ char   *host;
-     struct hostent *hp;
- #endif
-     int     count;
-+#ifndef INET6
-     char   *addr;
-+#endif
- 
-     if ((hp = find_inet_addr(host)) == 0)
- 	return (0);
 diff -up tcp_wrappers_7.6/socket.c.warnings tcp_wrappers_7.6/socket.c
 --- tcp_wrappers_7.6/socket.c.warnings	2011-08-16 10:29:48.319483715 +0200
 +++ tcp_wrappers_7.6/socket.c	2011-08-16 10:29:52.630463906 +0200
-@@ -95,7 +95,7 @@ struct request_info *request;
-     static struct sockaddr_in client;
-     static struct sockaddr_in server;
- #endif
+@@ -84,7 +84,7 @@ struct request_info *request;
+ {
+     static struct sockaddr_gen client;
+     static struct sockaddr_gen server;
 -    int     len;
 +    unsigned len;
     char    buf[BUFSIZ];
     int     fd = request->fd;
 
-@@ -228,7 +228,7 @@ struct host_info *host;
-     struct sockaddr *sin = host->sin;
-     struct sockaddr_in sin4;
-     struct addrinfo hints, *res, *res0 = NULL;
-    int salen, alen, err = 1;
-+    int salen, alen = 0, err = 1;
-     char *ap = NULL, *rap, hname[NI_MAXHOST];
- 
-     if (sin != NULL) {
-@@ -471,7 +471,7 @@ int     fd;
- #else
+@@ -293,7 +293,7 @@ int     fd;
+ {
+     char    buf[BUFSIZ];
     struct sockaddr_in sin;
- #endif
 -    int     size = sizeof(sin);
-+    unsigned int size = sizeof(sin);
+    unsigned size = sizeof(sin);
 
     /*
      * Eat up the not-yet received datagram. Some systems insist on a
@ -464,7 +463,7 @@ diff -up tcp_wrappers_7.6/tcpd.c.warnings tcp_wrappers_7.6/tcpd.c
 diff -up tcp_wrappers_7.6/tcpdchk.c.warnings tcp_wrappers_7.6/tcpdchk.c
 --- tcp_wrappers_7.6/tcpdchk.c.warnings	2011-08-16 10:29:45.552501988 +0200
 +++ tcp_wrappers_7.6/tcpdchk.c	2011-08-16 10:47:12.440605857 +0200
-@@ -33,6 +33,8 @@ static char sccsid[] = "@(#) tcpdchk.c 1
+@@ -30,6 +30,8 @@ static char sccsid[] = "@(#) tcpdchk.c 1
 #include <errno.h>
 #include <netdb.h>
 #include <string.h>
@ -473,7 +472,7 @@ diff -up tcp_wrappers_7.6/tcpdchk.c.warnings tcp_wrappers_7.6/tcpdchk.c
 
 extern int errno;
 extern void exit();
-@@ -202,13 +204,15 @@ struct request_info *request;
+@@ -199,13 +201,15 @@ struct request_info *request;
     char    sv_list[BUFLEN];		/* becomes list of daemons */
     char   *cl_list;			/* becomes list of requests */
     char   *sh_cmd;			/* becomes optional shell command */
@ -490,7 +489,7 @@ diff -up tcp_wrappers_7.6/tcpdchk.c.warnings tcp_wrappers_7.6/tcpdchk.c
 	tcpd_context.file = table;
 	tcpd_context.line = 0;
 	while (xgets(sv_list, sizeof(sv_list), fp)) {
-@@ -334,7 +338,7 @@ char   *list;
+@@ -331,7 +335,7 @@ char   *list;
 	    clients = 0;
 	} else {
 	    clients++;
@ -499,15 +498,15 @@ diff -up tcp_wrappers_7.6/tcpdchk.c.warnings tcp_wrappers_7.6/tcpdchk.c
 		check_user(cp);
 		check_host(host);
 	    } else {
-@@ -450,7 +454,7 @@ char   *pat;
- 	tcpd_warn("netgroup support disabled");
- #endif
+@@ -446,7 +450,7 @@ char   *pat;
+ 	    if (err)
+ 		tcpd_warn("bad IP6 address specification: %s", pat);
 #endif
 -    } else if (mask = split_at(pat, '/')) {	/* network/netmask */
 +    } else if ((mask = split_at(pat, '/'))) {	/* network/netmask */
- #ifdef INET6
- 	int mask_len;
- 
+ 	if (dot_quad_addr(pat) == INADDR_NONE
+ 	    || dot_quad_addr(mask) == INADDR_NONE)
+ 	    tcpd_warn("%s/%s: bad net/mask pattern", pat, mask);
 diff -up tcp_wrappers_7.6/tcpdmatch.c.warnings tcp_wrappers_7.6/tcpdmatch.c
 --- tcp_wrappers_7.6/tcpdmatch.c.warnings	2011-08-16 10:29:49.531427106 +0200
 +++ tcp_wrappers_7.6/tcpdmatch.c	2011-08-16 10:29:52.968605853 +0200
@ -519,16 +518,6 @@ diff -up tcp_wrappers_7.6/tcpdmatch.c.warnings tcp_wrappers_7.6/tcpdmatch.c
 
 extern void exit();
 extern int optind;
-@@ -65,7 +66,9 @@ char  **argv;
-     char   *myname = argv[0];
-     char   *client;
-     char   *server;
-+#ifndef INET6
-     char   *addr;
-+#endif
-     char   *user;
-     char   *daemon;
-     struct request_info request;
 diff -up tcp_wrappers_7.6/try-from.c.warnings tcp_wrappers_7.6/try-from.c
 --- tcp_wrappers_7.6/try-from.c.warnings	1994-12-28 17:42:55.000000000 +0100
 +++ tcp_wrappers_7.6/try-from.c	2011-08-16 10:29:53.095607440 +0200
--- a/tcp_wrappers.spec
+++ b/tcp_wrappers.spec
@ -1,7 +1,7 @@
 Summary: A security tool which acts as a wrapper for TCP daemons
 Name: tcp_wrappers
 Version: 7.6
-Release: 70%{?dist}
+Release: 71%{?dist}

 %define LIB_MAJOR 0
 %define LIB_MINOR 7
@ -9,7 +9,7 @@ Release: 70%{?dist}

 License: BSD
 Group: System Environment/Daemons
-Source: ftp://ftp.porcupine.org/pub/security/%{name}_%{version}.tar.gz
+Source: ftp://ftp.porcupine.org/pub/security/%{name}_%{version}-ipv6.4.tar.gz
 URL: ftp://ftp.porcupine.org/pub/security/index.html
 Patch0: tcpw7.2-config.patch
 Patch1: tcpw7.2-setenv.patch
@ -21,15 +21,12 @@ Patch6: tcp_wrappers-7.6-fixgethostbyname.patch
 Patch7: tcp_wrappers-7.6-docu.patch
 Patch8: tcp_wrappers-7.6-man.patch
 Patch9: tcp_wrappers.usagi-ipv6.patch
-Patch10: tcp_wrappers.ume-ipv6.patch
 Patch11: tcp_wrappers-7.6-shared.patch
 Patch12: tcp_wrappers-7.6-sig.patch
-Patch13: tcp_wrappers-7.6-strerror.patch
 Patch14: tcp_wrappers-7.6-ldflags.patch
 Patch15: tcp_wrappers-7.6-fix_sig-bug141110.patch
 Patch16: tcp_wrappers-7.6-162412.patch
 Patch17: tcp_wrappers-7.6-220015.patch
-Patch18: tcp_wrappers-7.6-restore_sigalarm.patch
 Patch19: tcp_wrappers-7.6-siglongjmp.patch
 Patch20: tcp_wrappers-7.6-sigchld.patch
 Patch21: tcp_wrappers-7.6-196326.patch
@ -40,6 +37,8 @@ Patch25: tcp_wrappers-7.6-relro.patch
 Patch26: tcp_wrappers-7.6-xgets.patch
 Patch27: tcp_wrappers-7.6-initgroups.patch
 Patch28: tcp_wrappers-7.6-warnings.patch
+Patch29: tcp_wrappers-7.6-uchart_fix.patch
+Patch30: tcp_wrappers-7.6-altformat.patch
 # required by sin_scope_id in ipv6 patch
 BuildRequires: glibc-devel >= 2.2
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -72,7 +71,7 @@ tcp_wrappers-devel contains the libraries and header files needed to
 develop applications with tcp_wrappers support.

 %prep
-%setup -q -n %{name}_%{version}
+%setup -q -n %{name}_%{version}-ipv6.4
 %patch0 -p1 -b .config
 %patch1 -p1 -b .setenv
 %patch2 -p1 -b .netgroup
@ -83,15 +82,12 @@ develop applications with tcp_wrappers support.
 %patch7 -p1 -b .docu
 %patch8 -p1 -b .man
 %patch9 -p1 -b .usagi-ipv6
-%patch10 -p1 -b .ume-ipv6
 %patch11 -p1 -b .shared
 %patch12 -p1 -b .sig
-%patch13 -p1 -b .strerror
 %patch14 -p1 -b .cflags
 %patch15 -p1 -b .fix_sig
 %patch16 -p1 -b .162412
 %patch17 -p1 -b .220015
-%patch18 -p1 -b .restore_sigalarm
 %patch19 -p1 -b .siglongjmp
 %patch20 -p1 -b .sigchld
 %patch21 -p1 -b .196326
@ -102,6 +98,8 @@ develop applications with tcp_wrappers support.
 %patch26 -p1 -b .xgets
 %patch27 -p1 -b .initgroups
 %patch28 -p1 -b .warnings
+%patch29 -p1 -b .uchart_fix
+%patch30 -p1 -b .altformat

 %build
 make RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fPIC -DPIC -D_REENTRANT -DHAVE_STRERROR" LDFLAGS="-pie" MAJOR=%{LIB_MAJOR} MINOR=%{LIB_MINOR} REL=%{LIB_REL} linux
@ -159,6 +157,9 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_mandir}/man3/*

 %changelog
+* Mon Jan 28 2013 Viktor Hercinger <vhercing@redhat.com> - 7.6-71
+- Updated to version with upstream IPv6 support
+
 * Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 7.6-70
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

--- a/tcp_wrappers.ume-ipv6.patch
+++ b/tcp_wrappers.ume-ipv6.patch
@ -1,45 +0,0 @@
-diff -up tcp_wrappers_7.6/hosts_access.c.patch10 tcp_wrappers_7.6/hosts_access.c
--- tcp_wrappers_7.6/hosts_access.c.patch10	2008-08-29 09:45:12.000000000 +0200
-+++ tcp_wrappers_7.6/hosts_access.c	2008-08-29 09:45:12.000000000 +0200
-@@ -443,6 +443,15 @@ char   *string;
-     int len, mask_len, i = 0;
-     char ch;
- 
-+    /*
-+     * Behavior of getaddrinfo() against IPv4-mapped IPv6 address is
-+     * different between KAME and Solaris8.  While KAME returns
-+     * AF_INET6, Solaris8 returns AF_INET.  So, we avoid this here.
-+     */
-+    if (STRN_EQ(string, "::ffff:", 7)
-+	&& dot_quad_addr(string + 7) != INADDR_NONE)
-+	return (masked_match4(net_tok, mask_tok, string + 7));
-+
-     memset(&hints, 0, sizeof(hints));
-     hints.ai_family = AF_INET6;
-     hints.ai_socktype = SOCK_STREAM;
-@@ -452,13 +461,6 @@ char   *string;
-     memcpy(&addr, res->ai_addr, sizeof(addr));
-     freeaddrinfo(res);
- 
-    if (IN6_IS_ADDR_V4MAPPED(&addr.sin6_addr)) {
-	if ((*(u_int32_t *)&net.sin6_addr.s6_addr[12] = dot_quad_addr(net_tok)) == INADDR_NONE
-	 || (mask = dot_quad_addr(mask_tok)) == INADDR_NONE)
-	    return (NO);
-	return ((*(u_int32_t *)&addr.sin6_addr.s6_addr[12] & mask) == *(u_int32_t *)&net.sin6_addr.s6_addr[12]);
-    }
-
-     /* match IPv6 address against netnumber/prefixlen */
-     len = strlen(net_tok);
-     if (*net_tok != '[' || net_tok[len - 1] != ']')
-diff -up tcp_wrappers_7.6/socket.c.patch10 tcp_wrappers_7.6/socket.c
--- tcp_wrappers_7.6/socket.c.patch10	2008-08-29 09:45:12.000000000 +0200
-+++ tcp_wrappers_7.6/socket.c	2008-08-29 09:45:12.000000000 +0200
-@@ -228,7 +228,7 @@ struct host_info *host;
- 	hints.ai_family = sin->sa_family;
- 	hints.ai_socktype = SOCK_STREAM;
- 	hints.ai_flags = AI_PASSIVE | AI_CANONNAME | AI_NUMERICHOST;
-	if ((err = getaddrinfo(host->name, NULL, &hints, &res0) == 0)) {
-+	if ((err = getaddrinfo(host->name, NULL, &hints, &res0)) == 0) {
- 	    freeaddrinfo(res0);
- 	    res0 = NULL;
- 	    tcpd_warn("host name/name mismatch: "
--- a/tcp_wrappers.usagi-ipv6.patch
+++ b/tcp_wrappers.usagi-ipv6.patch
--- a/tcp_wrappers_7.6-249430.patch
+++ b/tcp_wrappers_7.6-249430.patch
@ -1,7 +1,7 @@
 diff -up tcp_wrappers_7.6/hosts_access.c.patch22 tcp_wrappers_7.6/hosts_access.c
 --- tcp_wrappers_7.6/hosts_access.c.patch22	2008-08-29 09:45:12.000000000 +0200
 +++ tcp_wrappers_7.6/hosts_access.c	2008-08-29 09:45:12.000000000 +0200
-@@ -426,7 +426,9 @@ char   *string;
+@@ -419,7 +419,9 @@ char   *string;
     if ((addr = dot_quad_addr(string)) == INADDR_NONE)
 	return (NO);
     if ((net = dot_quad_addr(net_tok)) == INADDR_NONE
@ -9,6 +9,6 @@ diff -up tcp_wrappers_7.6/hosts_access.c.patch22 tcp_wrappers_7.6/hosts_access.c
 +	|| ((mask = dot_quad_addr(mask_tok)) == INADDR_NONE
 +	    && strcmp(mask_tok, "255.255.255.255"))) {
 +	/* 255.255.255.255 == INADDR_NONE, separate check needed. TJ. */
- #ifndef INET6
 	tcpd_warn("bad net/mask expression: %s/%s", net_tok, mask_tok);
- #endif
+ 	return (NO);				/* not tcpd_jump() */
+     }
--- a/tcpw7.2-config.patch
+++ b/tcpw7.2-config.patch
@ -14,8 +14,8 @@ diff -up tcp_wrappers_7.6/Makefile.patch1 tcp_wrappers_7.6/Makefile
 linux:
 	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
 	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
-	NETGROUP= TLI= EXTRA_CFLAGS="-DBROKEN_SO_LINGER" all
-+	NETGROUP= TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all
+-	NETGROUP= TLI= EXTRA_CFLAGS="-DBROKEN_SO_LINGER -DUSE_STRERROR" all
+	NETGROUP= TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DUSE_STRERROR -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all
 
 # This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x.
 hpux hpux8 hpux9 hpux10:
--- a/tcpw7.2-setenv.patch
+++ b/tcpw7.2-setenv.patch
@ -7,6 +7,6 @@ diff -up tcp_wrappers_7.6/Makefile.patch2 tcp_wrappers_7.6/Makefile
 	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
 -	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
 +	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \
- 	NETGROUP= TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all
+ 	NETGROUP= TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DUSE_STRERROR -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all
 
 # This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x.
--- a/tcpw7.6-netgroup.patch
+++ b/tcpw7.6-netgroup.patch
@ -6,9 +6,9 @@ diff -up tcp_wrappers_7.6/Makefile.patch3 tcp_wrappers_7.6/Makefile
 linux:
 	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
 -	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \
-	NETGROUP= TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all
+-	NETGROUP= TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DUSE_STRERROR -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all
 +	LIBS="-lnsl" RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \
-+	NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all
+	NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DUSE_STRERROR -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all
 
 # This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x.
 hpux hpux8 hpux9 hpux10: