--- /dev/null
+diff -urN tcp_wrappers_7.6.orig/Makefile tcp_wrappers_7.6/Makefile
+--- tcp_wrappers_7.6.orig/Makefile Mon Dec 13 13:58:15 1999
++++ tcp_wrappers_7.6/Makefile Mon Dec 13 14:07:48 1999
+@@ -71,6 +71,7 @@
+ #
+ # HP-UX SCO Unicos
+ #REAL_DAEMON_DIR=/etc/...
++REAL_DAEMON_DIR=/usr/sbin
+
+ # End of mandatory section
+ ##########################
+@@ -150,8 +151,8 @@
+
+ linux:
+ @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
+- LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o NETGROUP= TLI= \
+- EXTRA_CFLAGS="-DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER -DINET6=1 -Dss_family=__ss_family -Dss_len=__ss_len" all
++ LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= NETGROUP= TLI= \
++ EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER -DINET6=1 -Dss_family=__ss_family -Dss_len=__ss_len" all
+
+ linux-old:
+ @make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
+@@ -373,6 +374,9 @@
+ NETGROUP= TLI= all
+
+ ###############################################################
++LIBTOOL = libtool
++PREFIX = /usr/local
++###############################################################
+ # System dependencies: TLI (transport-level interface) support.
+ #
+ # Uncomment the following macro if your system has System V.4-style TLI
+@@ -504,7 +508,7 @@
+ # Uncomment the next definition to turn on the language extensions
+ # (examples: allow, deny, banners, twist and spawn).
+ #
+-#STYLE = -DPROCESS_OPTIONS # Enable language extensions.
++STYLE = -DPROCESS_OPTIONS # Enable language extensions.
+
+ ################################################################
+ # Optional: Changing the default disposition of logfile records
+@@ -527,7 +531,7 @@
+ #
+ # The LOG_XXX names below are taken from the /usr/include/syslog.h file.
+
+-FACILITY= LOG_MAIL # LOG_MAIL is what most sendmail daemons use
++FACILITY= LOG_AUTHPRIV
+
+ # The syslog priority at which successful connections are logged.
+
+@@ -544,7 +548,7 @@
+ # and with Solaris < 2.4. APPEND_DOT will not work with hostnames taken
+ # from /etc/hosts or from NIS maps. It does work with DNS through NIS.
+ #
+-# DOT= -DAPPEND_DOT
++DOT= -DAPPEND_DOT
+
+ ##################################################
+ # Optional: Always attempt remote username lookups
+@@ -564,7 +568,7 @@
+ # still do selective username lookups as documented in the hosts_access.5
+ # and hosts_options.5 manual pages (`nroff -man' format).
+ #
+-#AUTH = -DALWAYS_RFC931
++AUTH = -DALWAYS_RFC931
+ #
+ # The default username lookup timeout is 10 seconds. This may not be long
+ # enough for slow hosts or networks, but is enough to irritate PC users.
+@@ -603,7 +607,7 @@
+ # look for access control information. Watch out for the quotes and
+ # backslashes when you make changes.
+
+-TABLES = -DHOSTS_DENY=\"/etc/hosts.deny\" -DHOSTS_ALLOW=\"/etc/hosts.allow\"
++TABLES = -DHOSTS_DENY=\"/etc/tcpd/hosts.deny\" -DHOSTS_ALLOW=\"/etc/tcpd/hosts.allow\"
+
+ ####################################################
+ # Optional: dealing with host name/address conflicts
+@@ -623,7 +627,7 @@
+ # Paranoid mode implies hostname lookup. In order to disable hostname
+ # lookups altogether, see the next section.
+
+-PARANOID= -DPARANOID
++PARANOID= #-DPARANOID
+
+ ########################################
+ # Optional: turning off hostname lookups
+@@ -636,7 +640,7 @@
+ # In order to perform selective hostname lookups, disable paranoid
+ # mode (see previous section) and comment out the following definition.
+
+-HOSTNAME= -DALWAYS_HOSTNAME
++HOSTNAME= #-DALWAYS_HOSTNAME
+
+ #############################################
+ # Optional: Turning on host ADDRESS checking
+@@ -670,7 +674,9 @@
+ # Protection against weird shells or weird make programs.
+
+ SHELL = /bin/sh
+-.c.o:; $(CC) $(CFLAGS) -c $*.c
++.c.o:; $(LIBTOOL) $(CC) $(CFLAGS) -c $*.c
++
++%.lo:; $(LIBTOOL) $(CC) $(CFLAGS) -c $*.c
+
+ CFLAGS = -O -DFACILITY=$(FACILITY) $(ACCESS) $(PARANOID) $(NETGROUP) \
+ $(BUGS) $(SYSTYPE) $(AUTH) $(UMASK) \
+@@ -679,12 +685,12 @@
+ $(UCHAR) $(TABLES) $(STRINGS) $(TLI) $(EXTRA_CFLAGS) $(DOT) \
+ $(VSYSLOG) $(HOSTNAME)
+
+-LIB_OBJ= hosts_access.o options.o shell_cmd.o rfc931.o eval.o \
+- hosts_ctl.o refuse.o percent_x.o clean_exit.o $(AUX_OBJ) \
+- $(FROM_OBJ) fix_options.o socket.o tli.o workarounds.o \
+- update.o misc.o diag.o percent_m.o myvsyslog.o
++LIB_OBJ= hosts_access.lo options.lo shell_cmd.lo rfc931.lo eval.lo \
++ hosts_ctl.lo refuse.lo percent_x.lo clean_exit.lo $(AUX_OBJ) \
++ $(FROM_OBJ) fix_options.lo socket.lo tli.lo workarounds.lo \
++ update.lo misc.lo diag.lo percent_m.lo myvsyslog.lo
+
+-FROM_OBJ= fromhost.o
++FROM_OBJ= fromhost.lo
+
+ KIT = README miscd.c tcpd.c fromhost.c hosts_access.c shell_cmd.c \
+ tcpd.h tcpdmatch.c Makefile hosts_access.5 strcasecmp.c BLURB rfc931.c \
+@@ -697,7 +703,7 @@
+ refuse.c tcpdchk.8 setenv.c inetcf.c inetcf.h scaffold.c \
+ scaffold.h tcpdmatch.8 README.NIS
+
+-LIB = libwrap.a
++LIB = libwrap.la
+
+ all other: config-check tcpd tcpdmatch try-from safe_finger tcpdchk
+
+@@ -713,30 +719,29 @@
+
+ $(LIB): $(LIB_OBJ)
+ rm -f $(LIB)
+- $(AR) $(ARFLAGS) $(LIB) $(LIB_OBJ)
+- -$(RANLIB) $(LIB)
++ $(LIBTOOL) $(CC) -O -o $(LIB) $(LIB_OBJ) -rpath /usr/lib
+
+ tcpd: tcpd.o $(LIB)
+- $(CC) $(CFLAGS) -o $@ tcpd.o $(LIB) $(LIBS)
++ $(LIBTOOL) $(CC) $(CFLAGS) -o $@ tcpd.o $(LIB) $(LIBS)
+
+ miscd: miscd.o $(LIB)
+- $(CC) $(CFLAGS) -o $@ miscd.o $(LIB) $(LIBS)
++ $(LIBTOOL) $(CC) $(CFLAGS) -o $@ miscd.o $(LIB) $(LIBS)
+
+ safe_finger: safe_finger.o $(LIB)
+- $(CC) $(CFLAGS) -o $@ safe_finger.o $(LIB) $(LIBS)
++ $(LIBTOOL) $(CC) $(CFLAGS) -o $@ safe_finger.o $(LIB) $(LIBS)
+
+ TCPDMATCH_OBJ = tcpdmatch.o fakelog.o inetcf.o scaffold.o
+
+ tcpdmatch: $(TCPDMATCH_OBJ) $(LIB)
+- $(CC) $(CFLAGS) -o $@ $(TCPDMATCH_OBJ) $(LIB) $(LIBS)
++ $(LIBTOOL) $(CC) $(CFLAGS) -o $@ $(TCPDMATCH_OBJ) $(LIB) $(LIBS)
+
+ try-from: try-from.o fakelog.o $(LIB)
+- $(CC) $(CFLAGS) -o $@ try-from.o fakelog.o $(LIB) $(LIBS)
++ $(LIBTOOL) $(CC) $(CFLAGS) -o $@ try-from.o fakelog.o $(LIB) $(LIBS)
+
+ TCPDCHK_OBJ = tcpdchk.o fakelog.o inetcf.o scaffold.o
+
+ tcpdchk: $(TCPDCHK_OBJ) $(LIB)
+- $(CC) $(CFLAGS) -o $@ $(TCPDCHK_OBJ) $(LIB) $(LIBS)
++ $(LIBTOOL) $(CC) $(CFLAGS) -o $@ $(TCPDCHK_OBJ) $(LIB) $(LIBS)
+
+ shar: $(KIT)
+ @shar $(KIT)
+@@ -757,6 +762,13 @@
+ tidy: clean
+ chmod -R a+r .
+ chmod 755 .
++
++install:
++ -install -d $(PREFIX)/{sbin,include}
++ $(LIBTOOL) install -c $(LIB) $(PREFIX)/lib/$(LIB)
++ for PROG in safe_finger tcpdchk try-from tcpd tcpdmatch ; do \
++ $(LIBTOOL) install -c $$PROG $(PREFIX)/sbin/$$PROG ; done
++ install tcpd.h $(PREFIX)/include/
+
+ # Enable all bells and whistles for linting.
+
+diff -urN tcp_wrappers_7.6.orig/README tcp_wrappers_7.6/README
+--- tcp_wrappers_7.6.orig/README Mon Dec 13 13:58:15 1999
++++ tcp_wrappers_7.6/README Mon Dec 13 14:09:31 1999
+@@ -169,7 +169,7 @@
+ 2) The advanced way: leave the network daemons alone and modify the
+ inetd configuration file. For example, an entry such as:
+
+- tftp dgram udp wait root /usr/etc/tcpd in.tftpd -s /tftpboot
++ tftp dgram udp wait root /usr/sbin/tcpd in.tftpd -s /tftpboot
+
+ When a tftp request arrives, inetd will run the wrapper program
+ (tcpd) with a process name `in.tftpd'. This is the name that the
+@@ -821,12 +821,12 @@
+ Then perform the following edits on the inetd configuration file
+ (usually /etc/inetd.conf or /etc/inet/inetd.conf):
+
+- finger stream tcp nowait nobody /usr/etc/in.fingerd in.fingerd
+- ^^^^^^^^^^^^^^^^^^^
++ finger stream tcp nowait nobody /usr/sbin/in.fingerd in.fingerd
++ ^^^^^^^^^^^^^^^^^^^^
+ becomes:
+
+- finger stream tcp nowait nobody /usr/etc/tcpd in.fingerd
+- ^^^^^^^^^^^^^
++ finger stream tcp nowait nobody /usr/sbin/tcpd in.fingerd
++ ^^^^^^^^^^^^^^
+ Send a `kill -HUP' to the inetd process to make the change effective.
+ Some IRIX inetd implementations require that you first disable the
+ finger service (comment out the finger service and `kill -HUP' the
+@@ -873,7 +873,7 @@
+ Instead you can specify, in the inetd configuration file, an absolute
+ path name for the daemon process name. For example,
+
+- ntalk dgram udp wait root /usr/etc/tcpd /usr/local/lib/ntalkd
++ ntalk dgram udp wait root /usr/sbin/tcpd /usr/sbin/in.ntalkd
+
+ When the daemon process name is an absolute path name, tcpd ignores the
+ value of the REAL_DAEMON_DIR constant, and uses the last path component
+@@ -940,7 +940,7 @@
+ you can look up the name from the inetd configuration file. Coming back
+ to the tftp example in the tutorial section above:
+
+- tftp dgram udp wait root /usr/etc/tcpd in.tftpd -s /tftpboot
++ tftp dgram udp wait root /usr/sbin/tcpd in.tftpd -s /tftpboot
+
+ This entry causes the inetd to run the wrapper program (tcpd) with a
+ process name `in.tftpd'. This is the name that the wrapper will use
+@@ -976,7 +976,7 @@
+ listener, but it should be registered in the inetd configuration file.
+ For example:
+
+- smtp stream tcp nowait root /usr/etc/tcpd /usr/lib/sendmail -bs
++ smtp stream tcp nowait root /usr/sbin/tcpd /usr/lib/sendmail -bs
+
+ You will still need to run one sendmail background process to handle
+ queued-up outgoing mail. A command like:
+diff -urN tcp_wrappers_7.6.orig/fix_options.c tcp_wrappers_7.6/fix_options.c
+--- tcp_wrappers_7.6.orig/fix_options.c Mon Dec 13 13:58:15 1999
++++ tcp_wrappers_7.6/fix_options.c Mon Dec 13 14:09:18 1999
+@@ -38,7 +38,12 @@
+ #ifdef IP_OPTIONS
+ unsigned char optbuf[BUFFER_SIZE / 3], *cp;
+ char lbuf[BUFFER_SIZE], *lp;
++#if !defined(__GLIBC__)
+ int optsize = sizeof(optbuf), ipproto;
++#else
++ size_t optsize = sizeof(optbuf);
++ int ipproto;
++#endif
+ struct protoent *ip;
+ int fd = request->fd;
+ unsigned int opt;
+diff -urN tcp_wrappers_7.6.orig/rfc931.c tcp_wrappers_7.6/rfc931.c
+--- tcp_wrappers_7.6.orig/rfc931.c Mon Dec 13 13:58:15 1999
++++ tcp_wrappers_7.6/rfc931.c Mon Dec 13 14:09:18 1999
+@@ -33,7 +33,7 @@
+
+ int rfc931_timeout = RFC931_TIMEOUT;/* Global so it can be changed */
+
+-static jmp_buf timebuf;
++static sigjmp_buf timebuf;
+
+ /* fsocket - open stdio stream on top of socket */
+
+@@ -62,7 +62,7 @@
+ static void timeout(sig)
+ int sig;
+ {
+- longjmp(timebuf, sig);
++ siglongjmp(timebuf, sig);
+ }
+
+ /* rfc931 - return remote user name, given socket structures */
+@@ -133,7 +133,7 @@
+ * Set up a timer so we won't get stuck while waiting for the server.
+ */
+
+- if (setjmp(timebuf) == 0) {
++ if (sigsetjmp(timebuf,1) == 0) {
+ signal(SIGALRM, timeout);
+ alarm(rfc931_timeout);
+
+diff -urN tcp_wrappers_7.6.orig/safe_finger.c tcp_wrappers_7.6/safe_finger.c
+--- tcp_wrappers_7.6.orig/safe_finger.c Mon Dec 13 13:58:15 1999
++++ tcp_wrappers_7.6/safe_finger.c Mon Dec 13 14:15:09 1999
+@@ -31,14 +31,14 @@
+
+ /* Local stuff */
+
+-char path[] = "PATH=/bin:/usr/bin:/usr/ucb:/usr/bsd:/etc:/usr/etc:/usr/sbin";
++char path[] = "PATH=/bin:/usr/bin:/sbin:/usr/sbin";
+
+ #define TIME_LIMIT 60 /* Do not keep listinging forever */
+ #define INPUT_LENGTH 100000 /* Do not keep listinging forever */
+ #define LINE_LENGTH 128 /* Editors can choke on long lines */
+ #define FINGER_PROGRAM "finger" /* Most, if not all, UNIX systems */
+ #define UNPRIV_NAME "nobody" /* Preferred privilege level */
+-#define UNPRIV_UGID 32767 /* Default uid and gid */
++#define UNPRIV_UGID 99 /* Default uid and gid */
+
+ int finger_pid;
+
+@@ -48,6 +48,9 @@
+ kill(finger_pid, SIGKILL);
+ exit(0);
+ }
++
++int allow_severity; /* for connection logging */
++int deny_severity; /* for connection logging */
+
+ main(argc, argv)
+ int argc;
+diff -urN tcp_wrappers_7.6.orig/workarounds.c tcp_wrappers_7.6/workarounds.c
+--- tcp_wrappers_7.6.orig/workarounds.c Mon Dec 13 13:58:15 1999
++++ tcp_wrappers_7.6/workarounds.c Mon Dec 13 14:09:18 1999
+@@ -163,7 +163,11 @@
+ int fix_getpeername(sock, sa, len)
+ int sock;
+ struct sockaddr *sa;
++#if !defined(__GLIBC__)
+ int *len;
++#else
++size_t *len;
++#endif
+ {
+ int ret;
+ #ifdef INET6