--- /dev/null
+xinetd (1:2.3.14-1.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Update xinetd to use invoke-rc.d (Closes: 427892).
+
+ -- Pierre Habouzit <madcoder@debian.org> Wed, 18 Jul 2007 18:38:26 +0200
+
+xinetd (1:2.3.14-1) unstable; urgency=low
+
+ * New upstream release (closes: #342724).
+ * Updated config.guess and config.sub (closes: #342448).
+ * Comment about log_on_* in xinetd.conf (closes: #312663).
+ * Patch by Leo Weppelman <leo@wau.mis.ah.nl> on child.c
+ (closes: #342559)
+ * Patch for xconv.pl by Ron Murray <murrayr@dor.state.ma.us> to
+ process "#<off>#" lines (closes: #336023).
+ * Added configuration file for discard internal service
+ (closes: #309312)
+ * Bumped Standards-Version to 3.7.2
+ * Bumped debhelper compatibility level to 5.
+
+ -- Thomas Seyrat <tomasera@debian.org> Tue, 9 May 2006 13:32:06 +0200
+
+xinetd (1:2.3.13-3) unstable; urgency=low
+
+ * -stayalive option in /etc/default/xinetd instead of init script
+ to make behaviour change easier. (closes: #294665)
+ * Applied patch from Andreas Jochens <aj@andaco.de> to build
+ on amd64 with gcc-4.0 (closes: #297911)
+ * Run /etc/init.d/inetd in postrm only if it exists (closes: #295554)
+ * Fixed erroneous itox.8 man page (closes: #287814)
+ * Included xinetd.org FAQ as /usr/share/doc/xinetd/xinetd.org-FAQ.html
+ * Edited README.update-inetd (closes: #287821)
+ * Applied patch to xconv.pl by Javier Fernández-Sanguino Peña to fix
+ - what Amanda needs (closes: #167367)
+ (http://www.amanda.org/docs/install.html)
+ - numerically-specified services (closes: #176464)
+ - TCP Wrappers
+
+ -- Thomas Seyrat <tomasera@debian.org> Thu, 10 Mar 2005 11:03:24 +0100
+
+xinetd (1:2.3.13-2) unstable; urgency=low
+
+ * We now start xinetd with -stayalive by default to keep it
+ running even if no service is enabled. (closes: #270803)
+ * Modify Makefile.in to install xinetd.log manpage in section
+ 5 instead of 8.
+
+ -- Thomas Seyrat <tomasera@debian.org> Thu, 9 Sep 2004 14:39:20 +0200
+
+xinetd (1:2.3.13-1) unstable; urgency=low
+
+ * New upstream release
+ - fixes factorized addresses in only_from (closes: #212533)
+ * inetd.conf doesn't get read by default anymore, too much trouble.
+ Removed -inetd_compat from /etc/default/xinetd (closes: #198585)
+ * "services" internal service was removed upstream, so we don't
+ need /etc/xinetd.d/xinetd anymore, nor documentation for these
+ internal services (closes: #242646)
+ * Bumped Standards-Version to 3.6.1
+
+ -- Thomas Seyrat <tomasera@debian.org> Sun, 18 Apr 2004 13:33:57 +0200
+
+xinetd (1:2.3.12-2) unstable; urgency=high
+
+ * -1 was partially fucked up
+ * Applied patch on nvlists.c from upstream to fix segfault
+ * Added updated README.update-inetd
+ * -reuse is not needed anymore since 2.3.4, REUSE is on by default on
+ all services
+ * "xadmin" and "servers" internal services were removed upstream,
+ they don't appear anymore in /etc/xinetd.d/xinetd
+ * /etc/default/xinetd also gets removed when xinetd is purged
+
+ -- Thomas Seyrat <tomasera@debian.org> Fri, 15 Aug 2003 16:06:10 +0200
+
+xinetd (1:2.3.12-1) unstable; urgency=low
+
+ * New upstream release
+ * Bumped Standards-Version to 3.6.0
+ * Removed README.samba
+
+ -- Thomas Seyrat <tomasera@debian.org> Thu, 14 Aug 2003 14:21:41 +0200
+
+xinetd (1:2.3.11-2) unstable; urgency=low
+
+ * Attempt at using inetd.conf compatibility mode.
+ - No more "inetd.conf to xinetd.conf" autoconvert, now xinetd
+ reads inetd.conf after xinetd.conf
+ - inetd to xinetd transition should be seamless and inetd-started
+ services are not supposed to be broken (closes: #146908)
+ - No more debconf (we don't prompt user anymore, we rely on dpkg to
+ check for an existing xinetd.conf, and to prompt accordingly)
+ (closes: #183458)
+ * We install /etc/xinetd.d/, the (disabled) internal services
+ configuration files (Redhat-style), and the default xinetd.conf
+ considers them. (closes: #167726)
+ * Removed logrotate config file (we log through syslog per default)
+ * Removed logrotate from recommended packages
+ * Updated and simplified maintainer scripts
+ * Bumped Standards-Version to 3.5.10
+
+ -- Thomas Seyrat <tomasera@debian.org> Mon, 9 Jun 2003 22:50:54 +0200
+
+xinetd (1:2.3.11-1) unstable; urgency=high
+
+ * New upstream release
+ - Steve Grubb fixed memory leaks found with valgrind
+ (closes: #190217)
+ * Bumped Standards-Version to 3.5.9
+
+ -- Thomas Seyrat <tomasera@debian.org> Sat, 26 Apr 2003 16:26:45 +0200
+
+xinetd (1:2.3.10-1) unstable; urgency=low
+
+ * New upstream release
+ * Bumped Standards-Version to 3.5.8
+ * Start daemon with -pidfile /var/run/xinetd.pid (closes: #172770)
+
+ -- Thomas Seyrat <tomasera@debian.org> Mon, 13 Jan 2003 13:13:42 +0100
+
+xinetd (1:2.3.9-1) unstable; urgency=low
+
+ * New upstream release
+ * Bumped Standards-Version to 3.5.7
+
+ -- Thomas Seyrat <tomasera@debian.org> Wed, 2 Oct 2002 10:25:33 +0200
+
+xinetd (1:2.3.7-1) unstable; urgency=high
+
+ * New upstream release
+ - urgency=high to supersede NMU.
+ - includes security fix corrected in 2.3.6-1.1.
+ * Applied two patches for 2.3.6 from Steve G. fixing some
+ "redirect without server line" service issues. (closes: #155990)
+
+ -- Thomas Seyrat <tomasera@debian.org> Tue, 13 Aug 2002 15:05:05 +0200
+
+xinetd (1:2.3.6-1.1) unstable; urgency=high
+
+ * Non-maintainer upload by Security Team
+ * Applied a patch from SolarDesigner to keep xinetd from leaking the
+ recently introduced signal pipe into services started from xinetd.
+ * Applied upstream bugfix to handle IPv6 addresses in config parser
+ (unfortunately, it was applied upstream to the 2.3.6 tarball which is
+ now different from ours)
+
+ -- Martin Schulze <joey@infodrom.org> Tue, 13 Aug 2002 10:44:14 +0200
+
+xinetd (1:2.3.6-1) unstable; urgency=low
+
+ * New upstream release (closes: #121044, #149114)
+ * Removed build dependency on perldoc (upstream now ships xconv.pl manpage).
+ * Included debconf template french translation.
+
+ -- Thomas Seyrat <tomasera@debian.org> Mon, 5 Aug 2002 22:17:38 +0200
+
+xinetd (1:2.3.5-1) unstable; urgency=low
+
+ * New upstream release
+ * New maintainer (closes: #153977)
+ * Minor debian/rules rewriting
+ * Bumped Standards-Version to 3.5.6.1.
+
+ -- Thomas Seyrat <tomasera@debian.org> Sun, 28 Jul 2002 16:51:39 +0200
+
+xinetd (1:2.3.4-2) unstable; urgency=high
+
+ * The "aarrgghh, why can't upstream test their release?" release
+ * Three small address parsing fixes -- these are being punted upstream...
+ xinetd/addr.c:explicit_addr: Set /32 to still be a masked addr
+ closes: #144672
+ xinetd/addr.c:factorized_addr: Restart the parse at the right point
+ after the syntax check pass.
+ closes: #141453
+ xinetd/addr.c:addrlist_match: Altered the "mask" check to remember to
+ apply the mask to /both/ halves of the
+ expression
+ closes: #145704
+ * Small change since I forgot to read the changelog carefully enough...
+ debian/init: Send HUP to reload config
+
+ -- Daniel Silverstone <dsilvers@debian.org> Fri, 3 May 2002 21:47:35 +0100
+
+xinetd (1:2.3.4-1.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Update config.guess and config.sub (closes: #141653).
+
+ -- Colin Watson <cjwatson@debian.org> Sun, 7 Apr 2002 23:51:53 +0100
+
+xinetd (1:2.3.4-1) unstable; urgency=low
+
+ * New upstream version:
+ Lots and lots. Unsure exactly which bugs
+ in the debian bts it closes -- I'll need to look
+ more closely
+ * Give configure the --with-loadavg parameter. closes: #140619
+
+ -- Daniel Silverstone <dsilvers@debian.org> Thu, 4 Apr 2002 23:53:54 +0100
+
+xinetd (1:2.3.3-4) unstable; urgency=low
+
+ * Corrected reload issue in /etc/init.d/xinetd by making reload
+ and force-reload the same signal. (follows from removal of
+ soft reload in 2.3.1) closes: #127676
+
+ -- Daniel Silverstone <dsilvers@debian.org> Sun, 6 Jan 2002 17:25:45 +0000
+
+xinetd (1:2.3.3-3) unstable; urgency=low
+
+ * Integrated fixes to pt_BR template. closes: #120846
+ * Integrated fixes to de template
+ (thanks to Stephan Baeckert of Pyramid Computer GmBH)
+ * Fixed implicit declaration of malloc() -- This sorts out an ia64
+ issue and therefore closes: #124399
+ * Fixed spelling mistake in control file (raised by mdz) closes: #125544
+
+ -- Daniel Silverstone <dsilvers@debian.org> Tue, 18 Dec 2001 08:38:04 +0000
+
+xinetd (1:2.3.3-2) unstable; urgency=low
+
+ * Re-introduced debconf independance at the cost
+ of needing a lintian override.
+ * Cleared an issue with building on potato WRT pod2man
+
+ -- Daniel Silverstone <dsilvers@debian.org> Tue, 25 Sep 2001 18:52:58 +0100
+
+xinetd (1:2.3.3-1) unstable; urgency=high
+
+ * New upstream version
+ Changes of particular interest include:
+ o 2.3.1 - Applied Solar Designer's AUDIT patches
+ - Removed soft-reconfigure. reload is always hard.
+ o 2.3.2 - Fix a heap overrun issue.
+ o 2.3.3 - RPC parser works again.
+ * New Maintainer
+ * Fixed issue where xinetd.conf stomped on your configs by
+ making a backup somehow. closes: #110596
+ * Removed support for systems without debconf. This introduces
+ a dependency on debconf - sorry. closes: #90008
+ * Introduced a build dependency on perl-doc in order to build the
+ manpage for xconv.pl
+ * Provided POD documentation for xconv.pl
+ * Corrected a dodgy comment in xconv.pl closes: #108754, #108751
+ * Included brazilian debconf template translations courtesy of
+ Andre Luis Lopes <andrelop@ig.com.br> closes: #108548
+
+ -- Daniel Silverstone <dsilvers@debian.org> Fri, 31 Aug 2001 14:49:57 +0100
+
+xinetd (1:2.3.0-1) unstable; urgency=high
+
+ * New upstream version (with a sane number, whee!).
+ * Included the German translation to the templates, closes: #95505.
+ * Use -reuse by default in the init script, closes: #97732.
+ * Includes the security fixes that wiggy applied to the stable version,
+ closes: #101201.
+ * Now recommends the proper syslogd virtual package, closes: #101629.
+ * Included the Spanish translation to the templates, closes: #103166.
+ * Polishing in the packaging.
+ * Orphaning the package.
+
+ -- Josip Rodin <jrodin@jagor.srce.hr> Sun, 15 Jul 2001 02:55:56 +0200
+
+xinetd (1:2.1.8.8.p3-2) unstable; urgency=low
+
+ * Added -x checks around lines that kill inetd, portmap, and xinetd init
+ script, because it can happen that those programs aren't there,
+ closes: #74759.
+ * Updated the template message about inetd.conf->xinetd.conf conversion,
+ closes: #78622.
+ * Standards-Version: 3.5.2: added DEB_BUILD_OPTIONS handling.
+ * Added version 2.0.54 to debhelper build-dependency because that's when
+ dh_installdebconf was introduced.
+ * Added logrotate among the recommended packages.
+
+ -- Josip Rodin <jrodin@jagor.srce.hr> Sat, 17 Mar 2001 16:52:20 +0100
+
+xinetd (1:2.1.8.8.p3-1) frozen unstable; urgency=low
+
+ * New upstream version, which includes just a few bugfixes, most of them
+ that aren't even related to Linux, but there is one which is rather
+ important:
+ Fixed a bug in the access lists. If you specified a host by
+ name in only_from, any connection from a host without
+ a reverse dns entry would be accepted.
+ This means that security policies (e.g. denial of access) for such hosts
+ wouldn't be enforced, which is a very ugly security problem,
+ closes: #65757.
+ * Added a clear warning to the postrm in the case when you don't have
+ an init script for the original inetd anymore, saying you may need
+ to reinstall netbase package to fix it. As this may happen due to
+ severe breakage in an old xinetd package, it needs to be said,
+ closes: #60836.
+ * Clarified convert-inetd-conf template text to explicitely say that the
+ config file will get overwritten on every upgrade if you say "Yes" to
+ the question, and add two lines in postinst to explain how to make it
+ not regenerate anymore.
+ * Synced portmapper check with inetd's init script and enhanced the regexp
+ match to catch " # foo" comments, otherwise it may produce false warning.
+ * Moved the message about terminating all services to prerm, where it's
+ actually being done.
+ * Made update-rc.d run only on initial installs.
+ * Added debhelper to Build-Depends: and shortened the long description.
+
+ -- Josip Rodin <jrodin@jagor.srce.hr> Fri, 16 Jun 2000 20:13:03 +0200
+
+xinetd (1:2.1.8.8pre8-1) frozen unstable; urgency=low
+
+ * New upstream version, including only two bug fixes, one of which is a
+ Y2K fix in the date service (changed TIMEOFFSET macro), closes: #54795.
+ The second change is minor, a fix for problem when length of banner
+ name % 32 = 0, and banners fail to work.
+
+ -- Josip Rodin <jrodin@jagor.srce.hr> Sun, 16 Jan 2000 17:09:48 +0100
+
+xinetd (1:2.1.8.8pre6-1) unstable; urgency=low
+
+ * New upstream version, packaged only to fix the Y2K glitch in the
+ log file, closes: #53865.
+ * Adopted/tookover the package :) I hear Norbert is around, but he
+ hasn't contacted anyone regarding the package yet.
+ * Introducing debconf support, to ask about converting the config file,
+ and to warn about update-inetd malfunctioning. However, I didn't remove
+ the old method of asking the questions yet, just in case debconf
+ doesn't exist. Only Recommends: debconf. Plus, I had to re-route all
+ the messages to &2, because of debconf.
+ * Added the missing `k' in `syslogd' recommendation (doh!). Added
+ Build-Depends: libwrap0-dev.
+ * Moved the whole contents of preinst to postinst (that is, stopping of
+ inetd and portmap, and creating the diversion of inetd init file),
+ no need to abuse preinst for that.
+ * Use --background option for start-stop-daemon, to speed up loading,
+ thus having to depend on dpkg >= 1.4.1.17.
+ * Fixed some details in postinst, init.d, config, and copyright files.
+
+ -- Josip Rodin <jrodin@jagor.srce.hr> Tue, 4 Jan 2000 23:54:08 +0100
+
+xinetd (1:2.1.8.7-1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Admitting the sad truth, i.e. marking the package as orphaned. Norbert
+ hasn't done an upload in some eleven months, and hasn't respondedÃ\82Â\85to
+ our NMUs and several e-mails in more than two months. :(
+ * New upstream version. It's from a completely different development
+ branch, versioned differently, so I had to introduce an epoch. :|
+ Note that we *have to* use this version because the previous one breaks
+ its own original license! Closes: #38361 #41386 #41568.
+ * Updated packaging files for the new autoconf stuff, patched configure.in
+ and Makefile.in to support install in custom non-existant directories,
+ included example xinetd.conf file in examples directory.
+ * Updated docs regarding the new xconv.pl script. Not using it in
+ postinst, at least not yet.
+ * Skipped all old patches, except the one for src/itox.c, which is now
+ forwarded/included in upstream package, with some others.
+ * Added --with-libwrap to configure flags, to link with libwrap0, as
+ suggested by the upstream author. From the README file:
+ When xinetd does access checking, it will first ask libwrap to check
+ /etc/hosts.allow and /etc/hosts.deny, then if libwrap accepts the
+ connection, xinetd will consult its own access control mechanism.
+ * Fixed postrm script to work on purge, and to remove /etc/init.d/inetd
+ (created in postinst) prior to un-diverting it (otherwise dpkg-divert
+ would bomb out, overwriting not allowed).
+ * Moved making the dummy /etc/init.d/inetd script to postinst, to
+ avoid the lintian error.
+ * Fixed s/daemon-dir/daemon_dir/ in README.update-inetd file.
+ * Updated itox.1 manual page, moved it to section 8 and to xinetd/
+ directory, and integrated it (and itox) in the Makefile install: rule.
+ * Updated the init script, made checkportmap() check in /etc/xinetd.conf
+ file (don't know whether the check is ultimately correct, though).
+ * Upgraded netbase dependency to 3.16-4, because the fixed update-inetd
+ script is included since that version.
+ * Doesn't recommend netstd anymore, apparently it no longer exists,
+ that closes: #49398 #49438.
+
+ -- Josip Rodin <jrodin@jagor.srce.hr> Sat, 16 Oct 1999 19:14:14 +0200
+
+xinetd (2.2.1-8.SD1.2) unstable; urgency=low
+
+ * Non-maintainer upload. (diff posted to Bug#45602)
+
+ * Add a dummy /etc/init.d/inetd script so netbase doesn't have to
+ worry about its files disappearing. (Fixes: Bug#45602)
+
+ -- Anthony Towns <ajt@debian.org> Fri, 15 Oct 1999 11:56:03 +1000
+
+xinetd (2.2.1-8.SD1.1) unstable; urgency=medium
+
+ * Non-maintainer upload (is Norber Veber MIA?).
+ * Updated for the new netbase/inetd stuff.
+ Fixes: #43161 #44537 #44529 #31500
+ * Depend on an appropriate netbase version because of the switch to
+ diverting /etc/init.d/inetd, and not diverting /usr/sbin/update-inetd.
+ * Un-diverting is done in a sane way, I think. Postinst checks whether the
+ exact diversion still exists, and preserves the obsolete scripts, with
+ suffix ".xinetd.old", and then removes the diversion. The obsolete files
+ made this way are "rm -f"ed in postrm.
+ * Updated for Policy 3.x. Converted to debhelper for full Policy
+ compliance. Fixes: #44099
+ * Added rm -f /etc/xinetd.conf under purging in postrm, fixes: #36809
+ * Included Solar Designer <solar@false.com>'s SD1 patch from:
+ ftp://ftp.dataforce.net/pub/solar/xinetd-2.2.1-SD1.diff , fixes: #35166
+ * Reworked most of the maintainer scripts.
+ * The checkportmap() function, from the inetd's init script ought to
+ be changed to check in /etc/xinetd.conf file.
+ * Beautified debian/README* files, fixed some oddities in "SEE ALSO"
+ sections of the man pages.
+ * If this release doesn't break anything, I'll probably upload the newest
+ upstream version, from the alive branch.
+
+ -- Josip Rodin <jrodin@jagor.srce.hr> Wed, 15 Sep 1999 20:27:55 +0200
+
+xinetd (2.2.1-8) frozen unstable; urgency=high
+
+ * Bug #29951, Applied itox patch by Alain Nissen <Alain.Nissen@ulg.ac.be>,
+ it fixes two problems with itox. It now understands user.group
+ notation, and ignores (no)wait.max.
+ * Bug #29650, changed a /* */ comment in preinst to a bash # comment :)
+ * Bug #29945, typo in the itox man page.
+ * Bug 29648, slattach is no longer killed when xinetd is stopped.
+ * Fixed a /tmp security problem which occured when xinetd was sent the
+ HUP signal (patch from Bugtraq by Marc Heuse <marc@SUSE.DE> slightly
+ modified by me).
+
+ -- Norbert Veber <nveber@debian.org> Sat, 5 Dec 1998 02:27:54 -0500
+
+xinetd (2.2.1-7) unstable; urgency=low
+
+ * Fixed a spelling mistake in the change log :)
+ * Fixed #26546, a problem with postinst and the file-rc package
+
+ -- Norbert Veber <nveber@debian.org> Sat, 10 Oct 1998 00:46:13 -0400
+
+xinetd (2.2.1-6) unstable; urgency=low
+
+ * Fixed #24246, debian/files and debian/substvars is no longer included
+ with the deb.
+ * Fixed #24245. This closes a security hole and policy violation in the
+ build process, also changed to -O2 while compiling.
+ * Fixes bug 23866 by diverting on both upgrade and install.
+
+ -- Norbert Veber <nveber@debian.org> Sat, 25 Jul 1998 14:18:39 -0400
+
+xinetd (2.2.1-5) frozen unstable; urgency=low
+
+ * Changed all scripts that stop xinetd so that they use SIGQUIT to kill the
+ server. SIGTERM is the default, and this causes xinetd to kill all
+ child processes, which makes remote installation/maintenance impossible.
+ * Changed postrm so that it calls update-rc.d with the -f option (in case
+ /etc/init.d/xinetd is still present.
+ * changed prerm so that it stops /sbin/portmap instead of
+ /usr/sbin/rpc.portmap (which doesnt exist)
+ * Wrote a man page for itox
+ * Fixed /etc/init.d/xinetd reload/restart
+ * Added /etc/init.d/xinetd to list of conffiles
+
+ -- Norbert Veber <nveber@debian.org> Sat, 13 Jun 1998 20:54:58 -0400
+
+xinetd (2.2.1-4) frozen unstable; urgency=medium
+
+ * New developer
+ * Diverted /etc/init.d/netbase, fixes bug #19125
+ * /etc/init.d/xinetd now refers to itself by $0, bug #6860
+ * /etc/init.d/xinetd now looks for /sbin/portmap, bug #12021, #12047,
+ #14159, #17247, #18691, #20701, #22161
+ * Diverted /usr/sbin/update-inetd, the new update-inetd now tells the user
+ to manually edit /etc/xinetd.conf. A new update-inetd that changes
+ the xinetd.conf will eventually be created.
+ * Created /usr/doc/xinetd/README-update.inetd which describes the above,
+ and gives pointers on what to put into xinetd.conf.
+ * Moved back to main (xinetd is free)
+ * Included ORIGINAL copyright, as is required by the license.
+ It is in /usr/doc/xinetd/copyright.
+ * Created /usr/doc/README.samba which describes a fix/workaround to the
+ xinetd/nmdb bug (#20705 and #17907).
+ * No longer provides a default xinetd.conf. It is nearly impossible to
+ generate one that will work on all systems, and still provides
+ useful services. The user now has the choice of keeping the current
+ configuration, or converting inetd.conf.
+ This fixes half of bug #10059. :)
+
+ -- Norbert Veber <nveber@debian.org> Tue, 9 June 1998 22:18:25 -0500
+
+xinetd (2.2.1-3.1) non-free; urgency=low
+
+ * Developer back to Boris.
+
+ -- Adam Heath <adam.heath@usa.net> Sun, 15 Mar 1998 15:33:59 -0500
+
+xinetd (2.2.1-3) non-free; urgency=low
+
+ * Changed distribution.
+ * Bug#16310 fixed previously.
+
+ -- Adam Heath <adam.heath@usa.net> Sat, 14 Mar 1998 03:31:50 -0500
+
+xinetd (2.2.1-2) unstable; urgency=low
+
+ * Fixes lintian bugs.
+
+ -- Adam Heath <adam.heath@usa.net> Mon, 9 Mar 1998 19:33:00 -0500
+
+xinetd (2.2.1-1) unstable; urgency=low
+
+ * New upstream version
+
+ -- Adam Heath <adam.heath@usa.net> Wed, 31 Dec 1997 02:53:10 -0500
+
+xinetd (2.1.7-3.1) unstable; urgency=low
+
+ * Compiled for libc6
+
+ -- Adam Heath <adam.heath@usa.net> Tue, 30 Dec 1997 17:50:01 -0500
+
+xinetd (2.1.7-3) unstable; urgency=low
+
+ Changed preinst to ask if xinetd will be
+ set up to load at boot time.
+
+ -- "Boris D. Beletsky" <borik@isracom.co.il> Tue, 31 Oct 1996 23:13:34 +0200
+
+xinetd (2.1.7-2) unstable; urgency=low
+
+ fixed bug #5022 (thks to llucius@millcomm.com)
+
+ -- "Boris D. Beletsky" <borik@isracom.co.il> Tue, 29 Oct 1996 03:23:24 +0200
+
+xinetd (2.1.7-1) unstable; urgency=low
+
+ * first release
+
+ -- "Boris D. Beletsky" <borik@isracom.co.il> Sun, 23 Oct 1996 07:45:14 +0200
--- /dev/null
+<html>
+<head>
+<title>xinetd faq</title>
+</head>
+<body bgcolor=#ffffff link="blue" vlink="blue">
+<center><h2>xinetd FAQ</h2></center>
+<hr noshade>
+
+<dl>
+<dt><a href="#what">What is xinetd</a>
+<dt><a href="#compat">Is it compatible with inetd ?</a>
+<dt><a href="#why">Why should I use xinetd?</a>
+<dt><a href="#who">Who is responsible for xinetd?</a>
+<dt><a href="#2.2">What's up with xinetd 2.2.1?</a>
+<dt><a href="#care">I am not a system administrator; what do I care about an inetd replacement ?</a>
+<dt><a href="#where">Where can I get xinetd?</a>
+<dt><a href="#qmail">Has anyone gotten xinetd working with qmail?</a>
+<dt><a href="#support">What platforms does xinetd work on?</a>
+<dt><a href="#itox">How do I use itox?</a>
+<dt><a href="#libwrap">Does xinetd support tcpwrappers?</a>
+<dt><a href="#ipv6">Does xinetd support IPv6?</a>
+<dt><a href="#v6error">No services start with IPv6! What's the deal?</a>
+<dt><a href="#bsd">What's this setgroups(0, NULL) error?</a>
+<dt><a href="#telnet">Why can't telnetd start normally on Linux?</a>
+<dt><a href="#stunnel">How can I use xinetd to wrap SSL around services?</a>
+<dt><a href="#cvss">How do I setup a cvs server with xinetd?</a>
+</dl>
+<hr noshade>
+<strong><a name="what">Q. What is xinetd ?</a><br></strong>
+A. xinetd is a replacement for inetd, the internet services daemon.<br>
+<br>
+<strong><a name="care">Q: I am not a system administrator; what do I care about an inetd replacement ?</a></strong>
+<br>
+A: xinetd is not just an inetd replacement. Anybody can use it to start servers
+ that don't require privileged ports because xinetd does not require that the
+ services in its configuration file be listed in /etc/services.
+<br>
+<br>
+<strong><a name="compat">Q. Is it compatible with inetd ?</a><br></strong>
+A. No, its configuration file has a different format than inetd's one
+ and it understands different signals. However the signal-to-action
+ assignment can be changed and a program has been included to convert
+ inetd.conf to xinetd.conf.
+<br>
+<br>
+<br>
+<strong><a name="why">Q. Why should I use it ?</a><br></strong>
+A. Because it is a lot better (IMHO) than inetd. Here are the reasons:
+<br>
+<br>
+<dl>
+<dt> 1) It can do access control on all services based on:
+ <dl>
+ <dt> a. address of remote host
+ <dt> b. time of access
+ <dt> c. name of remote host
+ <dt> d. domain name of remote host
+ </dl>
+<dt> 2) Access control works on all services, whether multi-threaded or
+ single-threaded and for both the TCP and UDP protocols.
+ All UDP packets can be checked as well as all TCP connections.
+
+<dt> 3) It provides hard reconfiguration:
+ <dl>
+ <dt> a. kills servers for services that are no longer in the
+ configuration file
+ <dt> b. kills servers that no longer meet the access control criteria
+ </dl>
+<dt> 4) It can prevent denial-of-access attacks by
+ <dl>
+ <dt> a. placing limits on the number of servers for each service
+ (avoids process table overflows)
+ <dt> b. placing an upper bound on the number of processes it will fork
+ <dt> c. placing limits on the size of log files it creates
+ <dt> d. placing limits on the number of connection a single host can initiate
+ <dt> e. place limits on the rate of incoming connections
+ <dt> f. discontinue services if the load exceeds specified limit
+ </dl>
+<dt> 5) Extensive logging abilities:
+ <dl>
+ <dt> a. for every server started it can log:
+ <dl>
+ <dt> i) the time when the server was started
+ <dt> ii) the remote host address
+ <dt> iii) who was the remote user (if the other end runs a
+ RFC-931/RFC-1413 server)
+ <dt> iv) how long the server was running
+ <dt> (i, ii and iii can be logged for failed attempts too).
+ </dl>
+ <dt> b. for some services, if the access control fails, it can
+ log information about the attempted access (for example,
+ it can log the user name and command for the rsh service)
+ </dl>
+<dt> 6) No limit on number of server arguments
+<dt> 7) You can bind specifc services to specific IP's on your host machine
+</dl>
+<br>
+<br>
+<strong><a name="who">Q. Whom should I thank/blame for this program ?</a><br></strong>
+A. panos@cs.colorado.edu originally wrote this program, but
+<a href="mailto:bbraun@synack.net">I</a> am fielding
+bug reports at this time.
+<br>
+<br>
+<strong><a name="2.2">Q. What's up with 2.2.1 version of xinetd?</a></strong>
+<br>
+A. The most recent original version of xinetd was 2.1.1 with patches bringing it up to 2.1.8. Nick Hilliard created xinetd 2.2.1, based off an unreleased xinetd 2.2.0 by Panos. The copyright included with xinetd specified the required versioning to be the official release of xinetd (2.1.8 in this case) and a fourth version number tacked on to indicate the modification level. This is the versioning I have adopted. xinetd 2.1.8.X, which is available here, is not based off xinetd 2.2.0 or higher. It was created from the codebase of xinetd 2.1.8, although I have re-implemented some of the features introduced in xinetd-2.2.1.
+<br>
+<br>
+<strong><a name="where">Q. Where can I find the latest-and-greatest version ?</a><br></strong>
+A. The xinetd source can be obtained from
+<a href="http://www.synack.net/xinetd">http://www.synack.net/xinetd</a>
+<br>
+<br>
+<strong><a name="qmail">Q. Has anyone been able to get qmail working with xinetd?</a><br></strong>
+A. yes, here is the entry info
+<pre>
+service smtp
+{
+ flags = REUSE NAMEINARGS
+ socket_type = stream
+ protocol = tcp
+ wait = no
+ user = qmaild
+ server = /usr/sbin/tcpd
+ server_args = /var/qmail/bin/tcp-env -R /var/qmail/bin/qmail-smtpd
+}
+</pre> Contributed by: Anthony Abby<br>
+This method will allow you to set environment variables and whatnot
+in <tt>/etc/hosts.allow</tt>. Although xinetd can be compiled with libwrap
+support, this doesn't mean it can completly replace tcpd's functionality.
+xinetd calls <tt>host_access()</tt>, which performs the access control
+documented in <tt>host_access(5)</tt> man page. This is a subset of the
+features offered by tcpd.
+<br>
+<br>
+<strong><a name="support">Q. What platforms is xinetd know to work on?</a><br></strong>
+A. I have run it on Solaris 2.6 (sparc and x86), Linux, BSDi, and
+IRIX 5.3 and 6.2. The original package ran on SunOS 4 and Ultrix.
+<br>
+<br>
+<strong><a name="chroot">Q. How to do setup a chrooted environment for a service?</a></strong><br>
+A. Here is the config file entry:
+<pre>
+service telnet_chroot
+{
+ log_on_success = HOST PID DURATION USERID
+ log_on_failure = HOST RECORD USERID
+ no_access = 152.30.11.93
+ socket_type = stream
+ protocol = tcp
+ port = 8000
+ wait = no
+ user = root
+ server = /usr/sbin/chroot
+ server_args = /var/public/servers /usr/libexec/telnetd
+}
+</pre> Contributed by: lburns@sasquatch.com
+<br>
+<br>
+<strong><a name="itox">Q. How do I use itox?</a></strong><br>
+A. itox reads in a regular inetd.conf file from stdin and writes an xinetd.conf
+file to stdout. In general, you use the command:<br>
+<tt>itox < /etc/inetd.conf > /etc/xinetd.conf</tt>
+<br>
+If your inetd.conf does not have explicit paths to each of the
+daemons, you must use the <i>-daemon_dir</i> option. Suppose all your
+daemons live in /usr/sbin, use the following command:<br>
+<tt> itox -daemon_dir=/usr/sbin < /etc/inetd.conf > /etc/xinetd.conf</tt>
+<br>
+itox is rather old and hasn't been updated for a while. xconv.pl is a
+perl script that is a little better about converting modern inetd.conf
+files. It's usage is similar to itox's.
+<br>
+<br>
+<strong><a name="libwrap">Q. Does xinetd support libwrap (tcpwrappers)?</a></strong><br>
+A. Yes. xinetd can be compiled with libwrap support by passing
+<tt>--with-libwrap</tt> as an option to the <tt>configure</tt> script.
+When xinetd is compiled with libwrap support, all services can use the
+<tt>/etc/hosts.allow</tt> and <tt>/etc/hosts.deny</tt> access control.
+xinetd can also be configured to use tcpd in the traditional inetd style.
+This requires the use of the NAMEINARGS flag, and the name of the real
+daemon be passed in as server_args. Here is an example for using telnet
+with tcpd:
+<pre>
+service telnet
+{
+ flags = REUSE NAMEINARGS
+ protocol = tcp
+ socket_type = stream
+ wait = no
+ user = telnetd
+ server = /usr/sbin/tcpd
+ server_args = /usr/sbin/in.telnetd
+}
+</pre>
+<strong><a name="ipv6">Q. Does xinetd support IPv6?</a></strong><br>
+A. Yes. xinetd can be compiled with IPv6 support by adding the
+<tt>--with-inet6</tt> option to the <tt>configure</tt> script.
+Access control is functional with IPv6. You can use ipv4 mapped
+addresses, or give normal dotted quad ipv4 addresses for access
+control, and xinetd will map them to ipv6 addresses.
+<br>
+<br>
+<strong><a name="v6error">Q. No services start with IPv6! What's the deal?</a></strong><br>
+A. When you compile IPv6 support in, all sockets are IPv6 sockets.
+If your kernel doesn't understand what an IPv6 socket is, all attempts
+to create sockets will fail, and no services will start. Only compile
+xinetd with IPv6 support if your kernel supports IPv6.
+<br>
+<br>
+<strong><a name="bsd">Q. What's this setgroups(0, NULL) error?</a></strong><br>
+A. By default, xinetd does not allow group permissions to the server
+processes, and it does this by setting the groups of the child process
+to nothing. Some BSD's have a problem with this. To avoid this error,
+put the directive <tt>groups = yes</tt> into your services. This says
+to allow the server process to have all the group privleges entitled
+to the user the server process is running as.
+<br>
+<br>
+<strong><a name="telnet">Q. Why can't telnetd start normally on Linux?</a></strong><br>
+A. On some Linux distributions, the telnet daemon starts as a nonprivleged
+user, but the user belongs to groups that allow it to open new tty's, and
+to update utmp. By default, xinetd does not allow group permissions to the
+server process, so telnetd can fail to start properly. To get the server
+process to posess the proper groups, use the <tt>groups = yes</tt> directive
+for the telnet service. This will tell xinetd that it is OK for the server
+process to start with all the groups the user has access to.
+<br>
+<br>
+<strong><a name="stunnel">Q. How do I use xinetd to wrap SSL around services</a></strong><br>
+A. Use the program <a href="http://www.stunnel.org">
+stunnel</a> to wrap SSL around services. This can actually be used
+by an inetd.
+<br>
+<br>
+<strong><a name="cvss">Q. How do I setup a cvs server with xinetd?</a>
+</strong><br>
+A. A user wrote in with this suggestion: <BR>
+<pre>
+cvspserver stream tcp nowait root /usr/bin/cvs cvs --allow-root=/home/pauljohn/cvsroot --allow-root=/home/pauljohn/cvsmisc pserver
+</pre>
+If you want to make the same work under xinetd, you save a config file
+in /etc/xinetd.d
+called cvspserver, (where the last line tells it the names of your
+repositories):
+<pre>
+service cvspserver
+{
+ socket_type = stream
+ protocol = tcp
+ wait = no
+ user = root
+ passenv =
+ server = /usr/bin/cvs
+ server_args = --allow-root=/home/pauljohn/cvsroot --allow-root=/home/pauljohn/cvsmisc pserver -f
+}
+</pre>
+All the other cvs setup stuff is the same. This seems to work, afaik.
+<br>
+<br>
+</body>
+</html>
projects / packages / xinetd.git / commitdiff