--- /dev/null
+--- portmap-5.orig/Makefile
++++ portmap-5/Makefile
+@@ -8,7 +8,7 @@
+ # if you disagree. See `man 3 syslog' for examples. Some syslog versions
+ # do not provide this flexibility.
+ #
+-FACILITY=LOG_MAIL
++FACILITY=LOG_DAEMON
+
+ # To disable tcp-wrapper style access control, comment out the following
+ # macro definitions. Access control can also be turned off by providing
+@@ -16,7 +16,8 @@
+ # daemon, is always treated as an authorized host.
+
+ HOSTS_ACCESS= -DHOSTS_ACCESS
+-WRAP_LIB = $(WRAP_DIR)/libwrap.a
++#WRAP_LIB = $(WRAP_DIR)/libwrap.a
++WRAP_LIB = -lwrap
+
+ # Comment out if your RPC library does not allocate privileged ports for
+ # requests from processes with root privilege, or the new portmap will
+@@ -71,7 +72,7 @@
+ # With verbose logging on, HP-UX 9.x and AIX 4.1 leave zombies behind when
+ # SIGCHLD is not ignored. Enable next macro for a fix.
+ #
+-# ZOMBIES = -DIGNORE_SIGCHLD # AIX 4.x, HP-UX 9.x
++ZOMBIES = -DIGNORE_SIGCHLD # AIX 4.x, HP-UX 9.x
+
+ # Uncomment the following macro if your system does not have u_long.
+ #
+@@ -81,11 +82,14 @@
+ # libwrap.a object library. WRAP_DIR should specify the directory with
+ # that library.
+
+-WRAP_DIR= ../tcp_wrappers
++WRAP_DIR= $(TCPD_DIR)
+
+ # Auxiliary object files that may be missing from your C library.
+ #
+-AUX = daemon.o strerror.o
++#AUX = daemon.o strerror.o
++
++# glibc has strerror() (it's POSIX) and daemon() (when compiling -D_BSD_SOURCE)
++AUX =
+
+ # NEXTSTEP is a little different. The following seems to work with NS 3.2
+ #
+@@ -99,22 +103,31 @@
+
+ # Comment out if your compiler talks ANSI and understands const
+ #
+-CONST = -Dconst=
++#CONST = -Dconst=
+
+ ### End of configurable stuff.
+ ##############################
+
++GLIBC=$(shell grep -s -c __GLIBC__ /usr/include/features.h)
++
++ifeq ($(GLIBC),0)
++LIBS += # -lbsd
++else
++LIBS += -lnsl
++endif
++
++
+ SHELL = /bin/sh
+
+-COPT = $(CONST) -Dperror=xperror $(HOSTS_ACCESS) $(CHECK_PORT) \
++COPT = $(CONST) $(HOSTS_ACCESS) $(CHECK_PORT) \
+ $(SYS) -DFACILITY=$(FACILITY) $(ULONG) $(ZOMBIES) $(SA_LEN) \
+ $(LOOPBACK) $(SETPGRP)
+-CFLAGS = $(COPT) -O $(NSARCHS)
++CFLAGS = -Wall $(COPT) -O2 $(NSARCHS)
+ OBJECTS = portmap.o pmap_check.o from_local.o $(AUX)
+
+ all: portmap pmap_dump pmap_set
+
+-portmap: $(OBJECTS) $(WRAP_DIR)/libwrap.a
++portmap: $(OBJECTS) # $(WRAP_DIR)/libwrap.a
+ $(CC) $(CFLAGS) -o $@ $(OBJECTS) $(WRAP_LIB) $(LIBS)
+
+ pmap_dump: pmap_dump.c
+@@ -129,6 +142,17 @@
+ get_myaddress: get_myaddress.c
+ cc $(CFLAGS) -DTEST -o $@ get_myaddress.c $(LIBS)
+
++install: all
++ install -o root -g root -m 0755 -s portmap ${BASEDIR}/sbin
++ install -o root -g root -m 0755 -s pmap_dump ${BASEDIR}/sbin
++ install -o root -g root -m 0755 -s pmap_set ${BASEDIR}/sbin
++ install -o root -g root -m 0644 portmap.8 ${BASEDIR}/usr/share/man/man8
++ install -o root -g root -m 0644 pmap_dump.8 ${BASEDIR}/usr/share/man/man8
++ install -o root -g root -m 0644 pmap_set.8 ${BASEDIR}/usr/share/man/man8
++ cat BLURB >${BASEDIR}/usr/share/doc/portmap/portmapper.txt
++ gzip -9f ${BASEDIR}/usr/share/doc/portmap/portmapper.txt
++
++
+ lint:
+ lint $(COPT) $(OBJECTS:%.o=%.c)
+
+--- portmap-5.orig/daemon.c
++++ portmap-5/daemon.c
+@@ -36,11 +36,8 @@
+ #endif /* LIBC_SCCS and not lint */
+
+ #include <fcntl.h>
+-
+-/* From unistd.h */
+-#define STDIN_FILENO 0
+-#define STDOUT_FILENO 1
+-#define STDERR_FILENO 2
++#include <unistd.h>
++#include <sys/types.h>
+
+ /* From paths.h */
+ #define _PATH_DEVNULL "/dev/null"
+--- portmap-5.orig/pmap_check.c
++++ portmap-5/pmap_check.c
+@@ -41,10 +41,14 @@
+ #include <syslog.h>
+ #include <netdb.h>
+ #include <sys/signal.h>
++#include <grp.h>
+ #ifdef SYSV40
+ #include <netinet/in.h>
+ #include <rpc/rpcent.h>
+ #endif
++#include <sys/types.h>
++#include <unistd.h>
++#include <tcpd.h>
+
+ extern char *inet_ntoa();
+
+@@ -101,15 +105,25 @@
+ * Give up root privileges so that we can never allocate a privileged
+ * port when forwarding an rpc request.
+ */
++ if (setgid(1) == -1) {
++ syslog(LOG_ERR, "setgid(1) failed: %m");
++ exit(1);
++ }
++ if (setgroups(0, 0) == -1) {
++ syslog(LOG_ERR, "setgroups(0, 0) failed: %m");
++ exit(1);
++ }
+ if (setuid(1) == -1) {
+ syslog(LOG_ERR, "setuid(1) failed: %m");
+ exit(1);
+ }
++
+ (void) signal(SIGINT, toggle_verboselog);
+ }
+
+ /* check_default - additional checks for NULL, DUMP, GETPORT and unknown */
+
++int
+ check_default(addr, proc, prog)
+ struct sockaddr_in *addr;
+ u_long proc;
+@@ -128,6 +142,7 @@
+
+ /* check_privileged_port - additional checks for privileged-port updates */
+
++int
+ check_privileged_port(addr, proc, prog, port)
+ struct sockaddr_in *addr;
+ u_long proc;
+@@ -173,6 +188,7 @@
+
+ #else
+
++int
+ check_setunset(addr, proc, prog, port)
+ struct sockaddr_in *addr;
+ u_long proc;
+@@ -197,6 +213,7 @@
+
+ /* check_callit - additional checks for forwarded requests */
+
++int
+ check_callit(addr, proc, prog, aproc)
+ struct sockaddr_in *addr;
+ u_long proc;
+@@ -249,13 +266,13 @@
+ };
+ struct proc_map *procp;
+ static struct proc_map procmap[] = {
+- PMAPPROC_CALLIT, "callit",
+- PMAPPROC_DUMP, "dump",
+- PMAPPROC_GETPORT, "getport",
+- PMAPPROC_NULL, "null",
+- PMAPPROC_SET, "set",
+- PMAPPROC_UNSET, "unset",
+- 0, 0,
++ {PMAPPROC_CALLIT, "callit"},
++ {PMAPPROC_DUMP, "dump"},
++ {PMAPPROC_GETPORT, "getport"},
++ {PMAPPROC_NULL, "null"},
++ {PMAPPROC_SET, "set"},
++ {PMAPPROC_UNSET, "unset"},
++ {0, 0},
+ };
+
+ /*
+@@ -269,7 +286,7 @@
+
+ if (prognum == 0) {
+ progname = "";
+- } else if (rpc = getrpcbynumber((int) prognum)) {
++ } else if ((rpc = getrpcbynumber((int) prognum))) {
+ progname = rpc->r_name;
+ } else {
+ sprintf(progname = progbuf, "%lu", prognum);
+--- portmap-5.orig/from_local.c
++++ portmap-5/from_local.c
+@@ -51,6 +51,9 @@
+ #include <net/if.h>
+ #include <sys/ioctl.h>
+ #include <syslog.h>
++#include <stdlib.h>
++#include <string.h>
++#include <unistd.h>
+
+ #ifndef TRUE
+ #define TRUE 1
+@@ -96,6 +99,7 @@
+
+ /* find_local - find all IP addresses for this host */
+
++int
+ find_local()
+ {
+ struct ifconf ifc;
+@@ -154,6 +158,7 @@
+
+ /* from_local - determine whether request comes from the local system */
+
++int
+ from_local(addr)
+ struct sockaddr_in *addr;
+ {
+--- portmap-5.orig/pmap_dump.c
++++ portmap-5/pmap_dump.c
+@@ -23,6 +23,20 @@
+
+ static char *protoname();
+
++#ifndef INADDR_LOOPBACK
++#define INADDR_LOOPBACK ntohl(inet_addr("127.0.0.1"))
++#endif
++
++static void get_myloopaddress(addrp)
++struct sockaddr_in *addrp;
++{
++ memset((char *) addrp, 0, sizeof(*addrp));
++ addrp->sin_family = AF_INET;
++ addrp->sin_port = htons(PMAPPORT);
++ addrp->sin_addr.s_addr = htonl(INADDR_LOOPBACK);
++}
++
++int
+ main(argc, argv)
+ int argc;
+ char **argv;
+@@ -31,7 +45,7 @@
+ register struct pmaplist *list;
+ register struct rpcent *rpc;
+
+- get_myaddress(&addr);
++ get_myloopaddress(&addr);
+
+ for (list = pmap_getmaps(&addr); list; list = list->pml_next) {
+ rpc = getrpcbynumber((int) list->pml_map.pm_prog);
+--- portmap-5.orig/pmap_set.c
++++ portmap-5/pmap_set.c
+@@ -17,6 +17,10 @@
+ #include <rpc/rpc.h>
+ #include <rpc/pmap_clnt.h>
+
++int parse_line(char *buf, u_long *prog, u_long *vers, int *prot,
++ unsigned *port);
++
++int
+ main(argc, argv)
+ int argc;
+ char **argv;
+@@ -40,6 +44,7 @@
+
+ /* parse_line - convert line to numbers */
+
++int
+ parse_line(buf, prog, vers, prot, port)
+ char *buf;
+ u_long *prog;
+@@ -47,9 +52,9 @@
+ int *prot;
+ unsigned *port;
+ {
+- char proto_name[BUFSIZ];
++ char proto_name[256];
+
+- if (sscanf(buf, "%lu %lu %s %u", prog, vers, proto_name, port) != 4) {
++ if (sscanf(buf, "%lu %lu %255s %u", prog, vers, proto_name, port) != 4) {
+ return (0);
+ }
+ if (strcmp(proto_name, "tcp") == 0) {
+@@ -65,3 +70,4 @@
+ }
+ return (0);
+ }
++
+--- portmap-5.orig/portmap.c
++++ portmap-5/portmap.c
+@@ -80,6 +80,10 @@
+ * Mountain View, California 94043
+ */
+
++#if defined(__GLIBC__)
++#define _BSD_SOURCE 1 /* for daemon(3) */
++#include <rpc/xdr.h>
++#endif /* __GLIBC__ */
+ #include <rpc/rpc.h>
+ #include <rpc/pmap_prot.h>
+ #include <stdio.h>
+@@ -91,11 +95,13 @@
+ #include <sys/signal.h>
+ #include <sys/time.h>
+ #include <sys/resource.h>
+-#ifdef SYSV40
+ #include <netinet/in.h>
+-#endif
++#include <sys/types.h>
++#include <unistd.h>
++#include <string.h>
++#include <errno.h>
++#include <arpa/inet.h>
+
+-extern char *strerror();
+ #include <stdlib.h>
+
+ #ifndef LOG_PERROR
+@@ -124,7 +130,6 @@
+ static void callit();
+ struct pmaplist *pmaplist;
+ int debugging = 0;
+-extern int errno;
+
+ #include "pmap_check.h"
+
+@@ -148,6 +153,7 @@
+ #endif
+ #endif
+
++int
+ main(argc, argv)
+ int argc;
+ char **argv;
+@@ -157,22 +163,31 @@
+ struct sockaddr_in addr;
+ int len = sizeof(struct sockaddr_in);
+ register struct pmaplist *pml;
++ char *chroot_path = NULL;
++ struct in_addr bindaddr;
++ int have_bindaddr = 0;
+
+- while ((c = getopt(argc, argv, "dv")) != EOF) {
++ while ((c = getopt(argc, argv, "dt:vi:")) != EOF) {
+ switch (c) {
+
+ case 'd':
+ debugging = 1;
+ break;
+-
++ case 't':
++ chroot_path = optarg;
++ break;
+ case 'v':
+ verboselog = 1;
+ break;
+-
++ case 'i':
++ have_bindaddr = inet_aton(optarg, &bindaddr);
++ break;
+ default:
+- (void) fprintf(stderr, "usage: %s [-dv]\n", argv[0]);
++ (void) fprintf(stderr, "usage: %s [-dv] [-t path] [-i address]\n", argv[0]);
+ (void) fprintf(stderr, "-d: debugging mode\n");
++ (void) fprintf(stderr, "-t path: chroot into path\n");
+ (void) fprintf(stderr, "-v: verbose logging\n");
++ (void) fprintf(stderr, "-i address: bind to address\n");
+ exit(1);
+ }
+ }
+@@ -201,6 +216,9 @@
+ addr.sin_addr.s_addr = 0;
+ addr.sin_family = AF_INET;
+ addr.sin_port = htons(PMAPPORT);
++ if (have_bindaddr)
++ memcpy(&addr.sin_addr, &bindaddr, sizeof(bindaddr));
++
+ if (bind(sock, (struct sockaddr *)&addr, len) != 0) {
+ syslog(LOG_ERR, "cannot bind udp: %m");
+ exit(1);
+@@ -227,7 +245,7 @@
+ setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &on, sizeof on);
+ #endif
+ if (bind(sock, (struct sockaddr *)&addr, len) != 0) {
+- syslog(LOG_ERR, "cannot bind udp: %m");
++ syslog(LOG_ERR, "cannot bind tcp: %m");
+ exit(1);
+ }
+ if ((xprt = svctcp_create(sock, RPCSMALLMSGSIZE, RPCSMALLMSGSIZE))
+@@ -280,6 +298,14 @@
+ (void)svc_register(xprt, PMAPPROG, PMAPVERS, reg_service, FALSE);
+
+ /* additional initializations */
++ if (chroot_path)
++ {
++ if (-1 == chroot(chroot_path))
++ {
++ syslog(LOG_ERR, "couldn't do chroot");
++ exit(1);
++ }
++ }
+ check_startup();
+ #ifdef IGNORE_SIGCHLD /* Lionel Cons <cons@dxcern.cern.ch> */
+ (void)signal(SIGCHLD, SIG_IGN);
+@@ -350,7 +376,7 @@
+ */
+ /* remote host authorization check */
+ check_default(svc_getcaller(xprt), rqstp->rq_proc, (u_long) 0);
+- if (!svc_sendreply(xprt, xdr_void, (caddr_t)0) && debugging) {
++ if (!svc_sendreply(xprt, (xdrproc_t) xdr_void, (caddr_t)0) && debugging) {
+ abort();
+ }
+ break;
+@@ -359,7 +385,7 @@
+ /*
+ * Set a program,version to port mapping
+ */
+- if (!svc_getargs(xprt, xdr_pmap, ®))
++ if (!svc_getargs(xprt, (xdrproc_t) xdr_pmap, (caddr_t) ®))
+ svcerr_decode(xprt);
+ else {
+ /* reject non-local requests, protect priv. ports */
+@@ -401,7 +427,7 @@
+ ans = 1;
+ }
+ done:
+- if ((!svc_sendreply(xprt, xdr_int, (caddr_t)&ans)) &&
++ if ((!svc_sendreply(xprt, (xdrproc_t) xdr_int, (caddr_t)&ans)) &&
+ debugging) {
+ (void) fprintf(stderr, "svc_sendreply\n");
+ abort();
+@@ -413,7 +439,7 @@
+ /*
+ * Remove a program,version to port mapping.
+ */
+- if (!svc_getargs(xprt, xdr_pmap, ®))
++ if (!svc_getargs(xprt, (xdrproc_t) xdr_pmap, (caddr_t) ®))
+ svcerr_decode(xprt);
+ else {
+ ans = 0;
+@@ -447,7 +473,7 @@
+ prevpml->pml_next = pml;
+ free(t);
+ }
+- if ((!svc_sendreply(xprt, xdr_int, (caddr_t)&ans)) &&
++ if ((!svc_sendreply(xprt, (xdrproc_t) xdr_int, (caddr_t)&ans)) &&
+ debugging) {
+ (void) fprintf(stderr, "svc_sendreply\n");
+ abort();
+@@ -459,7 +485,7 @@
+ /*
+ * Lookup the mapping for a program,version and return its port
+ */
+- if (!svc_getargs(xprt, xdr_pmap, ®))
++ if (!svc_getargs(xprt, (xdrproc_t) xdr_pmap, (caddr_t) ®))
+ svcerr_decode(xprt);
+ else {
+ /* remote host authorization check */
+@@ -474,7 +500,7 @@
+ port = fnd->pml_map.pm_port;
+ else
+ port = 0;
+- if ((!svc_sendreply(xprt, xdr_int, (caddr_t)&port)) &&
++ if ((!svc_sendreply(xprt, (xdrproc_t) xdr_int, (caddr_t)&port)) &&
+ debugging) {
+ (void) fprintf(stderr, "svc_sendreply\n");
+ abort();
+@@ -486,7 +512,7 @@
+ /*
+ * Return the current set of mapped program,version
+ */
+- if (!svc_getargs(xprt, xdr_void, NULL))
++ if (!svc_getargs(xprt, (xdrproc_t) xdr_void, (caddr_t) NULL))
+ svcerr_decode(xprt);
+ else {
+ /* remote host authorization check */
+@@ -497,7 +523,7 @@
+ } else {
+ p = pmaplist;
+ }
+- if ((!svc_sendreply(xprt, xdr_pmaplist,
++ if ((!svc_sendreply(xprt, (xdrproc_t) xdr_pmaplist,
+ (caddr_t)&p)) && debugging) {
+ (void) fprintf(stderr, "svc_sendreply\n");
+ abort();
+@@ -645,7 +671,7 @@
+ timeout.tv_sec = 5;
+ timeout.tv_usec = 0;
+ a.rmt_args.args = buf;
+- if (!svc_getargs(xprt, xdr_rmtcall_args, &a))
++ if (!svc_getargs(xprt, (xdrproc_t) xdr_rmtcall_args, (caddr_t) &a))
+ return;
+ /* host and service access control */
+ if (!check_callit(svc_getcaller(xprt),
+@@ -674,9 +700,9 @@
+ au->aup_uid, au->aup_gid, au->aup_len, au->aup_gids);
+ }
+ a.rmt_port = (u_long)port;
+- if (clnt_call(client, a.rmt_proc, xdr_opaque_parms, &a,
+- xdr_len_opaque_parms, &a, timeout) == RPC_SUCCESS) {
+- svc_sendreply(xprt, xdr_rmtcall_result, (caddr_t)&a);
++ if (clnt_call(client, a.rmt_proc, (xdrproc_t) xdr_opaque_parms, (char*) &a,
++ (xdrproc_t) xdr_len_opaque_parms, (char*) &a, timeout) == RPC_SUCCESS) {
++ svc_sendreply(xprt, (xdrproc_t) xdr_rmtcall_result, (caddr_t)&a);
+ }
+ AUTH_DESTROY(client->cl_auth);
+ clnt_destroy(client);