Debian Patches
Status for inetutils/2:2.6-3+deb13u2
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| upstream/0001-Fix-injection-bug-with-bogus-user-names.patch | [PATCH 1/2] Fix injection bug with bogus user names Problem reported by Kyu Neushwaistein. * telnetd/utility.c (_var_short_name): Ignore user names that start with '-' or contain shell metacharacters. |
Paul Eggert <eggert@cs.ucla.edu> | no | 2026-01-20 | ||
| upstream/0002-telnetd-Sanitize-all-variable-expansions.patch | [PATCH 2/2] telnetd: Sanitize all variable expansions * telnetd/utility.c (sanitize): New function. (_var_short_name): Use it for all variables. |
Simon Josefsson <simon@josefsson.org> | no | 2026-01-20 | ||
| upstream/0001-telnetd-don-t-allow-systemd-service-credentials.patch | telnetd: don't allow systemd service credentials The login(1) implementation of util-linux added support for systemd service credentials in release 2.40. This allows to bypass authentication by specifying a directory name in the environment variable CREDENTIALS_DIRECTORY. If this directory contains a file named 'login.noauth' with the content of 'yes', login(1) skips authentication. GNU Inetutils telnetd supports to set arbitrary environment variables using the 'Environment' and 'New Environment' Telnet options. This allows specifying a directory containing 'login.noauth'. A local user can create such a directory and file, and, e.g., specify the user name 'root' to escalate privileges. This problem was reported by Ron Ben Yizhak in <https://lists.gnu.org/archive/html/bug-inetutils/2026-02/msg00000.html>. This commit clears CREDENTIALS_DIRECTORY from the environment before executing login(1) to implement a simple fix that can be backported easily. * telnetd/pty.c: Clear CREDENTIALS_DIRECTORY from the environment before executing 'login'. |
Erik Auerswald <auerswal@unix-ag.uni-kl.de> | no | 2026-02-15 | ||
| local/0001-build-Disable-GFDL-info-files-and-useless-man-pages.patch | [PATCH 1/5] build: Disable GFDL info files and useless man pages We do not install the info file due to GFDL, and because it would require an inetutils-doc package. Nor the man pages from upstream generated with help2man as they are problematic for cross-building and contain no additional information to what is already available via --help output. Instead we ship our own proper man pages. Not forwarded upstream due to GNU policies regarding man pages. diff --git a/Makefile.am b/Makefile.am index 144d9fe5..46cae1a1 100644 |
Guillem Jover <guillem@hadrons.org> | not-needed | vendor, Debian | 2010-06-09 | |
| local/0002-build-Use-runstatedir-for-run-directory.patch | [PATCH 2/5] build: Use runstatedir for /run directory diff --git a/paths b/paths index ca363661..e56cc52b 100644 |
Guillem Jover <guillem@hadrons.org> | no | vendor, Debian | 2021-09-05 | |
| local/0003-inetd-Change-protocol-semantics-in-inetd.conf.patch | [PATCH 3/5] inetd: Change protocol semantics in inetd.conf Readd parts of the original patch that got botched when applied upstream. * src/inetd.c (getconfigent) [IPV6]: Change default family to IPv4 for "tcp" and "udp". Change "tcp6" and "udp6" to support IPv4 mapped addresses. diff --git a/src/inetd.c b/src/inetd.c index 52453fbd..e0da376d 100644 |
Guillem Jover <guillem@hadrons.org> | yes | vendor, Debian | 2010-09-06 | |
| local/0004-Use-krb5_auth_con_getsendsubkey-instead-of-krb5_auth.patch | [PATCH 4/5] Use krb5_auth_con_getsendsubkey() instead of krb5_auth_con_getlocalsubkey() The latter is not exposed in the headers anymore. diff --git a/libinetutils/kerberos5.c b/libinetutils/kerberos5.c index 217b64e0..6d993dd3 100644 |
Guillem Jover <guillem@hadrons.org> | no | vendor, Debian | 2022-08-10 | |
| local/0005-inetd-Add-new-foreground-option.patch | [PATCH 5/5] inetd: Add new --foreground option This option avoids daemonizing, like --debug, except that it does not imply debugging output. To be used primary by the systemd service. diff --git a/src/inetd.c b/src/inetd.c index e0da376d..8252d3b9 100644 |
Guillem Jover <guillem@hadrons.org> | no | vendor, Debian | 2023-08-08 | |
| local/0006-tests-Remove-bogus-test-for-unsorted-file-listing.patch | [PATCH 6/6] tests: Remove bogus test for unsorted file listing We cannot reliably test whether the -f option works against, because that relies on the unsorted output coming out accidentally not sorted, and this has been the cause for several indeterministic build failures in various hosts (such as some sparc64 or reproducible build nodes). This could be guaranteed with something like disorderfs, but we do not bother and simply remove the test case. |
Guillem Jover <guillem@hadrons.org> | no | vendor, Debian | 2025-06-20 |
All known versions for source package 'inetutils'
- 2:2.7-3 (sid, forky)
- 2:2.6-3+deb13u2 (trixie-proposed-updates, trixie-security)
- 2:2.6-3 (trixie)
- 2:2.4-2+deb12u2 (bookworm-proposed-updates, bookworm-security)
- 2:2.4-2+deb12u1 (bookworm)