Debian Patches
Status for inetutils/2:2.6-3+deb13u3
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| upstream/0001-Fix-injection-bug-with-bogus-user-names.patch | [PATCH 1/2] Fix injection bug with bogus user names Problem reported by Kyu Neushwaistein. * telnetd/utility.c (_var_short_name): Ignore user names that start with '-' or contain shell metacharacters. |
Paul Eggert <eggert@cs.ucla.edu> | no | 2026-01-20 | ||
| upstream/0002-telnetd-Sanitize-all-variable-expansions.patch | [PATCH 2/2] telnetd: Sanitize all variable expansions * telnetd/utility.c (sanitize): New function. (_var_short_name): Use it for all variables. |
Simon Josefsson <simon@josefsson.org> | no | 2026-01-20 | ||
| upstream/0001-telnetd-don-t-allow-systemd-service-credentials.patch | telnetd: don't allow systemd service credentials The login(1) implementation of util-linux added support for systemd service credentials in release 2.40. This allows to bypass authentication by specifying a directory name in the environment variable CREDENTIALS_DIRECTORY. If this directory contains a file named 'login.noauth' with the content of 'yes', login(1) skips authentication. GNU Inetutils telnetd supports to set arbitrary environment variables using the 'Environment' and 'New Environment' Telnet options. This allows specifying a directory containing 'login.noauth'. A local user can create such a directory and file, and, e.g., specify the user name 'root' to escalate privileges. This problem was reported by Ron Ben Yizhak in <https://lists.gnu.org/archive/html/bug-inetutils/2026-02/msg00000.html>. This commit clears CREDENTIALS_DIRECTORY from the environment before executing login(1) to implement a simple fix that can be backported easily. * telnetd/pty.c: Clear CREDENTIALS_DIRECTORY from the environment before executing 'login'. |
Erik Auerswald <auerswal@unix-ag.uni-kl.de> | not-needed | upstream, commit:4db2f19f4caac03c7f4da6363c140bd70df31386 | 2026-02-15 | |
| upstream/0004-telnetd-add-the-new-accept-env-option.patch | [PATCH 4/5] telnetd: add the new --accept-env option This changes telnetd to ignore all environment options from clients unless the variable was listed by an --accept-env option. This mitigates the many ways to escalate privileges using environment variables. * NEWS.md: Mention the change. * bootstrap.conf (gnulib_modules): Add hashcode-string1, hash-set, and xset. * doc/inetutils.texi (telnetd invocation): Mention the new option. * telnetd/pty.c (scrub_env): Remove function. (start_login): Remove call to scrub_env. Remove unsetenv call that is no longer needed. * telnetd/state.c (suboption): Check for the environment variable in accept_env_set before making changes to the environment. * telnetd/telnetd.c (accept_env_set): New variable. (string_hashcode, string_equals): New function needed for gl_set_create_empty. (ACCEPT_ENV_OPTION): New definition. (argp_options): Add the --accept-env option. (parse_opt): Process the new option. (telnetd_setup): Clear the environment before processing options. * telnetd/telnetd.h: Include gl_hash_set.h, gl_xset.h, and hashcode-string1.h. (accept_env_set): New declaration. |
Collin Funk <collin.funk1@gmail.com> | not-needed | upstream, commit:81d436d26d5497423e28841af91756e373446cf4 | 2026-03-05 | |
| upstream/0005-telnetd-fix-stack-buffer-overflow-processing-SLC-sub.patch | [PATCH 5/5] telnetd: fix stack buffer overflow processing SLC suboption triplets Previously a client could write past the end of an internal buffer using an SLC suboption with many triplets using function octets greater than 18, possibly leading to remote code execution. Reported by Adiel Sol, Arad Inbar, Erez Cohen, Nir Somech, Ben Grinberg, Daniel Lubel at DREAM Security Research Team at: <https://lists.gnu.org/r/bug-inetutils/2026-03/msg00031.html>. * telnetd/slc.c (add_slc): Return early if writing the tuple would lead us to writing past the end of the buffer. |
Collin Funk <collin.funk1@gmail.com> | not-needed | upstream, commit:95751794e3da2eebd605238ddbff2232b68edb5f | 2026-03-11 | |
| local/0001-build-Disable-GFDL-info-files-and-useless-man-pages.patch | [PATCH 1/5] build: Disable GFDL info files and useless man pages We do not install the info file due to GFDL, and because it would require an inetutils-doc package. Nor the man pages from upstream generated with help2man as they are problematic for cross-building and contain no additional information to what is already available via --help output. Instead we ship our own proper man pages. Not forwarded upstream due to GNU policies regarding man pages. diff --git a/Makefile.am b/Makefile.am index 144d9fe5..46cae1a1 100644 |
Guillem Jover <guillem@hadrons.org> | not-needed | vendor, Debian | 2010-06-09 | |
| local/0002-build-Use-runstatedir-for-run-directory.patch | [PATCH 2/5] build: Use runstatedir for /run directory diff --git a/paths b/paths index ca363661..e56cc52b 100644 |
Guillem Jover <guillem@hadrons.org> | no | vendor, Debian | 2021-09-05 | |
| local/0003-inetd-Change-protocol-semantics-in-inetd.conf.patch | [PATCH 3/5] inetd: Change protocol semantics in inetd.conf Readd parts of the original patch that got botched when applied upstream. * src/inetd.c (getconfigent) [IPV6]: Change default family to IPv4 for "tcp" and "udp". Change "tcp6" and "udp6" to support IPv4 mapped addresses. diff --git a/src/inetd.c b/src/inetd.c index 52453fbd..e0da376d 100644 |
Guillem Jover <guillem@hadrons.org> | yes | vendor, Debian | 2010-09-06 | |
| local/0004-Use-krb5_auth_con_getsendsubkey-instead-of-krb5_auth.patch | [PATCH 4/5] Use krb5_auth_con_getsendsubkey() instead of krb5_auth_con_getlocalsubkey() The latter is not exposed in the headers anymore. diff --git a/libinetutils/kerberos5.c b/libinetutils/kerberos5.c index 217b64e0..6d993dd3 100644 |
Guillem Jover <guillem@hadrons.org> | no | vendor, Debian | 2022-08-10 | |
| local/0005-inetd-Add-new-foreground-option.patch | [PATCH 5/5] inetd: Add new --foreground option This option avoids daemonizing, like --debug, except that it does not imply debugging output. To be used primary by the systemd service. diff --git a/src/inetd.c b/src/inetd.c index e0da376d..8252d3b9 100644 |
Guillem Jover <guillem@hadrons.org> | no | vendor, Debian | 2023-08-08 | |
| local/0006-tests-Remove-bogus-test-for-unsorted-file-listing.patch | [PATCH 6/6] tests: Remove bogus test for unsorted file listing We cannot reliably test whether the -f option works against, because that relies on the unsorted output coming out accidentally not sorted, and this has been the cause for several indeterministic build failures in various hosts (such as some sparc64 or reproducible build nodes). This could be guaranteed with something like disorderfs, but we do not bother and simply remove the test case. |
Guillem Jover <guillem@hadrons.org> | no | vendor, Debian | 2025-06-20 | |
| local/0007-gnulib-update.patch | Add the required gnulib code from forky/sid The 0004-telnetd-add-the-new-accept-env-option.patch patch, requires these modules which are not available in trixie gnulib and ealier. |
not-needed | vendor, Debian | |||
| local/0008-telnet-Do-not-leak-environment-variables-not-marked-.patch | telnet: Do not leak environment variables not marked for export to telnetd A telnet server can read a client's environment variables with the NEW-ENVIRON option and the SEND ENV_USERVAR command. This had previously been reported as CVE-2005-0488, but inetutils never got a fix for it. |
Guillem Jover <guillem@hadrons.org> | no | vendor, Debian | 2026-03-23 | |
| local/0009-telnetd-Prevent-user-local-privilege-escalation-usin.patch | telnetd: Prevent user local privilege escalation using --debug Do not try to open an existing hardcoded /tmp/telnet.debug file for appending debug logging, as that is going to be fraught with security issues. This would require at least making sure we do not follow symlinks, and that the permissions and ownership are safe. But that would not prevent a user pre-creating a file and then keeping it open, which means any authentication logged would get snooped. Simply aborting on file existence during open, is not an option either because then we can only serve a single client. And switching to log all the debugging output, which amounts to the telnet protocol stream, into syslog would leak user credentials, might be too verbose for syslog, and would need to be sanitized somehow anyway. Instead, we switch to use a subdirectory under /run, where we write one debug output file per server process, designated by its pid, in the form of /run/telnet/debug.<pid>, and make any error when setting this up fatal. |
Guillem Jover <guillem@hadrons.org> | no | vendor, Debian | 2026-03-23 |
All known versions for source package 'inetutils'
- 2:2.7-5 (sid, forky)
- 2:2.6-3+deb13u3 (trixie-proposed-updates, trixie-security)
- 2:2.6-3+deb13u2 (trixie)
- 2:2.4-2+deb12u3 (bookworm-proposed-updates, bookworm-security)
- 2:2.4-2+deb12u1 (bookworm)