| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 010-full_set_in_18.diff | Source patches present in package 0.17-18woody3. Multiple files are touched by this legacy patch. It has been pruned to reproduce source package netkit-telnet_0.17-18. . Implement IPv6 support. . Read `/etc/telnetrc'. . Various buffer length errors. . Fix IAC+SB crashes due to format errors. . The server accepts numerical TOS together with `-S'. . Remote DOS hole, CAN-2004-0911, moved to a separate file. . Buffer overflow, CAN-2005-0469, moved to a separate file. |
Herbert Xu, Jason Gunthorpe | no | 2015-01-26 | ||
| 020-from_18_to_24.diff | Incremental patches from 0.17-18 to 0.17-24. A large set of mixed code patches on top of upstream's source. It has been pruned to reproduce the step from source package netkit-telnet_0.17-18 to netkit-telnet_0.17-24. . Support also Hurd. [telnetd/sys_term.c, telnetd/ext.h] . Do not reset access mode and owner of TTY when client ends the session. [telnetd/sys_term.c (cleanup)] . Path of telnetlogin. [telnetd/telnetd.8] . Adjust 8-bit mode to be without mandatory binary option. A new command line switch `-7' is added to telnet. [telnet/main.cc, telnet/telnet.cc, telnet/terminal.cc, telnet/defines.h, telnet/externs.h] . Allow telnetrc files to specify a port in addition to host name. [telnet/commands.cc, telnet/proto.h, telnet/telnet.1] . Disable 8-bit mode of client if parity bit is enabled. [telnet/main.cc] . Remove obsolete compiler warnings, and disable trigraph warning. Protect tokens ifter #endif. [configure, telnet/terminal.cc] . Support option `-b' in client. [telnet/commands.cc, telnet/main.cc, telnet/netlink.cc, telnet/netlink.h, telnet/telnet.1] . Accept numeric telnet options. [telnet/command.cc] . Buffer overflow due to $HOME, moved to a separate file. . Remote DOS hole, CAN-2004-0911, moved to a separate file. . Buffer overflow, CAN-2005-0469, moved to a separate file. http://bugs.debian.org/150812 http://bugs.debian.org/144921 http://bugs.debian.org/194736 http://bugs.debian.org/203544 http://bugs.debian.org/242018 |
Herbert Xu, Robert Millan | no | debian | 2015-01-27 | |
| 500-implement_ssl.diff | Step up from netkit-telnet_0.17-24. Compute original SSL patch between sources . netkit-telnet_0.17-24.dsc . netkit-telnet-ssl_0.17.24+0.1.orig.tar.gz . This will be pruned to follow netkit-telnet packaging. Eric P. Allman |
Christoph Martin, Tim Hudson, David A. Holland, Peter Tobias, | no | 2015-01-28 | ||
| 510-can_2004_0640_and_0998.diff | Two format string vulnerabilities. syslog() was applying user data as format string, CAN-2004-0640. [telnetd/telnetd.c] . Likewise for BIO_printf(), CAN-2004-0998. Reported by Joel Eriksson. [telnetd/telnetd.c] |
Christoph Martin, Joel Eriksson | no | debian | 2004-12-21 | |
| 022-buffer_overflow_by_HOME.diff | Fix buffer overflow when $HOME is large. Very long values of $HOME will extend beyond fixed rcbuf[128]. In its stead, use dynamic allocation. |
Josh Martin | no | debian | 2004-08-13 | |
| 024-can_2004-0911.diff | Fix remote DOS hole, CAN-2004-0911. telnetd/utility.c (netwritebuf): Check that `listlen' is positive before any action. Otherwise do nothing, just return. . Patch made public in bug report. =================================================================== RCS file: /home/gondolin/herbert/src/CVS/debian/netkit-telnet/telnetd/utility.c,v retrieving revision 1.8 diff -u -r1.8 utility.c |
Herbert Xu | no | debian | 2004-07-27 | |
| 026-can_2005_0469.diff | Buffer overflow in LINEMODE suboptions, CAN-2005-0469. telnet/telnet.cc (slc_add_reply): Check that sufficiently space still is available beyond `slc_replyp'. . Extracted by comparison of netkit-telnet_0.17-18woody3, netkit-telnet_0.17-29, and netkit-telnet-ssl_0.17.24+0.1-7.1. |
Martin 'Joey' Schultze. | no | 2015-01-26 | ||
| 512-numeric_hosts.diff | Resolve remote host as numeric host identifier. Implement a new switch '-N' in the server, avoiding reverse DNS resolution and instead registering a numeric host representation. The environment variable REMOTEHOST is set to this numeric address. . The change could be of benefit in PAM rules for access control as well as for accounting and tracing of network activity. In addition, the use of '-N' mitigates cases when a hostile third party might have gained control of reverse DNS resolution and is trying to inject fake answers. |
Dean Gaudet | no | debian | 2004-12-05 | |
| 514-mixed_up_to_24_7_1.diff | Incremental patch up to 0.17.24+0.1-7.1. Changes past netkit-telnet-ssl_0.17.24+0.1.orig.tar.gz. . Format string vulnerability, CAN-2004-0911, is moved to a separate file inherited from netkit-telnet, but adaptions were made here so that the patch applies cleanly. . Buffer overflow when $HOME is large; moved to a separate file in common with netkit-telnet. . Remote DOS hole, CAN-2005-0469, is moved to a separate file in common with netkit-telnet. . New switch '-N' in telnetd, bug #258371, is moved to a separate file. . Changes to `telnet' and `telnetd' are delegated to separate files. . Include `libtelnet' as subdirectory during build. [Makefile] . (telnetlogin) Fix logic in check_a_hostname(). Implement new option '-f' and check_username(), verifying a requesting user's name. [telnetlogin/telnetlogin.8, telnetlogin/telnetlogin.c] . (libtelnet) New variable `auth_failed'. When certificate verification fails, send all output to stderr, then flush it. Fix two uses of `UserNameRequested'. Improve callback function to verify that server's commonName matches the remote hostname. Improve printed feedback when reporting the cause of certificate rejection. [libtelnet/ssl.c] . Fix compiler warnings. [libtelnet/auth-prot.h, libtelnet/auth.c, libtelnet/misc.c] [libtelnet/ssl.c, libtelnet/sslapp.h] . Trivial SCM header changes were moved elsewhere. |
Ian Beckwith, Christoph Martin | no | debian | 2004-12-05 | |
| 516-telnet_up_to_24_7_1.diff | Changes to telnet between 0.17.24+0.1-1 and -7.1. Alterations to the subdirectory `telnet'. . Update CXXFLAGS, LIBS, OBJS and SRCS. Make 'telnet' depend on $(LIBTELNET). Do not strip 'telnet-ssl'. [telnet/Makefile] . Implement program switch '-z opt'. Add '-K', '-X', and '-z' to usage. Force autologin when either of certificate file or key file is present. [telnet/main.cc]. . Complete the TELOPT_ENVIRON exchange as first protocol step, even before announcing TELOPT_AUTHENTICATION. [telnet/telnet.cc]. . Separate autologin from SSL. Implement a toggling function for change of 'autologin', since the environment variable USER is involved. [telnet/commands.cc] . Autologin defaults to off. . Verification of commonName as claimed by server. [telnet/netlink.cc (connect)] . Enable '-z authdebug'. . Enable SSL when opening a connection at the prompt. Establish 'hostname' inside connection loop, and check for suppressed SSL for 'localhost'. [telnet/commands] . Diagnostics and clean exit at failed certificate verification. . Make option '-z verify=3' simulate '-z certrequired', by forcing 'ssl_cert_require'. [telnet/main.cc] http://bugs.debian.org/57149 http://bugs.debian.org/57266 http://bugs.debian.org/59295 http://bugs.debian.org/62198 http://bugs.debian.org/83306 http://bugs.debian.org/210749 http://bugs.debian.org/145551 http://bugs.debian.org/26994 |
Ian Beckwith, Christoph Martin, Herbert Xu | no | debian | 2005-03-31 | |
| 518-telnetd_up_to_24_7_1.diff | Changes to telnet between 0.17.24+0.1-1 and -7.1. Alterations to the subdirectory `telnetd'. . Update CFLAGS and LIBS. Do not strip `in.telnetd'. [telnetd/Makefile] . Fix compiler warnings. Also netflush() returns `int' and writenet() is no longer defined as a macro. [telnetd/ext.h, telnetd/state.c, telnetd/telnetd.c, telnetd/utility.c] . When setting or unsetting the environment variable USER, then set or unset the internal variable `UserNameRequested' in the right way. [telnetd/state.c] . Fix '-z certsok': Add `ssl_certsok_flag' to the conditions that increase an empty `ssl_verify_flag' to be SSL_VERIFY_PEER (= 1). Improve the text about the use of `/etc/ssl.users', which is related to `certsok'. [telnetd/telnetd.c, telnetd/telnetd.8] . Complete the TELOPT_ENVIRON exchange as first protocol step, even before announcing TELOPT_AUTHENTICATION. [telnetd/telnetd.c]. . When `ssl_active_flag' is set, use SSL protected calls for reading and writing. New helper function SSL_writev(). [telnetd/utility.c (ttloop, netwritebuf)] . Add printout text about '-z' for use when an invalid command line call is being parsed. [telnetd/telnetd.c]. . Groff error. [telnetd/issue.net.5] |
Ian Beckwith, Christoph Martin, Herbert Xu | no | debian | 2005-03-31 | |
| 030-reject_invalid_port.diff | Reject invalid port numbers. Check that any port number is within the range of a short integer. diff -u netkit-telnet-0.17/telnet/commands.cc netkit-telnet-0.17/telnet/commands.cc |
Justin Pryzby | no | debian | 2005-10-09 | |
| 520-from_7_1_to_14.diff | Mixed updates. Protect SSL_writev using ifdef. [telnetd/utility.c] . Fix socks problems. #314416 . Compiler warnings caused by GCC 4. . Do not disable SSL to localhost when `-z secure' is in effect. #339528 339535 . Reject invalid port numbers. This patch is separated into its own file, as it can be inherited from netkit-telnet. . Update manpages. [telnet/telnet.1, telnetd/issue.net.5] . Move 'telnetd.pem' to '/etc/telnetd-ssl/'. [telnetd/telnetd.c] Fix segfault in netwritebuf(). [telnetd/utility.c] . Implement new telnet command `startssl', useful with IMAPS and ESMTP. [telnet/commands.cc, telnet/telnet.1] . Mention '-z sslopt' in manpage. [telnetd/telnetd.8] . Trivial SCM header changes were moved elsewhere. http://bugs.debian.org/339528 http://bugs.debian.org/339535 http://bugs.debian.org/357737 http://bugs.debian.org/368416 http://bugs.debian.org/122763 http://bugs.debian.org/187202 diff -u netkit-telnet-ssl-0.17.24+0.1/telnet/commands.cc netkit-telnet-ssl-0.17.24+0.1/telnet/commands.cc |
Matt Bookman, Ian Beckwith, IWAMURO Motonori | no | debian | 2006-09-24 | |
| 530-from_14_to_21.diff | Mixed updates. Optimize linking. [telnet/Makefile, telnetd/Makefile, telnetlogin/Makefile] . Handle SSL_ERROR_WANT_READ, which is triggered by SSL re-handshake. [telnet/netlink.cc] . Compiler warnings when converting string constants. [telnet/commands.cc, libtelnet/auth.c, libtelnet/auth-proto.h] [libtelnet/misc.c, libtelnet/misc-proto.h] . Fix quoting in manual page. [telnetd/telnetd.8] . Trivial SCM header changes were moved elsewhere. |
Alfred Arnold, Ian Beckwith, Peter Runestig | no | 2007-10-04 | ||
| 540-buffer_overflow.diff | Fix buffer overflow. Write to stdout, instead of filling a fixed buffer. diff -u netkit-telnet-ssl-0.17.24+0.1/libtelnet/ssl.c netkit-telnet-ssl-0.17.24+0.1/libtelnet/ssl.c |
Ian Beckwith <ianb@debian.org> | no | debian | 2014-02-22 | |
| 545-track_scm.diff | Collect trivial SCM headers. All cases of trivial changes, where solely an SCM version header has been altered, were collected and pruned into a single change. The all were of the kind: . 1.## dholland --> 1.1.1.1 ianb --> 1.1 ianb |
Ian Beckwith | not-needed | 2004-10-14 | ||
| 045-avoid_unsetting_term.diff | Avoid unsetting environment variable TERM. Do not reset TERM to "UNKNOWN", when it is unknown in the local host. diff -u netkit-telnet-0.17/telnet/telnet.cc netkit-telnet-0.17/telnet/telnet.cc |
Philippe Troin | no | debian | 2008-06-22 | |
| 100-format_security_error.diff | Format string is not a string literal. Hardened builds are failing due to "-Werror=format-security". Insertion of a trivial format string resolves the failure. |
Mats Erik Andersson <debian@gisladisker.se> | no | 2015-01-09 | ||
| 120-some_protocol_refinement.diff | Selected protocol refinement. Let the manual pages express NEW-ENVIRON as the only supported environment mechanism. . Let the diagnostic printout correctly identify the observed modi of local flow control. . Let the server in debug mode correctly decode only the suboption part of a status response, by ignoring the initial `IAC SB'. . Let the server and client decode suboptions containing also ENV_USERVAR in addition to the already known ENV_VAR. . Make the command `status' be as verbose as in other clients. . Several calls to printsub() were missing in `telnet.cc', thus failing to display options that the client sends to the server. Instead only the received responses were display in some few negotiations, namely TELOPT_TTYPE, TELOPT_TSPEED, TELOPT_XDISPLOC and TELOPT_LINEMODE |
Mats Erik Andersson <debian@gisladisker.se> | no | 2015-03-09 | ||
| 130-drain_input_from_child.diff | Drain input stream from child process. When the server process receives SIGCHILD, there might well be data pending in the PTY buffer, intended for the client waiting eagerly at the network link. . Replace the old signal handler for SIGCHILD with a simpler version that sets a semaphor. That semaphor is then sampled at a suitable time during the I/O main loop, and execution is transferred to the old handler after flushing the queue. . In the original signal handler, call waitpid() in order to remove the child process from the kernel's process list. . Make some small adjustment to debugging output. |
Mats Erik Andersson <debian@gisladisker.se> | no | debian | 2015-01-20 | |
| 600-better_diagnostic.diff | Better error diagnostics. Improve a test used by the server to read 'SSL_accept() <= 0'. Otherwise the particular case of a negative return value will go unnoticed as an important error, albeit a less probable one. [libtelnet/ssl.c (auth_ssl_is)] . A client demanding initial SSL, or a server for that matter, will observe an immediate failure when the remote server has no support for this. Similarly, when a degree of certificate verification has been set and either partner can not meet set requirements. Extract simplified error reports, suppressing the highly technical message of libssl. . When the server has responded with `SSL ACCEPT', but the connection with SSL_connect() fails of some reason, then extract an intelligible reason instead of calling ERR_print_errors(). [libtelnet/ssl.c (auth_ssl_reply)] . Similarly, when SSL_accept() exposes a failure in the server started by AUTH_SSL_START, augment the returned message with a hopefully useful hint on the nature of the fault. [libtelnet/ssl.c (auth_ssl_is)] . When `ssl_only_flag' is set, SSL_connect() will return a negative return status, should the target host lack the ability to talk SSL. Therefore also negative values must be taken as declined sessions. Replace ERR_print_errors_fp() with a better intelligible reason, constructed as in the previous case. Also, add a custom error text when SSL_ERROR_SSL was detected, but rely on `errno' otherwise. [telnet/netlink.cc (connect)] . The class `network' possibly leaves `errno = 0', which is obscuring the cause of failure, so we insert a fictitious EIO in such case. [telnet/network.cc (netflush)] . Finally, when 'ssl_only_flag' is set and the server observes a failure in SSL_accept(), then extract a shortened hint in the same manner as before and report it! [telnetd/telnetd.c (main)] |
Mats Erik Andersson <debian@gisladisker.se> | no | 2015-02-18 | ||
| 610-support_uservar.diff | Support user variables in environment. Include conditionally protected code, allowing the server to accept variables from the client marked as user defined, i.e., ENV_USERVAR, into the environment. The code is made active by the compiler macro ACCEPT_USERVAR. This would let clients from Solaris and FreeBSD set variables exported by the user. [telnetd/state.c (suboption)] . Fix incorrect offset while diagnostically printing suboptions. [telnetd/state.c (send_status)] . Add LANG and LC_* to the list of acceptable environment variables. [telnetd/state.c (envvarok)] . Let the client executable announce most environment variables as user defined, i.e., as ENV_USERVAR. A new function wellknown_var() checks whether a proposed variable name is known well enough to be kept as ENV_VAR, thus nominally undergo more scrutiny at the server's end. These addition are also conditioned by the macro ACCEPT_USERVAR: [telnet/telnet.cc (env_opt_add)] Patch was originally named "124-support_uservar.diff". |
Mats Erik Andersson <debian@gisladisker.se> | no | 2015-03-09 | ||
| 630-recent_libssl.diff | Make possible builds with libssl of version 1.1.0. Protected access to an opaque structure was made mandatory in version 1.1.0 of libssl. |
Mats Erik Andersson <debian@gisladisker.se> | not-needed | 2017-01-16 | ||
| 650-improve_abilities.diff | Improve cerificate handling and diagnostics. Server as well as client are now able to handle certificate chains and thus full verification. . The SSL options 'cacert=file' and 'cipher=list' are implemented and working in both binaries. The server will extract the subject identifiers from the CA-file and will send those to the peer. At present this TELNET client ignores offered list, but other software is free to use that knowledge to its own benefit. . In SSL-only mode the server has undergone a revision. The possibility of inspecting certificate chains unearthed a flaw in the verification callback installed, which the legacy code intended to change but never did with success. A new behaviour is that SSL-only mode, with certsok and certrequired also set, will reject an otherwise verifying client unless his subject identifier is present in at least one entry in the file '/etc/ssl.users'. Otherwise, only the additional verification effects of having a CA list should be noticeable for old installs. Notice the contrast to secure mode, where certsok makes autologin possible for users listed in '/etc/ssl.users', once the fitting subject identifier is included. . At build time the server uses a macro SSL_LOG_FILE to determine location of debug text, but the binary now understands a new SSL option 'debug=file' for overriding the default value. Therefore underpriviledged debugging into a file is now possible. . The client command 'auth status' includes information as to whether SSL is active or not, and also displays the cipher in use. . A macro EXTRA_DEBUGGING brings, when defined, more SSL debug messages for clearer understanding of the path from invokation to acceptance of a peer. It has been instrumental in finding the weak spots in the legacy code, and will help when further examining or bug reporting on the the present changes, but should not be active in prepackaged binaries. . diff -Naurp netkit-telnet-0.17.debian/libtelnet/auth.c netkit-telnet-0.17/libtelnet/auth.c |
Mats Erik Andersson <debian@gisladisker.se> | no | 2017-01-22 | ||
| 110-markup_errors.diff | Nit picking on troff macros. Annoying misprints which Lintian complains on. . A minor inconsistency bug, misnaming the original escape character. |
Mats Erik Andersson <debian@gisladisker.se> | not-needed | debian | 2015-01-10 | |
| telnet-netwritebuf-fix.diff | Infinite recursion on cleanup. This is happening from the handling from "Abort Output" command. This causes flushing of "netfile", which in turn calls fflush. In this case, the netwritebuf() also fails to write the iovec. That in turns calls cleanup(0). This leads to another call to fflush() from the atexit handler, causing a recursion that never ends as writev() in netwrtebuf() keeps on failing. Fix by checking the return from netwritebuf and return error to the caller. Last Update: 2022-09-06 |
Nachiketa Prachanda <nprachan@vyatta.att-mail.com> | no | |||
| use-cmake-as-buildsystem.patch | Use cmake as build system | Christoph Biedl <debian.axhn@manchmal.in-ulm.de> | no | debian | 2019-02-24 | |
| 700-fix_UTF8.diff | Fixing how we handle UTF8 characters | Marcos Marado <mindboosternoori@gmail.com> | no | debian | 2017-03-05 | |
| 710-ring-buffer-overflow.diff | Fixing a buffer overflow when top == bot | Mikolaj Izdebski <zurgunt@gmail.com> | no | debian | 2023-03-04 |