packages/telnet
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:056276bfa6a1174b0e81bb28b562870a76b17922
Branches Tags
packages:main
..
compare: packages:2d248d52ba04324f20d8d48b6333f4498d6b158f
Branches Tags
packages:main

No commits in common. "056276bfa6a1174b0e81bb28b562870a76b17922" and "2d248d52ba04324f20d8d48b6333f4498d6b158f" have entirely different histories.
056276bfa6 ... 2d248d52ba

3 changed files with 6 additions and 82 deletions
Show Stats Expand all files Collapse all files

48
backport-CVE-2022-39028.patch
View File

@ -1,48 +0,0 @@
Description: Fix remote DoS vulnerability in inetutils-telnetd
This is caused by a crash by a NULL pointer dereference when sending the
byte sequences «0xff 0xf7» or «0xff 0xf8».
Authors:
Pierre Kim (original patch),
Alexandre Torres (original patch),
Erik Auerswald <auerswal@unix-ag.uni-kl.de> (adapted patch),
Reviewed-by: Erik Auerswald <auerswal@unix-ag.uni-kl.de>
Origin: upstream
Ref: https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html
Forwarded: https://lists.gnu.org/archive/html/bug-inetutils/2022-08/msg00002.html
Last-Update: 2022-08-28
---
telnetd/state.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/telnetd/state.c b/telnetd/state.c
index 0dc61a2..befc9d0 100644
--- a/telnetd/state.c
+++ b/telnetd/state.c
@@ -206,12 +206,20 @@ void telrcv(void) {
case EC:
case EL:
{
- cc_t ch;
+ cc_t ch = (cc_t) (_POSIX_VDISABLE);
DIAG(TD_OPTIONS, printoption("td: recv IAC", c));
ptyflush(); /* half-hearted */
init_termbuf();
- if (c == EC) ch = *slctab[SLC_EC].sptr;
- else ch = *slctab[SLC_EL].sptr;
+ if (c == EC)
+ {
+ if (slctab[SLC_EC].sptr)
+ ch = *slctab[SLC_EC].sptr;
+ }
+ else
+ {
+ if (slctab[SLC_EL].sptr)
+ ch = *slctab[SLC_EL].sptr;
+ }
if (ch != (cc_t)(_POSIX_VDISABLE))
*pfrontp++ = (unsigned char)ch;
break;
--
2.33.0

35
telnet.spec
View File

@ -1,15 +1,17 @@
Name: telnet Name: telnet
Epoch: 1 Epoch: 1
Version: 0.17 Version: 0.17
Release: 80 Release: 76
Summary: Client and Server programs for the Telnet communication protocol Summary: Client and Server programs for the Telnet communication protocol
License: BSD License: BSD
Url: http://web.archive.org/web/20070819111735/www.hcs.harvard.edu/~dholland/computers/old-netkit.html Url: http://web.archive.org/web/20070819111735/www.hcs.harvard.edu/~dholland/computers/old-netkit.html
Source0: https://ftp.linux.org.uk/pub/linux/Networking/netkit/netkit-telnet-0.17.tar.gz Source0: ftp://ftp.uk.linux.org/pub/linux/Networking/netkit/netkit-telnet-%{version}.tar.gz
#sources form fedora/redhat
Source1: telnet-client.tar.gz Source1: telnet-client.tar.gz
Source2: telnet@.service Source2: telnet@.service
Source3: telnet.socket Source3: telnet.socket
#patches from fedora/redhat repositories
Patch0001: telnet-client-cvs.patch Patch0001: telnet-client-cvs.patch
Patch0002: telnetd-0.17.diff Patch0002: telnetd-0.17.diff
Patch0003: telnet-0.17-env.patch Patch0003: telnet-0.17-env.patch
@ -37,7 +39,6 @@ Patch0024: netkit-telnet-0.17-gcc7.patch
Patch0025: netkit-telnet-0.17-manpage.patch Patch0025: netkit-telnet-0.17-manpage.patch
Patch0026: netkit-telnet-0.17-telnetrc.patch Patch0026: netkit-telnet-0.17-telnetrc.patch
Patch0027: CVE-2020-10188.patch Patch0027: CVE-2020-10188.patch
Patch0028: backport-CVE-2022-39028.patch
BuildRequires: gcc-c++ ncurses-devel systemd BuildRequires: gcc-c++ ncurses-devel systemd
Requires: systemd Requires: systemd
@ -64,11 +65,11 @@ mv -f telnet telnet-NETKIT
%autosetup -T -D -a 1 -n netkit-telnet-%{version} -p1 %autosetup -T -D -a 1 -n netkit-telnet-%{version} -p1
%build %build
%{_configure} --with-c-compiler=%{__cc} --prefix=%{_prefix} --exec-prefix=%{_exec_prefix} %{_configure} --with-c-compiler=gcc --prefix=%{_prefix} --exec-prefix=%{_exec_prefix}
sed -i 's,-O2,\$(CC_FLAGS),;s,LDFLAGS=.*,LDFLAGS=\$(LD_FLAGS),;s,^MANDIR=.*$,MANDIR=%{_mandir},' MCONFIG sed -i 's,-O2,\$(CC_FLAGS),;s,LDFLAGS=.*,LDFLAGS=\$(LD_FLAGS),;s,^MANDIR=.*$,MANDIR=%{_mandir},' MCONFIG
sed -i 's,install [+-]s,install,g' ./telnet/GNUmakefile ./telnetd/Makefile ./telnetlogin/Makefile ./telnet-NETKIT/Makefile sed -i 's,install [+-]s,install,g' ./telnet/GNUmakefile ./telnetd/Makefile ./telnetlogin/Makefile ./telnet-NETKIT/Makefile
%make_build CC_FLAGS="$RPM_OPT_FLAGS -fpie -Wno-error=int-conversion" LD_FLAGS="$LD_FLAGS -z now -pie" %make_build CC_FLAGS="$RPM_OPT_FLAGS -fpie" LD_FLAGS="$LD_FLAGS -z now -pie"
%install %install
install -d %{buildroot}{%{_bindir},%{_sbindir},%{_mandir}/man{1,5,8}} install -d %{buildroot}{%{_bindir},%{_sbindir},%{_mandir}/man{1,5,8}}
@ -101,30 +102,6 @@ install -pm644 %{SOURCE3} %{buildroot}%{_unitdir}/telnet.socket
%{_mandir}/man1/telnet.1* %{_mandir}/man1/telnet.1*
%changelog %changelog
* Mon Apr 01 2024 gaihuiying <eaglegai@163.com> - 1:0.17-80
- Type:cves
- CVE:CVE-2022-39028
- SUG:NA
- DESC:fix CVE-2022-39028
* Wed Aug 30 2023 renyi <977713017@qq.com> - 1:0.17-79
- Type:Feature
- ID:NA
- SUG:NA
- DESC:add clang compile support
* Tue Dec 15 2020 xihaochen <xihaochen@huawei.com> - 1:0.17-78
- Type:requirement
- ID:NA
- SUG:NA
- DESC:remove sensitive words
* Fri Sep 11 2020 lunankun <lunankun@huawei.com> - 1:0.17-77
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:fix source0 url
* Mon Apr 27 2020 openEuler Buildteam <buildteam@openeuler.org> - 1:0.17-76 * Mon Apr 27 2020 openEuler Buildteam <buildteam@openeuler.org> - 1:0.17-76
- Type:cves - Type:cves
- ID:CVE-2020-10188 - ID:CVE-2020-10188

5
telnet.yaml
View File

@ -1,5 +0,0 @@
version_control: NA
src_repo:
tag_prefix:
separator:
url: https://ftp.linux.org.uk/pub/linux/Networking/netkit