Package: netkit-telnet-ssl / 0.17.41+0.2-3.2

Metadata

Package Version Patches format
netkit-telnet-ssl 0.17.41+0.2-3.2 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
010 full_set_in_18.diff | (download)

telnet/commands.cc | 209 125 + 84 - 0 !
telnet/main.cc | 44 33 + 11 - 0 !
telnet/netlink.cc | 34 9 + 25 - 0 !
telnet/netlink.h | 3 1 + 2 - 0 !
telnet/network.cc | 1 1 + 0 - 0 !
telnet/ring.cc | 2 1 + 1 - 0 !
telnet/ring.h | 2 1 + 1 - 0 !
telnet/sys_bsd.cc | 11 11 + 0 - 0 !
telnet/telnet.1 | 26 17 + 9 - 0 !
telnet/telnet.cc | 27 15 + 12 - 0 !
telnet/terminal.cc | 2 2 + 0 - 0 !
telnet/utilities.cc | 2 2 + 0 - 0 !
telnetd/authenc.c | 12 0 + 12 - 0 !
telnetd/defs.h | 3 2 + 1 - 0 !
telnetd/ext.h | 18 10 + 8 - 0 !
telnetd/global.c | 5 2 + 3 - 0 !
telnetd/issue.net.5 | 2 1 + 1 - 0 !
telnetd/setproctitle.c | 2 1 + 1 - 0 !
telnetd/state.c | 5 2 + 3 - 0 !
telnetd/sys_term.c | 4 2 + 2 - 0 !
telnetd/telnetd.8 | 4 3 + 1 - 0 !
telnetd/telnetd.c | 268 152 + 116 - 0 !
telnetd/utility.c | 512 319 + 193 - 0 !
telnetlogin/telnetlogin.8 | 7 3 + 4 - 0 !
telnetlogin/telnetlogin.c | 77 26 + 51 - 0 !
25 files changed, 741 insertions(+), 541 deletions(-)

 source patches present in package 0.17-18woody3.
 Multiple files are touched by this legacy patch.  It has been
 pruned to reproduce source package netkit-telnet_0.17-18.
 .
 Implement IPv6 support.
 .
 Read `/etc/telnetrc'.
 .
 Various buffer length errors.
 .
 Fix IAC+SB crashes due to format errors.
 .
 The server accepts numerical TOS together with `-S'.
 .
 Remote DOS hole, CAN-2004-0911, moved to a separate file.
 .
 Buffer overflow, CAN-2005-0469, moved to a separate file.

020 from_18_to_24.diff | (download)

telnet/commands.cc | 63 53 + 10 - 0 !
telnet/defines.h | 2 2 + 0 - 0 !
telnet/externs.h | 7 4 + 3 - 0 !
telnet/main.cc | 25 19 + 6 - 0 !
telnet/netlink.cc | 50 43 + 7 - 0 !
telnet/netlink.h | 4 4 + 0 - 0 !
telnet/proto.h | 2 1 + 1 - 0 !
telnet/telnet.1 | 13 12 + 1 - 0 !
telnet/telnet.cc | 7 4 + 3 - 0 !
telnet/terminal.cc | 15 10 + 5 - 0 !
telnetd/ext.h | 2 1 + 1 - 0 !
telnetd/sys_term.c | 22 4 + 18 - 0 !
telnetd/telnetd.8 | 2 1 + 1 - 0 !
13 files changed, 158 insertions(+), 56 deletions(-)

 incremental patches from 0.17-18 to 0.17-24.
 A large set of mixed code patches on top of upstream's source.
 It has been pruned to reproduce the step from source package
 netkit-telnet_0.17-18 to netkit-telnet_0.17-24.
 .
 Support also Hurd.
 [telnetd/sys_term.c, telnetd/ext.h]
 .
 Do not reset access mode and owner of TTY when client ends the session.
 [telnetd/sys_term.c (cleanup)] 
 .
 Path of telnetlogin.
 [telnetd/telnetd.8]
 .
 Adjust 8-bit mode to be without mandatory binary option.
 A new command line switch `-7' is added to telnet.
 [telnet/main.cc, telnet/telnet.cc, telnet/terminal.cc,
 telnet/defines.h, telnet/externs.h]
 .
 Allow telnetrc files to specify a port in addition to host name.
 [telnet/commands.cc, telnet/proto.h, telnet/telnet.1]
 .
 Disable 8-bit mode of client if parity bit is enabled.
 [telnet/main.cc]
 .
 Remove obsolete compiler warnings, and disable trigraph warning.
 Protect tokens ifter #endif.
 [configure, telnet/terminal.cc]
 .
 Support option `-b' in client.
 [telnet/commands.cc, telnet/main.cc, telnet/netlink.cc,
 telnet/netlink.h, telnet/telnet.1]
 .
 Accept numeric telnet options.
 [telnet/command.cc]
 .
 Buffer overflow due to $HOME, moved to a separate file.
 .
 Remote DOS hole, CAN-2004-0911, moved to a separate file.
 .
 Buffer overflow, CAN-2005-0469, moved to a separate file.

500 implement_ssl.diff | (download)

README.SSL | 77 77 + 0 - 0 !
VERSION | 118 118 + 0 - 0 !
__conftest.cc | 7 7 + 0 - 0 !
libtelnet/arpa/telnet.h | 332 332 + 0 - 0 !
libtelnet/auth-proto.h | 130 130 + 0 - 0 !
libtelnet/auth.c | 631 631 + 0 - 0 !
libtelnet/auth.h | 96 96 + 0 - 0 !
libtelnet/authenc.c | 116 116 + 0 - 0 !
libtelnet/enc-proto.h | 111 111 + 0 - 0 !
libtelnet/encrypt.h | 106 106 + 0 - 0 !
libtelnet/misc-proto.h | 89 89 + 0 - 0 !
libtelnet/misc.c | 113 113 + 0 - 0 !
libtelnet/misc.h | 42 42 + 0 - 0 !
libtelnet/ssl.c | 831 831 + 0 - 0 !
libtelnet/sslapp.c | 196 196 + 0 - 0 !
libtelnet/sslapp.h | 85 85 + 0 - 0 !
telnet/README.SSL | 26 26 + 0 - 0 !
telnet/commands.cc | 98 96 + 2 - 0 !
telnet/externs.h | 5 5 + 0 - 0 !
telnet/glue.cc | 20 20 + 0 - 0 !
telnet/glue.h | 2 2 + 0 - 0 !
telnet/glue2.cc | 13 13 + 0 - 0 !
telnet/main.cc | 29 27 + 2 - 0 !
telnet/netlink.cc | 60 59 + 1 - 0 !
telnet/sys_bsd.cc | 12 11 + 1 - 0 !
telnet/telnet.1 | 54 54 + 0 - 0 !
telnet/telnet.cc | 108 107 + 1 - 0 !
telnet/utilities.cc | 73 72 + 1 - 0 !
telnetd/ext.h | 9 9 + 0 - 0 !
telnetd/state.c | 3 3 + 0 - 0 !
telnetd/sys_term.c | 13 13 + 0 - 0 !
telnetd/telnetd.8 | 46 46 + 0 - 0 !
telnetd/telnetd.c | 232 230 + 2 - 0 !
telnetd/utility.c | 30 30 + 0 - 0 !
34 files changed, 3903 insertions(+), 10 deletions(-)

 step up from netkit-telnet_0.17-24.
 Compute original SSL patch between sources
 .
   netkit-telnet_0.17-24.dsc
 .
   netkit-telnet-ssl_0.17.24+0.1.orig.tar.gz
 .
 This will be pruned to follow netkit-telnet packaging.

510 can_2004_0640_and_0998.diff | (download)

telnetd/telnetd.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 two format string vulnerabilities.
 syslog() was applying user data as format string, CAN-2004-0640.
 [telnetd/telnetd.c]
 .
 Likewise for BIO_printf(), CAN-2004-0998.  Reported by Joel Eriksson.
 [telnetd/telnetd.c]

022 buffer_overflow_by_HOME.diff | (download)

telnet/commands.cc | 18 7 + 11 - 0 !
1 file changed, 7 insertions(+), 11 deletions(-)

 fix buffer overflow when $home is large.
 Very long values of $HOME will extend beyond fixed rcbuf[128].
 In its stead, use dynamic allocation.

024 can_2004 0911.diff | (download)

telnetd/utility.c | 7 4 + 3 - 0 !
1 file changed, 4 insertions(+), 3 deletions(-)

 fix remote dos hole, can-2004-0911.
 telnetd/utility.c (netwritebuf): Check that `listlen' is positive
 before any action.  Otherwise do nothing, just return.
 .
 Patch made public in bug report.

026 can_2005_0469.diff | (download)

telnet/telnet.cc | 9 9 + 0 - 0 !
1 file changed, 9 insertions(+)

 buffer overflow in linemode suboptions, can-2005-0469.
 telnet/telnet.cc (slc_add_reply): Check that sufficiently space
 still is available beyond `slc_replyp'.
 .
 Extracted by comparison of netkit-telnet_0.17-18woody3,
 netkit-telnet_0.17-29, and netkit-telnet-ssl_0.17.24+0.1-7.1.

512 numeric_hosts.diff | (download)

telnetd/telnetd.8 | 5 4 + 1 - 0 !
telnetd/telnetd.c | 10 8 + 2 - 0 !
2 files changed, 12 insertions(+), 3 deletions(-)

 resolve remote host as numeric host identifier.
 Implement a new switch '-N' in the server, avoiding reverse DNS
 resolution and instead registering a numeric host representation.
 The environment variable REMOTEHOST is set to this numeric address.
 .
 The change could be of benefit in PAM rules for access control as well
 as for accounting and tracing of network activity.  In addition, the use
 of '-N' mitigates cases when a hostile third party might have gained
 control of reverse DNS resolution and is trying to inject fake answers.

514 mixed_up_to_24_7_1.diff | (download)

libtelnet/auth-proto.h | 4 3 + 1 - 0 !
libtelnet/auth.c | 17 13 + 4 - 0 !
libtelnet/misc.c | 8 8 + 0 - 0 !
libtelnet/ssl.c | 188 111 + 77 - 0 !
libtelnet/sslapp.h | 3 2 + 1 - 0 !
telnetlogin/telnetlogin.8 | 8 2 + 6 - 0 !
telnetlogin/telnetlogin.c | 19 17 + 2 - 0 !
7 files changed, 156 insertions(+), 91 deletions(-)

 incremental patch up to 0.17.24+0.1-7.1.
 Changes past netkit-telnet-ssl_0.17.24+0.1.orig.tar.gz.
 .
 Format string vulnerability, CAN-2004-0911, is moved to a separate file
 inherited from netkit-telnet, but adaptions were made here so that the
 patch applies cleanly.
 .
 Buffer overflow when $HOME is large; moved to a separate file in common
 with netkit-telnet.
 .
 Remote DOS hole, CAN-2005-0469, is moved to a separate file in common
 with netkit-telnet.
 .
 New switch '-N' in telnetd, bug #258371, is moved to a separate file.
 .
 Changes to `telnet' and `telnetd' are delegated to separate files.
 .
 Include `libtelnet' as subdirectory during build.
 [Makefile]
 .
 (telnetlogin) Fix logic in check_a_hostname().  Implement new option
 '-f' and check_username(), verifying a requesting user's name.
 [telnetlogin/telnetlogin.8, telnetlogin/telnetlogin.c]
 .
 (libtelnet) New variable `auth_failed'.  When certificate verification
 fails, send all output to stderr, then flush it.  Fix two uses of
 `UserNameRequested'.  Improve callback function to verify that server's
 commonName matches the remote hostname.  Improve printed feedback when
 reporting the cause of certificate rejection.
 [libtelnet/ssl.c]
 .
 Fix compiler warnings.
 [libtelnet/auth-prot.h, libtelnet/auth.c, libtelnet/misc.c]
 [libtelnet/ssl.c, libtelnet/sslapp.h]
 .
 Trivial SCM header changes were moved elsewhere.

516 telnet_up_to_24_7_1.diff | (download)

telnet/commands.cc | 51 38 + 13 - 0 !
telnet/externs.h | 3 2 + 1 - 0 !
telnet/glue.cc | 3 2 + 1 - 0 !
telnet/main.cc | 100 91 + 9 - 0 !
telnet/netlink.cc | 20 18 + 2 - 0 !
telnet/proto.h | 2 2 + 0 - 0 !
telnet/telnet.1 | 175 87 + 88 - 0 !
telnet/telnet.cc | 39 20 + 19 - 0 !
8 files changed, 260 insertions(+), 133 deletions(-)

 changes to telnet between 0.17.24+0.1-1 and -7.1.
 Alterations to the subdirectory `telnet'.
 .
 Update CXXFLAGS, LIBS, OBJS and SRCS.  Make 'telnet' depend on $(LIBTELNET).
 Do not strip 'telnet-ssl'.
 [telnet/Makefile]
 .
 Implement program switch '-z opt'.  Add '-K', '-X', and '-z' to usage.
 Force autologin when either of certificate file or key file is present.
 [telnet/main.cc].
 .
 Complete the TELOPT_ENVIRON exchange as first protocol step, even before
 announcing TELOPT_AUTHENTICATION.
 [telnet/telnet.cc].
 .
 Separate autologin from SSL.  Implement a toggling function for change
 of 'autologin', since the environment variable USER is involved.
 [telnet/commands.cc]
 .
 Autologin defaults to off.
 .
 Verification of commonName as claimed by server.
 [telnet/netlink.cc (connect)]
 .
 Enable '-z authdebug'.
 .
 Enable SSL when opening a connection at the prompt.  Establish 'hostname'
 inside connection loop, and check for suppressed SSL for 'localhost'.
 [telnet/commands]
 .
 Diagnostics and clean exit at failed certificate verification.
 .
 Make option '-z verify=3' simulate '-z certrequired', by forcing
 'ssl_cert_require'.
 [telnet/main.cc]

518 telnetd_up_to_24_7_1.diff | (download)

telnetd/ext.h | 7 4 + 3 - 0 !
telnetd/issue.net.5 | 2 1 + 1 - 0 !
telnetd/state.c | 53 43 + 10 - 0 !
telnetd/telnetd.8 | 11 7 + 4 - 0 !
telnetd/telnetd.c | 28 20 + 8 - 0 !
telnetd/utility.c | 48 46 + 2 - 0 !
6 files changed, 121 insertions(+), 28 deletions(-)

 changes to telnet between 0.17.24+0.1-1 and -7.1.
 Alterations to the subdirectory `telnetd'.
 .
 Update CFLAGS and LIBS.  Do not strip `in.telnetd'.
 [telnetd/Makefile]
 .
 Fix compiler warnings.  Also netflush() returns `int' and writenet() is
 no longer defined as a macro.
 [telnetd/ext.h, telnetd/state.c, telnetd/telnetd.c, telnetd/utility.c]
 .
 When setting or unsetting the environment variable USER, then set or
 unset the internal variable `UserNameRequested' in the right way.
 [telnetd/state.c]
 .
 Fix '-z certsok': Add `ssl_certsok_flag' to the conditions that increase
 an empty `ssl_verify_flag' to be SSL_VERIFY_PEER (= 1).  Improve the text
 about the use of `/etc/ssl.users', which is related to `certsok'.
 [telnetd/telnetd.c, telnetd/telnetd.8]
 .
 Complete the TELOPT_ENVIRON exchange as first protocol step, even before
 announcing TELOPT_AUTHENTICATION.
 [telnetd/telnetd.c].
 .
 When `ssl_active_flag' is set, use SSL protected calls for reading and
 writing.  New helper function SSL_writev().
 [telnetd/utility.c (ttloop, netwritebuf)] 
 .
 Add printout text about '-z' for use when an invalid command line call
 is being parsed.
 [telnetd/telnetd.c].
 .
 Groff error.
 [telnetd/issue.net.5]

030 reject_invalid_port.diff | (download)

telnet/commands.cc | 16 15 + 1 - 0 !
1 file changed, 15 insertions(+), 1 deletion(-)

 reject invalid port numbers.
 Check that any port number is within the range of a short integer.
520 from_7_1_to_14.diff | (download)

libtelnet/auth.c | 8 4 + 4 - 0 !
libtelnet/ssl.c | 2 1 + 1 - 0 !
telnet/commands.cc | 45 40 + 5 - 0 !
telnet/netlink.cc | 7 4 + 3 - 0 !
telnet/telnet.1 | 21 17 + 4 - 0 !
telnetd/issue.net.5 | 20 10 + 10 - 0 !
telnetd/state.c | 34 17 + 17 - 0 !
telnetd/telnetd.8 | 3 2 + 1 - 0 !
telnetd/telnetd.c | 5 2 + 3 - 0 !
telnetd/utility.c | 43 31 + 12 - 0 !
10 files changed, 128 insertions(+), 60 deletions(-)

 mixed updates.
 Protect SSL_writev using ifdef.
 [telnetd/utility.c]
 .
 Fix socks problems. #314416
 .
 Compiler warnings caused by GCC 4.
 .
 Do not disable SSL to localhost when `-z secure' is in effect. #339528 339535
 .
 Reject invalid port numbers.  This patch is separated into its own file,
 as it can be inherited from netkit-telnet.
 .
 Update manpages.
 [telnet/telnet.1, telnetd/issue.net.5]
 .
 Move 'telnetd.pem' to '/etc/telnetd-ssl/'.
 [telnetd/telnetd.c]

 Fix segfault in netwritebuf().
 [telnetd/utility.c]
 .
 Implement new telnet command `startssl', useful with IMAPS and ESMTP.
 [telnet/commands.cc, telnet/telnet.1]
 .
 Mention '-z sslopt' in manpage.
 [telnetd/telnetd.8]
 .
 Trivial SCM header changes were moved elsewhere.

530 from_14_to_21.diff | (download)

libtelnet/auth-proto.h | 2 1 + 1 - 0 !
libtelnet/auth.c | 4 2 + 2 - 0 !
libtelnet/misc-proto.h | 2 1 + 1 - 0 !
libtelnet/misc.c | 2 1 + 1 - 0 !
telnet/commands.cc | 10 5 + 5 - 0 !
telnet/netlink.cc | 37 31 + 6 - 0 !
telnetd/telnetd.8 | 2 1 + 1 - 0 !
7 files changed, 42 insertions(+), 17 deletions(-)

 mixed updates.
 Optimize linking.
 [telnet/Makefile, telnetd/Makefile, telnetlogin/Makefile]
 .
 Handle SSL_ERROR_WANT_READ, which is triggered by SSL re-handshake.
 [telnet/netlink.cc]
 .
 Compiler warnings when converting string constants.
 [telnet/commands.cc, libtelnet/auth.c, libtelnet/auth-proto.h]
 [libtelnet/misc.c, libtelnet/misc-proto.h]
 .
 Fix quoting in manual page.
 [telnetd/telnetd.8]
 .
 Trivial SCM header changes were moved elsewhere.

540 buffer_overflow.diff | (download)

libtelnet/ssl.c | 34 19 + 15 - 0 !
1 file changed, 19 insertions(+), 15 deletions(-)

 fix buffer overflow.
 Write to stdout, instead of filling a fixed buffer.
545 track_scm.diff | (download)

telnet/authenc.cc | 2 1 + 1 - 0 !
telnet/defines.h | 2 1 + 1 - 0 !
telnet/externs.h | 2 1 + 1 - 0 !
telnet/fdset.h | 2 1 + 1 - 0 !
telnet/general.h | 2 1 + 1 - 0 !
telnet/genget.cc | 2 1 + 1 - 0 !
telnet/main.cc | 2 1 + 1 - 0 !
telnet/network.cc | 2 1 + 1 - 0 !
telnet/ring.cc | 2 1 + 1 - 0 !
telnet/ring.h | 2 1 + 1 - 0 !
telnet/sys_bsd.cc | 2 1 + 1 - 0 !
telnet/telnet.cc | 2 1 + 1 - 0 !
telnet/terminal.cc | 2 1 + 1 - 0 !
telnet/tn3270.cc | 2 1 + 1 - 0 !
telnet/types.h | 2 1 + 1 - 0 !
telnet/utilities.cc | 2 1 + 1 - 0 !
telnetd/authenc.c | 2 1 + 1 - 0 !
telnetd/defs.h | 2 1 + 1 - 0 !
telnetd/ext.h | 2 1 + 1 - 0 !
telnetd/getent.c | 2 1 + 1 - 0 !
telnetd/global.c | 2 1 + 1 - 0 !
telnetd/pathnames.h | 2 1 + 1 - 0 !
telnetd/setproctitle.3 | 2 1 + 1 - 0 !
telnetd/setproctitle.c | 2 1 + 1 - 0 !
telnetd/slc.c | 2 1 + 1 - 0 !
telnetd/sys_term.c | 2 1 + 1 - 0 !
telnetd/telnetd.h | 2 1 + 1 - 0 !
telnetd/termstat.c | 2 1 + 1 - 0 !
telnetlogin/telnetlogin.8 | 2 1 + 1 - 0 !
telnetlogin/telnetlogin.c | 2 1 + 1 - 0 !
30 files changed, 30 insertions(+), 30 deletions(-)

 collect trivial scm headers.
 All cases of trivial changes, where solely an SCM version
 header has been altered, were collected and pruned into
 a single change.  The all were of the kind:
 .
 1.## dholland  -->  1.1.1.1 ianb  -->  1.1 ianb

045 avoid_unsetting_term.diff | (download)

telnet/telnet.cc | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 avoid unsetting environment variable term.
 Do not reset TERM to "UNKNOWN", when it is unknown in the local host.
100 format_security_error.diff | (download)

telnet/utilities.cc | 6 3 + 3 - 0 !
telnetd/utility.c | 6 3 + 3 - 0 !
2 files changed, 6 insertions(+), 6 deletions(-)

 format string is not a string literal.
 Hardened builds are failing due to "-Werror=format-security".
 Insertion of a trivial format string resolves the failure.
120 some_protocol_refinement.diff | (download)

telnet/commands.cc | 2 1 + 1 - 0 !
telnet/telnet.1 | 10 5 + 5 - 0 !
telnet/telnet.cc | 61 61 + 0 - 0 !
telnet/utilities.cc | 18 13 + 5 - 0 !
telnetd/telnetd.8 | 4 0 + 4 - 0 !
telnetd/utility.c | 34 21 + 13 - 0 !
6 files changed, 101 insertions(+), 28 deletions(-)

 selected protocol refinement.
 Let the manual pages express NEW-ENVIRON as the only
 supported environment mechanism.
 .
 Let the diagnostic printout correctly identify the observed
 modi of local flow control.
 .
 Let the server in debug mode correctly decode only the suboption
 part of a status response, by ignoring the initial `IAC SB'.
 .
 Let the server and client decode suboptions containing also ENV_USERVAR
 in addition to the already known ENV_VAR.
 .
 Make the command `status' be as verbose as in other clients.
 .
 Several calls to printsub() were missing in `telnet.cc', thus failing
 to display options that the client sends to the server.  Instead only
 the received responses were display in some few negotiations, namely
 TELOPT_TTYPE, TELOPT_TSPEED, TELOPT_XDISPLOC and TELOPT_LINEMODE

130 drain_input_from_child.diff | (download)

telnetd/sys_term.c | 11 9 + 2 - 0 !
telnetd/telnetd.8 | 5 3 + 2 - 0 !
telnetd/telnetd.c | 24 21 + 3 - 0 !
telnetd/utility.c | 2 1 + 1 - 0 !
4 files changed, 34 insertions(+), 8 deletions(-)

 drain input stream from child process.
 When the server process receives SIGCHILD, there might
 well be data pending in the PTY buffer, intended for
 the client waiting eagerly at the network link.
 .
 Replace the old signal handler for SIGCHILD with a simpler
 version that sets a semaphor.  That semaphor is then sampled
 at a suitable time during the I/O main loop, and execution
 is transferred to the old handler after flushing the queue.
 .
 In the original signal handler, call waitpid() in order to
 remove the child process from the kernel's process list.
 .
 Make some small adjustment to debugging output.
600 better_diagnostic.diff | (download)

libtelnet/ssl.c | 16 11 + 5 - 0 !
telnet/netlink.cc | 22 18 + 4 - 0 !
telnet/network.cc | 2 2 + 0 - 0 !
telnetd/telnetd.c | 9 6 + 3 - 0 !
4 files changed, 37 insertions(+), 12 deletions(-)

 better error diagnostics.
 Improve a test used by the server to read 'SSL_accept() <= 0'.
 Otherwise the particular case of a negative return value will go
 unnoticed as an important error, albeit a less probable one.
 [libtelnet/ssl.c (auth_ssl_is)]
 .
 A client demanding initial SSL, or a server for that matter, will observe
 an immediate failure when the remote server has no support for this.
 Similarly, when a degree of certificate verification has been set and
 either partner can not meet set requirements.  Extract simplified
 error reports, suppressing the highly technical message of libssl.
 .
 When the server has responded with `SSL ACCEPT', but the connection
 with SSL_connect() fails of some reason, then extract an intelligible
 reason instead of calling ERR_print_errors().
 [libtelnet/ssl.c (auth_ssl_reply)]
 .
 Similarly, when SSL_accept() exposes a failure in the server started
 by AUTH_SSL_START, augment the returned message with a hopefully useful
 hint on the nature of the fault.
 [libtelnet/ssl.c (auth_ssl_is)]
 .
 When `ssl_only_flag' is set, SSL_connect() will return a negative
 return status, should the target host lack the ability to talk SSL.
 Therefore also negative values must be taken as declined sessions.
 Replace ERR_print_errors_fp() with a better intelligible reason,
 constructed as in the previous case.  Also, add a custom error text
 when SSL_ERROR_SSL was detected, but rely on `errno' otherwise.
 [telnet/netlink.cc (connect)]
 .
 The class `network' possibly leaves `errno = 0', which is obscuring
 the cause of failure, so we insert a fictitious EIO in such case.
 [telnet/network.cc (netflush)]
 .
 Finally, when 'ssl_only_flag' is set and the server observes a failure
 in SSL_accept(), then extract a shortened hint in the same manner as
 before and report it!
 [telnetd/telnetd.c (main)]

610 support_uservar.diff | (download)

telnet/telnet.cc | 43 43 + 0 - 0 !
telnetd/state.c | 29 23 + 6 - 0 !
2 files changed, 66 insertions(+), 6 deletions(-)

 support user variables in environment.
 Include conditionally protected code, allowing the server to accept
 variables from the client marked as user defined, i.e., ENV_USERVAR,
 into the environment.  The code is made active by the compiler macro
 ACCEPT_USERVAR.  This would let clients from Solaris and FreeBSD set
 variables exported by the user.
 [telnetd/state.c (suboption)]
 .
 Fix incorrect offset while diagnostically printing suboptions.
 [telnetd/state.c (send_status)]
 .
 Add LANG and LC_* to the list of acceptable environment variables.
 [telnetd/state.c (envvarok)]
 .
 Let the client executable announce most environment variables as user
 defined, i.e., as ENV_USERVAR.  A new function wellknown_var() checks
 whether a proposed variable name is known well enough to be kept as
 ENV_VAR, thus nominally undergo more scrutiny at the server's end.
 These addition are also conditioned by the macro ACCEPT_USERVAR:
 [telnet/telnet.cc (env_opt_add)]

630 recent_libssl.diff | (download)

libtelnet/ssl.c | 24 12 + 12 - 0 !
telnet/netlink.cc | 1 1 + 0 - 0 !
2 files changed, 13 insertions(+), 12 deletions(-)

 make possible builds with libssl of version 1.1.0.
 Protected access to an opaque structure was made mandatory
 in version 1.1.0 of libssl.