import telnet-0.17-76.el8
This commit is contained in:
parent
f29ea4775d
commit
7c0ed0797e
42
SOURCES/telnet-0.17-pty-retry.patch
Normal file
42
SOURCES/telnet-0.17-pty-retry.patch
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
--- a/telnetd/telnetd.c
|
||||||
|
+++ b/telnetd/telnetd.c
|
||||||
|
@@ -772,7 +772,6 @@ void telnet(int f, int p)
|
||||||
|
int on = 1;
|
||||||
|
char *HE;
|
||||||
|
const char *IM;
|
||||||
|
- int pty_read_ok = 0; /* track whether the pty read has worked yet */
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Initialize the slc mapping table.
|
||||||
|
@@ -1086,19 +1085,24 @@ void telnet(int f, int p)
|
||||||
|
* Something to read from the pty...
|
||||||
|
*/
|
||||||
|
if (FD_ISSET(p, &ibits)) {
|
||||||
|
+ int eio = 0;
|
||||||
|
+read_pty:
|
||||||
|
pcc = read(p, ptyibuf, BUFSIZ);
|
||||||
|
- /*
|
||||||
|
- * On some systems, if we try to read something
|
||||||
|
- * off the master side before the slave side is
|
||||||
|
- * opened, we get EIO.
|
||||||
|
- */
|
||||||
|
- if (pcc < 0 && (errno == EWOULDBLOCK || (errno == EIO && pty_read_ok == 0))) {
|
||||||
|
+ if (pcc < 0 && errno == EWOULDBLOCK) {
|
||||||
|
pcc = 0;
|
||||||
|
}
|
||||||
|
+ /*
|
||||||
|
+ * If we try to read something off the master side while the slave
|
||||||
|
+ * side is temporarily closed by login process, we get EIO.
|
||||||
|
+ */
|
||||||
|
+ else if (pcc < 0 && errno == EIO && eio < 1000) {
|
||||||
|
+ eio++;
|
||||||
|
+ poll(NULL, 0, 10);
|
||||||
|
+ goto read_pty;
|
||||||
|
+ }
|
||||||
|
else {
|
||||||
|
if (pcc <= 0)
|
||||||
|
break;
|
||||||
|
- pty_read_ok = 1; /* mark connection up for read */
|
||||||
|
#ifdef LINEMODE
|
||||||
|
/*
|
||||||
|
* If ioctl from pty, pass it through net
|
15
SOURCES/telnet-0.17-sigpipe-segfault.patch
Normal file
15
SOURCES/telnet-0.17-sigpipe-segfault.patch
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
diff --git a/telnet/sys_bsd.c.old b/telnet/sys_bsd.c
|
||||||
|
index 9e05171..39845ac 100644
|
||||||
|
--- a/telnet/sys_bsd.c.old
|
||||||
|
+++ b/telnet/sys_bsd.c
|
||||||
|
@@ -833,6 +833,10 @@ NetSetPgrp(int fd)
|
||||||
|
void
|
||||||
|
deadpeer(int sig)
|
||||||
|
{
|
||||||
|
+ if(sig == SIGPIPE) {
|
||||||
|
+ signal(SIGPIPE, SIG_DFL);
|
||||||
|
+ fprintf(stderr, "Broken pipe\n");
|
||||||
|
+ }
|
||||||
|
(void)sig;
|
||||||
|
setcommandmode();
|
||||||
|
siglongjmp(peerdied, -1);
|
@ -3,7 +3,7 @@
|
|||||||
Summary: The client program for the Telnet remote login protocol
|
Summary: The client program for the Telnet remote login protocol
|
||||||
Name: telnet
|
Name: telnet
|
||||||
Version: 0.17
|
Version: 0.17
|
||||||
Release: 73%{?dist}.1
|
Release: 76%{?dist}
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
License: BSD
|
License: BSD
|
||||||
Group: Applications/Internet
|
Group: Applications/Internet
|
||||||
@ -42,6 +42,8 @@ Patch30: netkit-telnet-0.17-manpage.patch
|
|||||||
Patch31: netkit-telnet-0.17-covscan.patch
|
Patch31: netkit-telnet-0.17-covscan.patch
|
||||||
Patch32: telnet-log-address.patch
|
Patch32: telnet-log-address.patch
|
||||||
Patch33: telnet-0.17-overflow-exploit.patch
|
Patch33: telnet-0.17-overflow-exploit.patch
|
||||||
|
Patch34: telnet-0.17-pty-retry.patch
|
||||||
|
Patch35: telnet-0.17-sigpipe-segfault.patch
|
||||||
|
|
||||||
BuildRequires: ncurses-devel systemd
|
BuildRequires: ncurses-devel systemd
|
||||||
BuildRequires: perl-interpreter
|
BuildRequires: perl-interpreter
|
||||||
@ -99,6 +101,8 @@ mv telnet telnet-NETKIT
|
|||||||
%patch31 -p1 -b .covscan
|
%patch31 -p1 -b .covscan
|
||||||
%patch32 -p1 -b .log-address
|
%patch32 -p1 -b .log-address
|
||||||
%patch33 -p1 -b .overflow
|
%patch33 -p1 -b .overflow
|
||||||
|
%patch34 -p1 -b .pty-retry
|
||||||
|
%patch35 -p1 -b .sigpipe
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%ifarch s390 s390x
|
%ifarch s390 s390x
|
||||||
@ -164,8 +168,14 @@ install -p -m644 %SOURCE6 ${RPM_BUILD_ROOT}%{_unitdir}/telnet.socket
|
|||||||
%{_mandir}/man8/telnetd.8*
|
%{_mandir}/man8/telnetd.8*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Thu Mar 26 2020 Michal Ruprich <michalruprich@gmail.com> - 1:0.17-73.1
|
* Tue Dec 15 2020 Michal Ruprich <mruprich@redhat.com> - 1:0.17-76
|
||||||
- Resolves: #1814473 - Arbitrary remote code execution in utility.c via short writes or urgent data
|
- Resolves: #1895387 - telnet crashes on stack overflow due to infinite recursion
|
||||||
|
|
||||||
|
* Tue Oct 27 2020 Michal Ruprich <mruprich@redhat.com> - 1:0.17-75
|
||||||
|
- Resolves: #1881335 - in.telnetd needs to tolerate temporary EIO errors
|
||||||
|
|
||||||
|
* Thu Mar 26 2020 Michal Ruprich <michalruprich@gmail.com> - 1:0.17-74
|
||||||
|
- Resolves: #1814474 - Arbitrary remote code execution in utility.c via short writes or urgent data
|
||||||
|
|
||||||
* Thu Oct 04 2018 Michal Ruprich <mruprich@redhat.com> - 1:0.17-73
|
* Thu Oct 04 2018 Michal Ruprich <mruprich@redhat.com> - 1:0.17-73
|
||||||
- Resolves: #1602711 - Please review important issues found by covscan
|
- Resolves: #1602711 - Please review important issues found by covscan
|
||||||
|
Loading…
Reference in New Issue
Block a user