packages: telnet-ssl/telnet-ssl-debian.patch - updated to debian patch 0.17...
baggins
baggins at pld-linux.org
Thu Apr 22 15:28:30 CEST 2010
Author: baggins Date: Thu Apr 22 13:28:30 2010 GMT
Module: packages Tag: HEAD
---- Log message:
- updated to debian patch 0.17.24+0.1-22
---- Files affected:
packages/telnet-ssl:
telnet-ssl-debian.patch (1.1 -> 1.2)
---- Diffs:
================================================================
Index: packages/telnet-ssl/telnet-ssl-debian.patch
diff -u packages/telnet-ssl/telnet-ssl-debian.patch:1.1 packages/telnet-ssl/telnet-ssl-debian.patch:1.2
--- packages/telnet-ssl/telnet-ssl-debian.patch:1.1 Fri Apr 28 10:42:41 2006
+++ packages/telnet-ssl/telnet-ssl-debian.patch Thu Apr 22 15:28:24 2010
@@ -9,9 +9,37 @@
%.build:
(cd $(patsubst %.build, %, $@) && $(MAKE))
+--- netkit-telnet-ssl-0.17.24+0.1.orig/.gitignore
++++ netkit-telnet-ssl-0.17.24+0.1/.gitignore
+@@ -0,0 +1,19 @@
++*~
++*.o
++MCONFIG
++telnet/telnet
++telnetd/telnetd
++telnetlogin/telnetlogin
++libtelnet/libtelnet.a
++debian/files
++debian/telnet-ssl.postinst.debhelper
++debian/telnet-ssl.postrm.debhelper
++debian/telnet-ssl.substvars
++debian/telnet-ssl
++debian/telnetd-ssl.dirs
++debian/telnetd-ssl.postinst
++debian/telnetd-ssl.postrm
++debian/telnetd-ssl.prerm
++debian/telnetd-ssl.substvars
++debian/telnetd-ssl
++debian/*.debhelper.log
--- netkit-telnet-ssl-0.17.24+0.1.orig/telnet/Makefile
+++ netkit-telnet-ssl-0.17.24+0.1/telnet/Makefile
-@@ -6,15 +6,18 @@
+@@ -3,26 +3,31 @@
+ include ../MCONFIG
+ include ../MRULES
+
++# ignore imported LIBS value, drags in too much
++LIBS=
++
#CXXFLAGS:=$(patsubst -O2, -g, $(CXXFLAGS))
# -DAUTHENTICATE
@@ -19,7 +47,7 @@
-LIBS = $(LIBTERMCAP)
+CXXFLAGS += -DUSE_TERMIO -DKLUDGELINEMODE -DAUTHENTICATE -DUSE_SSL \
+ -I/usr/include/openssl -I../
-+LIBTELNET = ../libtelnet/libtelnet.a
++LIBTELNET = ../libtelnet/libtelnet.a
+LIBS += $(LIBTERMCAP) $(LIBTELNET) -lssl -lcrypto
SRCS = commands.cc main.cc network.cc ring.cc sys_bsd.cc telnet.cc \
@@ -28,13 +56,14 @@
+ glue.cc glue2.cc
OBJS = $(patsubst %.cc, %.o, $(SRCS))
-
+-
-telnet: $(OBJS)
+- $(CXX) $(LDFLAGS) $^ $(LIBS) -o $@
+telnet: $(OBJS) $(LIBTELNET)
- $(CXX) $(LDFLAGS) $^ $(LIBS) -o $@
++ $(CXX) -static-libgcc $(LDFLAGS) $^ $(LIBS) -o $@
include depend.mk
-@@ -22,7 +25,7 @@
+ depend:
$(CXX) $(CXXFLAGS) -MM $(SRCS) >depend.mk
install: telnet
@@ -133,7 +162,55 @@
perror("Execl");
_exit(1);
}
-@@ -1902,6 +1917,16 @@
+@@ -1510,10 +1525,10 @@
+
+ #if defined(AUTHENTICATE)
+ struct authlist {
+- char *name;
+- char *help;
+- int (*handler)(const char *, const char *);
+- int narg;
++ const char *name;
++ const char *help;
++ int (*handler)(const char *, const char *);
++ int narg;
+ };
+
+ static int auth_help (const char *, const char *);
+@@ -1833,8 +1848,22 @@
+ if (*portp == '-') {
+ portp++;
+ telnetport = 1;
+- } else
++ } else {
+ telnetport = 0;
++ if (*portp >='0' && *portp<='9') {
++ char *end;
++ long int p;
++
++ p=strtol(portp, &end, 10);
++ if (ERANGE==errno && (LONG_MIN==p || LONG_MAX==p)) {
++ fprintf(stderr, "telnet: port %s overflows\n", portp);
++ return 0;
++ } else if (p<=0 || p>=65536) {
++ fprintf(stderr, "telnet: port %s out of range\n", portp);
++ return 0;
++ }
++ }
++ }
+ }
+ else {
+ portp = "telnet";
+@@ -1860,7 +1889,7 @@
+ if (res < 0)
+ return 0;
+ }
+-
++
+ /* Resolve both the host and service simultaneously. */
+ res = getaddrinfo(resolv_hostp, portp, &hints, &hostaddr);
+ if (res == EAI_NONAME) {
+@@ -1902,6 +1931,16 @@
NI_NUMERICHOST | NI_NUMERICSERV);
printf("Trying %s...\n", name);
@@ -150,13 +227,13 @@
x = nlink.connect(debug, tmpaddr, srp, srlen, tos);
if (!x)
goto err;
-@@ -1909,18 +1934,18 @@
+@@ -1909,18 +1948,18 @@
goto nextaddr;
connected++;
+
+#ifdef USE_SSL
-+ if (strcmp(hostp, "localhost") != 0) {
++ if (ssl_secure_flag || (strcmp(hostp, "localhost") != 0)) {
+ /* autologin = 1; */
+ use_authentication=1;
+ }
@@ -177,7 +254,63 @@
cmdrc(hostp, hostname, portp);
freeaddrinfo(hostaddr);
-@@ -2233,22 +2258,18 @@
+@@ -1966,6 +2005,9 @@
+ #if defined(AUTHENTICATE)
+ authhelp[] = "turn on (off) authentication ('auth ?' for more)",
+ #endif
++#if defined(USE_SSL)
++ startsslhelp[] = "switch to telnet-over-ssl (use 'auth' for ssl-over-telnet)",
++#endif
+ zhelp[] = "suspend telnet",
+ /* shellhelp[] = "invoke a subshell", */
+ envhelp[] = "change environment variables ('environ ?' for more)",
+@@ -1981,6 +2023,34 @@
+ return 0;
+ }
+
++#if defined(USE_SSL)
++static int startssl_cmd(void)
++{
++ if(ssl_con == NULL)
++ {
++ fprintf(stderr,"telnet: Internal error - ssl_con not initialised.\n");
++ return 1;
++ }
++
++ if(ssl_active_flag)
++ {
++ fprintf(stderr,"telnet: SSL already in use.\n");
++ return 1;
++ }
++
++ if (SSL_connect(ssl_con) < 1)
++ {
++ ERR_print_errors_fp(stderr);
++ fflush(stderr);
++ } else {
++ display_connect_details(ssl_con,ssl_debug_flag);
++ ssl_active_flag=1;
++ ssl_only_flag=1;
++ }
++ return 1;
++}
++#endif /* USE_SSL */
++
+ static int slc_mode_import_0(void) {
+ slc_mode_import(0);
+ return 1;
+@@ -2028,6 +2098,10 @@
+ #endif
+ // BIND("encrypt", encrypthelp, encrypt_cmd);
+
++#if defined(USE_SSL)
++ BIND("startssl", startsslhelp, startssl_cmd);
++#endif
++
+ BIND("z", zhelp, suspend);
+
+ #if defined(TN3270) /* why?! */
+@@ -2233,22 +2307,18 @@
}
void cmdrc(const char *m1, const char *m2, const char *port) {
@@ -426,7 +559,7 @@
*argp = 0;
--- netkit-telnet-ssl-0.17.24+0.1.orig/telnet/netlink.cc
+++ netkit-telnet-ssl-0.17.24+0.1/telnet/netlink.cc
-@@ -12,6 +12,7 @@
+@@ -12,12 +12,27 @@
#include "proto.h"
#include "ring.h"
#include <libtelnet/sslapp.h>
@@ -434,7 +567,56 @@
/* In Linux, this is an enum */
#if defined(__linux__) || defined(IPPROTO_IP)
-@@ -70,11 +71,11 @@
+ #define HAS_IPPROTO_IP
+ #endif
+
++/* code from Peter 'Luna' Runestig <peter at runestig.com> */
++static int select_read(int rfd)
++/* timeout = 20 seconds */
++{
++ fd_set rfds;
++ struct timeval tv;
++
++ FD_ZERO(&rfds);
++ FD_SET(rfd, &rfds);
++ tv.tv_sec = 20;
++ tv.tv_usec = 0;
++ return select(rfd + 1, &rfds, NULL, NULL, &tv);
++}
++
+ netlink nlink;
+
+ class netchannel : public ringbuf::source {
+@@ -26,12 +41,23 @@
+ int net = nlink.getfd();
+ int l;
+ #ifdef USE_SSL
+- if (ssl_active_flag)
+- l = SSL_read(ssl_con, buf, maxlen);
+- else
++ if (ssl_active_flag) {
++ do {
++ l = SSL_read(ssl_con, buf, maxlen);
++ /*
++ * SSL_ERROR_WANT_READ may occur if an SSL/TLS rehandshake occurs.
++ * This means that data was available at the socket, but all was
++ * consumed by SSL itself, so we select (w/20s timeout) and retry.
++ */
++ } while (l<0 &&
++ (SSL_ERROR_WANT_READ == SSL_get_error(ssl_con, l)) &&
++ (select_read(net) > 0));
++ } else
+ #endif /* USE_SSL */
+- l = recv(net, buf, maxlen, 0);
+- if (l<0 && errno == EWOULDBLOCK) l = 0;
++ {
++ l = recv(net, buf, maxlen, 0);
++ if (l<0 && errno == EWOULDBLOCK) l = 0;
++ }
+ return l;
+ }
+ };
+@@ -70,11 +96,11 @@
netlink::netlink() { net = -1; }
@@ -448,7 +630,7 @@
(setsockopt(net, SOL_SOCKET, SO_DEBUG, &debug, sizeof(debug))) < 0) {
perror("setsockopt (SO_DEBUG)");
}
-@@ -95,7 +96,8 @@
+@@ -95,7 +121,8 @@
ssl_active_flag=0;
}
#endif /* USE_SSL */
@@ -458,7 +640,7 @@
net = -1;
}
-@@ -142,7 +144,8 @@
+@@ -142,7 +169,8 @@
{
int on=1;
int res;
@@ -468,7 +650,7 @@
res = socket(addr->ai_family);
if (res < 2)
return res;
-@@ -192,10 +195,24 @@
+@@ -192,10 +220,24 @@
/* bind in the network descriptor */
SSL_set_fd(ssl_con,net);
@@ -477,7 +659,7 @@
+ {
+ static char local_host[256] = { 0 };
+ int len = sizeof(local_host);
-+
++
+ if (!local_host[0]) {
+ gethostname(local_host, len); /* WAS &len!!! */
+ local_host[sizeof(local_host)-1] = 0;
@@ -579,7 +761,7 @@
.Oo
.Ar host
.Op Ar port
-@@ -152,44 +154,45 @@
+@@ -152,44 +154,47 @@
command below.
.It Fl z Ar option
Set SSL (Secure Socket Layer) parameters. The default is to negotiate
@@ -587,7 +769,9 @@
+via telnet protocol if SSL is available at server side and then to
switch it on. In this mode you can connect to both conventional and
-SSL enhanced telnetd's.
-+SSL enhanced telnetd's. If the connection is made to localhost then
++SSL enhanced telnetd's. If the connection is made to localhost and
++.Ic -z secure
++is not set, then
+SSL is not enabled.
.Pp
The SSL parameters are:
@@ -640,7 +824,7 @@
.\" TODO
Set the preferred ciphers to
.Ar ciph_list .
-@@ -319,10 +322,6 @@
+@@ -319,10 +324,6 @@
List the current status of the various types of
authentication.
.El
@@ -651,7 +835,7 @@
.It Ic close
Close the connection to the remote host, if any, and return to command
mode.
-@@ -332,49 +331,49 @@
+@@ -332,49 +333,49 @@
and
.Ic toggle
values (see below).
@@ -744,7 +928,24 @@
.It Ic environ Ar arguments...
The
.Ic environ
-@@ -1079,17 +1078,17 @@
+@@ -1017,6 +1018,16 @@
+ .Ic slc
+ command.
+ .El
++.It Ic startssl
++Attempt to negotiate telnet-over-SSL (as with the
++.Ic -z ssl
++option). This is useful when connecting to non-telnetds such
++as imapd (with the
++.Ic STARTTLS
++command). To control SSL when connecting to a SSL-enabled
++telnetd, use the
++.Ic auth
++command instead.
+ .It Ic status
+ Show the current status of
+ .Nm telnet .
+@@ -1079,17 +1090,17 @@
.Dv FALSE
(see
.Xr stty 1 ) .
@@ -773,7 +974,7 @@
.It Ic autologin
If the remote side supports the
.Dv TELNET AUTHENTICATION
-@@ -1174,9 +1173,9 @@
+@@ -1174,9 +1185,9 @@
.Ic super user ) .
The initial value for this toggle is
.Dv FALSE .
@@ -786,7 +987,19 @@
.It Ic localchars
If this is
.Dv TRUE ,
-@@ -1263,16 +1262,16 @@
+@@ -1221,8 +1232,9 @@
+ is sent as
+ .Ic abort ,
+ and
+-.Ic eof and
+-.B suspend
++.Ic eof
++and
++.Ic suspend
+ are sent as
+ .Ic eof and
+ .Ic susp ,
+@@ -1263,16 +1275,16 @@
Toggles the display of all terminal data (in hexadecimal format).
The initial value for this toggle is
.Dv FALSE .
@@ -1007,7 +1220,7 @@
+ -DLOGIN_WRAPPER=\"/usr/lib/telnetlogin\" \
+ -DUSE_SSL -I/usr/include/openssl -I..
+LIBTELNET = ../libtelnet/libtelnet.a
-+LIBS += $(LIBTERMCAP) $(LIBTELNET) -lssl -lcrypto
++LIBS += $(LIBTELNET) -lssl -lcrypto
OBJS = telnetd.o state.o termstat.o slc.o sys_term.o utility.o \
global.o setproctitle.o
@@ -1096,15 +1309,43 @@
* Allocate global variables.
--- netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/issue.net.5
+++ netkit-telnet-ssl-0.17.24+0.1/telnetd/issue.net.5
-@@ -15,7 +15,7 @@
+@@ -15,26 +15,26 @@
.Pa /etc/issue.net
is a text file which contains a message or system identification to be
printed before the login prompt of a telnet session. It may contain
-various `%-char' sequences. The following sequences are supported by
-+various `%\-char' sequences. The following sequences are supported by
++various `%\&\-char' sequences. The following sequences are supported by
.Ic telnetd :
.Bl -tag -offset indent -compact -width "abcde"
- .It %t
+-.It %t
++.It %\&t
+ - show the current tty
+-.It %h
++.It %\&h
+ - show the system node name (FQDN)
+-.It %D
++.It %\&D
+ - show the name of the NIS domain
+-.It %d
++.It %\&d
+ - show the current time and date
+-.It %s
++.It %\&s
+ - show the name of the operating system
+-.It %m
++.It %\&m
+ - show the machine (hardware) type
+-.It %r
++.It %\&r
+ - show the operating system release
+-.It %v
++.It %\&v
+ - show the operating system version
+-.It %%
++.It %\&%
+ - display a single '%' character
+ .El
+ .Sh FILES
--- netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/pathnames.h
+++ netkit-telnet-ssl-0.17.24+0.1/telnetd/pathnames.h
@@ -31,7 +31,7 @@
@@ -1295,7 +1536,15 @@
.Op Fl a Ar authmode
.Op Fl D Ar debugmode
.Op Fl L Ar loginprg
-@@ -175,6 +175,9 @@
+@@ -50,6 +50,7 @@
+ .Op Fl X Ar authtype
+ .Op Fl edebug
+ .Op Fl debug Ar port
++.Op Fl z Ar sslopt
+ .Sh DESCRIPTION
+ The
+ .Nm telnetd
+@@ -175,6 +176,9 @@
if the client is still there, so that idle connections
from machines that have crashed or can no longer
be reached may be cleaned up.
@@ -1305,7 +1554,7 @@
.It Fl s
This option is only enabled if
.Nm telnetd
-@@ -219,12 +222,16 @@
+@@ -219,12 +223,16 @@
only accepts connections from SSL enhanced telnet with option
.Ic -z ssl
.It Ic nossl, !ssl
@@ -1324,7 +1573,16 @@
authenticate without password.
.It Ic certrequired
client certificate is mandatory
-@@ -451,7 +458,6 @@
+@@ -307,7 +315,7 @@
+ .Ed
+ .Pp
+ The pseudo-terminal allocated to the client is configured
+-to operate in \*(lqcooked\*(rq mode, and with
++to operate in \(lqcooked\(rq mode, and with
+ .Dv XTABS
+ .Dv CRMOD
+ enabled (see
+@@ -451,7 +459,6 @@
is compiled with support for data encryption, and
indicates a willingness to decrypt
the data stream.
@@ -1351,7 +1609,14 @@
#ifdef LOGIN_WRAPPER
char *loginprg = LOGIN_WRAPPER;
#else
-@@ -228,7 +229,7 @@
+@@ -222,13 +223,12 @@
+ * certificate that we will be running with as we cannot
+ * be sure of the cwd when we are launched
+ */
+- sprintf(cert_filepath,"%s/%s",X509_get_default_cert_dir(),
+- "telnetd.pem");
++ strcpy(cert_filepath, "/etc/telnetd-ssl/telnetd.pem");
+ ssl_cert_file=cert_filepath;
ssl_key_file=NULL;
#endif /* USE_SSL */
@@ -1360,7 +1625,7 @@
switch(ch) {
#ifdef USE_SSL
-@@ -389,6 +390,10 @@
+@@ -389,6 +389,10 @@
keepalive = 0;
break;
@@ -1371,7 +1636,7 @@
#ifdef SecurID
case 's':
/* SecurID required */
-@@ -427,7 +432,7 @@
+@@ -427,7 +431,7 @@
#ifdef USE_SSL
@@ -1380,7 +1645,7 @@
/* in secure mode we *must* switch on the base level
* verify checking otherwise we cannot abort connections
* at the right place!
-@@ -520,9 +525,9 @@
+@@ -520,9 +524,9 @@
sprintf(errbuf,"SSL_accept error %s\n",
ERR_error_string(ERR_get_error(),NULL));
@@ -1392,7 +1657,7 @@
/* go to sleep to make sure we are noticed */
sleep(10);
-@@ -571,6 +576,11 @@
+@@ -571,6 +575,11 @@
#ifdef AUTHENTICATE
fprintf(stderr, " [-X auth-type]");
#endif
@@ -1404,7 +1669,7 @@
fprintf(stderr, "\n");
exit(1);
}
-@@ -596,6 +606,18 @@
+@@ -596,6 +605,18 @@
/*
* Handle the Authentication option before we do anything else.
*/
@@ -1423,7 +1688,7 @@
send_do(TELOPT_AUTHENTICATION, 1);
while (his_will_wont_is_changing(TELOPT_AUTHENTICATION))
ttloop();
-@@ -654,7 +676,6 @@
+@@ -654,7 +675,6 @@
send_do(TELOPT_TTYPE, 1);
send_do(TELOPT_TSPEED, 1);
send_do(TELOPT_XDISPLOC, 1);
@@ -1431,7 +1696,7 @@
while (
#if defined(ENCRYPT)
his_do_dont_is_changing(TELOPT_ENCRYPT) ||
-@@ -698,10 +719,6 @@
+@@ -698,10 +718,6 @@
while (sequenceIs(xdisplocsubopt, baseline))
ttloop();
}
@@ -1442,7 +1707,7 @@
if (his_state_is_will(TELOPT_TTYPE)) {
char first[256], last[256];
-@@ -852,7 +869,7 @@
+@@ -852,7 +868,7 @@
static void
doit(struct sockaddr *who, socklen_t who_len)
{
@@ -1451,7 +1716,7 @@
int level;
char user_name[256];
<<Diff was trimmed, longer than 597 lines>>
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/telnet-ssl/telnet-ssl-debian.patch?r1=1.1&r2=1.2&f=u
More information about the pld-cvs-commit
mailing list