Makefile | 3 1 + 2 - 0 !
configure | 2 1 + 1 - 0 !
telnet/Makefile | 2 1 + 1 - 0 !
telnet/commands.cc | 209 125 + 84 - 0 !
telnet/main.cc | 44 33 + 11 - 0 !
telnet/netlink.cc | 34 9 + 25 - 0 !
telnet/netlink.h | 3 1 + 2 - 0 !
telnet/network.cc | 1 1 + 0 - 0 !
telnet/ring.cc | 2 1 + 1 - 0 !
telnet/ring.h | 2 1 + 1 - 0 !
telnet/sys_bsd.cc | 11 11 + 0 - 0 !
telnet/telnet.1 | 26 17 + 9 - 0 !
telnet/telnet.cc | 27 15 + 12 - 0 !
telnet/terminal.cc | 2 2 + 0 - 0 !
telnet/utilities.cc | 2 2 + 0 - 0 !
telnetd/Makefile | 3 2 + 1 - 0 !
telnetd/authenc.c | 12 0 + 12 - 0 !
telnetd/defs.h | 3 2 + 1 - 0 !
telnetd/ext.h | 18 10 + 8 - 0 !
telnetd/global.c | 5 2 + 3 - 0 !
telnetd/issue.net.5 | 2 1 + 1 - 0 !
telnetd/setproctitle.c | 2 1 + 1 - 0 !
telnetd/state.c | 5 2 + 3 - 0 !
telnetd/sys_term.c | 4 2 + 2 - 0 !
telnetd/telnetd.8 | 4 3 + 1 - 0 !
telnetd/telnetd.c | 268 152 + 116 - 0 !
telnetd/utility.c | 512 319 + 193 - 0 !
telnetlogin/telnetlogin.8 | 7 3 + 4 - 0 !
telnetlogin/telnetlogin.c | 77 26 + 51 - 0 !
29 files changed, 746 insertions(+), 546 deletions(-)

 source patches present in package 0.17-18woody3.
 Multiple files are touched by this legacy patch.  It has been
 pruned to reproduce source package netkit-telnet_0.17-18.
 .
 Implement IPv6 support.
 .
 Read `/etc/telnetrc'.
 .
 Various buffer length errors.
 .
 Fix IAC+SB crashes due to format errors.
 .
 The server accepts numerical TOS together with `-S'.
 .
 Remote DOS hole, CAN-2004-0911, moved to a separate file.
 .
 Buffer overflow, CAN-2005-0469, moved to a separate file.

configure | 2 1 + 1 - 0 !
telnet/commands.cc | 63 53 + 10 - 0 !
telnet/defines.h | 2 2 + 0 - 0 !
telnet/externs.h | 7 4 + 3 - 0 !
telnet/main.cc | 25 19 + 6 - 0 !
telnet/netlink.cc | 50 43 + 7 - 0 !
telnet/netlink.h | 4 4 + 0 - 0 !
telnet/proto.h | 2 1 + 1 - 0 !
telnet/telnet.1 | 13 12 + 1 - 0 !
telnet/telnet.cc | 7 4 + 3 - 0 !
telnet/terminal.cc | 15 10 + 5 - 0 !
telnetd/ext.h | 2 1 + 1 - 0 !
telnetd/sys_term.c | 22 4 + 18 - 0 !
telnetd/telnetd.8 | 2 1 + 1 - 0 !
14 files changed, 159 insertions(+), 57 deletions(-)

 incremental patches from 0.17-18 to 0.17-24.
 A large set of mixed code patches on top of upstream's source.
 It has been pruned to reproduce the step from source package
 netkit-telnet_0.17-18 to netkit-telnet_0.17-24.
 .
 Support also Hurd.
 [telnetd/sys_term.c, telnetd/ext.h]
 .
 Do not reset access mode and owner of TTY when client ends the session.
 [telnetd/sys_term.c (cleanup)] 
 .
 Path of telnetlogin.
 [telnetd/telnetd.8]
 .
 Adjust 8-bit mode to be without mandatory binary option.
 A new command line switch `-7' is added to telnet.
 [telnet/main.cc, telnet/telnet.cc, telnet/terminal.cc,
 telnet/defines.h, telnet/externs.h]
 .
 Allow telnetrc files to specify a port in addition to host name.
 [telnet/commands.cc, telnet/proto.h, telnet/telnet.1]
 .
 Disable 8-bit mode of client if parity bit is enabled.
 [telnet/main.cc]
 .
 Remove obsolete compiler warnings, and disable trigraph warning.
 Protect tokens ifter #endif.
 [configure, telnet/terminal.cc]
 .
 Support option `-b' in client.
 [telnet/commands.cc, telnet/main.cc, telnet/netlink.cc,
 telnet/netlink.h, telnet/telnet.1]
 .
 Accept numeric telnet options.
 [telnet/command.cc]
 .
 Buffer overflow due to $HOME, moved to a separate file.
 .
 Remote DOS hole, CAN-2004-0911, moved to a separate file.
 .
 Buffer overflow, CAN-2005-0469, moved to a separate file.

telnet/commands.cc | 18 7 + 11 - 0 !
1 file changed, 7 insertions(+), 11 deletions(-)

 fix buffer overflow when $home is large.
 Very long values of $HOME will extend beyond fixed rcbuf[128].
 In its stead, use dynamic allocation.

telnetd/utility.c | 7 4 + 3 - 0 !
1 file changed, 4 insertions(+), 3 deletions(-)

 fix remote dos hole, can-2004-0911.
 telnetd/utility.c (netwritebuf): Check that `listlen' is positive
 before any action.  Otherwise do nothing, just return.
 .
 Patch made public in bug report.

telnet/telnet.cc | 9 9 + 0 - 0 !
1 file changed, 9 insertions(+)

 buffer overflow in linemode suboptions, can-2005-0469.
 telnet/telnet.cc (slc_add_reply): Check that sufficiently space
 still is available beyond `slc_replyp'.
 .
 Extracted by comparison of netkit-telnet_0.17-18woody3,
 netkit-telnet_0.17-29, and netkit-telnet-ssl_0.17.24+0.1-7.1.

telnet/commands.cc | 16 15 + 1 - 0 !
1 file changed, 15 insertions(+), 1 deletion(-)

 reject invalid port numbers.
 Check that any port number is within the range of a short integer.

telnet/Makefile | 2 1 + 1 - 0 !
telnetd/Makefile | 2 1 + 1 - 0 !
telnetlogin/Makefile | 2 1 + 1 - 0 !
3 files changed, 3 insertions(+), 3 deletions(-)

 do not strip programs.
 Remove stripping options during installation.  This is handled by
 other means.

telnet/telnet.cc | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 avoid unsetting environment variable term.
 Do not reset TERM to "UNKNOWN", when it is unknown in the local host.

telnet/utilities.cc | 6 3 + 3 - 0 !
telnetd/utility.c | 6 3 + 3 - 0 !
2 files changed, 6 insertions(+), 6 deletions(-)

 format string is not a string literal.
 Hardened builds are failing due to "-Werror=format-security".
 Insertion of a trivial format string resolves the failure.

telnet/telnet.1 | 10 6 + 4 - 0 !
telnetd/issue.net.5 | 2 1 + 1 - 0 !
telnetd/telnetd.8 | 2 1 + 1 - 0 !
telnetlogin/telnetlogin.8 | 2 1 + 1 - 0 !
4 files changed, 9 insertions(+), 7 deletions(-)

 nit picking on troff macros.
 Annoying misprints which Lintian complains on.
 .
 A minor inconsistency bug, misnaming the original escape character.

telnet/commands.cc | 2 1 + 1 - 0 !
telnet/telnet.1 | 10 5 + 5 - 0 !
telnet/telnet.cc | 61 61 + 0 - 0 !
telnet/utilities.cc | 18 13 + 5 - 0 !
telnetd/telnetd.8 | 4 0 + 4 - 0 !
telnetd/utility.c | 34 21 + 13 - 0 !
6 files changed, 101 insertions(+), 28 deletions(-)

 selected protocol refinement.
 Let the manual pages express NEW-ENVIRON as the only
 supported environment mechanism.
 .
 Let the diagnostic printout correctly identify the observed
 modi of local flow control.
 .
 Let the server in debug mode correctly decode only the suboption
 part of a status response, by ignoring the initial `IAC SB'.
 .
 Let the server and client decode suboptions containing also ENV_USERVAR
 in addition to the already known ENV_VAR.
 .
 Make the command `status' be as verbose as in other clients.
 .
 Several calls to printsub() were missing in `telnet.cc', thus failing
 to display options that the client sends to the server.  Instead only
 the received responses were display in some few negotiations, namely
 TELOPT_TTYPE, TELOPT_TSPEED, TELOPT_XDISPLOC and TELOPT_LINEMODE

telnet/telnet.cc | 43 43 + 0 - 0 !
telnetd/state.c | 29 23 + 6 - 0 !
2 files changed, 66 insertions(+), 6 deletions(-)

 support user variables in environment.
 Include conditionally protected code, allowing the server to accept
 variables from the client marked as user defined, i.e., ENV_USERVAR,
 into the environment.  The code is made active by the compiler macro
 ACCEPT_USERVAR.  This would let clients from Solaris and FreeBSD set
 variables exported by the user.
 [telnetd/state.c (suboption)]
 .
 Fix incorrect offset while diagnostically printing suboptions.
 [telnetd/state.c (send_status)]
 .
 Add LANG and LC_* to the list of acceptable environment variables.
 [telnetd/state.c (envvarok)]
 .
 Let the client executable announce most environment variables as user
 defined, i.e., as ENV_USERVAR.  A new function wellknown_var() checks
 whether a proposed variable name is known well enough to be kept as
 ENV_VAR, thus nominally undergo more scrutiny at the server's end.
 These addition are also conditioned by the macro ACCEPT_USERVAR:
 [telnet/telnet.cc (env_opt_add)]

telnetd/sys_term.c | 11 9 + 2 - 0 !
telnetd/telnetd.8 | 5 3 + 2 - 0 !
telnetd/telnetd.c | 24 21 + 3 - 0 !
telnetd/utility.c | 2 1 + 1 - 0 !
4 files changed, 34 insertions(+), 8 deletions(-)

 drain input stream from child process.
 When the server process receives SIGCHILD, there might
 well be data pending in the PTY buffer, intended for
 the client waiting eagerly at the network link.
 .
 Replace the old signal handler for SIGCHILD with a simpler
 version that sets a semaphor.  That semaphor is then sampled
 at a suitable time during the I/O main loop, and execution
 is transferred to the old handler after flushing the queue.
 .
 In the original signal handler, call waitpid() in order to
 remove the child process from the kernel's process list.
 .
 Make some small adjustment to debugging output.

telnetlogin/telnetlogin.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 logical error in host name check.
 Mutually exclusive conditions were juxtaposed with logical AND,
 resulting in a test never being effective.

telnetd/telnetd.8 | 5 4 + 1 - 0 !
telnetd/telnetd.c | 10 8 + 2 - 0 !
2 files changed, 12 insertions(+), 3 deletions(-)

 resolve remote host as numeric host identifier.
 Implement a new switch '-N' in the server, avoiding reverse DNS
 resolution and instead registering a numeric host representation.
 The environment variable REMOTEHOST is set to this numeric address.
 .
 The change could be of benefit in PAM rules for access control as well
 as for accounting and tracing of network activity.  In addition, the use
 of '-N' mitigates cases when a hostile third party might have gained
 control of reverse DNS resolution and is trying to inject fake answers.

configure | 6 0 + 6 - 0 !
1 file changed, 6 deletions(-)

 do not run built programs during configure.
 When cross compiling the source, the host-specific programs
 built during the configuration phase are irrelevant for execution.
 Avoid running those executables.  The compile test is still there,
 but the runtime test value should have been well accomplished after
 all these years!