2002-12-06  Sergey Poznyakoff  <gray@Mirddin.farlep.net>

	* telnetd/state.c: Fixed indentation.

2002-08-04  Sergey Poznyakoff  <gray@Mirddin.farlep.net>

	* telnetd/Makefile.am (PATHDEF_DEV): Added to INCLUDES.

2002-04-29  Alfred M. Szmidt  <ams@kemisten.nu>

	* telnetd.c <version.h>: Include removed.
	(inetutils_package): Renamed to PACKAGE_NAME.
	(inetutils_version): Renamed to PACKAGE_VERSION.

2002-04-08  Sergey Poznyakoff  <gray@Mirddin.farlep.net>

	* Makefile.am: Added @INCAUTH@ and @LIBAUTH@.

	* telnetd.c: Fixed to compile with AUTHENTICATION/ENCRYPTION on.
	* telnetd.h: Likewise.
	* utility.c: Likewise.

2002-04-07  Sergey Poznyakoff  <gray@Mirddin.farlep.net>

	* telnetd.c (print_hostinfo): Print local host name.
	* utility.c: Include <termio.h>

2002-04-07  Sergey Poznyakoff  <gray@Mirddin.farlep.net>

	* telnetd.c: Initialize login_invocation. Fixed calls
	  to inet_ntoa.
	  (print_hostinfo): Implemented.
	* pty.c: Use new expand_line to create login command line.
	* telnetd.h: Added missing prototypes.
	* utility.c: Added line expansion code.
	  (io_setup): Initialize ptyip.
	  (pty_input_putback): new function.

2002-04-05  Sergey Poznyakoff  <gray@Mirddin.farlep.net>

	Major rewrite of telnetd.
	
	* defs.h: Removed.
	* ext.h: Removed.
	* global.c: Removed.
	* authenc.c: Removed.
        * telnetd/sys_term.c: Removed
	* term.c: (new) Terminal-specific functions.
	* Makefile.am: Modified.
	* telnetd.c: Rewritten.	
	* telnetd.h: Rewritten.
	* utility.c: Rewritten.
	  
	* pty.c: Use obstack instead of manually allocating memory.

	* slc.c: Lots of fixes: Removed conditional dependencies on
	  LINEMODE, reduced number of global variables.
	* state.c: Likewise.
	* termstat.c: Likewise.

2002-03-14  Sergey Poznyakoff  <gray@Mirddin.farlep.net>

	Started fixing horrible mess in telnetd. To begin with,
	segregated pty-related functions from tty-related ones.
	Use forkpty instead of manually fiddling with lots of ifdefs.
	The stuff has been tested on GNU/Linux and Solaris.
	
	* pty.c (new): PTY-related functions. 
	* Makefile.am: Added pty.c
	* ext.h: Changed definition of line.
	* sys_term.c: Removed unneeded functions. Some of them
          are re-implemented in pty.c
	* telnetd.c (doit, telnet, readstream): Reorganized. 

2002-02-10  Jeff Bailey  <jbailey@outpost.dnsalias.org>

	* Makefile.am: Add -I$(top_builddir)/include to INCLUDES

2001-10-25  Alain Magloire

	* telnetd/telnetd.c: Remove stupid/obsolete hack, if an array
	is declare const char *, you can not write(readonly) to it.  This
	the way ISO C defines it, even if some compiler let it trough. Do
	the right thing everytime not only for GCC.

2001-07-26  Alain Magloire

	The patch was provided by Eric Gillespie, Jr., it addresses
	a vulnerability in telnetd:
	TESO Security Advisory 06/10/2001

	Multiple vendor Telnet Daemon vulnerability

	Summary
	===================
	Within most of the current telnet daemons in use today there exist a
	buffer overflow in the telnet option handling. Under certain
	circumstances it may be possible to exploit it to gain root
	priviledges remotely.

	Impact
	===================
	Through sending a specially formed option string to the remote telnet
	daemon a remote attacker might be able to overwrite sensitive
	information on the static memory pages. If done properly this may
	result in arbitrary code getting executed on the remote machine under
	the priviledges the telnet daemon runs on, usually root.

	Explanation
	===================
	Within every BSD derived telnet daemon under UNIX the telnet options
	are processed by the 'telrcv' function. This function parses the
	options according to the telnet protocol and its internal state.
	During this parsing the results which should be send back to the
	client are stored within the 'netobuf' buffer. This is done without
	any bounds checking, since it is assumed that the reply data is
	smaller than the buffer size (which is BUFSIZ bytes, usually).

	However, using a combination of options, especially the 'AYT' Are You
	There option, it is possible to append data to the buffer, usually
	nine bytes long. To trigger this response, two bytes in the input
	buffer are necessary. Since this input buffer is BUFSIZ bytes long,
	you can exceed the output buffer by as much as
	(BUFSIZ / 2) * 9) - BUFSIZ bytes. For the common case that BUFSIZ is
	defined to be 1024, this results in a buffer overflow by up to 3584
	bytes.  On systems where BUFSIZ is defined to be 4096, this is an
	even greater value (14336).
	Due to the limited set of characters an attacker is able to write
	outside of the buffer it is difficult - if not impossible on some
	systems - to exploit this buffer overflow. Another hurdle for a
	possible attacker may be the lack of interesting information to
	modify after the buffer.
	This buffer overflow should be considered serious nevertheless, since
	experience has shown that even complicated vulnerabilities can be
	exploited by skilled attackers, BIND TSIG and SSH deattack come to
	mind.
	We have constructed a working exploit for any version of BSDI, NetBSD
	and FreeBSD. Exploitation on Solaris sparc may be possible but if it
	is, it is very difficult involving lots of arcane tricks. OpenBSD is
	not as easily exploitable as the other BSD's, because they do compile
	with other options by default, changing memory layout.

	* ext.h (output_data): Add prototypes for output_data.
	* state.c (output_data): Implement output_data().
	Patch provided by "Eric Gillespie, Jr.".

2000-10-30  Marcus Brinkmann

	* sys_term.c: Add prototype for cleanopen().
	* telnetd.c (main): Move assignment outside if condition.

2000-08-08  Alain Magloire

	* extern.h: rename interrupt() to interrupts() since it use
	as a reserve word by the some C compiler.
	* state.c: Likewise.
	* telnetd.c: Likewise.
	* sys_term.c: L_SET rename to SEEK_SET for portability.

2000-07-05  Alain Magloire

	* *: Clause 3 removed.
	excerpt from email with RMS:
	"UCB has agreed to drop the advertising clause from the license for all
	BSD software.  The advertising clause is this one:

	3. All advertising materials mentioning features or use of this software
		must display the following acknowledgement:
		This product includes software developed by the University of
		California, Berkeley and its contributors.

	This means that we can delete that paragraph from all files which give
	the University of California as the only copyright holder."

2000-03-28  Alain Magloire

	* sys_term.c: STREAMSPTY change for HAVE_STREAMSPTY
	UTMPX change for HAVE_UTMPX.
	* sys_term.c: modutx() change for updwtmpx().
	* telnetd: STREAMSPTY change to HAVE_STREAMSPTY

1999-05-19 Alain Magloire
	* telnetd.h: If HAVE_PTSNAME is defined, we assume that the
	platform can handle SYSVR4 pseudo ttys and define STREAMSPTY.

1999-02-17 Alain Magloire

	* rexecd.c : check HAVE_SOCKADDR_IN_SIN_LEN before
	doing static initialization.
