commit: 22a0e3e329fa0dbee6dbf26c2d2142e041191910 Author: Mike Gilbert <floppym <AT> gentoo <DOT> org> AuthorDate: Tue Jan 20 17:25:08 2026 +0000 Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org> CommitDate: Tue Jan 20 17:25:14 2026 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=22a0e3e3
net-misc/inetutils: add 2.7 Includes patch to address authentication bypass. Bug: https://bugs.gentoo.org/969065 Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org> net-misc/inetutils/Manifest | 1 + .../inetutils/files/inetutils-2.7-telnetd.patch | 114 +++++++++++++ net-misc/inetutils/inetutils-2.7.ebuild | 176 +++++++++++++++++++++ 3 files changed, 291 insertions(+) diff --git a/net-misc/inetutils/Manifest b/net-misc/inetutils/Manifest index e3a4657f044e..060430c660d6 100644 --- a/net-misc/inetutils/Manifest +++ b/net-misc/inetutils/Manifest @@ -1 +1,2 @@ DIST inetutils-2.6.tar.xz 1764528 BLAKE2B ab6de2d55c867cc718a1f2d2504d587774f8d5dd583b49131bcc1580116fe3dba60058b330fdf50f33f86394f9ebd03dbf77d3086e8b5f2e382132eb2f18cea5 SHA512 a85b0be4d49f89d34765a1206a6d94c123df3777a5d2ee4e08d11c872ac9816ab589b0cf6ef0b916d6c732da3bdb9bfe6f43925b513d065806e08b30cd1e98a5 +DIST inetutils-2.7.tar.gz 3157952 BLAKE2B 0d651cf458dd7c42955be17f82c8f022e7048c694daa94f14fbc15969d628d1e017a05235353a03de8a69dd3f349eb1e4adf89e7dffc82f782858506738f9a42 SHA512 8f36bea126108e8f48f2c436c9ff11684f3bd51c4e48090f0ab8626b8c5878b6dc8c64b84cd7a6220913f68c8602b37c8ac632fe9ef530bf5018c6e51ee1a90b diff --git a/net-misc/inetutils/files/inetutils-2.7-telnetd.patch b/net-misc/inetutils/files/inetutils-2.7-telnetd.patch new file mode 100644 index 000000000000..550a9dab70ed --- /dev/null +++ b/net-misc/inetutils/files/inetutils-2.7-telnetd.patch @@ -0,0 +1,114 @@ +https://bugs.gentoo.org/969065 + +From fd702c02497b2f398e739e3119bed0b23dd7aa7b Mon Sep 17 00:00:00 2001 +From: Paul Eggert <[email protected]> +Date: Tue, 20 Jan 2026 01:10:36 -0800 +Subject: [PATCH] Fix injection bug with bogus user names + +Problem reported by Kyu Neushwaistein. +* telnetd/utility.c (_var_short_name): +Ignore user names that start with '-' or contain shell metacharacters. + +Signed-off-by: Simon Josefsson <[email protected]> +--- + telnetd/utility.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/telnetd/utility.c b/telnetd/utility.c +index b486226e..c02cd0e6 100644 +--- a/telnetd/utility.c ++++ b/telnetd/utility.c +@@ -1733,7 +1733,14 @@ _var_short_name (struct line_expander *exp) + return user_name ? xstrdup (user_name) : NULL; + + case 'U': +- return getenv ("USER") ? xstrdup (getenv ("USER")) : xstrdup (""); ++ { ++ /* Ignore user names starting with '-' or containing shell ++ metachars, as they can cause trouble. */ ++ char const *u = getenv ("USER"); ++ return xstrdup ((u && *u != '-' ++ && !u[strcspn (u, "\t\n !\"#$&'()*;<=>?[\\^`{|}~")]) ++ ? u : ""); ++ } + + default: + exp->state = EXP_STATE_ERROR; +From ccba9f748aa8d50a38d7748e2e60362edd6a32cc Mon Sep 17 00:00:00 2001 +From: Simon Josefsson <[email protected]> +Date: Tue, 20 Jan 2026 14:02:39 +0100 +Subject: [PATCH] telnetd: Sanitize all variable expansions + +* telnetd/utility.c (sanitize): New function. +(_var_short_name): Use it for all variables. +--- + telnetd/utility.c | 32 ++++++++++++++++++-------------- + 1 file changed, 18 insertions(+), 14 deletions(-) + +diff --git a/telnetd/utility.c b/telnetd/utility.c +index c02cd0e6..b21ad961 100644 +--- a/telnetd/utility.c ++++ b/telnetd/utility.c +@@ -1684,6 +1684,17 @@ static void _expand_cond (struct line_expander *exp); + static void _skip_block (struct line_expander *exp); + static void _expand_block (struct line_expander *exp); + ++static char * ++sanitize (const char *u) ++{ ++ /* Ignore values starting with '-' or containing shell metachars, as ++ they can cause trouble. */ ++ if (u && *u != '-' && !u[strcspn (u, "\t\n !\"#$&'()*;<=>?[\\^`{|}~")]) ++ return u; ++ else ++ return ""; ++} ++ + /* Expand a variable referenced by its short one-symbol name. + Input: exp->cp points to the variable name. + FIXME: not implemented */ +@@ -1710,13 +1721,13 @@ _var_short_name (struct line_expander *exp) + return xstrdup (timebuf); + + case 'h': +- return xstrdup (remote_hostname); ++ return xstrdup (sanitize (remote_hostname)); + + case 'l': +- return xstrdup (local_hostname); ++ return xstrdup (sanitize (local_hostname)); + + case 'L': +- return xstrdup (line); ++ return xstrdup (sanitize (line)); + + case 't': + q = strchr (line + 1, '/'); +@@ -1724,23 +1735,16 @@ _var_short_name (struct line_expander *exp) + q++; + else + q = line; +- return xstrdup (q); ++ return xstrdup (sanitize (q)); + + case 'T': +- return terminaltype ? xstrdup (terminaltype) : NULL; ++ return terminaltype ? xstrdup (sanitize (terminaltype)) : NULL; + + case 'u': +- return user_name ? xstrdup (user_name) : NULL; ++ return user_name ? xstrdup (sanitize (user_name)) : NULL; + + case 'U': +- { +- /* Ignore user names starting with '-' or containing shell +- metachars, as they can cause trouble. */ +- char const *u = getenv ("USER"); +- return xstrdup ((u && *u != '-' +- && !u[strcspn (u, "\t\n !\"#$&'()*;<=>?[\\^`{|}~")]) +- ? u : ""); +- } ++ return xstrdup (sanitize (getenv ("USER"))); + + default: + exp->state = EXP_STATE_ERROR; diff --git a/net-misc/inetutils/inetutils-2.7.ebuild b/net-misc/inetutils/inetutils-2.7.ebuild new file mode 100644 index 000000000000..b93600781b71 --- /dev/null +++ b/net-misc/inetutils/inetutils-2.7.ebuild @@ -0,0 +1,176 @@ +# Copyright 2021-2026 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit branding pam systemd + +DESCRIPTION="Collection of common network programs" +HOMEPAGE="https://www.gnu.org/software/inetutils/"; +SRC_URI="mirror://gnu/${PN}/${P}.tar.gz" + +LICENSE="GPL-3+" +SLOT="0" +KEYWORDS="~amd64" + +SERVERS="ftpd inetd rexecd rlogind rshd syslogd talkd telnetd tftpd uucpd" +CLIENTS="ftp dnsdomainname hostname ping ping6 rcp rexec rlogin rsh logger telnet tftp whois ifconfig traceroute" +PROGRAMS="${SERVERS} ${CLIENTS}" +IUSE="idn kerberos pam tcpd ${PROGRAMS}" + +DEPEND=" + sys-libs/readline:0= + ftpd? ( virtual/libcrypt:0= ) + idn? ( net-dns/libidn2:= ) + kerberos? ( virtual/krb5 ) + pam? ( sys-libs/pam ) + tcpd? ( sys-apps/tcp-wrappers ) + uucpd? ( virtual/libcrypt:0= ) +" +RDEPEND="${DEPEND} + ftpd? ( net-ftp/ftpbase[pam?] ) + ftp? ( !net-ftp/ftp ) + dnsdomainname? ( !sys-apps/net-tools ) + hostname? ( !sys-apps/coreutils[hostname(-)] !sys-apps/net-tools[hostname(+)] ) + inetd? ( !sys-apps/netkit-base ) + ping? ( !net-misc/iputils ) + ping6? ( !net-misc/iputils[ipv6(+)] ) + rcp? ( !net-misc/netkit-rsh ) + rexec? ( !net-misc/netkit-rsh ) + rexecd? ( !net-misc/netkit-rsh ) + rlogin? ( !net-misc/netkit-rsh ) + rlogind? ( !net-misc/netkit-rsh ) + rsh? ( !net-misc/netkit-rsh ) + rshd? ( !net-misc/netkit-rsh ) + logger? ( !sys-apps/util-linux[logger(+)] ) + syslogd? ( !app-admin/sysklogd ) + talkd? ( !net-misc/netkit-talk ) + telnet? ( !net-misc/telnet-bsd !net-misc/netkit-telnetd ) + telnetd? ( !net-misc/telnet-bsd !net-misc/netkit-telnetd ) + tftp? ( !net-ftp/tftp-hpa[client(+)] ) + tftpd? ( !net-ftp/tftp-hpa[server(+)] ) + whois? ( !net-misc/whois ) + ifconfig? ( !sys-apps/net-tools ) + traceroute? ( !net-analyzer/traceroute ) +" + +QA_CONFIG_IMPL_DECL_SKIP=( MIN static_assert alignof unreachable ) + +PATCHES=( + "${FILESDIR}/inetutils-2.7-telnetd.patch" +) + +src_configure() { + local myconf=( + --localstatedir="${EPREFIX}/var" + --disable-clients + --disable-servers + $(use_with idn) + --without-krb4 + $(use_with kerberos krb5) + --without-shishi + $(use_with pam) + $(use_with tcpd wrap) + ) + + local prog + for prog in ${PROGRAMS}; do + myconf+=( $(use_enable "${prog}") ) + done + + econf "${myconf[@]}" +} + +iu_pamd() { + if use "$1"; then + pamd_mimic system-remote-login "$2" auth account password session + fi +} + +create_init() { + use "$1" || return + + newinitd - "$1" <<-EOF + #!${EPREFIX}/sbin/openrc-run + command="${EPREFIX}/usr/libexec/$1" + command_args="$2" + pidfile="${EPREFIX}/var/run/$1.pid" + EOF + + systemd_newunit - "$1.service" <<-EOF + [Service] + ExecStart="${EPREFIX}/usr/libexec/$1"${2:+ }$2 + PIDFile=${EPREFIX}/var/run/$1.pid + Type=forking + + [Install] + WantedBy=multi-user.target + EOF +} + +create_socket_stream() { + use "$1" || return + + systemd_newunit - "$1.socket" <<-EOF + [Socket] + ListenStream=$2 + Accept=yes + + [Install] + WantedBy=sockets.target + EOF + + systemd_newunit - "[email protected]" <<-EOF + [Unit] + CollectMode=inactive-or-failed + + [Service] + ExecStart="${EPREFIX}/usr/libexec/$1" + StandardInput=socket + StandardError=journal + EOF +} + +create_socket_datagram() { + use "$1" || return + + systemd_newunit - "$1.socket" <<-EOF + [Socket] + ListenDatagram=$2 + + [Install] + WantedBy=sockets.target + EOF + + systemd_newunit - "$1.service" <<-EOF + [Service] + ExecStart="${EPREFIX}/usr/libexec/$1" + StandardInput=socket + StandardError=journal + EOF +} + +src_install() { + default + iu_pamd rexecd rexec + iu_pamd rlogind rlogin + iu_pamd rshd rsh + if use kerberos; then + iu_pamd rlogind krlogin + iu_pamd rshd krsh + fi + + create_init ftpd --daemon + create_init inetd + create_init rlogind --daemon + create_init syslogd + + create_socket_stream ftpd 21 + create_socket_stream rexecd 512 + create_socket_stream rlogind 513 + create_socket_stream rshd 514 + create_socket_stream telnetd 23 + create_socket_stream uucpd 540 + + create_socket_datagram talkd 518 +}
