Fix possible login(1) argument injection in telnetd(8). [SA-16:36]
Fix link_ntoa(3) buffer overflow in libc. [SA-16:37]
Fix possible escape from bhyve(8) virtual machine. [SA-16:38]
Fix warnings about valid time zone abbreviations. [EN-16:19]
Update timezone database information. [EN-16:20]

Security: FreeBSD-SA-16:36.telnetd
Security: FreeBSD-SA-16:37.libc
Security: FreeBSD-SA-16:38.bhyve
Errata Notice: FreeBSD-EN-16:19.tzcode
Errata Notice: FreeBSD-EN-16:20.tzdata
Approved by: so

Copy stable/10@r272459 to releng/10.1 as part of
the 10.1-RELEASE process.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Fix "automatic" login, broken by revision 69825 (12 years, 5 months ago).
The "automatic" login feature is described as follows:
The USER environment variable holds the name of the person telnetting in.
This is the username of the person on the client machine. The traditional
behaviour is to execute login(1) with this username first, meaning that
login(1) will prompt for the password only. If login fails, login(1) will
retry, but now prompt for the username before prompting for the password.

This feature got broken by how the environment got scrubbed. Before the
change in r69825 we removed variables that we deemed dangerous. Starting
with r69825 we only keep those variable we know to be safe.

The USER environment variable fell through the cracks. It suddenly got
scrubbed (i.e. removed from the environment) while still being checked
for. It also got explicitly removed from the environment to handle the
failed login case.

The fix is to obtain the value of the USER environment variable before
we scrub the environment and used the "cached" in subsequent checks.
This guarantees that the environment does not contain the USER variable
in the end, while still being able to implement "automatic" login.

Obtained from: Juniper Networks, Inc.

Let telnetd build without utmp and logwtmp(3).

Just like rlogind, there is no need to change the ownership of the
terminal during shutdown anymore. Also don't call logwtmp, because the
login(1)/PAM is responsible for doing this. Also use SHUT_RDWR instead
of 2.

Remove unneeded inclusion of <utmp.h> and dead variables.

Correctly scrub telnetd's environment.

Approved by: so (cperciva)
Security: FreeBSD-SA-09:05.telnetd

Use strlcpy() instead of strcpy().

Requested by: mlaier

Convert telnetd(8) to use posix_openpt(2).

Some time ago I got some reports MPSAFE TTY broke telnetd(8). Even
though it turned out to be a different problem within the TTY code, I
spotted a small issue with telnetd(8). Instead of allocating PTY's using
openpty(3) or posix_openpt(2), it used its own PTY allocation routine.
This means that telnetd(8) still uses /dev/ptyXX-style devices.

I've also increased the size of line[]. Even though 16 should be enough,
we already use 13 bytes ("/dev/pts/999", including '\0'). 32 bytes gives
us a little more freedom.

Also enable -DSTREAMSPTY. Otherwise telnetd(8) strips the PTY's pathname
to the latest slash instead of just removing "/dev/" (e.g. /dev/pts/0 ->
0, instead of pts/0).

Reviewed by: rink

Use __FBSDID vs. rcsid[]. Also protect sccs[] and copyright[] from GCC 3.3.

Don't risk catching a signal while handling a signal for a dying child, as we
can then end up not properly clearing wtmp/utmp entries.

PR: bin/37934
Submitted by: Sandeep Kumar <skumar@juniper.net>
Reviewed by: markm
MFC after: 2 weeks

Don't use non-signal-safe functions (exit(3) in this case) in
signal handlers. In this case, use _exit(2) instead, following
the call to shutdown(2).

This fixes rare telnetd hangs.

PR: misc/33672
Submitted by: Umesh Krishnaswamy <umesh@juniper.net>
MFC after: 1 month

More help for alpha WARNS=2. This code is, erm, unusual. Anyone who
feels like rewriting it will meet no objection from me.

Damn. The previous mega-commit was incomplete WRT ANSIfication. This
fixes that.

Very large style makeover.

1) ANSIfy.
2) Clean up ifdefs so that
a) ones that never/always apply are appropriately either
fully removed, or just the #if junk is removed.
b) change #if defined(FOO) for appropiate values of FOO.
(currently AUTHENTICATION and ENCRYPTION)
3) WARNS=2 fixing
4) GC other unused stuff

This code can now be unifdef(1)ed to make non-crypto telnet.

Manually unifdef(1) CRAY, UNICOS, hpux and sun uselsess code.

Code merge and diff reduce with "base" telnet. This is the "later"
telnet, so it was treated as the reference code, except where later
commits were made to "base" telnet.

(scrub_env): change to only accept a listed set of variables,
including only non-filename contents for TERMCAP

Add more environment variables to be filtered through scrub_env().
Synched from normal telnet.

Forced commit. This is to try and help folks that used the international
crypto repo and have slightly different files but with the same version.
cvsup in 'checkout mode' has no trouble with this, but cvs can get really
silly about it.

$Id$ -> $FreeBSD$

MF libexec/telnetd: MAXHOSTNAMELEN & -u fixes.

Remove redundant decl. of time(). Causes problems on alpha

MFC: sprintf paranoia

MFC: no \n in syslog strings. Change -P to -p in flags. EOF -> -1. Use err(3).

Bring the FreeBSD changes to the virgin sources.

This commit was generated by cvs2svn to compensate for changes in r29088,
which included commits to RCS files with non-trunk default branches.

Initial import of BSD telnet. This will be used to build the kerberised
telnet, and after userland diffs have been merged in, will be used to
build the non-kerberised sources as well. (See unifdef(1) for details)