From da4f7bf3913f5f9801f974c6336c42338271b1f2 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Feb 16 2021 07:40:53 +0000
Subject: import telnet-0.17-74.el8_3.1


---

diff --git a/SOURCES/telnet-0.17-pty-retry.patch b/SOURCES/telnet-0.17-pty-retry.patch
new file mode 100644
index 0000000..0d787f4
--- /dev/null
+++ b/SOURCES/telnet-0.17-pty-retry.patch
@@ -0,0 +1,42 @@
+--- a/telnetd/telnetd.c
++++ b/telnetd/telnetd.c
+@@ -772,7 +772,6 @@ void telnet(int f, int p)
+     int on = 1;
+     char *HE;
+     const char *IM;
+-    int pty_read_ok = 0; /* track whether the pty read has worked yet */
+ 
+     /*
+      * Initialize the slc mapping table.
+@@ -1086,19 +1085,24 @@ void telnet(int f, int p)
+ 	 * Something to read from the pty...
+ 	 */
+ 	if (FD_ISSET(p, &ibits)) {
++	    int eio = 0;
++read_pty:
+ 	    pcc = read(p, ptyibuf, BUFSIZ);
+-	    /*
+-	     * On some systems, if we try to read something
+-	     * off the master side before the slave side is
+-	     * opened, we get EIO.
+-	     */
+-	    if (pcc < 0 && (errno == EWOULDBLOCK || (errno == EIO && pty_read_ok == 0))) {
++	    if (pcc < 0 && errno == EWOULDBLOCK) {
+ 		pcc = 0;
+ 	    } 
++	    /*
++	     * If we try to read something off the master side while the slave
++	     * side is temporarily closed by login process, we get EIO.
++	     */
++	    else if (pcc < 0 && errno == EIO && eio < 1000) {
++		    eio++;
++		    poll(NULL, 0, 10);
++		    goto read_pty;
++	    }
+ 	    else {
+ 		if (pcc <= 0)
+ 		    break;
+-		pty_read_ok = 1;	/* mark connection up for read */
+ #ifdef	LINEMODE
+ 				/*
+ 				 * If ioctl from pty, pass it through net
diff --git a/SPECS/telnet.spec b/SPECS/telnet.spec
index eedcc93..9eb3eea 100644
--- a/SPECS/telnet.spec
+++ b/SPECS/telnet.spec
@@ -3,7 +3,7 @@
 Summary: The client program for the Telnet remote login protocol
 Name: telnet
 Version: 0.17
-Release: 73%{?dist}.1
+Release: 74%{?dist}.1
 Epoch: 1
 License: BSD
 Group: Applications/Internet
@@ -42,6 +42,7 @@ Patch30: netkit-telnet-0.17-manpage.patch
 Patch31: netkit-telnet-0.17-covscan.patch
 Patch32: telnet-log-address.patch
 Patch33: telnet-0.17-overflow-exploit.patch
+Patch34: telnet-0.17-pty-retry.patch
 
 BuildRequires: ncurses-devel systemd
 BuildRequires: perl-interpreter
@@ -99,6 +100,7 @@ mv telnet telnet-NETKIT
 %patch31 -p1 -b .covscan
 %patch32 -p1 -b .log-address
 %patch33 -p1 -b .overflow
+%patch34 -p1 -b .pty-retry
 
 %build
 %ifarch s390 s390x
@@ -164,8 +166,11 @@ install -p -m644 %SOURCE6 ${RPM_BUILD_ROOT}%{_unitdir}/telnet.socket
 %{_mandir}/man8/telnetd.8*
 
 %changelog
-* Thu Mar 26 2020 Michal Ruprich <michalruprich@gmail.com> - 1:0.17-73.1
-- Resolves: #1814473 - Arbitrary remote code execution in utility.c via short writes or urgent data
+* Tue Dec 15 2020 Michal Ruprich <mruprich@redhat.com> - 1:0.17-74.1
+- Resolves: #1907283 - in.telnetd needs to tolerate temporary EIO errors
+
+* Thu Mar 26 2020 Michal Ruprich <michalruprich@gmail.com> - 1:0.17-74
+- Resolves: #1814474 - Arbitrary remote code execution in utility.c via short writes or urgent data
 
 * Thu Oct 04 2018 Michal Ruprich <mruprich@redhat.com> - 1:0.17-73
 - Resolves: #1602711 - Please review important issues found by covscan