- Copy stable/10 (r259064) to releng/10.0 as part of the
10.0-RELEASE cycle.
- Update __FreeBSD_version [1]
- Set branch name to -RC1

[1] 10.0-CURRENT __FreeBSD_version value ended at '55', so
start releng/10.0 at '100' so the branch is started with
a value ending in zero.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Fix "automatic" login, broken by revision 69825 (12 years, 5 months ago).
The "automatic" login feature is described as follows:
The USER environment variable holds the name of the person telnetting in.
This is the username of the person on the client machine. The traditional
behaviour is to execute login(1) with this username first, meaning that
login(1) will prompt for the password only. If login fails, login(1) will
retry, but now prompt for the username before prompting for the password.

This feature got broken by how the environment got scrubbed. Before the
change in r69825 we removed variables that we deemed dangerous. Starting
with r69825 we only keep those variable we know to be safe.

The USER environment variable fell through the cracks. It suddenly got
scrubbed (i.e. removed from the environment) while still being checked
for. It also got explicitly removed from the environment to handle the
failed login case.

The fix is to obtain the value of the USER environment variable before
we scrub the environment and used the "cached" in subsequent checks.
This guarantees that the environment does not contain the USER variable
in the end, while still being able to implement "automatic" login.

Obtained from: Juniper Networks, Inc.

Make sure that each va_start has one and only one matching va_end,
especially in error cases.

Remove superfluous paragraph macro.

- Do not use deprecated krb5 error message reporting functions in libtelnet.

Fix a problem whereby a corrupt DNS record can cause named to crash. [11:06]

Add an API for alerting internal libc routines to the presence of
"unsafe" paths post-chroot, and use it in ftpd. [11:07]

Fix a buffer overflow in telnetd. [11:08]

Make pam_ssh ignore unpassphrased keys unless the "nullok" option is
specified. [11:09]

Add sanity checking of service names in pam_start. [11:10]

Approved by: so (cperciva)
Approved by: re (bz)
Security: FreeBSD-SA-11:06.bind
Security: FreeBSD-SA-11:07.chroot
Security: FreeBSD-SA-11:08.telnetd
Security: FreeBSD-SA-11:09.pam_ssh
Security: FreeBSD-SA-11:10.pam

In contrib/telnet/telnet/utilities.c, fix a few warnings about format
strings not being literals.

MFC after: 1 week

In contrib/telnet/telnetd/utility.c, fix a few warnings about format
strings not being literals.

MFC after: 1 week

In contrib/telnet/libtelnet/sra.c, use the correct number of bytes to
zero the password buffer.

MFC after: 1 week

telnet: Fix infinite loop if local output generates SIGPIPE.

Instead of catching SIGPIPE and jumping out of the signal handler with
longjmp, ignore it and handle write errors to the local output by exiting
from there. I have changed the error message to mention the local output
instead of NetBSD's wrong "Connection closed by foreign host". Write errors
to the network were already handled by exiting immediately and this now
applies to EPIPE too.

The code assumed that SIGPIPE could only be generated by the network
connection; if it was generated by the local output, it would longjmp out of
the signal handler and write an error message which caused another SIGPIPE.

PR: 19773
Obtained from: NetBSD
MFC after: 1 week

Forgot a part that was missing in the previous commit.

There is no need to call trimdomain() anymore now that ut_host is big
enough to fit decent hostnames.

Let telnetd build without utmp and logwtmp(3).

Just like rlogind, there is no need to change the ownership of the
terminal during shutdown anymore. Also don't call logwtmp, because the
login(1)/PAM is responsible for doing this. Also use SHUT_RDWR instead
of 2.

Remove unneeded inclusion of <utmp.h> and dead variables.

Use <termios.h> instead of <sys/termios.h>.

<sys/termios.h> only works on FreeBSD by accident.

Rename all symbols in libmp(3) to mp_*, just like Solaris.

The function pow() in libmp(3) clashes with pow(3) in libm. We could
rename this single function, but we can just take the same approach as
the Solaris folks did, which is to prefix all function names with mp_.

libmp(3) isn't really popular nowadays. I suspect not a single
application in ports depends on it. There's still a chance, so I've
increased the SHLIB_MAJOR and __FreeBSD_version.

Reviewed by: deischen, rdivacky

Correctly scrub telnetd's environment.

Approved by: so (cperciva)
Security: FreeBSD-SA-09:05.telnetd

Use strlcpy() instead of strcpy().

Requested by: mlaier

Convert telnetd(8) to use posix_openpt(2).

Some time ago I got some reports MPSAFE TTY broke telnetd(8). Even
though it turned out to be a different problem within the TTY code, I
spotted a small issue with telnetd(8). Instead of allocating PTY's using
openpty(3) or posix_openpt(2), it used its own PTY allocation routine.
This means that telnetd(8) still uses /dev/ptyXX-style devices.

I've also increased the size of line[]. Even though 16 should be enough,
we already use 13 bytes ("/dev/pts/999", including '\0'). 32 bytes gives
us a little more freedom.

Also enable -DSTREAMSPTY. Otherwise telnetd(8) strips the PTY's pathname
to the latest slash instead of just removing "/dev/" (e.g. /dev/pts/0 ->
0, instead of pts/0).

Reviewed by: rink

Fix TELOPT(opt) when opt > TELOPT_TN3270E.

PR: 127194
Submitted by: Joost Bekkers
MFC after: 1 month

List authentication types supported with "-X" taken from the libtelnet
code.

PR: 121721

Don't attempt authentication at all if it has been disabled via '-a off'.
This works around a bug in HP-UX's telnet client and also gives a much
saner user experience when using FreeBSD's telnet client.

PR: bin/19405
Submitted by: Joel Ray Holveck joelh of gnu.org
MFC after: 1 month

Commit IPv6 support for FAST_IPSEC to the tree.
This commit includes all remaining changes for the time being including
user space updates.

Submitted by: bz
Approved by: re

Markup nits.

Remove bogus casts of valid integer ioctl() arguments.

o Mention .telnetrc DEFAULT keyword.

PR: bin/100496 (sort of)
Obtained from: NetBSD, heas@netbsd
MFC after: 3 weeks

NI_WITHSCOPEID cleanup

Correct a pair of buffer overflows in the telnet(1) command:

(CAN-2005-0468) A heap buffer overflow in env_opt_add() and related
functions.

(CAN-2005-0469) A global uninitialized data section buffer overflow in
slc_add_reply() and related functions.

As a result of these vulnerabilities, it may be possible for a malicious
telnet server or active network attacker to cause telnet(1) to execute
arbitrary code with the privileges of the user running it.

Security: CAN-2005-0468, CAN-2005-0469
Security: FreeBSD-SA-05:01.telnet
Security: http://www.idefense.com/application/poi/display?id=220&type=vulnerabilities
Security: http://www.idefense.com/application/poi/display?id=221&type=vulnerabilities

These fixes are based in part on patches
Submitted by: Solar Designer <solar@openwall.com>

Increase usefulness of telnet(1) as a protocol tester. By prepending
"+" to the port number, disable option negotiation and allow
transferring of data with high bit set.

OKed by: markm (maintainer)
PR: 52032
Submitted by: Valentin Nechayev <netch maybe-at netch stop kiev stop ua>
MFC After: 2 weeks

- Soften sentence breaks.
- Remove double whitespace.
- Sort sections.

o Make telnet[d] -S (IP TOS) flag really work. We do not have
/etc/iptos implementation so only numeric values supported.

o telnetd.8: steal the -S flag description from telnet.1, bump
the date of the document.

MFC after: 6 weeks

o Add -4 and -6 flags to a man page and usage(). Bump the man page
date.

o Remove -t flag from getopt(3), it was killed in rev. 1.15 three
years ago.

o Print a correct status for unix domain sockets.
o Restore input mode when return from the command one.

PR: bin/49983
Submitted by: Volker Stolz
OK in general from: markm
MFC after: 1 month

Add missing () to function invocation.

Switch Advanced Sockets API for IPv6 from RFC2292 to RFC3542
(aka RFC2292bis). Though I believe this commit doesn't break
backward compatibility againt existing binaries, it breaks
backward compatibility of API.
Now, the applications which use Advanced Sockets API such as
telnet, ping6, mld6query and traceroute6 use RFC3542 API.

Obtained from: KAME

EAI_ADDRFAMILY and EAI_NODATA was deprecated in RFC3493
(aka RFC2553bis). Now, getaddrinfo(3) returns EAI_NONAME
instead of EAI_NODATA. Our getaddrinfo(3) nor getnameinfo(3)
didn't use EAI_ADDRFAMILY.

Obtained from: KAME

Implement what has been documented for a long time: make -debug switch
on socket debugging.

Okay'ed by: markm

Fix up external variables named "debug" that have a horrible habit
of conflicting with other, similarly named functions in static
libraries. This is done mostly by renaming the var if it is shared
amongst modules, or making it static otherwise.

OK'ed by: re(scottl)

Use __FBSDID vs. rcsid[]. Also protect sccs[] and copyright[] from GCC 3.3.

Unbreak Kerberos 5 authentication in telnet.
(Credential forwarding is still broken.)

PR: bin/45397

Background:
When libdes was replaced with OpenSSL's libcrypto, there were a few
interfaces that the former implemented but the latter did not. Because
some software in the base system still depended upon these interfaces,
we simply included them in our libcrypto (rnd_keys.c).

Now, finally get around to removing the dependencies on these
interfaces. There were basically two cases:

des_new_random_key -- This is just a wrapper for des_random_key, and
these calls were replaced.

des_init_random_number_generator et. al. -- A few functions were used
by the application to seed libdes's PRNG. These are not necessary
when using libcrypto, as OpenSSL internally seeds the PRNG from
/dev/random. These calls were simply removed.

Again, some of the Kerberos 4 files have been taken off the vendor
branch. I do not expect there to be future imports of KTH Kerberos 4.

add more RFC defined telnet options

Reviewed by: ps

Merge argument parsing changes into this copy of telnet.

Submitted by: markm
Approved by: bmah

Permit the argument to the -s option to be a hostname. I see no
reason to restrict this to a numeric address.

PR: 41841
Submitted by: Dmitry Pryanishnikov <dmitry@atlantis.dp.ua>,
Maxim Maximov <mcsi@agava.com>

Catch up with "base" telnet.
s/FALL THROUGH/FALLTHROUGH/ for lint(1).

Catch up with "base" telnet.

s/FALL THROUGH/FALLTHROUGH/ for lint(1).
s/Usage/usage/ for consistency.

From the requestor:

"Could you do me a favor and fix sys_bsd.c to get the howmany() macro
from <sys/param.h>, instead of <sys/types.h>? This will save me from
having to worry about the unsync'd bits before making the change."

Requested by: mike

Encrypted strings (after hex decoding) aren't null terminated, because
0 might simply be part of the ciphertext.

PR: bin/40266
Submitted by: andr@dgap.mipt.ru
MFC after: 3 days

Warnings fixes. Sort out some variable types.

Help fix warnings by marking an argument as unused.

Don't risk catching a signal while handling a signal for a dying child, as we
can then end up not properly clearing wtmp/utmp entries.

PR: bin/37934
Submitted by: Sandeep Kumar <skumar@juniper.net>
Reviewed by: markm
MFC after: 2 weeks

unbreak build:

commands.c, sys_bsd.c: comment out/remove junk after #endif/#else
network.c, terminal.c, utlities.c: include stdlib.h for exit(3)

Fix an external declaration that was causing telnetd to core dump.

MFC after: 1 week
PR: 37766

Update build after import of Heimdal Kerberos 2002/02/17.

Don't use non-signal-safe functions (exit(3) in this case) in
signal handlers. In this case, use _exit(2) instead, following
the call to shutdown(2).

This fixes rare telnetd hangs.

PR: misc/33672
Submitted by: Umesh Krishnaswamy <umesh@juniper.net>
MFC after: 1 month

mdoc(7) police: remove -r from SYNOPSIS, sort -p in DESCRIPTION.

Don't assume that the number of fds to select on is known quantity (in
this case 16). Use dynamic FD_SETs and calculated high-water marks
throughout. There are also too many versions of telnet in the tree.

Obtained from: OpenBSD and Apple's Radar database
MFC after: 2 days

Fixed bugs from previous revision.

Removed -s from SYNOPSIS and restored -S in DESCRIPTION.

Protect variables and function prototypes that are only used in the INET6
case with an ifdef INET6.

This make the fixit floppy compile again.

Reviewed by: markm

More help for alpha WARNS=2. This code is, erm, unusual. Anyone who
feels like rewriting it will meet no objection from me.

help the alphas out with the WARNS=2 stuff.

Damn. The previous mega-commit was incomplete WRT ANSIfication. This
fixes that.

Very large style makeover.

1) ANSIfy.
2) Clean up ifdefs so that
a) ones that never/always apply are appropriately either
fully removed, or just the #if junk is removed.
b) change #if defined(FOO) for appropiate values of FOO.
(currently AUTHENTICATION and ENCRYPTION)
3) WARNS=2 fixing
4) GC other unused stuff

This code can now be unifdef(1)ed to make non-crypto telnet.

Fix world by trimming an extra comment terminator.

Add Berkeley copyright to SRA.

This is by the kind permission of Dave Safford, formerly of TAMU who wrote the
original code. Here is an excerpt of the e-mail exchange concerning this
issue:

Dave Safford wrote:
>Nick Sayer wrote:
>> Some time ago we spoke about SRA and importing it into FreeBSD. I forgot to
>> ask if you had a prefered license boilerplate for the top of the files. It
>> has come up recently, and the SRA code in FreeBSD doesn't have one.

>I really have no preference - use whatever is most convenient in the
>FreeBSD environment.

>dave safford

This is the standard BSD license with clause 3 removed and clause 4
suitably renumbered.

MFC after: 1 day

Diff-reduce these two.

Really, one of them needs to disappear. I'll figure out which
later.

Reported by: bde

Add __FBSDID() to diff-reduce with "base" telnet.

Manually unifdef(1) CRAY, UNICOS, hpux and sun uselsess code.

Remove description of an option that only applies to UNICOS < 7.0.
That define may still be present in the source, but I don't think
anyone has plans to try to use it.

Obtained from: NetBSD

Code merge and diff reduce with "base" telnet. This is the "later"
telnet, so it was treated as the reference code, except where later
commits were made to "base" telnet.

Removal of following export controll related sentences:
o Because of export controls, TELNET ENCRYPT option is not supported outside
of the United States and Canada.
o Because of export controls, data encryption
is not supported outside of the United States and Canada.

src/crypto/README revision 1.5 commit log says:
> Crypto sources are no longer export controlled:
> Explain, why crypto sources are still in crypto/.
and actually telnet encryption is used outside of US and Canada now.

Pointed out by: OHSAWA Chitoshi <ohsawa@catv1.ccn-net.ne.jp>
Reviewed by: no objection on doc

mdoc(7) police: s/BSD/.Bx/ where appropriate.

output_data(), output_datalen() and netflush() didn't actually guarantee
to do what they are supposed to: under some circumstances output data would
be truncated, or the buffer would not actually be flushed (possibly leading
to overflows when the caller assumes the operation succeeded). Change the
semantics so that these functions ensure they complete the operation before
returning.

Comment out diagnostic code enabled by '-D reports' which causes an
infinite recursion and an eventual crash.

Patch developed with assistance from ru and assar.

More potential buffer overflow fixes.

o Fixed `nfrontp' calculations in output_data(). If `remaining' is
initially zero, it was possible for `nfrontp' to be decremented.

Noticed by: dillon

o Replaced leaking writenet() with output_datalen():

: * writenet
: *
: * Just a handy little function to write a bit of raw data to the net.
: * It will force a transmit of the buffer if necessary
: *
: * arguments
: * ptr - A pointer to a character string to write
: * len - How many bytes to write
: */
: void
: writenet(ptr, len)
: register unsigned char *ptr;
: register int len;
: {
: /* flush buffer if no room for new data) */
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
: if ((&netobuf[BUFSIZ] - nfrontp) < len) {
: /* if this fails, don't worry, buffer is a little big */
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
: netflush();
: }
:
: memmove(nfrontp, ptr, len);
: nfrontp += len;
:
: } /* end of writenet */

What an irony! :-)

o Optimized output_datalen() a bit.

vsnprintf() can return a value larger than the buffer size.

Submitted by: assar
Obtained from: OpenBSD

Fixed the exploitable remote buffer overflow.

Reported on: bugtraq
Obtained from: Heimdal, NetBSD
Reviewed by: obrien, imp

mdoc(7) police: removed HISTORY info from the .Os call.

mdoc(7) police: merge all fixes from non-crypto version.

MF non-crypto: 1.13: document -u in usage.

Oops, forgot the 'u' in the getopt for the previous commit.

A feature to allow one to telnet to a unix domain socket. (MFC from
non-crypto version)

Also update the crypto telnet's man page to reflect other options
ported from the non-crypto version.

Obtained from: Lyndon Nerenberg <lyndon@orthanc.ab.ca>

Make the PAM user-override actually override the correect thing.

Back out last commit. This was already fixed. This should never have
happened, this is why we have commit mail expressly delivered to
committers.

Fix the latest telnet breakage. Obviously this was never compiled.

Since the root-on-insecure-tty code was added to telnetd, a dependency
on char *line was added to libtelnet. Put a dummy one in to keep the
linker happy.

Make sure the protocol actively rejects bad data rather than
(potentially) not responding to an invalid SRA 'auth is' message.

srandomdev() affords us the opportunity to radically improve, and at the
same time simplify, the random number selection code.

Catch any attempted buffer overflows. The magic numbers in this code
(512) are a little distressing, but the method really needs to be
extended to allow server-supplied DH parameters anyway.

Submitted by: kris

Catch malloc return failures. This should help avoid dereferencing NULL on
low-memory situations.

Submitted by: kris

Hack to work around braindeath in libtelnet:sra.c. The sra.o file
references global variables from telnetd, but is also linked into
telnet as well. I was tempted to back out the last sra.c change
as it is 100% bogus and should be taken out and shot, but for now
this bandaid should get world working again. :-(

If the uid of the attempted authentication is 0 and if the pty is
insecure, do not succeed. Copied from login.c. This functionality really
should be a PAM module.

Pointy hat fix -- reapply the SRA PAM patch. To -current this time.

mdoc(7) police: removed hard sentence breaks introduced in rev.1.10.

Clean up telnet's argument processing a bit. autologin and encryption is
now the default, so ignore the arguments that turn it on. Add a new -y
argument to turn off encryption in case someone wants to do that. Sync
these changes with the man page (including removing the now obsolete
statement about availability only in the US and Canada).

Reactivate SRA.

Make handling of SIGINT and SIGQUIT follow SIGTSTP in TerminalNewMode().
This allows people to break out of SRA authentication if they wish to.

Fix core noted in -stable with 'auth disable SRA'.

I just mistakenly commited this to RELENG_4. I have contacted Jordan to see
about how to fix this. Pass the pointy hat.

enable auto-negotiation of encrypt and decrypt

Synch: Add $FreeBSD$.

Fix typo: compatability -> compatibility.

Compatability is not an existing english word.

Fix typo: seperate -> separate.

Seperate does not exist in the english language.

Submitted to look at by: kris

Fix typo: wierd -> weird.

There is no such thing as wierd in the english language.

mdoc(7) police: split punctuation characters + misc fixes.

Prepare for mdoc(7)NG.

(scrub_env): change to only accept a listed set of variables,
including only non-filename contents for TERMCAP

Add more environment variables to be filtered through scrub_env().
Synched from normal telnet.

String paranoia fix. Synched from normal telnet.

String paranoia. Merged from regular telnet.

Correct definition of MAXHOSTNAMELEN in ifdef'ed code.

Submitted by: Edwin Groothuis <mavetju@chello.nl>
PR: bin/22787

mdoc(7) police: use the new features of the Nm macro.

Fix a buffer overflow from a long local hostname.

Obtained from: OpenBSD

Avoid use of direct troff requests in mdoc(7) manual pages.

Sync with usr.bin/telnet/telnet.c r1.9 - fix buffer overflow in DISPLAY

Fix buffer size of ALIGNed buffer.

PR: bin/20053
Submitted by: Alex Kapranoff <alex@kapran.bitmcnit.bryansk.su>

Add missing $FreeBSD$ to files that are NOT still on vendor a branch.

Fix 'telnet -X sra' coredump

PR# 19835

Don't call printf with no format string.

Make telnet -s work. It is corresponding to EAI_NONAME -> EAI_NODATA
change (getaddrinfo.c rev 1.12).

sync with usr.bin/telnet/commands.c 1.21 -> 1.22. pierre.dampure@alveley.org

CMSG_XXX macros alignment fixes to follow RFC2292.

Approved by: jkh

Get crypto from libcrypto, not libdes.

Freefall/Internat diff reducer.

Use static buffer to save source route hostnames.

Approved by: jkh

Print "Trying ..." for each host. Also cleanups for error printing.

Approved by: jkh

Submitted by: Ben Smithurst <ben@scientia.demon.co.uk>

Fix bugs in telnet.

Sorry there were still several bugs.
-error retry at af missmatch was incomplete.
-af matching for source addr option was wrong
-socket was not freed at retry.

Approved by: jkh

Add more dual stack consideration.

-Should retry as much as possible when some of source
routing intermediate hosts' address families missmatch
happened.
(such as when a host has only A record, and another host
has each of A and AAAA record.)

-Should retry as much as possible when dest addr and
source addr(specified with -s option) address family
missmatch happend

Approved by: jkh

Fix telnet core dump at invalid service name specified.
Added an error check to avoid it.

Approved by: jkh

Submitted by: Robert Muir <rmuir@gibralter.net>

Add NI_NAMEREQD flag to getnameinfo() call. Without this flag,
getnameinfo() don't return error at name resolving failure.
But it is used at doaddrlookup(-N) case in telnet, error need to be
returned to correctly initialize hostname buffer.

Discovered at checking recent KAME repository change, noticed by itojun.

another tcp apps IPv6 updates.(should be make world safe)
ftp, telnet, ftpd, faithd
also telnet related sync with crypto, secure, kerberosIV

Obtained from: KAME project

Termcap header no longer needed.

$Id$ -> $FreeBSD$

According to Mark Murray, Makefiles do not belong here. I guess we're
going to have to figure something else out.

Add SRA authentication to src/crypto/telnet.

SRA does a Diffie-Hellmen exchange and then DES-encrypts the
authentication data. If the authentication is successful, it also
sets up a session key for DES encryption.

SRA was originally developed at Texas A&M University.

This code is probably export restricted (despite the fact that I
originally found it at a University in Germany).

SRA is not perfect. It is vulnerable to monkey-in-the-middle attacks
and does not use tremendously large DH constants (and thus an individual
exchange probably could be factored in a few days on modern CPU
horsepower). It does not, however, require any changes in user or
administrative behavior and foils session hijacking and sniffing.
The goal of this commit is that telnet and telnetd end up in the DES
distribution and that therefore an encrypted session telnet becomes
standard issue for FreeBSD.

Fix int function without return (make consistent with neighbors)

Document the "skey" command in telnet(1).

PR: docs/12360
Submitted by: kjm@rins.ryukoku.ac.jp (KOJIMA Hajime)
Nagged by: markm :-)

Merge from non-crypto version:
- "-N" option
- "-E" security fix
- "-s src_addr" option

Requested by: markm

MF libexec/telnetd: Determine the host name using an array size of
MAXHOSTNAMELEN and call trimdomain() before implementing
the -u option.

MF libexec/telnetd: MAXHOSTNAMELEN & -u fixes.

Use realhostname().

MF src/libexec/telnetd: Verify the reverse DNS lookup
ala rlogind.
Suggested by: markm

Old stuff laying around: Don't use getstr which can conflict with some
curses/termcap/terminfo implementations and causes recursion.

Old stuff from a source tree: copy (verbatum) the code to expand the
%s/%m in the default /etc/gettytab.

Remove redundant decl. of time(). Causes problems on alpha

MFC: sprintf paranoia

MFC: no \n in syslog strings. Change -P to -p in flags. EOF -> -1. Use err(3).

PR: bin/771 and bin/1037 are resolved by this change
This change changes the default handling of linemode so that older and/or
stupider telnet clients can still get wakeup characters like <ESC> and
<CTRL>D to work correctly multiple times on the same line, as in csh
"set filec" operations. It also causes CR and LF characters to be read by
apps in certain terminal modes consistently, as opposed to returning
CR sometimes and LF sometimes, which broke existing apps. The change
was shown to fix the problem demonstrated in the FreeBSD telnet client,
along with the telnet client in Solaris, SCO, Windows '95 & NT, DEC OSF,
NCSA, and others.

A similar change was incorporated in the non-crypto version of telnetd.

This resolves bin/771 and bin/1037.

Bring the FreeBSD changes to the virgin sources.

This commit was generated by cvs2svn to compensate for changes in r29088,
which included commits to RCS files with non-trunk default branches.