diff -ur inetutils-20010209.org/libinetutils/ttymsg.c inetutils-20010209/libinetutils/ttymsg.c
--- inetutils-20010209.org/libinetutils/ttymsg.c	Mon Aug 14 04:56:35 2000
+++ inetutils-20010209/libinetutils/ttymsg.c	Thu Jun 28 12:52:58 2001
@@ -39,6 +39,7 @@
 #include <sys/uio.h>
 #include <signal.h>
 #include <fcntl.h>
+#include <sys/stat.h>
 #include <dirent.h>
 #include <errno.h>
 #include <unistd.h>
@@ -70,20 +71,11 @@
   register int cnt, fd, left, wret;
   struct iovec localiov[6];
   int forked = 0;
+  struct stat statb;
 
   if (iovcnt > (int)(sizeof (localiov) / sizeof (localiov[0])))
     return (char *)("too many iov's (change code in wall/ttymsg.c)");
 
-  /* we're watching for '/', ".", ".."  '/' --> somebody could specify
-     tty as ../etc/passwd ".", ".." those are not security related it's
-     just sanity checks.  */
-  if (strchr (line, '/'))
-    {
-      /* A slash is an attempt to break security... */
-      (void) snprintf (errbuf, sizeof(errbuf), "'/' in \"%s\"", line);
-      return (errbuf);
-    }
-
   device = malloc (sizeof PATH_TTY_PFX - 1 + strlen (line) + 1);
   if (! device)
     {
@@ -94,6 +86,25 @@
 
   strcpy (device, PATH_TTY_PFX);
   strcat (device, line);
+
+  /* check file type so that no files that aren't character devices
+  ** get opened */
+  if (stat(device, &statb) != 0) {
+    (void) snprintf (errbuf, sizeof (errbuf),
+		     "%s: %s", device, strerror (errno));
+    free (device);
+    return errbuf;
+  }
+
+  /* we're watching for '/', ".", ".."  '/' --> somebody could specify
+     tty as ../etc/passwd ".", ".." those are not security related it's
+     just sanity checks.  */
+  if (! S_ISCHR(statb.st_mode)) {
+    snprintf (errbuf, sizeof errbuf,
+	      "Target device %s not a character device", device);
+    free (device);
+    return errbuf;
+  }
 
   /*
    * open will fail on slip lines or exclusive-use lines
diff -ur inetutils-20010209.org/talk/display.c inetutils-20010209/talk/display.c
--- inetutils-20010209.org/talk/display.c	Wed Jul 19 06:08:38 2000
+++ inetutils-20010209/talk/display.c	Thu Jun 28 16:41:56 2001
@@ -71,7 +71,7 @@
 	char cch;
 
 	for (i = 0; i < size; i++) {
-		if (*text == '\n') {
+		if (*text == '\n' || *text == '\r') {
 			xscroll(win, 0);
 			text++;
 			continue;
diff -ur inetutils-20010209.org/talk/io.c inetutils-20010209/talk/io.c
--- inetutils-20010209.org/talk/io.c	Wed Jul 19 06:08:38 2000
+++ inetutils-20010209/talk/io.c	Thu Jun 28 18:20:15 2001
@@ -78,7 +78,8 @@
 	char buf[BUFSIZ];
 	struct timeval wait;
 
-	message("Connection established\007\007\007");
+	message("Connection established");
+	beep();
 	current_line = 0;
 
 	/*
diff -ur inetutils-20010209.org/talkd/process.c inetutils-20010209/talkd/process.c
--- inetutils-20010209.org/talkd/process.c	Wed Jul 19 06:08:38 2000
+++ inetutils-20010209/talkd/process.c	Fri Jun 29 00:55:26 2001
@@ -171,7 +171,15 @@
 	}
 }
 
-#include <utmp.h>
+#ifdef HAVE_UTMP_H
+# include <utmp.h>
+#endif
+
+#ifdef UTMPX
+# ifdef HAVE_UTMPX_H
+#  include <utmpx.h>
+# endif
+#endif
 
 /*
  * Search utmp for the local user
@@ -179,42 +187,76 @@
 int
 find_user(char *name, char *tty)
 {
+#ifndef UTMPX
 	struct utmp ubuf;
-	int status;
+	struct utmp *ubufp = &ubuf;
 	FILE *fd;
-	struct stat statb;
-	char line[sizeof(ubuf.ut_line) + 1];
+#else
+	struct utmpx *ubufp;
+#endif /* !UTMPX */
+
+	int status;
+	char line[sizeof(ubufp->ut_line) + 1];
 	char ftty[sizeof(PATH_DEV) - 1 + sizeof(line)];
+	struct stat statb;
 
+#ifndef UTMPX
 	if ((fd = fopen(PATH_UTMP, "r")) == NULL) {
 		fprintf(stderr, "talkd: can't read %s.\n", PATH_UTMP);
 		return (FAILED);
 	}
+#else
+	setutxent();
+#endif /* !UTMPX */
+
 #define SCMPN(a, b)	strncmp(a, b, sizeof (a))
 	status = NOT_HERE;
+	line[0] = '\0';
 	(void) strcpy(ftty, PATH_DEV);
-	while (fread((char *) &ubuf, sizeof ubuf, 1, fd) == 1)
-		if (SCMPN(ubuf.ut_name, name) == 0) {
-			strncpy(line, ubuf.ut_line, sizeof(ubuf.ut_line));
-			line[sizeof(ubuf.ut_line)] = '\0';
-			if (*tty == '\0') {
-				status = PERMISSION_DENIED;
-				/* no particular tty was requested */
-				(void) strcpy(ftty + sizeof(PATH_DEV) - 1,
-				    line);
-				if (stat(ftty, &statb) == 0) {
-					if (!(statb.st_mode & 020))
-						continue;
-					(void) strcpy(tty, line);
-					status = SUCCESS;
-					break;
-				}
-			}
-			if (strcmp(line, tty) == 0) {
+
+#ifndef UTMPX
+	while (fread((char *) ubufp, sizeof(*ubufp), 1, fd) == 1) {
+#else
+	while ((ubufp = getutxent()) != NULL) {
+#endif /* !UTMPX */
+		
+		if (ubufp->ut_type == USER_PROCESS &&
+		    SCMPN(ubufp->ut_name, name) == 0) {
+			strncpy(line, ubufp->ut_line, sizeof(ubufp->ut_line));
+			line[sizeof(ubufp->ut_line)] = '\0';
+
+			/* remember console as last resort since at least
+			** on solaris users in X won't see announcements on
+			** /dev/console */
+			if (SCMPN(ubufp->ut_line, "console") == 0 && 
+			    *tty == '\0')
+				continue;
+			
+			break;
+		}
+	}
+
+	if (line[0] != '\0') {
+		if (*tty == '\0') {
+			status = PERMISSION_DENIED;
+			/* no particular tty was requested */
+			(void) strcpy(ftty + sizeof(PATH_DEV) - 1,
+				      line);
+			if (stat(ftty, &statb) == 0 && 
+			    statb.st_mode & 020) {
+				(void) strcpy(tty, line);
 				status = SUCCESS;
-				break;
 			}
+		} else if (strcmp(line, tty) == 0) {
+			status = SUCCESS;
 		}
+	}
+
+#ifndef UTMPX
 	fclose(fd);
+#else
+	endutxent();
+#endif /* !UTMPX */
+
 	return (status);
 }