cfingerd (1.4.3-3.1) unstable; urgency=high * Non-maintainer upload. * [SECURITY] CVE-2013-1049: fix buffer overflow in rfc1413 (ident) client. Thanks to Malcolm Scott and Marc Deslauriers (Closes: #700098) (LP: #1104425) -- Salvatore Bonaccorso Sat, 09 Feb 2013 18:38:28 +0100 cfingerd (1.4.3-3) unstable; urgency=low * Approve NMU * Applied IPv6 patch from Mats Erik Andersson (closes: Bug#570024) -- Joey Schulze Sat, 19 Jun 2010 22:03:31 +0200 cfingerd (1.4.3-2.1) unstable; urgency=medium * Non-maintainer upload. * Add Depends on update-inetd for DebianNet Perl module used in postinst. (Closes: #502741) -- Chris Lamb Tue, 21 Oct 2008 00:10:05 +0100 cfingerd (1.4.3-2) unstable; urgency=low * Partially imported NMU * Updated URLs in copyright file * Removed /usr/doc support code from postinst since the transition is completed * Updated debian/rules * Converted changelog to UTF-8 (closes: Bug#453963) * Applied patch by Cyril Brulebois to make GNU/kFreeBSD and GNU/Hurd act as GNU/Linux (closes: Bug#414308) * Remove deprecated tail syntax (closes: Bug#381119) * Fixed problem with removing double characters in search strings (closes: Bug#66440) * Adjusted addresses in Debian files (closes: Bug#380219) -- Martin Schulze Mon, 25 Feb 2008 10:43:57 +0100 cfingerd (1.4.3-1.2) unstable; urgency=low * Non-maintainer upload (RC bug more than 2 years old). * debian/rules: + Removed the {foo,bar} shell wildcard bashisms. + Call dpkg-gencontrol with -isp so that the binary package has a control and a priority field. * debian/control: + Set policy to 3.5.10. * Replaced malloc()/sprintf() calls with strdup(). * Replaced log() with mylog() because log is a built-in gcc-3.x function. * Replaced a snprintf() with sprintf() in util.c to fix a security issue that could cause information leakage (Closes: #76918). * In idle.c and standard.c, do not display the idle time if stat() on the TTY device failed. * In idle.c and standard.c, if the TTY device's timestamp is 0, do not display the idle time (Closes: #64359). * In idle.c and standard.c, if TTY modification time is more recent than access time, use access time to make idle reports more meaningful (Closes: #86138). * Applied a patch from Amir Shamsuddin for standard.c to retrieve proper privileges before looking for files in the user's home (Closes: #64915). * Fixed the display_file argument in standard.c so that ~/.XFace is properly displayed (Closes: #126984, #117255). * In display.c, use 8 characters from user names instead of 7, so that we can fetch the data from the passwd entry (Closes: #74672, #73041). -- Sam Hocevar (Debian packages) Fri, 20 Jun 2003 15:39:25 +0200 cfingerd (1.4.3-1.1) unstable; urgency=low * Non-maintainer upload. * Apply relevant portions of the security fix applied to stable for DSA-066 (Closes: #104394) * Tidy up extended description, and remove claims about security -- Matt Zimmerman Sat, 11 Aug 2001 15:51:06 -0400 cfingerd (1.4.3-1) unstable; urgency=high * New upstream source * Fixes some buffer overflows introduced by sscanf() * Fixes some nice format string issues and a nice off-by-one error (closes: Bug#93930) * Corrected source URL * Corrected path to GPL * Added /usr/doc -> /usr/share/doc snippets to postinst and prerm * Moved manpages to /usr/share/man (closes: Bug#91128) * And other cruft as well (closes: Bug#91431) * Bumped Standards-Version to 3.5.2.0, Thanks to Bas Zoetekouw (closes: Bug#93121) * Corrected RFC number (closes: Bug#48418) * Added support for removing /etc/cfingerd (closes: Bug#75292) * Removed potential debug output (closes: Bug#85016) * This version now provides a and conflicts with finger-server (closes: Bug#64480) -- Martin Schulze Sat, 21 Apr 2001 16:58:14 +0200 cfingerd (1.4.1-1) unstable; urgency=low * New upstreap source * Reworked debian/rules -- Martin Schulze Sun, 29 Aug 1999 20:16:14 +0200 cfingerd (1.4.0-1) unstable; urgency=high, closes=39574 33667 * New upstream version * Russ Coker's patch wrt. qmail was applied (closes: Bug#39574) * Finger userlist@ to see who's online (idle less than 1 day) (closes: Bug#33667) * Fixes security bug -- Martin Schulze Mon, 9 Aug 1999 12:04:18 +0200 cfingerd (1.3.2-19) unstable; urgency=low, closes=33408 32924 * Fixed bug wrt empty .plan files (closes: Bug#33408) * Also added -g to Makefiles. * Disabled ALLOW_SEARCHABLE_FINGER in default configuration (closes: Bug#32924) -- Martin Schulze Mon, 15 Feb 1999 21:02:12 +0100 cfingerd (1.3.2-18) frozen unstable; urgency=low, closes=31488 31489 * Corrected mail directory to /var/spool in conffile (closes: Bug#31488) * Corrected current year to 1999 in all banner files (closes: Bug#31489) -- Martin Schulze Wed, 6 Jan 1999 00:34:14 +0100 cfingerd (1.3.2-17) frozen unstable; urgency=medium, closes=31243 * cfingerd now uses the same IP number on which it receives a request to connect to a remote ident server. Thanks for help from Torsten Landschoff (closes: Bug#31243) * cfingerd now honors broken or negative ident answers (closes: Bug#31243) -- Martin Schulze Tue, 5 Jan 1999 01:18:18 +0100 cfingerd (1.3.2-16) frozen unstable; urgency=low, closes=24904 24969 27779 24897 24895 * Increased limit of tty per user, now I'm fingerable again. :) * Don't cut off random parts of the domain when it's too long, cut it at the `.' dot. * If logged in via screen the leading `:' is stripped off now * Display local hostname correctly, not only three characters * Removed double count of fingered hosts * Hidden people won't be shown when search.*'ed. (closes: Bug#24904) * Display the proper tty with userlist instead of the id from /etc/inittab (closes: Bug#24969) * The user .fingerlog will now be created as regular user, and it will be created if not defined otherwise in cfingerd.conf * The user .fingerlog will now be created as appropriate user. Incorporated a newer privs.h and adjusted it properly (closes: Bug#27779) * Updated FAQ (Bug#24897) * Updated cfingerd(8). Thanks to Bøhm Jensen . (Bug#24897) * Updated cfingerd.conf(5). Thanks to Bøhm Jensen . (Bug#24897) * Updated cfingerd.text(5). Thanks to Bøhm Jensen . (Bug#24897) * The MAILBOX variable now also understands the lowercase 'qmail' keyword. * A "userlist-only" query may only be issued if a regular system listing is allowed. -- Martin Schulze Sat, 19 Dec 1998 18:34:09 +0100 cfingerd (1.3.2-15) unstable; urgency=low, closes=28479 * Fixed thinko in src/userlist.c which caused userlist to stop working. (closes: Bug#28479) -- Martin Schulze Sat, 24 Oct 1998 15:45:53 +0200 cfingerd (1.3.2-14) unstable; urgency=low, closes=28142 * Fixed typo in userlist/display.c which crashed userlist (closes: Bug#28142) * Fixed thinko in postrm -- Martin Schulze Thu, 22 Oct 1998 12:55:48 +0200 cfingerd (1.3.2-12) unstable; urgency=medium, closes=24898 24903 24905 24906 24907 24908 24909 24901 24964 24965 24966 25849 * Converted all dangerous occurrances of sprintf() to snprintf() * Converted all dangerous occurrances of strcpy() to strncpy() * Improved support for ignoring /L and /W from Microsoft's bloated finger program * Converted all dangerous occurrances of strcat() to strncat() * Restricted length of username, fixes possible overflow in show_search() and handle_fakeuser() (Bug#24898) * Fixed possible overflow wrt. the `search.' feature. Thanks to Jakob Bøhm Jensen . * These all fixes several possible buffer overruns (closes: Bug#24898) * Converted bzero() to memset(), POSIX transition * Added information about .nofinger to the documentation. Thanks to Jakob Bøhm Jensen (closes: Bug#24903) * Reworked search.* routine. (closes: Bug#24906) * Fixed bug that caused cfingerd to crash when trying to display the rejected banner, well, it was commented out for that reason. Scary? Indeed. (closes: Bug#24901) * Used absolute pathnames for `userlist' and `tail' (closed: Bug#24908) * Applied patch from John Goerzen (closes: Bug#24964, Bug#24965, Bug#24966) * The postinst will now remove old logfiles (closes: Bug#25849) -- Martin Schulze Sat, 17 Oct 1998 20:32:13 +0200 cfingerd (1.3.2-11.0) stable unstable; urgency=high * Non-maintainer upload: Fixed a security hole in privs.h. This security hole could lead to a root compromise. -- John Goerzen Thu, 23 Jul 1998 22:16:40 -0500 cfingerd (1.3.2-11) frozen unstable; urgency=low, closes=23050 * Added /etc/cron.weekly/cfingerd as conffile (closes: Bug#23050) -- Martin Schulze Mon, 8 Jun 1998 01:40:28 +0200 cfingerd (1.3.2-10) frozen unstable; urgency=low, closes=23039 22816 * Added support for non-world-writable tty's owned by group tty (closes: Bug#23039) . Added define HAVE_TTY_GROUP * Handling of .nofinger files corrected (closes: Bug#22816) . Corrected check_illegal() . Corrected wrong calls for check_illegal() . Used config option for .nofinger file * Added space before [MSG-N] -- Martin Schulze Sun, 31 May 1998 22:53:49 +0200 cfingerd (1.3.2-9) frozen unstable; urgency=medium, closes=21230 21566 * Corrected search_fake() which depended on 80 char strings but received a 100 character one. (closes: Bug#21230) * Protected defines.h with ifdef * Added reference to new development team * Added reference to new mailing list * Changed error address to the new mailing list * When the remote identd refuses the request cfingerd will handle this correctly (closes: Bug#21566) -- Martin Schulze Tue, 12 May 1998 00:52:11 +0200 cfingerd (1.3.2-8) frozen unstable; urgency=low, closes=19982 * Priority switched to extra as of request by IanJ * Moved scripts from /etc to /usr/doc * Removed sample uptime script from configuration (closes: Bug#19982) * Added copy mechanism to preinst/postinst to save already installed scripts -- Martin Schulze Sat, 11 Apr 1998 10:16:50 +0200 cfingerd (1.3.2-7) unstable; urgency=low, closes=19121 19200 * Removed setuid bit from userlist (lintian) * Corrected ownership for control scripts (lintian) * Corrected search for lastlog (closes: Bug#19121) * Corrected logfile writing as user, thanks to Thomas Gebhardt (closes: Bug#19200) * Corrected ownership of changelog.Debian (non-lintian) * Added patch to support Qmail mailboxes, thanks to Russell Coker * Updated manpage properly -- Martin Schulze Tue, 10 Mar 1998 05:52:52 +0100 cfingerd (1.3.2-6) unstable; urgency=low, closes=17639 * Corrected FSF's address (lintian) * Flagged SIGPIPE as fatal (closes: Bug#17639) -- Martin Schulze Wed, 11 Feb 1998 11:27:06 +0100 cfingerd (1.3.2-5) unstable; urgency=low, closes=16752 * Corrected Standards-Version to 2.3.0.1 (Bug#16752) -- Martin Schulze Fri, 9 Jan 1998 01:59:25 +0100 cfingerd (1.3.2-4) unstable; urgency=low, closes=12405 14546 16244 * Changed tail +3 to tail +2 in src/usrlist.c (Bug#12405) * Linked against libc6 * Added /bin/bash for debian/rules * Fixed string bugs in standard.c. * Ignore empty lines when collecting remote data (#14546) * Included the patch from Herbert Xu (Bug#16244) -- Martin Schulze Fri, 2 Jan 1998 13:52:35 +0100 cfingerd (1.3.2-3.2) unstable; urgency=low * Non-maintainer release. * Compiled for libc6. * Use tail +2 for userlist (#12405). * Fixed string bugs in standard.c. * Ignore empty lines when collecting remote data (#14546). -- Herbert Xu Sat, 8 Nov 1997 19:39:27 +1100 cfingerd (1.3.2-3) unstable; urgency=low * Corrected version information, last stable release is 1.3.2. * src/search.c: Initialized variables for search lookup * An old /etc/cfingerd.conf now will be saved in /etc/cfingerd/saved.cfingerd.conf * Fixed silly bug in src/search.c (Bug#10341) * src/main.c: Added support for /W, actually it's ignored... (Bug#9738) -- Martin Schulze Tue, 17 Jun 1997 10:27:05 +0200 cfingerd (1.3.2-2) unstable; urgency=low * Made /etc/cron.weekly/cfingerd executable (Bug#7759, Bug#7763) * Changed "Debian Association..." to "Software in the Public Interest" in all banner files (Bug#8630) * New maintainer address -- Martin Schulze Mon, 28 Apr 1997 12:39:00 +0200 cfingerd (1.3.2-1) unstable; urgency=low * Removed -m486 in all Makefiles, * src/search.c: If the internal search.*@ is used the whole GCOS field won't be sent out anymore. * Removed investigation of the hostname within Configure script * Converted into new packaging scheme -- Martin Schulze Sun, 23 Feb 1997 12:21:29 +0100 cfingerd (1.3.0-1) unstable; urgency=low * New upstream release -- Martin Schulze Fri, 21 Feb 1997 08:56:45 +0100 Sat Sep 14 00:10:39 1996 Martin Schulze * src/search.c: If the internal search.*@ is used the whole GCOS field won't be sent out anymore. * Approved llucius' changes to compile under m68k as well (only removing -m486 from Makefiles). Thanks to Leeland Lucius for providing me with a patch. * src/standard.c: Changed identification of MSG-N. Thanks to Joerg Kleuver who pointed me to the mistake and provided me with a fix. * debian.rules: Merged Debian release and Infodrom release together. Thu Jun 27 09:59:45 1996 Martin Schulze * Edited Description field (thanks to Susan Kleinmann (sgk@sgk.tiac.net) Wed Jun 12 23:37:32 1996 Martin Schulze * changed description (Bug#3250) Tue May 21 09:55:00 1996 Martin Schulze * debian.rules: Corrected permission problem Wed May 16 22:13:31 1996 Martin Schulze * Added handling of user and group ids. Programs are called as nobody.nogroup, files are read with the same permissins, but user logfiles are written with user priviliges. Added privs.h - idea and source mostly taken from T-Rex' file. Commented out odd checks about uid/euid. Commented out unused routines become_nobody() and become_user(). Wed May 15 20:05:53 1996 Martin Schulze * Corrected local hostname. * Modified the search.@ service to work properly, which wasn't the case before. * Corrected the output of HEADER_FILE and FOOTER_FILE in some places, see diff-file for details. * Altered the behaviour of NO_NAME_BANNER and NO_USER_BANNER. * changed from /var/adm/{lastlog,wtmp} to /var/log/{lastlog,wtmp} in Configure script. * Added special handling of forward requests: "Finger forwarding service denied." Added string variable to /etc/cfingerd.conf: FORWARD_DENY. * Increased the size of syslog_str, becaus if it is too short username will be overwritten. * Changed some manpages to fit into the Linux manpages structure. Changed some sections. * Hostnames are no longer case-sensitive. * Removed some options for userlist, because they're only confusing and not supported yet. Wed May 5 13:20:21 1996 Martin Schulze * Added Debian packaging files.