2003
cfingerd (1.4.3-1.2) unstable; urgency=low
* Non-maintainer upload (RC bug more than 2 years old).
* debian/rules:
+ Removed the {foo,bar} shell wildcard bashisms.
+ Call dpkg-gencontrol with -isp so that the binary package has a control
and a priority field.
* debian/control:
+ Set policy to 3.5.10.
* Replaced malloc()/sprintf() calls with strdup().
* Replaced log() with mylog() because log is a built-in gcc-3.x function.
* Replaced a snprintf() with sprintf() in util.c to fix a security issue
that could cause information leakage (Closes: #76918).
* In idle.c and standard.c, do not display the idle time if stat() on the
TTY device failed.
* In idle.c and standard.c, if the TTY device's timestamp is 0, do not
display the idle time (Closes: #64359).
* In idle.c and standard.c, if TTY modification time is more recent
than access time, use access time to make idle reports more meaningful
(Closes: #86138).
* Applied a patch from Amir Shamsuddin for standard.c to retrieve proper
privileges before looking for files in the user's home (Closes: #64915).
* Fixed the display_file argument in standard.c so that ~/.XFace is
properly displayed (Closes: #126984, #117255).
* In display.c, use 8 characters from user names instead of 7, so that we
can fetch the data from the passwd entry (Closes: #74672, #73041).
-- Sam Hocevar (Debian packages) <sam+deb@zoy.org> Fri, 20 Jun 2003 15:39:25 +0200
2001
cfingerd (1.4.3-1.1) unstable; urgency=low
* Non-maintainer upload.
* Apply relevant portions of the security fix applied to stable for
DSA-066 (Closes: #104394)
* Tidy up extended description, and remove claims about security
-- Matt Zimmerman <mdz@debian.org> Sat, 11 Aug 2001 15:51:06 -0400
cfingerd (1.4.3-1) unstable; urgency=high
* New upstream source
* Fixes some buffer overflows introduced by sscanf()
* Fixes some nice format string issues and a nice off-by-one error
(closes: Bug#93930)
* Corrected source URL
* Corrected path to GPL
* Added /usr/doc -> /usr/share/doc snippets to postinst and prerm
* Moved manpages to /usr/share/man (closes: Bug#91128)
* And other cruft as well (closes: Bug#91431)
* Bumped Standards-Version to 3.5.2.0, Thanks to Bas Zoetekouw
<bas@debian.org> (closes: Bug#93121)
* Corrected RFC number (closes: Bug#48418)
* Added support for removing /etc/cfingerd (closes: Bug#75292)
* Removed potential debug output (closes: Bug#85016)
* This version now provides a and conflicts with finger-server (closes:
Bug#64480)
-- Martin Schulze <joey@finlandia.infodrom.north.de> Sat, 21 Apr 2001 16:58:14 +0200
1999
cfingerd (1.4.1-1) unstable; urgency=low
* New upstreap source * Reworked debian/rules
-- Martin Schulze <joey@finlandia.infodrom.north.de> Sun, 29 Aug 1999 20:16:14 +0200
cfingerd (1.4.0-1) unstable; urgency=high
* New upstream version * Russ Coker's patch wrt. qmail was applied (closes: Bug#39574) * Finger userlist@ to see who's online (idle less than 1 day) (closes: Bug#33667) * Fixes security bug
-- Martin Schulze <joey@finlandia.infodrom.north.de> Mon, 9 Aug 1999 12:04:18 +0200
cfingerd (1.3.2-19) unstable; urgency=low
* Fixed bug wrt empty .plan files (closes: Bug#33408) * Also added -g to Makefiles. * Disabled ALLOW_SEARCHABLE_FINGER in default configuration (closes: Bug#32924)
-- Martin Schulze <joey@finlandia.infodrom.north.de> Mon, 15 Feb 1999 21:02:12 +0100
cfingerd (1.3.2-18) frozen unstable; urgency=low
* Corrected mail directory to /var/spool in conffile (closes: Bug#31488) * Corrected current year to 1999 in all banner files (closes: Bug#31489)
-- Martin Schulze <joey@finlandia.infodrom.north.de> Wed, 6 Jan 1999 00:34:14 +0100
cfingerd (1.3.2-17) frozen unstable; urgency=medium
* cfingerd now uses the same IP number on which it receives a request to
connect to a remote ident server. Thanks for help from Torsten
Landschoff (closes: Bug#31243)
* cfingerd now honors broken or negative ident answers (closes: Bug#31243)
-- Martin Schulze <joey@finlandia.infodrom.north.de> Tue, 5 Jan 1999 01:18:18 +0100
1998
cfingerd (1.3.2-16) frozen unstable; urgency=low
* Increased limit of tty per user, now I'm fingerable again. :)
* Don't cut off random parts of the domain when it's too long, cut it at
the `.' dot.
* If logged in via screen the leading `:' is stripped off now
* Display local hostname correctly, not only three characters
* Removed double count of fingered hosts
* Hidden people won't be shown when search.*'ed. (closes: Bug#24904)
* Display the proper tty with userlist instead of the id from
/etc/inittab (closes: Bug#24969)
* The user .fingerlog will now be created as regular user, and it will
be created if not defined otherwise in cfingerd.conf
* The user .fingerlog will now be created as appropriate user.
Incorporated a newer privs.h and adjusted it properly (closes:
Bug#27779)
* Updated FAQ (Bug#24897)
* Updated cfingerd(8). Thanks to Bøhm Jensen <jbj@image.dk>. (Bug#24897)
* Updated cfingerd.conf(5). Thanks to Bøhm Jensen <jbj@image.dk>. (Bug#24897)
* Updated cfingerd.text(5). Thanks to Bøhm Jensen <jbj@image.dk>. (Bug#24897)
* The MAILBOX variable now also understands the lowercase 'qmail'
keyword.
* A "userlist-only" query may only be issued if a regular system listing
is allowed.
-- Martin Schulze <joey@finlandia.infodrom.north.de> Sat, 19 Dec 1998 18:34:09 +0100
cfingerd (1.3.2-15) unstable; urgency=low
* Fixed thinko in src/userlist.c which caused userlist to stop
working. (closes: Bug#28479)
-- Martin Schulze <joey@finlandia.infodrom.north.de> Sat, 24 Oct 1998 15:45:53 +0200
cfingerd (1.3.2-14) unstable; urgency=low
* Fixed typo in userlist/display.c which crashed userlist (closes: Bug#28142) * Fixed thinko in postrm
-- Martin Schulze <joey@finlandia.infodrom.north.de> Thu, 22 Oct 1998 12:55:48 +0200
cfingerd (1.3.2-12) unstable; urgency=medium
* Converted all dangerous occurrances of sprintf() to snprintf()
* Converted all dangerous occurrances of strcpy() to strncpy()
* Improved support for ignoring /L and /W from Microsoft's
bloated finger program
* Converted all dangerous occurrances of strcat() to strncat()
* Restricted length of username, fixes possible overflow in
show_search() and handle_fakeuser() (Bug#24898)
* Fixed possible overflow wrt. the `search.' feature. Thanks to Jakob
Bøhm Jensen <jbj@image.dk>.
* These all fixes several possible buffer overruns (closes: Bug#24898)
* Converted bzero() to memset(), POSIX transition
* Added information about .nofinger to the documentation. Thanks to
Jakob Bøhm Jensen <jbj@image.dk> (closes: Bug#24903)
* Reworked search.* routine. (closes: Bug#24906)
* Fixed bug that caused cfingerd to crash when trying to display the
rejected banner, well, it was commented out for that reason. Scary?
Indeed. (closes: Bug#24901)
* Used absolute pathnames for `userlist' and `tail' (closed: Bug#24908)
* Applied patch from John Goerzen <jgoerzen@complete.org> (closes:
Bug#24964, Bug#24965, Bug#24966)
* The postinst will now remove old logfiles (closes: Bug#25849)
-- Martin Schulze <joey@finlandia.infodrom.north.de> Sat, 17 Oct 1998 20:32:13 +0200
cfingerd (1.3.2-11.0) stable unstable; urgency=high
* Non-maintainer upload: Fixed a security hole in privs.h. This security
hole could lead to a root compromise.
-- John Goerzen <jgoerzen@complete.org> Thu, 23 Jul 1998 22:16:40 -0500
cfingerd (1.3.2-11) frozen unstable; urgency=low
* Added /etc/cron.weekly/cfingerd as conffile (closes: Bug#23050)
-- Martin Schulze <joey@finlandia.infodrom.north.de> Mon, 8 Jun 1998 01:40:28 +0200
cfingerd (1.3.2-10) frozen unstable; urgency=low
* Added support for non-world-writable tty's owned by group tty (closes:
Bug#23039)
. Added define HAVE_TTY_GROUP
* Handling of .nofinger files corrected (closes: Bug#22816)
. Corrected check_illegal()
. Corrected wrong calls for check_illegal()
. Used config option for .nofinger file
* Added space before [MSG-N]
-- Martin Schulze <joey@finlandia.infodrom.north.de> Sun, 31 May 1998 22:53:49 +0200
cfingerd (1.3.2-9) frozen unstable; urgency=medium
* Corrected search_fake() which depended on 80 char strings but received
a 100 character one. (closes: Bug#21230)
* Protected defines.h with ifdef
* Added reference to new development team
* Added reference to new mailing list
* Changed error address to the new mailing list
* When the remote identd refuses the request cfingerd will handle this
correctly (closes: Bug#21566)
-- Martin Schulze <joey@finlandia.infodrom.north.de> Tue, 12 May 1998 00:52:11 +0200
cfingerd (1.3.2-8) frozen unstable; urgency=low
* Priority switched to extra as of request by IanJ * Moved scripts from /etc to /usr/doc * Removed sample uptime script from configuration (closes: Bug#19982) * Added copy mechanism to preinst/postinst to save already installed scripts
-- Martin Schulze <joey@finlandia.infodrom.north.de> Sat, 11 Apr 1998 10:16:50 +0200
cfingerd (1.3.2-7) unstable; urgency=low
* Removed setuid bit from userlist (lintian) * Corrected ownership for control scripts (lintian) * Corrected search for lastlog (closes: Bug#19121) * Corrected logfile writing as user, thanks to Thomas Gebhardt <gebhardt@HRZ.Uni-Marburg.DE> (closes: Bug#19200) * Corrected ownership of changelog.Debian (non-lintian) * Added patch to support Qmail mailboxes, thanks to Russell Coker <rjc@snoopy.virtual.net.au> * Updated manpage properly
-- Martin Schulze <joey@finlandia.infodrom.north.de> Tue, 10 Mar 1998 05:52:52 +0100
cfingerd (1.3.2-6) unstable; urgency=low
* Corrected FSF's address (lintian) * Flagged SIGPIPE as fatal (closes: Bug#17639) -- Martin Schulze <joey@finlandia.infodrom.north.de> Wed, 11 Feb 1998 11:27:06 +0100
-- unknown <joey@finlandia.infodrom.north.de> unknown
(There has been a parse error in the entry above, if some values don't make sense please check the original changelog)
cfingerd (1.3.2-5) unstable; urgency=low
* Corrected Standards-Version to 2.3.0.1 (Bug#16752)
-- Martin Schulze <joey@finlandia.infodrom.north.de> Fri, 9 Jan 1998 01:59:25 +0100
cfingerd (1.3.2-4) unstable; urgency=low
* Changed tail +3 to tail +2 in src/usrlist.c (Bug#12405) * Linked against libc6 * Added /bin/bash for debian/rules * Fixed string bugs in standard.c. * Ignore empty lines when collecting remote data (#14546) * Included the patch from Herbert Xu (Bug#16244)
-- Martin Schulze <joey@finlandia.infodrom.north.de> Fri, 2 Jan 1998 13:52:35 +0100
1997
cfingerd (1.3.2-3.2) unstable; urgency=low
* Non-maintainer release. * Compiled for libc6. * Use tail +2 for userlist (#12405). * Fixed string bugs in standard.c. * Ignore empty lines when collecting remote data (#14546).
-- Herbert Xu <herbert@debian.org> Sat, 8 Nov 1997 19:39:27 +1100
cfingerd (1.3.2-3) unstable; urgency=low
* Corrected version information, last stable release is 1.3.2.
* src/search.c: Initialized variables for search lookup
* An old /etc/cfingerd.conf now will be saved in
/etc/cfingerd/saved.cfingerd.conf
* Fixed silly bug in src/search.c (Bug#10341)
* src/main.c: Added support for /W, actually it's ignored... (Bug#9738)
-- Martin Schulze <joey@finlandia.infodrom.north.de> Tue, 17 Jun 1997 10:27:05 +0200
cfingerd (1.3.2-2) unstable; urgency=low
* Made /etc/cron.weekly/cfingerd executable (Bug#7759, Bug#7763)
* Changed "Debian Association..." to "Software in the Public Interest"
in all banner files (Bug#8630)
* New maintainer address
-- Martin Schulze <joey@infodrom.north.de> Mon, 28 Apr 1997 12:39:00 +0200
cfingerd (1.3.2-1) unstable; urgency=low
* Removed -m486 in all Makefiles,
* src/search.c: If the internal search.*@ is used the whole
GCOS field won't be sent out anymore.
* Removed investigation of the hostname within Configure script
* Converted into new packaging scheme
-- Martin Schulze <joey@infodrom.north.de> Sun, 23 Feb 1997 12:21:29 +0100
cfingerd (1.3.0-1) unstable; urgency=low
* New upstream release
-- Martin Schulze <joey@infodrom.north.de> Fri, 21 Feb 1997 08:56:45 +0100
Old changelog format(s), not parsed
Sat Sep 14 00:10:39 1996 Martin Schulze <joey@finlandia.infodrom.north.de>
* src/search.c: If the internal search.*@ is used the whole GCOS
field won't be sent out anymore.
* Approved llucius' changes to compile under m68k as well (only
removing -m486 from Makefiles). Thanks to Leeland Lucius
<llucius@millcomm.com> for providing me with a patch.
* src/standard.c: Changed identification of MSG-N. Thanks to Joerg
Kleuver <kleuver@shadowgate.rhein.de> who pointed me to the
mistake and provided me with a fix.
* debian.rules: Merged Debian release and Infodrom release together.
Thu Jun 27 09:59:45 1996 Martin Schulze <joey@finlandia.infodrom.north.de>
* Edited Description field (thanks to Susan Kleinmann
(sgk@sgk.tiac.net)
Wed Jun 12 23:37:32 1996 Martin Schulze <joey@finlandia.infodrom.north.de>
* changed description (Bug#3250)
Tue May 21 09:55:00 1996 Martin Schulze <joey@finlandia.infodrom.north.de>
* debian.rules: Corrected permission problem
Wed May 16 22:13:31 1996 Martin Schulze <joey@finlandia.infodrom.north.de>
* Added handling of user and group ids. Programs are called as
nobody.nogroup, files are read with the same permissins, but user
logfiles are written with user priviliges. Added privs.h - idea and
source mostly taken from T-Rex' file.
Commented out odd checks about uid/euid.
Commented out unused routines become_nobody() and become_user().
Wed May 15 20:05:53 1996 Martin Schulze <joey@finlandia.infodrom.north.de>
* Corrected local hostname.
* Modified the search.<key>@ service to work properly, which
wasn't the case before.
* Corrected the output of HEADER_FILE and FOOTER_FILE in some
places, see diff-file for details.
* Altered the behaviour of NO_NAME_BANNER and NO_USER_BANNER.
* changed from /var/adm/{lastlog,wtmp} to /var/log/{lastlog,wtmp}
in Configure script.
* Added special handling of forward requests: "Finger forwarding
service denied." Added string variable to /etc/cfingerd.conf:
FORWARD_DENY.
* Increased the size of syslog_str, becaus if it is too short username
will be overwritten.
* Changed some manpages to fit into the Linux manpages structure.
Changed some sections.
* Hostnames are no longer case-sensitive.
* Removed some options for userlist, because they're only
confusing and not supported yet.
Wed May 5 13:20:21 1996 Martin Schulze <joey@finlandia.infodrom.north.de>
* Added Debian packaging files.