New version 1.4.0 of cfingerd released

Martin Schulze (joey)
Mon, 9 Aug 1999 22:40:28 +0200

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Martin Schulze: "Severe bug in cfingerd before 1.4.0"
• Previous message: mjr@iki.fi: "Re: cfingerd 1.4.0 - Configurable Finger Daemon"

Hi,

today I've released the new version 1.4.0 of cfingerd. This release
features several improvements and (security) bug fixes. Please find
it at ftp://ftp.infodrom.north.de/pub/people/joey/cfingerd/cfingerd-1.4.0.tar.gz

CFINGERD 1.4.0 09/08/99
  - New source maintainer
  - Several bugfixes
  - Use tail +2 for userlist
  - Fixed silly bug in src/search.c
  - src/search.c: If the internal search.*@ is used the whole GCOS
    field won't be sent out anymore.
  - Fixed string bugs in standard.c.
  - Ignore empty lines when collecting remote data
  - Flagged SIGPIPE as fatal
  - Corrected logfile writing as user, thanks to Thomas Gebhardt
  - Corrected search_fake() which depended on 80 char strings but
    received a 100 character one. (most recent on bugtraq, fixed on
    12 May 1998)
  - Corrected RFC1413 code
  - Corrected check_illegal() for .nofinger
  - Corrected wrong calls for check_illegal()
  - Fixed a security hole in privs.h.
  - Fixed typo in userlist/display.c which crashed userlist
  - Proper exception if ident doesn't provide useful info
  - Added patch to support Qmail mailboxes, thanks to Russell Coker
  - Removed investigation of the hostname within Configure script
  - src/main.c: Added support for /W, actually it's ignored...
  - Added define HAVE_TTY_GROUP so add support for non-world-writable
    tty's owned by group tty
  - Used config option for .nofinger file instad of static ".nofinger"
  - Added space before [MSG-N]
  - Reworked search.* routine.
  - Documentation update
  - Restricted length of username, fixes possible overflow in
    show_search() and handle_fakeuser()
  - Converted all dangerous occurrances of strcpy() to strncpy()
  - More updates wrt. sane permissions when opening files
  - Increased limit of tty per user, now I'm fingerable again. :)
  - cfingerd now uses the same IP number on which it receives a request to
    connect to a remote ident server. Thanks for help from Torsten
    Landschoff
  - cfingerd now honors broken or negative ident answers
  - Support for SunOS by Piotr Klaban <makler@man.torun.pl>
  - Support 24h clocks, inspired by Piotr Klaban
  - Removed ACTUAL_HOSTNAME since it has been superseeded by calls to
    gethostname()
  - Experimental code for standalone cfingerd, inspired by Piotr Klaban
  - Fixed userlist that crashed at too many users and too long hostnames
  - Fixed non-working userlist-only
  - Added ALLOW_CONFESSION to provide "help" and "version" information
  - Added support for userlist@ (and userlist-online@ internally) as
    modification of @ (system list) that displays only non-idle users.
  - Fixed security bug that caused external programs to gain root access.
  - Adjusted search facility, you can't get a userlisting anymore

Regards,

        Joey

-- 
Linux - the choice of a GNU generation.

• Next message: Martin Schulze: "Severe bug in cfingerd before 1.4.0"
• Previous message: mjr@iki.fi: "Re: cfingerd 1.4.0 - Configurable Finger Daemon"

This archive was generated by hypermail 2.0b3 on Mon Aug 09 1999 - 22:40:30 CEST