debian/0002775000000000000000000000000011755206377007207 5ustar debian/changelog0000664000000000000000000001374611755206373011066 0ustar mingetty (1.08-2) unstable; urgency=low * Add a debian/watch file pointing at SourceForge. * Fix lintian warning on debian/copyright file. * Patch: + non-linux.patch: Should allow compilation on Hurd and BSD. -- Paul Martin Thu, 17 May 2012 15:36:01 +0100 mingetty (1.08-1) unstable; urgency=low * New upstream release + Adds new option --loginpause * Update to debhelper 9 and the dh sequencer. * Updated copyright file and converted to machine readable format. * Convert to source format 3.0 (quilt). * Added security patches from RedHat: + rh-loginnamemax.patch: Allow login name up to LOGIN_NAME_MAX length. + rh-clearscrollback.patch: Clear console scrollback on clear screen. -- Paul Martin Tue, 01 May 2012 12:43:06 +0100 mingetty (1.07-3) unstable; urgency=high * Fix bug introduced by patch from #597382: the return value of nice() is the new nice value. (Closes: #597382) -- Paul Martin Sat, 25 Sep 2010 16:12:51 +0100 mingetty (1.07-2) unstable; urgency=high * Critical security patch: Fix unsafe chroot call. (Closes: #597382) * Checked dependencies for locusts. (Closes: http://xkcd.com/797/) -- Paul Martin Sat, 25 Sep 2010 01:51:12 +0100 mingetty (1.07-1) unstable; urgency=low * New upstream release. Changes: + Only prepends /dev/ to the tty name if the given tty doesn't start with a /. * Fix buffer overflow due to use of strcat and strcpy. (Closes: #221841) -- Paul Martin Sat, 2 Apr 2005 01:32:50 +0100 mingetty (1.06-3) unstable; urgency=high * Fix failure on udev systems. (Closes: #243247) * Standards-Version: 3.6.1 -- Paul Martin Wed, 18 Aug 2004 21:33:50 +0100 mingetty (1.06-2) unstable; urgency=low * The "assume spherical admin of uniform density" release * Keep manoj and friends happy by bloating debian/control description field. In the extended description, it is assumed that the administrator knows what a tty and a virtual console is. (Closes: #209705) -- Paul Martin Wed, 10 Sep 2003 01:20:25 +0100 mingetty (1.06-1) unstable; urgency=low * New upstream release (Closes: #181886) + Ignores errors in setting permissions on devices in /dev (Closes: #204967). + nohangup option doesn't use vhangup() (Closes: #53184,#163769) + New options: autologin, chdir, chroot, delay, nonewline, noissue, nohangup, nohangup, nohostname, loginprog, nice. * Fix description-synopsis-might-not-be-phrased-properly lintian warning. * Standards version 3.6.0. (No changes needed.) -- Paul Martin Tue, 19 Aug 2003 17:01:23 +0100 mingetty (0.9.4-9) unstable; urgency=low * Applied patch to make things work a little better with devfs, which I believe is used by debian-installer. (Closes: #81275) * Bump standards version to 3.5.7: - Don't make /usr/doc symlinks - Honour DEB_BUILD_OPTIONS -- Paul Martin Mon, 30 Sep 2002 02:05:00 +0100 mingetty (0.9.4-8) unstable; urgency=low * New maintainer. (Closes: #107964) - Thanks for the NMUs. (Closes: #91588, #93984, #93985) * Fix lintian errors: - spelling-error-in-copyright Debian/GNU Linux Debian GNU/Linux - copyright-refers-to-old-directory * Updated to latest standards version (3.5.6) * Use debhelper instead of custom debian/rules file. * Use dumb terminal setting on s390. (Closes: #113500) * Apply patch obtained from RedHat SRPM: mingetty-0.9.4-syslog.patch fixes a possible printf attack. * Call setsid() to ensure that we don't already have a controlling tty, and make an error message more descriptive. (Closes: #51756) -- Paul Martin Thu, 15 Nov 2001 22:37:02 +0000 mingetty (0.9.4-7.2) unstable; urgency=low * debian/copyright: point to /usr/share/doc/copyright -- Marcelo E. Magallon Sat, 14 Apr 2001 19:15:06 +0200 mingetty (0.9.4-7.1) unstable; urgency=low * debian/rules: moved doc and man to /usr/sahre (closes: bug#91588) * debian/prerm, debian/postinst, debian/rules: add /usr/doc/ transition scripts * debian/control: added priority and section to binary. * debian/control: Standards-Version 3.1.0 -- Marcelo E. Magallon Sat, 14 Apr 2001 19:01:15 +0200 mingetty (0.9.4-7) unstable; urgency=low * Added patch from Dan Gohman to use standard utmp access functions in libc. (closes: bug#44097) -- Michael Alan Dorman Thu, 16 Sep 1999 22:33:50 -0400 mingetty (0.9.4-6) unstable; urgency=low * Allow - in login names (closes: bug#35199) -- Michael Alan Dorman Mon, 29 Mar 1999 14:24:48 -0500 mingetty (0.9.4-5) unstable; urgency=low * Remove superfluous call to utmpname (closes: bug#34726) -- Michael Alan Dorman Sun, 28 Mar 1999 12:40:11 -0500 mingetty (0.9.4-4) unstable; urgency=low * Maintainer release to satisfy Shaleh. :-) * Redid debian/rules. * Closes fixed bug (closes: bug#28550) * Closes fixed bug (closes: bug#27505) -- Michael Alan Dorman Tue, 9 Mar 1999 09:48:18 -0500 mingetty (0.9.4-3.2) unstable; urgency=low * Small patch for ARM port. -- Jim Pick Sun, 4 Oct 1998 17:20:36 -0700 mingetty (0.9.4-3.1) unstable; urgency=low * Non-maintainer release * Compiled with libc6 * Upgraded to Standards-Version 2.3.0.1. * Reset permissions on /dev/vcsN and /dev/vcsaN on logout. (Fixes #13509) -- Hamish Moffatt Sun, 23 Nov 1997 00:53:00 +1100 mingetty (0.9.4-3) unstable; urgency=low * Corrected maintainer address -- Michael Alan Dorman Mon, 23 Sep 1996 13:13:42 -0400 mingetty (0.9.4-2) unstable; urgency=low * Converted to new source packaging format. -- Michael Alan Dorman Fri, 30 Aug 1996 15:21:19 -0400 Local variables: mode: debian-changelog user-mail-address: "mdorman@debian.org" End: debian/control0000664000000000000000000000124111747733254010606 0ustar Source: mingetty Maintainer: Paul Martin Standards-Version: 3.9.3 Section: admin Build-Depends: debhelper (>=9) Priority: optional Package: mingetty Architecture: any Priority: optional Section: admin Depends: ${shlibs:Depends},${misc:Depends} Description: Console-only getty Mingetty is a small, efficient, console-only getty for Linux. . "getty opens a tty port, prompts for a login name and invokes the /bin/login command. It is normally invoked by init(8)." . mingetty is a minimal getty for use on virtual consoles. Unlike the getty in the util-linux or mgetty packages, mingetty is not suitable for serial lines, which is why it's smaller. debian/copyright0000664000000000000000000000175011755203141011125 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: mingetty Upstream-Contact: Florian La Roche Source: http://sourceforge.net/projects/mingetty/ Files: * Copyright: Copyright (C) 1996 Florian La Roche Copyright (C) 2002, 2003 Red Hat, Inc License: GPL-2+ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. . On Debian systems, the full text of the GNU General Public License version 2 can be found in the file '/usr/share/common-licenses/GPL-2'. Files: debian/* Copyright: 2012, Paul Martin License: permissive Copying and distribution of this package, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. debian/dirs0000664000000000000000000000003211747726730010065 0ustar /sbin /usr/share/man/man8 debian/rules0000755000000000000000000000020411747740746010263 0ustar #!/usr/bin/make -f %: dh $@ override_dh_auto_build: dh_auto_build -- CFLAGS="$(CFLAGS) -D_PATH_LOGIN=/bin/login -D_GNU_SOURCE=1" debian/compat0000664000000000000000000000000211747726244010404 0ustar 9 debian/patches/0002775000000000000000000000000011755206206010625 5ustar debian/patches/series0000664000000000000000000000021611755205675012050 0ustar 221841-ttynameoverflow.patch 204967-resetpermissions.patch 597382-chroot.patch rh-loginnamemax.patch rh-clearscrollback.patch non-linux.patch debian/patches/221841-ttynameoverflow.patch0000644000000000000000000000132611747743727015667 0ustar Description: Fix possible buffer overflow in TTY name. Fix buffer overflow due to use of strcat and strcpy. Author: Paul Martin Bug-Debian: http://bugs.debian.org/221841 Last-Update: 2005-04-02 --- mingetty-1.08.orig/mingetty.c +++ mingetty-1.08/mingetty.c @@ -138,11 +138,12 @@ int fd; /* Set up new standard input. */ - if (tty[0] == '/') - strcpy (buf, tty); - else { + if (tty[0] == '/') { + strncpy (buf, tty, sizeof(buf)-1); + buf[sizeof(buf)-1] = '\0'; + } else { strcpy (buf, "/dev/"); - strcat (buf, tty); + strncat (buf, tty, sizeof(buf)-strlen(buf)-1); } /* There is always a race between this reset and the call to vhangup() that s.o. can use to get access to your tty. */ debian/patches/204967-resetpermissions.patch0000664000000000000000000000211211747745144016041 0ustar Description: Reset permissions on /dev/vcsN and /dev/vcsaN on logout. Author: Hamish Moffatt Author: Paul Martin Bug-Debian: http://bugs.debian.org/13509 Bug-Debian: http://bugs.debian.org/204967 Last-Update: 2003-08-19 Index: mingetty-1.08/mingetty.c =================================================================== --- mingetty-1.08.orig/mingetty.c 2012-05-01 12:29:57.598626744 +0100 +++ mingetty-1.08/mingetty.c 2012-05-01 12:34:56.088097009 +0100 @@ -137,6 +137,21 @@ char buf[40]; int fd; + /* Reset permissions on the console device */ + if ((strncmp(tty, "tty", 3) == 0) && (isdigit(tty[3]))) { + strcpy (buf, "/dev/vcs"); + strcat (buf, &tty[3]); + if (chown (buf, 0, 3) || chmod (buf, 0600)) + if (errno != ENOENT) + error ("%s: %s", buf, strerror(errno)); + + strcpy (buf, "/dev/vcsa"); + strcat (buf, &tty[3]); + if (chown (buf, 0, 3) || chmod (buf, 0600)) + if (errno != ENOENT) + error ("%s: %s", buf, strerror(errno)); + } + /* Set up new standard input. */ if (tty[0] == '/') { strncpy (buf, tty, sizeof(buf)-1); debian/patches/597382-chroot.patch0000664000000000000000000000244511747745161013737 0ustar Description: Fix unsave chroot call. Check chdir() on chroot() syscalls (and similar) as chroot without proper chdir() allows to escape from changed root. Author: Vasiliy Kulikov Origin: other, http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=diff;att=1;bug=597382 Bug-Debian: http://bugs.debian.org/597382 Reviewed-By: Paul Martin Last-Update: 2010-09-25 Index: mingetty-1.08/mingetty.c =================================================================== --- mingetty-1.08.orig/mingetty.c 2012-05-01 12:34:56.088097009 +0100 +++ mingetty-1.08/mingetty.c 2012-05-01 12:35:10.208355774 +0100 @@ -438,12 +438,20 @@ while ((logname = get_logname ()) == 0) /* do nothing */ ; - if (ch_root) - chroot (ch_root); - if (ch_dir) - chdir (ch_dir); - if (priority) - nice (priority); + if (ch_root) { + if (chroot (ch_root)) + error ("chroot(): %s", strerror (errno)); + if (chdir("/")) + error ("chdir(\"/\"): %s", strerror (errno)); + } + if (ch_dir) { + if (chdir (ch_dir)) + error ("chdir(): %s", strerror (errno)); + } + if (priority) { + if (nice (priority)) + error ("nice(): %s", strerror (errno)); + } execl (loginprog, loginprog, autologin? "-f" : "--", logname, NULL); error ("%s: can't exec %s: %s", tty, loginprog, strerror (errno)); debian/patches/rh-loginnamemax.patch0000664000000000000000000000301411747747261014744 0ustar Description: Allow login name up to LOGIN_NAME_MAX length POSIX mandates 9 bytes minimal length including trailing '\0' (limits.h:_POSIX_LOGIN_NAME_MAX). Current GNU/Linux run time limit is 256 (getconf LOGIN_NAME_MAX). . This patch removes hard-coded 40 bytes limit. Author: Petr Pisar Origin: vendor Bug-Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=647143 Reviewed-By: Paul Martin Last-Update: 2012-05-01 --- mingetty-1.08.orig/mingetty.c 2012-05-01 12:39:47.233432675 +0100 +++ mingetty-1.08/mingetty.c 2012-05-01 12:40:01.629647425 +0100 @@ -314,10 +314,21 @@ static char *get_logname (void) { - static char logname[40]; + long int logname_size; + static char *logname = NULL; + char *logname_new; char *bp; unsigned char c; + logname_size = sysconf (_SC_LOGIN_NAME_MAX); + if (logname_size <= 0) + error ("Could not get maximal login name length"); + + logname_new = realloc (logname, logname_size); + if (!logname_new) + error ("Not enough memory"); + logname = logname_new; + tcflush (0, TCIFLUSH); /* flush pending input */ for (*logname = 0; *logname == 0;) { do_prompt (1); @@ -334,8 +345,9 @@ } else if (!isprint (c)) error ("%s: invalid character 0x%x in login" " name", tty, c); - else if ((size_t)(bp - logname) >= sizeof (logname) - 1) - error ("%s: too long login name", tty); + else if ((bp - logname) >= (logname_size - 1)) + error ("%s: too long login name " + "(limit is %ld B)", tty, logname_size); else *bp++ = c; } debian/patches/rh-clearscrollback.patch0000664000000000000000000000162111747747050015411 0ustar Description: Clear scroll-back buffer on clear screen This is implemented in Linux since 3.0 version. Author: Petr Pisar Origin: vendor Bug-Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=691406 Reviewed-By: Paul Martin Last-Update: 2012-05-01 Index: mingetty-1.08/mingetty.c =================================================================== --- mingetty-1.08.orig/mingetty.c 2012-05-01 12:40:01.629647425 +0100 +++ mingetty-1.08/mingetty.c 2012-05-01 12:46:14.828486093 +0100 @@ -207,8 +207,11 @@ /* Write a reset string to the terminal. This is very linux-specific and should be checked for other systems. */ - if (noclear == 0) - write (0, "\033c", 2); + if (noclear == 0) { + write (0, "\033[3;J", 5); /* Clear scroll-back buffer, + since Linux 3.0 */ + write (0, "\033c", 2); /* Reset */ + } sigaction (SIGHUP, &sa_old, NULL); } debian/patches/non-linux.patch0000664000000000000000000000124611755206206013576 0ustar Index: mingetty-1.08/mingetty.c =================================================================== --- mingetty-1.08.orig/mingetty.c 2012-05-01 12:46:14.828486093 +0100 +++ mingetty-1.08/mingetty.c 2012-05-17 15:34:27.326610315 +0100 @@ -47,6 +47,9 @@ /* some information about this host */ static struct utsname uts; /* the hostname */ +#ifndef MAXHOSTNAMELEN +#define MAXHOSTNAMELEN 64 +#endif static char hn[MAXHOSTNAMELEN + 1]; /* process and session ID of this program */ static pid_t pid, sid; @@ -235,7 +238,9 @@ printf ("%s", uts.machine); break; case 'o': +#ifdef __gnu_linux__ printf ("%s", uts.domainname); +#endif break; case 'd': case 't': debian/source/0002775000000000000000000000000011747737671010516 5ustar debian/source/format0000664000000000000000000000001411747737671011722 0ustar 3.0 (quilt) debian/watch0000664000000000000000000000007211755203567010233 0ustar version=3 http://sf.net/mingetty/mingetty-(.+)\.tar\.gz