
getty-ps 2.1.0b for linux 2.2 and higher			16-Apr-2004
(This *should* work with Linux 1.0.x, but I don't have a test system...)

Hello, everyone!  For those of you new to getty-ps, please allow me to
introduce myself.  I am Christine Jamison, and I am the current maintainer
of getty-ps.

A new release of getty-ps is now available.  There are no new features
in this release, as it is an emergency release, for a reported security
bug, CERT VU#342768.  This problem has also been reported as
SecurityFocus BID #2194, and CVE-2001-0119.  The problem occurs *ONLY*
when getty_ps (getty or uugetty) is put in "debug work file mode"
(either "#define SYSLOG" or "#define SYSLOG_DEBUG" is *NOT* present, and
Debug > 0), which should *NEVER* be done in production!  Current versions
(2.0.8 and above) come with getty/uugetty *not* configured this way by
default.  However, if it *should* get configured this way inadvertantly,
then this security bug would come out.  Please see the Change Log for the
details of the bug.

I expect to have a new release out in this summer (2004) with some really
nice new features!  Also, I have found several areas that I are not
talked about in the documentation, so I will be adding to the
documentation as well.  This release is *MANDITORY*, to fix the security
bug reported above.  (But, for the bug to be in production, somone would
have to be not paying attention!  But, a security bug is a security bug....)
Again, if you have been having problems with *any* previous release, I
strongly urge you to upgrade.  This release is upward compatible with all
previous releases.

For those of you who are unfamiliar with getty_ps, here are some of
its features:

	*  A versatile config file allows modems to be initialized
	   with a chat script similar to that used in uucp.

	*  Modems can be used as bi-directional lines.  Getty will
	   monitor a tty port and reset when another program frees
	   the line.

	*  Modems can be set up in "ringback" mode.  Ringback is a
	   special way of answering a modem call.  When in ringback
	   mode, getty will only answer the line when the phone rings
	   once or twice followed by a brief delay, and then rings again.  
	   This allows a single phone line to be used for data and
	   voice calls.

	*  Getty can be scheduled to be "on" and "off" during specified
	   time periods, allowing access to be restricted to certain
	   times (this option _finally_ works with timezones and
	   daylight savings time).

	*  Fidonet mailers are supported (the ifmail package is
	   required to take advantage of this feature).

I am late with the upcoming release, as I have been working on other
projects, and honing my C skills!  How often more than that releases
are made depends mostly on what problems I find and features I decide
to add.  I have all the (published) notes from Kris, but sugestions
from users would be most appreciated.  So, if you have any specific
features you would like to see, let me know!

A last comment about version IDs.  The way I will be assigning version IDs
is as follows:  X.Y.Z, followed by an optional letter.  If an important patch
needs to get out, then I will use the optional trailing letter.  All
patches will be cumulative (so that 2.0.9d includes the patches in 2.0.9a
thru 2.0.9c, *plus* 2.0.9d).  The next release will include all patches from
the previous release (that is, 2.0.10 will be 2.0.9, *plus* 2.0.9a thru
2.0.9d, *plus* whatever I was *planning* to put out in 2.0.10!)  The
expected progression of code and features will just increment the last
number.  If major code changes are done (but still upward compatable), then
the middle number will be incremented.  The first number will be incremented
*only* if a change occurs that makes the code *not* completely upward
compatable (like the format of a configuration file changes).

As always, if you have any problems with or questions about this software,
I would be happy to hear from you!  I *always* return e-mails, but not
always as soon as I would like! <grin>

Christine Jamison <getty-info@nwmagic.net>

