Update version to "NetBSD-ftpd 20230930" for changes:
- fix uninitialized memory usage in count_users()
- fix pam_set_item call with proper struct passed as PAM_SOCKADDR
Instead, internal struct sockinet was used. Because it's length is shorter
than sockaddr_storage, libpam was copying also memory outside of sockinet
struct.
If the file was previously empty, pids table is not set, the code however used
pids[0] which is uninitialized in this case. In some scenarios it may lead to
propagate garbage value from pids[0] to the file and cause writing outside of
allocated memory.
OK lukem@
Handle seteuid() failures. Per suggestion by Simon Josefsson.
Consistent logging and fatal exit if uid/gid switching fails.
Log correct errno if dataconn() fails.
Rename compiler-warning-disable variables from
GCC_NO_warning
to
CC_WNO_warning
where warning is the full warning name as used by the compiler.
GCC_NO_IMPLICIT_FALLTHRU is CC_WNO_IMPLICIT_FALLTHROUGH
Using the convention CC_compilerflag, where compilerflag
is based on the full compiler flag name.
GCC_NO_FORMAT_TRUNCATION -Wno-format-truncation (GCC 7/8)
GCC_NO_STRINGOP_TRUNCATION -Wno-stringop-truncation (GCC 8)
GCC_NO_STRINGOP_OVERFLOW -Wno-stringop-overflow (GCC 8)
GCC_NO_CAST_FUNCTION_TYPE -Wno-cast-function-type (GCC 8)
use these to turn off warnings for most GCC-8 complaints. many
of these are false positives, most of the real bugs are already
commited, or are yet to come.
we plan to introduce versions of (some?) of these that use the
"-Wno-error=" form, which still displays the warnings but does
not make it an error, and all of the above will be re-considered
as either being "fix me" (warning still displayed) or "warning
is wrong."
Update version to "NetBSD-ftpd 20180428" for changes:
- Fix violations of the sequence point rule.
- Check that stat and fstat succeed.
- Support blacklistd(8) hooks.
- Clear utmpx struct before writing it to wtmpx files.
- Fix directory stream leaks.
- Use explicit_memset(3) instead of memset(3) to clear password.
- Fix scope of variable. PR misc/50665.
- Ensure that closing socket exists. CID 603440.
- Add -f option to ftpd to stay in foreground with -D. PR bin/53221.
jkoshy