--- /dev/null
+--- getty_ps-2.0.7j/man/getty.1.hangup Sat Jun 10 13:28:58 2000
++++ getty_ps-2.0.7j/man/getty.1 Sat Jun 10 13:30:50 2000
+@@ -24,7 +24,9 @@
+ .B /etc/getty
+ [\-d
+ .I defaults_file]
+-[\-a] [\-h] [\-r
++[\-a] [\-h] [\-H
++.I hangupsecs]
++[\-r
+ .I delay]
+ [\-t
+ .I timeout]
+@@ -118,7 +120,12 @@
+ flag (or
+ .B HANGUP=NO
+ is specified in the defaults file), it will force a hangup on the line
+-by setting the speed to zero. Giving
++by setting the speed to zero. You can specify the amount of time
++to leave the line on-hook during a hangup by specifying the
++.B \-H
++flag followed by a number of seconds (or using
++.BI HANGUPSECS = hangupsecs
++in the defaults file). Giving
+ .B \-r
+ .I delay
+ on the command line (or using
+--- getty_ps-2.0.7j/main.c.hangup Sat Jun 10 13:23:59 2000
++++ getty_ps-2.0.7j/main.c Sat Jun 10 13:28:11 2000
+@@ -184,7 +184,7 @@
+ waitfor = (char *) NULL; /* no waitfor string */
+ Connect = (char *) NULL; /* no connect string */
+ defname = (char *) NULL; /* no defaults file */
+-
++ HangUpSecs = 2; /* # of seconds to hangup the line */
+ #ifdef ISSUE
+ issue = ISSUE; /* login banner */
+ #endif /* ISSUE */
+@@ -313,7 +313,7 @@
+ /* first, the command line
+ */
+
+- while((c = getopt(count, args, "RC:D:ac:d:hr:t:w:")) != EOF) {
++ while((c = getopt(count, args, "RC:D:ac:d:hr:t:w:H:")) != EOF) {
+ switch(c) {
+ #ifdef RBGETTY
+ case 'R':
+@@ -355,6 +355,9 @@
+ waitchar = TRUE;
+ waitfor = optarg;
+ break;
++ case 'H':
++ HangUpSecs = (unsigned) atoi(optarg);
++ break;
+ case '?':
+ exit_usage(2);
+ }
+@@ -432,6 +435,12 @@
+ NoHangUp = TRUE;
+ if((p = defvalue(def, "WAITCHAR")) && (strequal(p, "YES")))
+ waitchar = TRUE;
++ if((p = defvalue(def, "HANGUPSECS")))
++ HangUpSecs = (unsigned) atoi(p);
++ if (HangUpSecs < 2 || HangUpSecs > 600) {
++ logerr("Value for HANGUPSECS on %s should be between 2 and 600 secs", Device);
++ HangUpSecs = 2;
++ }
+ if((p = defvalue(def, "DELAY"))) delay = (unsigned) atoi(p);
+ if((p = defvalue(def, "TIMEOUT"))) TimeOut = atoi(p);
+ if((p = defvalue(def, "CONNECT"))) Connect = p;
+@@ -666,7 +675,7 @@
+ termio.c_cflag |= B0;
+ }
+ (void) ioctl(fd, TCSETSF, &termio);
+- if(! NoHangUp) sleep(2);
++ if(! NoHangUp) sleep(HangUpSecs);
+ gtab = gtabvalue(GtabId, G_FORCE);
+ settermio(&(gtab->itermio), INITIAL);
+ #ifndef GDB_FRIENDLY
+--- getty_ps-2.0.7j/extern.h.hangup Sat Jun 10 13:28:16 2000
++++ getty_ps-2.0.7j/extern.h Sat Jun 10 13:28:45 2000
+@@ -54,6 +54,7 @@
+ EXTERN char *SysName; /* nodename of system */
+ EXTERN int TimeOut; /* timeout value from command line */
+ EXTERN char *Version; /* value of VERSION */
++EXTERN int HangUpSecs; /* Number of seconds to hang up the line */
+
+ #ifdef WARNCASE
+ EXTERN boolean WarnCase; /* controls display of bad case message */
--- /dev/null
+From vendor-sec-owner@ns.caldera.de Fri Dec 29 13:24:23 2000
+Return-Path: <vendor-sec-owner@ns.caldera.de>
+Received: from lacrosse.corp.redhat.com (IDENT:root@lacrosse.corp.redhat.com [207.175.42.154])
+ by devserv.devel.redhat.com (8.11.0/8.11.0) with ESMTP id eBTIONF14629;
+ Fri, 29 Dec 2000 13:24:23 -0500
+Received: from mail.redhat.com (mail.redhat.com [199.183.24.239])
+ by lacrosse.corp.redhat.com (8.9.3/8.9.3) with ESMTP id NAA16673
+ for <security@lacrosse.redhat.com>; Fri, 29 Dec 2000 13:24:22 -0500
+Received: from ns.caldera.de (ns.caldera.de [212.34.180.1])
+ by mail.redhat.com (8.11.0/8.8.7) with ESMTP id eBTIOLD01691
+ for <security@redhat.com>; Fri, 29 Dec 2000 13:24:21 -0500
+Received: (from daemon@localhost)
+ by ns.caldera.de (8.9.3/8.9.3) id TAA17031
+ for vendor-sec-real; Fri, 29 Dec 2000 19:09:48 +0100
+Received: (from daemon@localhost)
+ by ns.caldera.de (8.9.3/8.9.3) id TAA17022
+ for vendor-sec@lst.de; Fri, 29 Dec 2000 19:09:47 +0100
+Received: from UNKNOWN(216.161.55.93), claiming to be "blue.int.wirex.com"
+ via SMTP by ns.caldera.de, id smtpdmWA3S4; Fri Dec 29 19:09:41 2000
+Received: (from greg@localhost)
+ by blue.int.wirex.com (8.9.3/8.9.3) id KAA29894;
+ Fri, 29 Dec 2000 10:10:26 -0800
+Date: Fri, 29 Dec 2000 10:10:26 -0800
+From: Greg KH <greg@wirex.com>
+To: gleasokr@boulder.colorado.edu
+Cc: vendor-sec@lst.de, security@wirex.com
+Subject: temp file creation problem in getty_ps
+Message-ID: <20001229101026.F29373@wirex.com>
+Mime-Version: 1.0
+Content-Type: text/plain; charset=us-ascii
+Content-Disposition: inline
+User-Agent: Mutt/1.2.5i
+X-Operating-System: Linux 2.2.18-immunix (i686)
+Status: RO
+Content-Length: 1098
+
+Hi,
+
+In building Immunix Linux 7.0, we ran across the following problem in
+getty_ps 2.0.7j:
+
+The function makelock, in the file uufuncs.c creates temp files in an
+insecure way. The patch below, by Steve Beattie <steve@wirex.com>
+should fix this problem.
+
+thanks,
+
+greg k-h
+
+
+diff -ur getty_ps-2.0.7j-orig/uufuncs.c getty_ps-2.0.7j/uufuncs.c
+--- getty_ps-2.0.7j-orig/uufuncs.c Fri Dec 15 18:41:09 2000
++++ getty_ps-2.0.7j/uufuncs.c Fri Dec 15 18:53:49 2000
+@@ -74,7 +74,7 @@
+ char *name;
+ {
+ int fd, pid;
+- char *temp, buf[MAXLINE+1];
++ char temp[MAXLINE+1];
+ #ifdef ASCIIPID
+ char apid[16];
+ #endif /* ASCIIPID */
+@@ -86,12 +86,13 @@
+
+ /* first make a temp file
+ */
+- (void) sprintf(buf, LOCK, "TM.XXXXXX");
+- if ((fd = creat((temp=mktemp(buf)), 0444)) == FAIL) {
++ (void) sprintf(temp, LOCK, "TM.XXXXXX");
++ if ((fd = mkstemp(temp)) == FAIL) {
+ logerr("create failed on temp lockfile \"%s\": %s",
+ temp, strerror(errno));
+ return(FAIL);
+ }
++ fchmod(fd, 0444);
+ debug(D_LOCK, "temp = (%s)", temp);
+
+ /* put my pid in it
+
+--
+greg@(kroah|wirex).com
+http://immunix.org/~greg
+
+
--- /dev/null
+--- getty_ps-2.0.7j/tune.h.foo Wed Jan 31 16:51:53 2001
++++ getty_ps-2.0.7j/tune.h Wed Jan 31 16:52:02 2001
+@@ -24,7 +24,7 @@
+
+ /* Feature selection
+ */
+-#undef RBGETTY /* include ringback code */
++#define RBGETTY /* include ringback code */
+ #define SCHED /* include scheduler code */
+ #define DEBUG /* include debugging code */
+ #define LOGUTMP /* need to update utmp/wtmp files */
--- /dev/null
+--- getty_ps-2.0.7j/funcs.c.foo Sat Jun 10 13:19:30 2000
++++ getty_ps-2.0.7j/funcs.c Sat Jun 10 13:21:18 2000
+@@ -84,10 +84,10 @@
+ case 'D': /* date */
+ (void) time(&clock);
+ lt = localtime(&clock);
+- (void) sprintf(tbuf, "%d %s %02d",
++ (void) sprintf(tbuf, "%d %s %04d",
+ lt->tm_mday,
+ month_name[lt->tm_mon],
+- lt->tm_year);
++ 1900+lt->tm_year);
+ if (Fputs(tbuf, stream) == EOF)
+ return(EOF);
+ break;