| version 1.81, 2019/05/27 22:55:19 |
version 1.82, 2019/05/28 16:32:42 |
|
|
| <hr> |
<hr> |
| |
|
| <ul> |
<ul> |
| <li id="cvs"> |
|
| <strong>022: SECURITY FIX: May 5, 2004</strong> |
<li id="realpath"> |
| |
<strong>001: SECURITY FIX: August 4, 2003</strong> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| Pathname validation problems have been found in |
An off-by-one error exists in the C library function |
| <a href="https://man.openbsd.org/OpenBSD-3.3/cvs.1">cvs(1)</a>, |
<a href="https://man.openbsd.org/OpenBSD-3.3/realpath.3">realpath(3)</a>. |
| allowing malicious clients to create files outside the repository, allowing |
Since this same bug resulted in a root compromise in the wu-ftpd ftp server |
| malicious servers to overwrite files outside the local CVS tree on |
it is possible that this bug may allow an attacker to gain escalated privileges |
| the client and allowing clients to check out files outside the CVS |
on OpenBSD.<br> |
| repository. |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/001_realpath.patch"> |
| <br> |
|
| <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/022_cvs.patch"> |
|
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <li id="openssl"> |
|
| <strong>021: RELIABILITY FIX: March 17, 2004</strong> |
<li id="semget"> |
| |
<strong>002: RELIABILITY FIX: August 20, 2003</strong> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| A missing check for a NULL-pointer dereference has been found in |
An improper bounds check in the |
| <a href="https://man.openbsd.org/OpenBSD-3.3/ssl.3">ssl(3)</a>. |
<a href="https://man.openbsd.org/OpenBSD-3.3/semget.2">semget(2)</a> |
| A remote attacker can use the bug to cause an OpenSSL application to crash; |
system call can allow a local user to cause a kernel panic.<br> |
| this may lead to a denial of service. |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/002_semget.patch"> |
| <br> |
|
| <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/021_openssl.patch"> |
|
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <li id="isakmpd2"> |
|
| <strong>020: RELIABILITY FIX: March 17, 2004</strong> |
<li id="sysvsem"> |
| |
<strong>003: SECURITY FIX: September 10, 2003</strong> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| Defects in the payload validation and processing functions of |
Root may be able to reduce the security level by taking advantage of |
| <a href="https://man.openbsd.org/OpenBSD-3.3/isakmpd.8">isakmpd(8)</a> |
an integer overflow when the semaphore limits are made very large.<br> |
| have been discovered. An attacker could send malformed ISAKMP messages and |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/003_sysvsem.patch"> |
| cause isakmpd to crash or to loop endlessly. This patch fixes these problems |
|
| and removes some memory leaks. |
|
| <br> |
|
| <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/020_isakmpd2.patch"> |
|
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <li id="httpd2"> |
|
| <strong>019: SECURITY FIX: March 13, 2004</strong> |
<li id="sshbuffer"> |
| |
<strong>004: SECURITY FIX: September 16, 2003</strong> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| Due to a bug in the parsing of Allow/Deny rules for |
All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. |
| <a href="https://man.openbsd.org/OpenBSD-3.3/httpd.8">httpd(8)'s</a> |
It is unclear whether or not this bug is exploitable.<br> |
| access module, using IP addresses without a netmask on big endian 64-bit |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/004_sshbuffer.patch"> |
| platforms causes the rules to fail to match. This only affects sparc64. |
|
| <br> |
|
| <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/019_httpd2.patch"> |
|
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| |
NOTE: this is the <em>second</em> revision of the patch that fixes an additional |
| |
problem. |
| <p> |
<p> |
| <li id="tcp"> |
|
| <strong>018: RELIABILITY FIX: March 8, 2004</strong> |
<li id="sendmail"> |
| |
<strong>005: SECURITY FIX: September 17, 2003</strong> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| OpenBSD's TCP/IP stack did not impose limits on how many out-of-order |
A buffer overflow in the address parsing in |
| TCP segments are queued in the system. An attacker could |
<a href="https://man.openbsd.org/OpenBSD-3.3/sendmail.8">sendmail(8)</a> |
| send out-of-order TCP segments and trick the system into using all |
may allow an attacker to gain root privileges.<br> |
| available memory buffers. |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/005_sendmail.patch"> |
| <br> |
|
| <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/018_tcp.patch"> |
|
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| |
NOTE: this is the <em>second</em> revision of the patch that fixes an additional |
| |
problem. |
| <p> |
<p> |
| <li id="font"> |
|
| <strong>017: RELIABILITY FIX: February 14, 2004</strong> |
<li id="pfnorm"> |
| |
<strong>006: SECURITY FIX: September 24, 2003</strong> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| Several buffer overflows exist in the code parsing |
Three cases of potential access to freed memory have been found in |
| font.aliases files in XFree86. Thanks to ProPolice, these cannot be |
<a href="https://man.openbsd.org/OpenBSD-3.3/pf.4">pf(4)</a>. |
| exploited to gain privileges, but they can cause the X server to abort. |
At least one of them could be used to panic pf with active scrub rules remotely.<br> |
| <br> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/006_pfnorm.patch"> |
| <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/017_font.patch"> |
|
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <li id="ip6"> |
|
| <strong>016: SECURITY FIX: February 8, 2004</strong> |
<li id="asn1"> |
| |
<strong>007: SECURITY FIX: October 1, 2003</strong> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| An IPv6 MTU handling problem exists that could be used by an attacker |
The use of certain ASN.1 encodings or malformed public keys may allow an |
| to cause a denial of service attack against hosts with reachable IPv6 |
attacker to mount a denial of service attack against applications linked with |
| TCP ports. |
<a href="https://man.openbsd.org/OpenBSD-3.3/ssl.3">ssl(3)</a>. |
| <br> |
This does not affect OpenSSH.<br> |
| <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/016_ip6.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/007_asn1.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <li id="sysvshm"> |
|
| <strong>015: SECURITY FIX: February 5, 2004</strong> |
<li id="arp"> |
| |
<strong>008: RELIABILITY FIX: October 1, 2003</strong> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| A reference counting bug exists in the |
It is possible for a local user to cause a system panic by flooding it with spoofed ARP |
| <a href="https://man.openbsd.org/OpenBSD-3.3/shmat.2">shmat(2)</a> |
requests.<br> |
| system call that could be used by an attacker to write to kernel memory |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/008_arp.patch"> |
| under certain circumstances. |
|
| <br> |
|
| <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/015_sysvshm.patch"> |
|
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <li id="isakmpd"> |
|
| <strong>014: SECURITY FIX: January 15, 2004</strong> |
<li id="httpd"> |
| |
<strong>009: RELIABILITY FIX: October 29, 2003</strong> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| Several message handling flaws in |
A user with write permission to <code>httpd.conf</code> or a <code>.htaccess</code> |
| <a href="https://man.openbsd.org/OpenBSD-3.3/isakmpd.8">isakmpd(8)</a> |
file can crash |
| have been reported by Thomas Walpuski. These allow an attacker to delete arbitrary SAs. |
<a href="https://man.openbsd.org/OpenBSD-3.3/httpd.8">httpd(8)</a> |
| |
or potentially run arbitrary code as the user <code>www</code> (although it |
| |
is believed that ProPolice will prevent code execution). |
| <br> |
<br> |
| <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/014_isakmpd.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/009_httpd.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <li id="sem"> |
|
| <strong>013: RELIABILITY FIX: November 20, 2003</strong> |
<li id="exec"> |
| |
<strong>010: RELIABILITY FIX: November 4, 2003</strong> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| An improper bounds check makes it possible for a local user to cause a crash |
It is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header. |
| by passing the |
|
| <a href="https://man.openbsd.org/OpenBSD-3.3/semctl.2">semctl(2)</a> and |
|
| <a href="https://man.openbsd.org/OpenBSD-3.3/semop.2">semop(2)</a> functions |
|
| certain arguments. |
|
| <br> |
<br> |
| <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/013_sem.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/010_exec.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <li id="uvm"> |
|
| <strong>012: RELIABILITY FIX: November 20, 2003</strong> |
|
| <i>All architectures</i><br> |
|
| It is possible for a local user to cause a crash via |
|
| <a href="https://man.openbsd.org/OpenBSD-3.3/sysctl.3">sysctl(3)</a> with certain arguments.<br> |
|
| <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/012_uvm.patch"> |
|
| A source code patch exists which remedies this problem.</a> |
|
| <p> |
|
| <li id="ibcs2"> |
<li id="ibcs2"> |
| <strong>011: SECURITY FIX: November 17, 2003</strong> |
<strong>011: SECURITY FIX: November 17, 2003</strong> |
| <i>i386 only</i><br> |
<i>i386 only</i><br> |
|
|
| <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/i386/011_ibcs2.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/i386/011_ibcs2.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <li id="exec"> |
|
| <strong>010: RELIABILITY FIX: November 4, 2003</strong> |
<li id="uvm"> |
| |
<strong>012: RELIABILITY FIX: November 20, 2003</strong> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| It is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header. |
It is possible for a local user to cause a crash via |
| |
<a href="https://man.openbsd.org/OpenBSD-3.3/sysctl.3">sysctl(3)</a> with certain arguments.<br> |
| |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/012_uvm.patch"> |
| |
A source code patch exists which remedies this problem.</a> |
| |
<p> |
| |
|
| |
<li id="sem"> |
| |
<strong>013: RELIABILITY FIX: November 20, 2003</strong> |
| |
<i>All architectures</i><br> |
| |
An improper bounds check makes it possible for a local user to cause a crash |
| |
by passing the |
| |
<a href="https://man.openbsd.org/OpenBSD-3.3/semctl.2">semctl(2)</a> and |
| |
<a href="https://man.openbsd.org/OpenBSD-3.3/semop.2">semop(2)</a> functions |
| |
certain arguments. |
| <br> |
<br> |
| <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/010_exec.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/013_sem.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <li id="httpd"> |
|
| <strong>009: RELIABILITY FIX: October 29, 2003</strong> |
<li id="isakmpd"> |
| |
<strong>014: SECURITY FIX: January 15, 2004</strong> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| A user with write permission to <code>httpd.conf</code> or a <code>.htaccess</code> |
Several message handling flaws in |
| file can crash |
<a href="https://man.openbsd.org/OpenBSD-3.3/isakmpd.8">isakmpd(8)</a> |
| <a href="https://man.openbsd.org/OpenBSD-3.3/httpd.8">httpd(8)</a> |
have been reported by Thomas Walpuski. These allow an attacker to delete arbitrary SAs. |
| or potentially run arbitrary code as the user <code>www</code> (although it |
|
| is believed that ProPolice will prevent code execution). |
|
| <br> |
<br> |
| <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/009_httpd.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/014_isakmpd.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <li id="arp"> |
|
| <strong>008: RELIABILITY FIX: October 1, 2003</strong> |
<li id="sysvshm"> |
| |
<strong>015: SECURITY FIX: February 5, 2004</strong> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| It is possible for a local user to cause a system panic by flooding it with spoofed ARP |
A reference counting bug exists in the |
| requests.<br> |
<a href="https://man.openbsd.org/OpenBSD-3.3/shmat.2">shmat(2)</a> |
| <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/008_arp.patch"> |
system call that could be used by an attacker to write to kernel memory |
| |
under certain circumstances. |
| |
<br> |
| |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/015_sysvshm.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <li id="asn1"> |
|
| <strong>007: SECURITY FIX: October 1, 2003</strong> |
<li id="ip6"> |
| |
<strong>016: SECURITY FIX: February 8, 2004</strong> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| The use of certain ASN.1 encodings or malformed public keys may allow an |
An IPv6 MTU handling problem exists that could be used by an attacker |
| attacker to mount a denial of service attack against applications linked with |
to cause a denial of service attack against hosts with reachable IPv6 |
| <a href="https://man.openbsd.org/OpenBSD-3.3/ssl.3">ssl(3)</a>. |
TCP ports. |
| This does not affect OpenSSH.<br> |
<br> |
| <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/007_asn1.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/016_ip6.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <li id="pfnorm"> |
|
| <strong>006: SECURITY FIX: September 24, 2003</strong> |
<li id="font"> |
| |
<strong>017: RELIABILITY FIX: February 14, 2004</strong> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| Three cases of potential access to freed memory have been found in |
Several buffer overflows exist in the code parsing |
| <a href="https://man.openbsd.org/OpenBSD-3.3/pf.4">pf(4)</a>. |
font.aliases files in XFree86. Thanks to ProPolice, these cannot be |
| At least one of them could be used to panic pf with active scrub rules remotely.<br> |
exploited to gain privileges, but they can cause the X server to abort. |
| <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/006_pfnorm.patch"> |
<br> |
| |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/017_font.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <li id="sendmail"> |
|
| <strong>005: SECURITY FIX: September 17, 2003</strong> |
<li id="tcp"> |
| |
<strong>018: RELIABILITY FIX: March 8, 2004</strong> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| A buffer overflow in the address parsing in |
OpenBSD's TCP/IP stack did not impose limits on how many out-of-order |
| <a href="https://man.openbsd.org/OpenBSD-3.3/sendmail.8">sendmail(8)</a> |
TCP segments are queued in the system. An attacker could |
| may allow an attacker to gain root privileges.<br> |
send out-of-order TCP segments and trick the system into using all |
| <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/005_sendmail.patch"> |
available memory buffers. |
| |
<br> |
| |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/018_tcp.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| NOTE: this is the <em>second</em> revision of the patch that fixes an additional |
|
| problem. |
|
| <p> |
<p> |
| <li id="sshbuffer"> |
|
| <strong>004: SECURITY FIX: September 16, 2003</strong> |
<li id="httpd2"> |
| |
<strong>019: SECURITY FIX: March 13, 2004</strong> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. |
Due to a bug in the parsing of Allow/Deny rules for |
| It is unclear whether or not this bug is exploitable.<br> |
<a href="https://man.openbsd.org/OpenBSD-3.3/httpd.8">httpd(8)'s</a> |
| <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/004_sshbuffer.patch"> |
access module, using IP addresses without a netmask on big endian 64-bit |
| |
platforms causes the rules to fail to match. This only affects sparc64. |
| |
<br> |
| |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/019_httpd2.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| NOTE: this is the <em>second</em> revision of the patch that fixes an additional |
|
| problem. |
|
| <p> |
<p> |
| <li id="sysvsem"> |
|
| <strong>003: SECURITY FIX: September 10, 2003</strong> |
<li id="isakmpd2"> |
| |
<strong>020: RELIABILITY FIX: March 17, 2004</strong> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| Root may be able to reduce the security level by taking advantage of |
Defects in the payload validation and processing functions of |
| an integer overflow when the semaphore limits are made very large.<br> |
<a href="https://man.openbsd.org/OpenBSD-3.3/isakmpd.8">isakmpd(8)</a> |
| <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/003_sysvsem.patch"> |
have been discovered. An attacker could send malformed ISAKMP messages and |
| |
cause isakmpd to crash or to loop endlessly. This patch fixes these problems |
| |
and removes some memory leaks. |
| |
<br> |
| |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/020_isakmpd2.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <li id="semget"> |
|
| <strong>002: RELIABILITY FIX: August 20, 2003</strong> |
<li id="openssl"> |
| |
<strong>021: RELIABILITY FIX: March 17, 2004</strong> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| An improper bounds check in the |
A missing check for a NULL-pointer dereference has been found in |
| <a href="https://man.openbsd.org/OpenBSD-3.3/semget.2">semget(2)</a> |
<a href="https://man.openbsd.org/OpenBSD-3.3/ssl.3">ssl(3)</a>. |
| system call can allow a local user to cause a kernel panic.<br> |
A remote attacker can use the bug to cause an OpenSSL application to crash; |
| <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/002_semget.patch"> |
this may lead to a denial of service. |
| |
<br> |
| |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/021_openssl.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| <li id="realpath"> |
|
| <strong>001: SECURITY FIX: August 4, 2003</strong> |
<li id="cvs"> |
| |
<strong>022: SECURITY FIX: May 5, 2004</strong> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| An off-by-one error exists in the C library function |
Pathname validation problems have been found in |
| <a href="https://man.openbsd.org/OpenBSD-3.3/realpath.3">realpath(3)</a>. |
<a href="https://man.openbsd.org/OpenBSD-3.3/cvs.1">cvs(1)</a>, |
| Since this same bug resulted in a root compromise in the wu-ftpd ftp server |
allowing malicious clients to create files outside the repository, allowing |
| it is possible that this bug may allow an attacker to gain escalated privileges |
malicious servers to overwrite files outside the local CVS tree on |
| on OpenBSD.<br> |
the client and allowing clients to check out files outside the CVS |
| <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/001_realpath.patch"> |
repository. |
| |
<br> |
| |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/022_cvs.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
![[BACK]](/icons/back.gif){kind=icon}
Return to errata33.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www