version 1.354, 1998/11/11 16:31:35 |
version 1.355, 1998/11/11 23:59:56 |
|
|
<li>Update to ncurses-4.2-980801. |
<li>Update to ncurses-4.2-980801. |
<li>Use SO_REUSEADDR in lpd(8) in case it is restarted by hand. |
<li>Use SO_REUSEADDR in lpd(8) in case it is restarted by hand. |
<li>Crank tun(4) MTU to 16K. |
<li>Crank tun(4) MTU to 16K. |
<li><font color=#e00000><strong>Set the close-on-exec flag in two descriptors owned by chpass(8). This fixes a security problem. <a href=errata.html#chpass>A patch which solves the problem is available</a></strong></font>. |
<li><font color=#e00000><strong>Set the close-on-exec flag in two descriptors owned by chpass(8). This fixes a security problem. <a href=errata23.html#chpass>A patch which solves the problem is available</a></strong></font>. |
<li>Improve ipsecadm(8). |
<li>Improve ipsecadm(8). |
<li>Fix some ipsec bugs related to IP-in-IP. |
<li>Fix some ipsec bugs related to IP-in-IP. |
<li>Fix some disklabel(8) bugs. |
<li>Fix some disklabel(8) bugs. |
|
|
<li>Make dump(8) work against filesystems not listed in fstab(5). |
<li>Make dump(8) work against filesystems not listed in fstab(5). |
<li>Rename libtelnet functions getent and getstr to avoid curses conflicts. |
<li>Rename libtelnet functions getent and getstr to avoid curses conflicts. |
<li>Disable all ISA PNP devices before doing the ISA scan. This works around BIOS's which pre-map ISA PNP devices into known locations. |
<li>Disable all ISA PNP devices before doing the ISA scan. This works around BIOS's which pre-map ISA PNP devices into known locations. |
<li>Correct panics and EINVAL returning cases in iovec using code. <a href=errata.html#resid>A patch for this problem exists.</a> |
<li>Correct panics and EINVAL returning cases in iovec using code. <a href=errata23.html#resid>A patch for this problem exists.</a> |
<li>Fix battery remaining support in i386 apm. |
<li>Fix battery remaining support in i386 apm. |
<li>Add i386 apm(4) manpage. |
<li>Add i386 apm(4) manpage. |
<li>Fix mkstemp() calling code in libc/db/hash. |
<li>Fix mkstemp() calling code in libc/db/hash. |
|
|
<li>Update to Lite2 getenv(), which returns NULL for getenv(NULL). |
<li>Update to Lite2 getenv(), which returns NULL for getenv(NULL). |
<li>Fix a problem with the PCI ncr(4) driver if many scsi devices were in use. |
<li>Fix a problem with the PCI ncr(4) driver if many scsi devices were in use. |
<li>Improve db cache sizing heuristic in pwd_mkdb(8). |
<li>Improve db cache sizing heuristic in pwd_mkdb(8). |
<li><font color=#e00000><strong>Close a file descriptor leak in inetd(8). <a href=errata.html#inetd>A patch which solves the problem is available</a></strong></font>. |
<li><font color=#e00000><strong>Close a file descriptor leak in inetd(8). <a href=errata23.html#inetd>A patch which solves the problem is available</a></strong></font>. |
<li>Fix dump(8) to return exit code 1 for startup failures, as documented. |
<li>Fix dump(8) to return exit code 1 for startup failures, as documented. |
<li>Improve performance of getpwent(3) in a YP environment. |
<li>Improve performance of getpwent(3) in a YP environment. |
<li>Improve performance of pwd_mkdb(8). |
<li>Improve performance of pwd_mkdb(8). |
<li>More buffer overflow fixes in libpcap and such. |
<li>More buffer overflow fixes in libpcap and such. |
<li>Fix "mount /mnt /mnt" so that it does not panic the machine. |
<li>Fix "mount /mnt /mnt" so that it does not panic the machine. |
<li>cvs 1.9.28. |
<li>cvs 1.9.28. |
<li>Fix locking code in unionfs. This fixes a serious problem in unionfs. <a href=errata.html#unionfs>A patch is available</a>. |
<li>Fix locking code in unionfs. This fixes a serious problem in unionfs. <a href=errata23.html#unionfs>A patch is available</a>. |
<li>In ftpd, handle non-existant users as login now does -- sleep a while. |
<li>In ftpd, handle non-existant users as login now does -- sleep a while. |
<li>In the S3 audio driver, map additional registers at open() time instead of attach() time. |
<li>In the S3 audio driver, map additional registers at open() time instead of attach() time. |
<li>Use SEEK_SET and friends instead of L_SET and such, throughout the tree. |
<li>Use SEEK_SET and friends instead of L_SET and such, throughout the tree. |
|
|
<li>Fix <strong>fxp</strong> driver so that it works on buggy cards. |
<li>Fix <strong>fxp</strong> driver so that it works on buggy cards. |
<li>In make(1), fix bug for targets that began with "." and underwent suffix conversion. |
<li>In make(1), fix bug for targets that began with "." and underwent suffix conversion. |
<li>Fix "mv b/ a" for the case when "a" is a directory. |
<li>Fix "mv b/ a" for the case when "a" is a directory. |
<li><font color=#e00000><strong>Ensure setuid and setgid processes are not started with fd slots 0, 1, or 2 empty. The previous behaviour has security consequences. <a href=errata.html#fdalloc>A patch which solves the problem is available</a></strong></font>. |
<li><font color=#e00000><strong>Ensure setuid and setgid processes are not started with fd slots 0, 1, or 2 empty. The previous behaviour has security consequences. <a href=errata23.html#fdalloc>A patch which solves the problem is available</a></strong></font>. |
<li>In man(1), when a man page cannot be found in a specified section, indicate which section the failure happened in. |
<li>In man(1), when a man page cannot be found in a specified section, indicate which section the failure happened in. |
<li>Add new strlcpy(3) and strlcat(3) interfaces for simple bounded string copies. |
<li>Add new strlcpy(3) and strlcat(3) interfaces for simple bounded string copies. |
<li>Add new mkstemps(3) interface which is basically mkstemp(3) but with suffix support. |
<li>Add new mkstemps(3) interface which is basically mkstemp(3) but with suffix support. |
<li>Fix LED update lockup bugs in the i386 console driver (pcvt). <a href=errata.html#pcvt>A patch is available which fixes this problem</a></strong></font>. |
<li>Fix LED update lockup bugs in the i386 console driver (pcvt). <a href=errata23.html#pcvt>A patch is available which fixes this problem</a></strong></font>. |
<li>Further improvements to photurisd(8). |
<li>Further improvements to photurisd(8). |
<li>Fix kvm_read(3) return values. |
<li>Fix kvm_read(3) return values. |
<li>Overflow fix in ksh(1). |
<li>Overflow fix in ksh(1). |
|
|
<li>Various fixes to ftp(1). |
<li>Various fixes to ftp(1). |
<li>Make getty(8) default to 8 bit mode. |
<li>Make getty(8) default to 8 bit mode. |
<li>Autodetect ATAPI cdrom drives that do not support ATAPI_READ_CD_CAPACITY. |
<li>Autodetect ATAPI cdrom drives that do not support ATAPI_READ_CD_CAPACITY. |
<li>The following patch was deleted later, ignore it: <font color=#e00000><strong>If a process is being ptraced, do not permit execution of an immutable binary, also, if a process is running an immutable binary, do not permit ptrace. This can be a security issue. <a href=errata.html#ptrace>A patch is available which fixes this problem</a></strong></font>. |
<li>The following patch was deleted later, ignore it: <font color=#e00000><strong>If a process is being ptraced, do not permit execution of an immutable binary, also, if a process is running an immutable binary, do not permit ptrace. This can be a security issue. <a href=errata23.html#ptrace>A patch is available which fixes this problem</a></strong></font>. |
<li><font color=#e00000><strong>Various fixes to the i386 pctr(4) driver -- previously any user could crash most non-Intel processors.<a href=errata.html#pctr>Fixes for 2.2 and 2.3 are detailed here</a></strong></font>. |
<li><font color=#e00000><strong>Various fixes to the i386 pctr(4) driver -- previously any user could crash most non-Intel processors.<a href=errata23.html#pctr>Fixes for 2.2 and 2.3 are detailed here</a></strong></font>. |
<li>Various new smtpd(8) fixes. |
<li>Various new smtpd(8) fixes. |
<li>Change all modifications of struct sigaction's sa_mask field to use sigsetops(3). |
<li>Change all modifications of struct sigaction's sa_mask field to use sigsetops(3). |
<li>Teach adduser(8) about the /sbin/nologin shell. |
<li>Teach adduser(8) about the /sbin/nologin shell. |
|
|
<li>Install gdb(1) info pages. |
<li>Install gdb(1) info pages. |
<li>New distribution install notes that use m4 instead of cpp for formatting. |
<li>New distribution install notes that use m4 instead of cpp for formatting. |
<li>In gdb, do not use 4.3 compatibility tty ioctl() calls. |
<li>In gdb, do not use 4.3 compatibility tty ioctl() calls. |
<li><font color=#e00000><strong>Constrain how kill(2) operates against target processes that are running setuid. The previous unrestricted behaviour may have had security consequences. <a href=errata.html#kill>The 4th revision of a patch which solves the problem is available</a></strong></font>. |
<li><font color=#e00000><strong>Constrain how kill(2) operates against target processes that are running setuid. The previous unrestricted behaviour may have had security consequences. <a href=errata23.html#kill>The 4th revision of a patch which solves the problem is available</a></strong></font>. |
<li>Fix a free() related bug in csh(1). |
<li>Fix a free() related bug in csh(1). |
<li>Fix a memory trashing bug in the IPSEC SPI chain delete function. |
<li>Fix a memory trashing bug in the IPSEC SPI chain delete function. |
<li>Fix acct(2) to work with append-only files. |
<li>Fix acct(2) to work with append-only files. |
|
|
<li>Make perl(1) support calls to lockf(3) now that we have it. |
<li>Make perl(1) support calls to lockf(3) now that we have it. |
<li>Disable dynamic loading in the mips version of perl(1). |
<li>Disable dynamic loading in the mips version of perl(1). |
<li>Make size(1) work on files created via <strong>ld -Z</strong>. |
<li>Make size(1) work on files created via <strong>ld -Z</strong>. |
<li><font color=#e00000><strong>A possible new security problem exists if you rely on securelevels and immutable or append-only files or character devices. The fix does not permit mmap'ing of immutable or append-only files which are otherwise writeable, as the VM system will bypass the meaning of the file flags when writes happen to the file. <a href=errata.html#immutable>A patch exists which solves the problem</a></strong></font>. |
<li><font color=#e00000><strong>A possible new security problem exists if you rely on securelevels and immutable or append-only files or character devices. The fix does not permit mmap'ing of immutable or append-only files which are otherwise writeable, as the VM system will bypass the meaning of the file flags when writes happen to the file. <a href=errata23.html#immutable>A patch exists which solves the problem</a></strong></font>. |
<li>Niklas is taking a shot at making our cross compiler toolset sufficient for a full cross compile of the vax port. |
<li>Niklas is taking a shot at making our cross compiler toolset sufficient for a full cross compile of the vax port. |
<li>Fix a file parsing overflow in kdb_util(8). |
<li>Fix a file parsing overflow in kdb_util(8). |
<li>Make config(8) store the first free unit number in its tables so that pcmcia device re-insertion can come back to the same unit number. |
<li>Make config(8) store the first free unit number in its tables so that pcmcia device re-insertion can come back to the same unit number. |
|
|
<li>Enable <strong>#pragma pack</strong> and <strong>#pragma weak</strong> support in gcc. |
<li>Enable <strong>#pragma pack</strong> and <strong>#pragma weak</strong> support in gcc. |
<li>Fix at least one remotely activated buffer overflow in lynx(1). |
<li>Fix at least one remotely activated buffer overflow in lynx(1). |
<li>Add information about more deviant scsi devices. |
<li>Add information about more deviant scsi devices. |
<li><font color=#e00000><strong>A security issue exists in 2.2 and 2.3. A lacking test for invalid padding length in IPSEC packets can cause a remote attack possibility if IPSEC is in use. <a href=errata.html#ipsec>A patch exists which solves the problem</a>. <a href=errata22.html#ipsec>(A similar patch exists for OpenBSD 2.2)</a></strong></font>. |
<li><font color=#e00000><strong>A security issue exists in 2.2 and 2.3. A lacking test for invalid padding length in IPSEC packets can cause a remote attack possibility if IPSEC is in use. <a href=errata23.html#ipsec>A patch exists which solves the problem</a>. <a href=errata22.html#ipsec>(A similar patch exists for OpenBSD 2.2)</a></strong></font>. |
<li>Fix a select(3) bug in syslogd(8). |
<li>Fix a select(3) bug in syslogd(8). |
<li>In the hp300 port, use actual code to determine how fast the 68040 cpu is running. |
<li>In the hp300 port, use actual code to determine how fast the 68040 cpu is running. |
<li>Add libossaudio(3) to the source tree. |
<li>Add libossaudio(3) to the source tree. |
<li>In mail(1), do not attempt to remove a mail spool since directory write permission may not exist. Instead, simply truncate it. |
<li>In mail(1), do not attempt to remove a mail spool since directory write permission may not exist. Instead, simply truncate it. |
<li><font color=#e00000><strong>xterm(1) and libXaw contain security issues due to buffer mismanagement. <a href=errata.html#xterm-xaw>A patch exists which solves the problem</a>. <a href=errata22.html#xterm-xaw>(A similar patch which solves the problem for OpenBSD 2.2 also exists)</a></strong></font>. |
<li><font color=#e00000><strong>xterm(1) and libXaw contain security issues due to buffer mismanagement. <a href=errata23.html#xterm-xaw>A patch exists which solves the problem</a>. <a href=errata22.html#xterm-xaw>(A similar patch which solves the problem for OpenBSD 2.2 also exists)</a></strong></font>. |
<li>Permit relative adjustments in mixerctl(1) using +/- prefixes. |
<li>Permit relative adjustments in mixerctl(1) using +/- prefixes. |
<li>msdosfs in FAT32 mode would hang during a write. |
<li>msdosfs in FAT32 mode would hang during a write. |
<li>Fix ZIP drive use on the hp300. |
<li>Fix ZIP drive use on the hp300. |