version 1.837, 2002/07/31 22:56:49 |
version 1.838, 2002/08/02 23:22:24 |
|
|
|
|
<p> |
<p> |
<h3><font color=#0000e0>We are working on OpenBSD-current.</font></h3><p> |
<h3><font color=#0000e0>We are working on OpenBSD-current.</font></h3><p> |
The following list sums up (almost) all the changes made up to July 29. |
The following list sums up (almost) all the changes made up to August 1. |
<ul> |
<ul> |
|
|
|
<li>Add some overflow checks similar to the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=calloc&sektion=3">calloc(3)</a> patch to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>. |
|
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> support for certificate revocation lists. |
|
<!-- ^^^ 20020802 --> |
|
<li>Prevent integer overflow in i386 USER_LDT code. |
|
<li>Fix NFS's handling of zero-length RPC fragments. |
|
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> handles unlinking of a symlink correctly. |
|
<li>Limit file size to 2^31 * PAGE_SIZE in FFS code. |
|
<li>u_short -> u_int16_t in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mrouted&sektion=8">mtrouted(8)</a>. |
|
<!-- ^^^ 20020801 --> |
|
<li><strong><font color="#e00000">REVISED SECURITY FIX</font></strong> for the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xdr_array&sektion=3">xdr_array(3)</a> buffer overflow, see the <a href="errata.html#xdr">erratum</a>.<br> |
|
<a href="stable.html"><font color=#00b000>[Applied to stable]</font></a> |
|
<li>Spot zero-length keys or values in ypmatch_add(), and exit early. |
|
<li>Broken by the removal of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atexit&sektion=3">atexit(3)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chpass&sektion=1">chpass(1)</a> now cleans up after itself properly again. |
|
<li>Use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fork&sektion=2">fork(2)</a> instead of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vfork&sektion=2">vfork(2)</a> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=make&sektion=1">make(1)</a>. Fixes hppa breakage. |
|
<li>Back out the new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atexit&sektion=3">atexit(3)</a> handler changes which appear to break Perl somehow. Bugger. |
|
<li>Get <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=calloc&sektion=3">calloc(3)</a> semantics right, while still not allowing the size_t overflow.<br> |
|
<a href="stable.html"><font color=#00b000>[Applied to stable]</font></a> |
|
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> compilation without mod_ssl. |
|
<!-- ^^^ 20020731 --> |
|
<li>On i386, allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mprotect&sektion=2">mprotect(2)</a> to alter the execution protection of the stack. |
|
<li>Fix some more potential null pointer dereferences, this time in pfkey and netiso. |
|
<li>Plug a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a> file descriptor leak in the X server. |
|
<li>Have libc <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=opendir&sektion=3">opendir(3)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scandir&sektion=3">scandir(3)</a> check for size_t overflows like the new calloc(). |
|
<li>Like in libc, fix the calloc() implementation in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=named&sektion=8">named(8)</a> (only used by a feature disabled in OpenBSD.) |
|
<li>Lots of work on the sparc and sparc64 console drivers. |
|
<li>Kernel IPsec was only doing ESP integrity checks on NICs that had already done so in hardware... |
|
<li>Fix a typo that caused a potential null pointer dereference in kernel NFS. |
<li>New 'PermitUserEnvironment' option for SSH. Off by default. |
<li>New 'PermitUserEnvironment' option for SSH. Off by default. |
<li>Add 'with or without modification' clause to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gprof&sektion=1">gprof(1)</a> licensing. |
<li>Add 'with or without modification' clause to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gprof&sektion=1">gprof(1)</a> licensing. |
<li>Sync with OpenSSL 0.9.6e-0.9.7 <a href="http://www.openssl.org/news/patch_20020730_0_9_7.txt">CHANGES file</a>. |
<li>Sync with OpenSSL 0.9.6e-0.9.7 <a href="http://www.openssl.org/news/patch_20020730_0_9_7.txt">CHANGES file</a>. |
|
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>, allow TCP flags to be specified in all rules that include TCP (before the rules had to be exclusively TCP.) |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>, allow TCP flags to be specified in all rules that include TCP (before the rules had to be exclusively TCP.) |
<!-- ^^^ 20020730 --> |
<!-- ^^^ 20020730 --> |
<li>Fix a buffer overflow in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=backgammon&sektion=6">backgammon(6)</a>, and replace its gameplay algorithm. |
<li>Fix a buffer overflow in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=backgammon&sektion=6">backgammon(6)</a>, and replace its gameplay algorithm. |
<li>Kill a kernel tty memory leak. |
<li>Kill a kernel tty memory leak.<br> |
|
<a href="stable.html"><font color=#00b000>[Applied to stable]</font></a> |
<li>Super-cautious strcpy()->strlcpy() in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=exec&sektion=3">exec*(3)</a>. |
<li>Super-cautious strcpy()->strlcpy() in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=exec&sektion=3">exec*(3)</a>. |
<li>Return failure if the parameters given to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=calloc&sektion=3">calloc(3)</a> would cause an overflow of size_t.<br> |
<li>Return failure if the parameters given to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=calloc&sektion=3">calloc(3)</a> would cause an overflow of size_t.<br> |
<a href="stable.html"><font color=#00b000>[Applied to stable]</font></a> |
<a href="stable.html"><font color=#00b000>[Applied to stable]</font></a> |
|
|
<li>Add a timeout value to USB I/O calls, rather than having a systemwide timeout. |
<li>Add a timeout value to USB I/O calls, rather than having a systemwide timeout. |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> chroot() and drop root privileges by default. A lot module chroot fixes to come. |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> chroot() and drop root privileges by default. A lot module chroot fixes to come. |
<li>Add syscall aliasing to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> (e.g. stat/fstat/readlink/access/... become 'fsread'.) |
<li>Add syscall aliasing to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> (e.g. stat/fstat/readlink/access/... become 'fsread'.) |
<li>Some fixes to <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=umidi&sektion=4">umidi(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uscanner&sektion=4">uscanner(4)</a>. |
<li>Some fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=umidi&sektion=4">umidi(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uscanner&sektion=4">uscanner(4)</a>. |
<li>Add SMC 2206 support to <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=aue&sektion=4">aue(4)</a>. |
<li>Add SMC 2206 support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=aue&sektion=4">aue(4)</a>. |
<li>Fix a potential off-by-five error in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>. |
<li>Fix a potential off-by-five error in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> now accepts an interface in most of the places it can take an IP address, and picks up all the IPv4 and IPv6 addresses on that interface. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> now accepts an interface in most of the places it can take an IP address, and picks up all the IPv4 and IPv6 addresses on that interface. |
<!-- ^^^ 20020709 --> |
<!-- ^^^ 20020709 --> |