Return to plus.html CVS log | Up to [local] / www |
version 1.858, 2003/02/20 22:47:50 | version 1.859, 2003/02/22 23:52:02 | ||
---|---|---|---|
|
|
||
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> rejects non-existent interfaces in rules using dynamic interface syntax. | <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> rejects non-existent interfaces in rules using dynamic interface syntax. | ||
<li>Move /var/at files into /var/cron since <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=at&sektion=1">at(1)</a> is now a part of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cron&sektion=8">cron(8)</a>. | <li>Move /var/at files into /var/cron since <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=at&sektion=1">at(1)</a> is now a part of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cron&sektion=8">cron(8)</a>. | ||
<li>Fix support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> syntax (if)/24 (dynamic interface name translation with a network prefix.) | <li>Fix support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> syntax (if)/24 (dynamic interface name translation with a network prefix.) | ||
<li>Pull in from OpenSSL 0.9.7a a fix for a <a href="http://www.openssl.org/news/secadv_20030219.txt">timing-based attack</a> against CBC (assigned <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0078">CAN-2003-0078</a>.) | |||
<li><font color="#e00000"><strong>SECURITY FIX: February 22, 2003: In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=8">ssl(8)</a> an information leak can occur via timing by performing a MAC computation even if incorrrect block cipher padding has been found. This fix is a countermeasure against active attacks where the attacker has to distinguish between bad padding and a MAC verification error. (CAN-2003-0078). Also, check for negative sizes in memory allocation routines.</strong></font><br> | |||
<a href="errata.html#ssl">A source code patch is available</a>.<br> | |||
<a href="stable.html"><font color=#00b000>[Applied to stable]</font></a> | |||
<li>Add a counter for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a> showing how often <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipcomp&sektion=4">ipcomp(4)</a> was skipped because the packet size was below the compression threshold. | <li>Add a counter for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a> showing how often <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipcomp&sektion=4">ipcomp(4)</a> was skipped because the packet size was below the compression threshold. | ||
<li>Fix a buffer overflow in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> on 64-bit platforms. | <li>Fix a buffer overflow in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> on 64-bit platforms. | ||
<li>Stability updates to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vr&sektion=4">vr(4)</a>. | <li>Stability updates to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vr&sektion=4">vr(4)</a>. | ||
|
|
||
<li>When outputting raw IP and generating the header manually, make sure the packet is large enough for a full IP header. | <li>When outputting raw IP and generating the header manually, make sure the packet is large enough for a full IP header. | ||
<!-- ^ 20030215 --> | <!-- ^ 20030215 --> | ||
<li>Fix an mbuf leak in IPv6 TCP. | <li>Fix an mbuf leak in IPv6 TCP. | ||
<a href="stable.html"><font color=#00b000>[Applied to stable]</font></a> | |||
<li>Now that <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> tables spring into existence on demand, remove the unnecessary '-T create' option. | <li>Now that <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> tables spring into existence on demand, remove the unnecessary '-T create' option. | ||
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=arc4random&sektion=3">arc4random(3)</a> stir the pool when the caller's pid changes. | <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=arc4random&sektion=3">arc4random(3)</a> stir the pool when the caller's pid changes. | ||
<li>Add 'scrub in all no-df' to the initial <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a> installed by /etc/rc. This helps diskless booters using Linux NFS servers. | <li>Add 'scrub in all no-df' to the initial <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a> installed by /etc/rc. This helps diskless booters using Linux NFS servers. |