version 1.887, 2003/09/15 21:51:02 |
version 1.888, 2003/09/23 21:49:10 |
|
|
|
|
<p> |
<p> |
<h3><font color="#0000e0">We are working on OpenBSD-current.</font></h3><p> |
<h3><font color="#0000e0">We are working on OpenBSD-current.</font></h3><p> |
The following list sums up (almost) all the changes made up to September 10. |
The following list sums up (almost) all the changes made up to September 17. |
<p> |
<p> |
|
|
<ul> |
<ul> |
|
<li><font color="#e00000"><strong>SECURITY FIX: A buffer overflow in the address parsing in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a> may allow an attacker to gain root privileges.</strong></font><br> |
|
<a href="errata.html#sendmail">A source code patch is available</a>.<br> |
|
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> |
|
<!-- ^ 20030917 --> |
|
<li>Bump OpenSSH version to 3.7.1 after the buffer management fixes. |
|
<li><font color="#e00000"><strong>SECURITY FIX: All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error.</strong></font> It is unclear whether or not this bug is exploitable.<br> |
|
<a href="errata.html#sshbuffer">A source code patch is available</a>.<br> |
|
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> |
|
<!-- ^ 20030916 --> |
|
<!-- ^ 20030915 --> |
|
<!-- ^ 20030914 --> |
|
<!-- ^ 20030913 --> |
|
<!-- ^ 20030912 --> |
|
<li>On i386, don't try to enable EDD support if the BIOS doesn't support extended disk access. |
|
<!-- ^ 20030911 --> |
<!-- ^ 20030910 --> |
<!-- ^ 20030910 --> |
<li><font color="#e00000"><strong>SECURITY FIX: Root may be able to reduce the security level by taking advantage of an integer overflow when the semaphore limits are made very large.</strong></font><br> |
<li><font color="#e00000"><strong>SECURITY FIX: Root may be able to reduce the security level by taking advantage of an integer overflow when the semaphore limits are made very large.</strong></font><br> |
<a href="errata.html#sysvsem">A source code patch is available</a>.<br> |
<a href="errata.html#sysvsem">A source code patch is available</a>.<br> |
|
|
<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pppctl&sektion=8">pppctl(8)</a> coredumping (PR#3454.) |
<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pppctl&sektion=8">pppctl(8)</a> coredumping (PR#3454.) |
<li>Fix i386 hang on 'boot -a' (PR#2122, PR#3437.) |
<li>Fix i386 hang on 'boot -a' (PR#2122, PR#3437.) |
<!-- ^20030907 --> |
<!-- ^20030907 --> |
<li>Have the upgrader script perform the ssl -> openssl includes dir change, both in /usr/include and /usr/libdata/perl5/site_perl/*-openbsd. |
<li>Have the upgrader script perform the ssl -> openssl includes dir change, both in /usr/include and /usr/libdata/perl5/site_perl/*-openbsd. |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strxfrm&sektion=3">strxfrm(3)</a> standards-compliant. |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strxfrm&sektion=3">strxfrm(3)</a> standards-compliant. |
<li>Machine-dependent installation notes added or updated. Note especially upgrade instructions for i386. |
<li>Machine-dependent installation notes added or updated. Note especially upgrade instructions for i386. |
<li>Add a wi_detach() function for, uh, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> and use it to shut down PC cards properly. |
<li>Add a wi_detach() function for, uh, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> and use it to shut down PC cards properly. |
|
|
<li>Bump <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=eephy&sektion=4">eephy(4)</a>'s mode autonegotiation timeout to 5s so slow copper switches can do their work. Fixes <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sk&sektion=4">sk(4)</a> boottime problems. |
<li>Bump <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=eephy&sektion=4">eephy(4)</a>'s mode autonegotiation timeout to 5s so slow copper switches can do their work. Fixes <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sk&sektion=4">sk(4)</a> boottime problems. |
<li>Change <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vi&sektion=1">vi(1)</a> to use a dynamic <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=select&sektion=2">select(2)</a> fd_set for curses mode, and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=poll&sektion=2">poll(2)</a> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ex&sektion=1">ex(1)</a> mode. |
<li>Change <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vi&sektion=1">vi(1)</a> to use a dynamic <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=select&sektion=2">select(2)</a> fd_set for curses mode, and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=poll&sektion=2">poll(2)</a> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ex&sektion=1">ex(1)</a> mode. |
<li>More conservative settings and an additional error check for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=aac&sektion=4">aac(4)</a> to improve reliability. |
<li>More conservative settings and an additional error check for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=aac&sektion=4">aac(4)</a> to improve reliability. |
<li>3.4-beta -> 3.4. |
<li>3.4-beta -> 3.4. |
<li>Disable the patented TrueType bytecode interpreter code in freetype. |
<li>Disable the patented TrueType bytecode interpreter code in freetype. |
<li>Sync up the X fontconfig int overflow fixes with those in the XFree86.org repository. |
<li>Sync up the X fontconfig int overflow fixes with those in the XFree86.org repository. |
<li>Add '?' and '!' as punctuation characters in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mdoc&sektion=7">mdoc(7)</a>. Lots of manual pages updated to reflect this. |
<li>Add '?' and '!' as punctuation characters in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mdoc&sektion=7">mdoc(7)</a>. Lots of manual pages updated to reflect this. |
|
|
<li>Add a random offset in the range 0-256MB to the address returned to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uvm_map&sektion=9">uvm_map(9)</a> by uvm_map_hint(), scattering libraries and mmaps about the place. |
<li>Add a random offset in the range 0-256MB to the address returned to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uvm_map&sektion=9">uvm_map(9)</a> by uvm_map_hint(), scattering libraries and mmaps about the place. |
<li>Fix old-style suser() calls in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atalk&sektion=4">atalk(4)</a>. |
<li>Fix old-style suser() calls in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atalk&sektion=4">atalk(4)</a>. |
<li>Fix a use-after-free in libutil <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=check_expire&sektion=3">check_expire(3)</a>. |
<li>Fix a use-after-free in libutil <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=check_expire&sektion=3">check_expire(3)</a>. |
<li>Bump OpenSSH version to 3.7. |
<li>Bump OpenSSH version to 3.7.<br> |
|
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> |
<li>Fix symbol lookup in objects opened with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dlopen&sektion=3">dlopen(3)</a> (PR#3371.) |
<li>Fix symbol lookup in objects opened with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dlopen&sektion=3">dlopen(3)</a> (PR#3371.) |
<li>Add Solaris-compatible RTLD_* defines in <dlfch.h>. |
<li>Add Solaris-compatible RTLD_* defines in <dlfch.h>. |
<!-- ^ 20030902 --> |
<!-- ^ 20030902 --> |
|
|
<li>Some nice robustness-in-the-face-of-spam tweaks to the example <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a> config in cf/courtesan.mc. |
<li>Some nice robustness-in-the-face-of-spam tweaks to the example <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a> config in cf/courtesan.mc. |
<li>Do dynamic <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=select&sektion=2">select(2)</a> fd_set allocation in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nfsd&sektion=8">nfsd(8)</a>. |
<li>Do dynamic <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=select&sektion=2">select(2)</a> fd_set allocation in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nfsd&sektion=8">nfsd(8)</a>. |
<li>Handle <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=realloc&sektion=3">realloc(3)</a> failure nicely in the libedit tokenizer. |
<li>Handle <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=realloc&sektion=3">realloc(3)</a> failure nicely in the libedit tokenizer. |
<li>3.3-current -> 3.4-beta. |
<li>3.3-current -> 3.4-beta. |
<li>Implement CLOCK_MONOTONIC for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=clock_gettime&sektion=2">clock_gettime(2)</a>. From NetBSD. |
<li>Implement CLOCK_MONOTONIC for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=clock_gettime&sektion=2">clock_gettime(2)</a>. From NetBSD. |
<li>Don't attach a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=le&sektion=4">le(4)</a> device if the interrupt for it can't be established. |
<li>Don't attach a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=le&sektion=4">le(4)</a> device if the interrupt for it can't be established. |
<!-- ^ 20030811 --> |
<!-- ^ 20030811 --> |
|
|
<li>Have procfs copy its mount options into statfs.mount_info. |
<li>Have procfs copy its mount options into statfs.mount_info. |
<li>Add a debugging lever that forces <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=patch&sektion=1">patch(1)</a> to use plan B. |
<li>Add a debugging lever that forces <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=patch&sektion=1">patch(1)</a> to use plan B. |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=patch&sektion=1">patch(1)</a> plan A, use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mmap&sektion=2">mmap(2)</a> instead of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=read&sektion=2">read(2)</a>/<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=malloc&sektion=3">malloc(3)</a>. |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=patch&sektion=1">patch(1)</a> plan A, use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mmap&sektion=2">mmap(2)</a> instead of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=read&sektion=2">read(2)</a>/<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=malloc&sektion=3">malloc(3)</a>. |
<li>strlcpy() -> strncpy() in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bos&sektion=8">bos(8)</a>, un-busting the AFS wire protocol. |
<li>strlcpy() -> strncpy() in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bos&sektion=8">bos(8)</a>, un-busting the AFS wire protocol. |
<li>Merge in ARLA -current, set version to 'arla-20030805'. |
<li>Merge in ARLA -current, set version to 'arla-20030805'. |
<!-- ^ 20030805 --> |
<!-- ^ 20030805 --> |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> updates from NetBSD and monkey.org. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> updates from NetBSD and monkey.org. |
|
|
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> |
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> |
<li>Fix an off-by-one in kernel ext2fs filesystem code, the first ext2 inode is numbered one not zero.<br> |
<li>Fix an off-by-one in kernel ext2fs filesystem code, the first ext2 inode is numbered one not zero.<br> |
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> |
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> |
<li>Further strn*() -> strl*() fixes. |
<li>Further strn*() -> strl*() fixes. |
<!-- ^ 20030706 --> |
<!-- ^ 20030706 --> |
<li>Back out routing socket exact match fix after reports of problems. |
<li>Back out routing socket exact match fix after reports of problems. |
<!-- ^ 20030705 --> |
<!-- ^ 20030705 --> |
|
|
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> |
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>'s route-to option work for IPv6 link-local addresses. |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>'s route-to option work for IPv6 link-local addresses. |
<li>Reintroduce some routing socket code (lost in a previous update) that could cause less-specific routes to be updated by mistake. |
<li>Reintroduce some routing socket code (lost in a previous update) that could cause less-specific routes to be updated by mistake. |
<li>Lots of int -> u_int in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>. |
<li>Lots of int -> u_int in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>. |
<li>IPv6 neighbour discovery updates from KAME. |
<li>IPv6 neighbour discovery updates from KAME. |
<!-- ^ 20030624 --> |
<!-- ^ 20030624 --> |
<li>Avoid using regexes completely for simple string searches in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=grep&sektion=1">grep(1)</a>. |
<li>Avoid using regexes completely for simple string searches in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=grep&sektion=1">grep(1)</a>. |