version 1.14, 2001/06/02 18:53:33 |
version 1.15, 2001/06/09 16:39:03 |
|
|
<li><font color=#e00000><strong>Do not permit a read+write mmap() operation on a read-only file descriptor open on a device. This is a security problem in OpenBSD 2.2, and is <a href=errata22.html#mmap> described and fixed with a patch</a></strong></font>. |
<li><font color=#e00000><strong>Do not permit a read+write mmap() operation on a read-only file descriptor open on a device. This is a security problem in OpenBSD 2.2, and is <a href=errata22.html#mmap> described and fixed with a patch</a></strong></font>. |
<li>Rename /etc/nat.rules to /etc/ipnat.rules. |
<li>Rename /etc/nat.rules to /etc/ipnat.rules. |
<li>Add kerberos kauthd(8). |
<li>Add kerberos kauthd(8). |
<li>On the i386, move XFree86 aperature driver into the kernel. The new sysctl(8) variable <strong>machdep.allowaperture</strong> decides if this driver is active or not. (This variable can only be modified at high securelevel). |
<li>On the i386, move XFree86 aperture driver into the kernel. The new sysctl(8) variable <strong>machdep.allowaperture</strong> decides if this driver is active or not. (This variable can only be modified at high securelevel). |
<li>Remove the ftp(1) `stdout redirection' hack and replace it with a <strong>-o filename</strong> option (which also understands a filename of "-" to mean stdout). |
<li>Remove the ftp(1) `stdout redirection' hack and replace it with a <strong>-o filename</strong> option (which also understands a filename of "-" to mean stdout). |
<li>Pull in all the NetBSD changes to the old version of gas over the last year or so. |
<li>Pull in all the NetBSD changes to the old version of gas over the last year or so. |
<li>Fix two bugs in adduser(8). |
<li>Fix two bugs in adduser(8). |
|
|
<li>Fix a output error in finger(1). |
<li>Fix a output error in finger(1). |
<li>Do not permit dumping corefiles over symbolic links. (We have wanted this changed for a long time, but it required Lite2 vfs). |
<li>Do not permit dumping corefiles over symbolic links. (We have wanted this changed for a long time, but it required Lite2 vfs). |
<li>Permit extra / terminators in some path-based system calls. |
<li>Permit extra / terminators in some path-based system calls. |
<li>Fix some problems regaring transfer of secure yp maps. |
<li>Fix some problems regarding transfer of secure yp maps. |
<li>New rc.conf(7) manpage. |
<li>New rc.conf(7) manpage. |
<li>Make sure it is clear that so_linger is in seconds. |
<li>Make sure it is clear that so_linger is in seconds. |
<li>Add sysctl net.inet.icmp.bmcastecho to block the smurf problem. |
<li>Add sysctl net.inet.icmp.bmcastecho to block the smurf problem. |