=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/plus32.html,v retrieving revision 1.3 retrieving revision 1.4 diff -c -r1.3 -r1.4 *** www/plus32.html 2002/12/02 15:00:28 1.3 --- www/plus32.html 2003/01/29 21:08:27 1.4 *************** *** 56,62 ****

Cool new xdm(8) images for 3.2.

SECURITY FIX: Incorrect argument checking in the setitimer(2) system call may allow an attacker to write to kernel memory.
! A source code patch is available.
[Applied to stable]

Retrofit the SIGUSR1->SIGUSR2 console switching change to the old X server. --- 56,62 ----

Cool new xdm(8) images for 3.2.

SECURITY FIX: Incorrect argument checking in the setitimer(2) system call may allow an attacker to write to kernel memory.
! A source code patch is available.
[Applied to stable]

Retrofit the SIGUSR1->SIGUSR2 console switching change to the old X server. *************** *** 275,281 ****

Fix an XFree runtime loader problem seen on Alpha, PowerPC, SPARC and SPARC64.

SECURITY FIX: An insufficient boundary check in the select(2) and poll(2) system calls allows an attacker to overwrite kernel memory and execute arbitrary code in kernel context.
! A source code patch is available.
[Applied to stable]

raid(4) no longer gets loud at boot time unless option RAIDDEBUG is used. --- 275,281 ----

Fix an XFree runtime loader problem seen on Alpha, PowerPC, SPARC and SPARC64.

raid(4) no longer gets loud at boot time unless option RAIDDEBUG is used. *************** *** 307,313 ****

Restore struct link_map ABI compatibility between ld.so and gdb, broken by the split of link.h into separate MI, ELF and a.out files.

Move AGP chipset support out of machine-independent section (AGP support is per-arch.) !

REVISED SECURITY FIX for the OpenSSL ASN.1 buffer overflows, see the erratum.
[Applied to stable]

Fix auth_call(3)'s error logging. --- 307,313 ----

Restore struct link_map ABI compatibility between ld.so and gdb, broken by the split of link.h into separate MI, ELF and a.out files.

Move AGP chipset support out of machine-independent section (AGP support is per-arch.) !

REVISED SECURITY FIX for the OpenSSL ASN.1 buffer overflows, see the erratum.
[Applied to stable]

Fix auth_call(3)'s error logging. *************** *** 338,344 ****

Limit file size to 2^31 * PAGE_SIZE in FFS code.

u_short -> u_int16_t in mtrouted(8). !

REVISED SECURITY FIX for the xdr_array(3) buffer overflow, see the erratum.
[Applied to stable]

Spot zero-length keys or values in ypmatch_add(), and exit early.

Broken by the removal of atexit(3), chpass(1) now cleans up after itself properly again. --- 338,344 ----

Limit file size to 2^31 * PAGE_SIZE in FFS code.

u_short -> u_int16_t in mtrouted(8). !

REVISED SECURITY FIX for the xdr_array(3) buffer overflow, see the erratum.
[Applied to stable]

Spot zero-length keys or values in ypmatch_add(), and exit early.

Broken by the removal of atexit(3), chpass(1) now cleans up after itself properly again. *************** *** 360,366 ****

Add 'with or without modification' clause to gprof(1) licensing.

Sync with OpenSSL 0.9.6e-0.9.7 CHANGES file.

SECURITY FIX: Several remote buffer overflows can occur in the SSL2 server and SSL3 client of the ssl(8) library, as in the ASN.1 parser code in the crypto(3) library, all of them being potentially remotely exploitable.
! A source code patch is available.
[Applied to stable]

In pf(4), allow TCP flags to be specified in all rules that include TCP (before the rules had to be exclusively TCP.) --- 360,366 ----

Add 'with or without modification' clause to gprof(1) licensing.

Sync with OpenSSL 0.9.6e-0.9.7 CHANGES file.

In pf(4), allow TCP flags to be specified in all rules that include TCP (before the rules had to be exclusively TCP.) *************** *** 372,383 **** [Applied to stable]

Don't enable so many authentication methods by default in login.conf(5).

SECURITY FIX: A buffer overflow can occur in the xdr_array(3) RPC code, leading to possible remote crash.
! A source code patch is available.
[Applied to stable]

Privilege drop in new X servers is disabled for now on x86 due to a problem with xf86OpenConsole().

Support DMA for two more ServerWorks pciide(4) devices.

SECURITY FIX: A race condition exists in the pppd(8) daemon which may cause it to alter the file permissions of an arbitrary file.
! A source code patch is available.
[Applied to stable]

mprotect(2) function pointers stored by atexit(3) to stop bad guys tweaking the exit handlers.

"undrugs" gpr(4). --- 372,383 ---- [Applied to stable]

Don't enable so many authentication methods by default in login.conf(5).

SECURITY FIX: A buffer overflow can occur in the xdr_array(3) RPC code, leading to possible remote crash.
! A source code patch is available.
[Applied to stable]

Privilege drop in new X servers is disabled for now on x86 due to a problem with xf86OpenConsole().

Support DMA for two more ServerWorks pciide(4) devices.

SECURITY FIX: A race condition exists in the pppd(8) daemon which may cause it to alter the file permissions of an arbitrary file.
! A source code patch is available.
[Applied to stable]

mprotect(2) function pointers stored by atexit(3) to stop bad guys tweaking the exit handlers.

"undrugs" gpr(4). *************** *** 542,548 ****

Un-bloating of ahc(4).

Cleanup of rpcgen(1).

RELIABILITY FIX: Don't assume we have an active exchange during payload validation, otherwise isakmpd(8) can be made to crash.
! A source code patch exists to remedy the problem.
[Applied to stable]

ep(4) on isapnp(4) now works on alpha.

Improve the way the installer's fileset selection UI works. --- 542,548 ----

Un-bloating of ahc(4).

Cleanup of rpcgen(1).

ep(4) on isapnp(4) now works on alpha.

Improve the way the installer's fileset selection UI works. *************** *** 595,614 ****

Try again with the new ahc(4) driver.

Cleanups of chpass(1) and passwd(1).

SECURITY FIX: The kernel would let any user ktrace(2) set[ug]id processes.
! A source code patch is available.
[Applied to stable]

newsyslog(8) now doesn't follow symbolic links by default, fixing PR1913.

Change web site banner to "One remote hole in the default install, in nearly 6 years!" That's still an awesome record.

More audit of OpenSSH.

OpenSSH 3.4 was released, and there was much rejoicing.

SECURITY FIX: All versions of OpenSSH's sshd(8) between 2.3.1 and 3.3 contain an input validation error that can result in an integer overflow and privilege escalation. The problem is fixed in OpenSSH 3.4.
! A source code patch is available.
[Applied to stable]

Add a number of resource limits to ssh(1).

Increase i386 kvm size to 768M.

The list of great Theo quotes for mg(1) continues to grow.

SECURITY FIX: A potential buffer overflow in the DNS resolver has been found.
! A source code patch is available.
[Applied to stable]

Merge in Sendmail 8.12.5.

Start work on IP-over-FireWire and IP-over-SCSI. --- 595,614 ----

Try again with the new ahc(4) driver.

Cleanups of chpass(1) and passwd(1).

SECURITY FIX: The kernel would let any user ktrace(2) set[ug]id processes.
! A source code patch is available.
[Applied to stable]

newsyslog(8) now doesn't follow symbolic links by default, fixing PR1913.

Change web site banner to "One remote hole in the default install, in nearly 6 years!" That's still an awesome record.

More audit of OpenSSH.

OpenSSH 3.4 was released, and there was much rejoicing.

Add a number of resource limits to ssh(1).

Increase i386 kvm size to 768M.

The list of great Theo quotes for mg(1) continues to grow.

SECURITY FIX: A potential buffer overflow in the DNS resolver has been found.
! A source code patch is available.
[Applied to stable]

Merge in Sendmail 8.12.5.

Start work on IP-over-FireWire and IP-over-SCSI. *************** *** 621,627 ****

Fix wi(4) reassociation after an AP reboot.

SECURITY FIX: A buffer overflow can occur in the .htaccess parsing code in the mod_ssl httpd(8) module, leading to possible remote crash or exploit (PR2767.)
! A source code patch is available.
[Applied to stable]

Lots of uid_t and gid_t signedness fixes.

sshd(8) no longer calls setsid() when run from inetd(8). --- 621,627 ----

Fix wi(4) reassociation after an AP reboot.

Lots of uid_t and gid_t signedness fixes.

sshd(8) no longer calls setsid() when run from inetd(8). *************** *** 658,664 ****

Fix ftpd(8)'s SIGALRM handler.

SECURITY FIX: A buffer overflow can occur during the interpretation of chunked encoding in httpd(8), leading to possible remote crash.
! A source code patch is available.
[Applied to stable]

Add the punctuation-challenged Nike psa[play^120 USB widget.

Remove setgid(kmem) from the enormously useful trsp(8). --- 658,664 ----

Fix ftpd(8)'s SIGALRM handler.

SECURITY FIX: A buffer overflow can occur during the interpretation of chunked encoding in httpd(8), leading to possible remote crash.
! A source code patch is available.
[Applied to stable]

Add the punctuation-challenged Nike psa[play^120 USB widget.

Remove setgid(kmem) from the enormously useful trsp(8). *************** *** 923,929 ****

Allow ddb(4) to do a stack trace into the kernel message buffer.

isp(4) fixes.

SECURITY FIX: Fix incorrect ACL check when using BSD authentication in sshd(8).
! A source code patch is available.
[Applied to stable]

Fix a memory leak in mg(1).

New systrace facility. --- 923,929 ----

Allow ddb(4) to do a stack trace into the kernel message buffer.

isp(4) fixes.

SECURITY FIX: Fix incorrect ACL check when using BSD authentication in sshd(8).
! A source code patch is available.
[Applied to stable]

Fix a memory leak in mg(1).

New systrace facility. *************** *** 979,985 ****

Bring back TURBOchannel alpha hardware support.

Fix a slightly incorrect behaviour of the device cloning in UKC (boot_config(8)).

SECURITY FIX: cause the exec(3) to fail if we are unable to allocate resources when dup-ing /dev/null(4) to fd(4)'s 0-2 for setuid programs.
! A source code patch is available.
[Applied to stable]

Extended Attributes code updates.

Improve PS/2 mouse port detection in pckbc(4). --- 979,985 ----

Bring back TURBOchannel alpha hardware support.

Fix a slightly incorrect behaviour of the device cloning in UKC (boot_config(8)).

Extended Attributes code updates.

Improve PS/2 mouse port detection in pckbc(4). *************** *** 989,995 ****

Better color depth detection in Xwsfb.

64-bit fixes in vmstat(8).

Improve dma processing in bge(4). !

RELIABILITY FIX: constrain readdirplus request count in the nfs(8) filesystem.
[Applied to stable]

Switch macppc console from the rcons engine to the rasops engine.

Extensive cleaning of the installation scripts, adding functionality yet reducing size. Yes, once again. --- 989,995 ----

Better color depth detection in Xwsfb.

64-bit fixes in vmstat(8).

Improve dma processing in bge(4). !

RELIABILITY FIX: constrain readdirplus request count in the nfs(8) filesystem.
[Applied to stable]

Switch macppc console from the rcons engine to the rasops engine.

Extensive cleaning of the installation scripts, adding functionality yet reducing size. Yes, once again. *************** *** 1005,1013 ****

Make Xwsfb support tga(4) cards on alpha.

Fix a lock leak in ami(4).

SECURITY FIX: update sudo(8) to sudo 1.6.6.
! A source code patch is available.
[Applied to stable] !

RELIABILITY FIX: avoid buffer overrun on PASV from a malicious server in ftp(1).
[Applied to stable]

Add a Soundforte radio driver, sfr(4).

Add dynamic interface -> address translation in pf(4). --- 1005,1013 ----

Make Xwsfb support tga(4) cards on alpha.

Fix a lock leak in ami(4).

SECURITY FIX: update sudo(8) to sudo 1.6.6.
! A source code patch is available.
[Applied to stable] !

RELIABILITY FIX: avoid buffer overrun on PASV from a malicious server in ftp(1).
[Applied to stable]

Add a Soundforte radio driver, sfr(4).

Add dynamic interface -> address translation in pf(4). *************** *** 1019,1026 ****

Allow explicit filtering of non-reassembled fragments in pf(4).

Support more hardware and fix stability issues in the mac68k sn(4) network driver.

Improved Lithuanian keyboard map for wscons(4). !

SECURITY FIX: fix a buffer overflow in AFS/Kerberos token handling in sshd(8), and send a complete ticket.
! A source code patch is available.
[Applied to stable]

Fix a memory leak in mg(1).

Assorted hppa memory management fixes. --- 1019,1026 ----

Allow explicit filtering of non-reassembled fragments in pf(4).

Support more hardware and fix stability issues in the mac68k sn(4) network driver.

Improved Lithuanian keyboard map for wscons(4). !

SECURITY FIX: fix a buffer overflow in AFS/Kerberos token handling in sshd(8), and send a complete ticket.
! A source code patch is available.
[Applied to stable]

Fix a memory leak in mg(1).

Assorted hppa memory management fixes. *************** *** 1073,1079 ****

www@openbsd.org !
$OpenBSD: plus32.html,v 1.3 2002/12/02 15:00:28 mickey Exp $ --- 1073,1079 ----

www@openbsd.org !
$OpenBSD: plus32.html,v 1.4 2003/01/29 21:08:27 margarida Exp $