Sat Oct 4 14:30:25 2008 UTC ()
Add entries for the 3 recent pullups, fixing security issues.
Also add a note about ftpd PAM fix/reorganisation, from tsutsui@
Fix typo from ticket #1206, from tsutsui@.
reviewed by tsutsui@ and adrianp@


(bouyer)
diff -r1.320.2.10.2.4 -r1.320.2.10.2.5 src/distrib/notes/common/main
cvs diff -r1.320.2.10.2.4 -r1.320.2.10.2.5 src/distrib/notes/common/main (expand / switch to unified diff)

--- src/distrib/notes/common/main 2008/09/24 17:31:12 1.320.2.10.2.4
+++ src/distrib/notes/common/main 2008/10/04 14:30:25 1.320.2.10.2.5
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1.\" $NetBSD: main,v 1.320.2.10.2.4 2008/09/24 17:31:12 bouyer Exp $ 1.\" $NetBSD: main,v 1.320.2.10.2.5 2008/10/04 14:30:25 bouyer Exp $
2.\" 2.\"
3.\" Copyright (c) 1999-2005 The NetBSD Foundation, Inc. 3.\" Copyright (c) 1999-2005 The NetBSD Foundation, Inc.
4.\" All rights reserved. 4.\" All rights reserved.
5.\" 5.\"
6.\" Redistribution and use in source and binary forms, with or without 6.\" Redistribution and use in source and binary forms, with or without
7.\" modification, are permitted provided that the following conditions 7.\" modification, are permitted provided that the following conditions
8.\" are met: 8.\" are met:
9.\" 1. Redistributions of source code must retain the above copyright 9.\" 1. Redistributions of source code must retain the above copyright
10.\" notice, this list of conditions and the following disclaimer. 10.\" notice, this list of conditions and the following disclaimer.
11.\" 2. Redistributions in binary form must reproduce the above copyright 11.\" 2. Redistributions in binary form must reproduce the above copyright
12.\" notice, this list of conditions and the following disclaimer in the 12.\" notice, this list of conditions and the following disclaimer in the
13.\" documentation and/or other materials provided with the distribution. 13.\" documentation and/or other materials provided with the distribution.
14.\" 3. All advertising materials mentioning features or use of this software 14.\" 3. All advertising materials mentioning features or use of this software
@@ -526,26 +526,38 @@ file. @@ -526,26 +526,38 @@ file.
526.It 526.It
527NetBSD-SA2008-010, 527NetBSD-SA2008-010,
528Malicious PPPoE discovery packet can overrun a kernel buffer (CVE-2008-3584), 528Malicious PPPoE discovery packet can overrun a kernel buffer (CVE-2008-3584),
529has been fixed. 529has been fixed.
530.It 530.It
531NetBSD-SA2008-011, 531NetBSD-SA2008-011,
532ICMPv6 MLD query (CVE-2008-2464), has been fixed. 532ICMPv6 MLD query (CVE-2008-2464), has been fixed.
533.It 533.It
534NetBSD-SA2008-012, 534NetBSD-SA2008-012,
535Denial of Service issues in 535Denial of Service issues in
536.Xr racoon 8 536.Xr racoon 8
537(CVE-2008-3652), has been fixed by upgrading ipsec-tools to release 0.7.1. 537(CVE-2008-3652), has been fixed by upgrading ipsec-tools to release 0.7.1.
538Note this also fixes CVE-2008-3651. 538Note this also fixes CVE-2008-3651.
 539.It
 540upcoming NetBSD-SA2008-013,
 541IPv6 Neighbor Discovery Protocol routing vulnerability (CVE-2008-2476),
 542has been fixed.
 543.It
 544upcoming NetBSD-SA2008-014,
 545Remote cross-site request forgery attack issue in
 546.Xr ftpd 8
 547(CVE-2008-4247), has been fixed.
 548.It
 549upcoming NetBSD-SA2008-015,
 550Remote kernel panics on IPv6 connections (CVE-2008-3530), has been fixed.
539.bullet) 551.bullet)
540.(Note 552.(Note
541NetBSD-SA2008-007 and advisories prior to NetBSD-SA2008-004 don't affect 553NetBSD-SA2008-007 and advisories prior to NetBSD-SA2008-004 don't affect
542.Nx  554.Nx
5434.0. 5554.0.
544.Note) 556.Note)
545. 557.
546.Ss2 Other Security Fixes 558.Ss2 Other Security Fixes
547.(bullet 559.(bullet
548Fix a buffer overrun which could crash a FAST_IPSEC kernel. 560Fix a buffer overrun which could crash a FAST_IPSEC kernel.
549.It 561.It
550.Xr tcpdump 8 : 562.Xr tcpdump 8 :
551Fix CVE-2007-1218, CVE-2007-3798 and CAN-2005-1278 in base-tcpdump. 563Fix CVE-2007-1218, CVE-2007-3798 and CAN-2005-1278 in base-tcpdump.
@@ -568,26 +580,29 @@ code. @@ -568,26 +580,29 @@ code.
568Update root.cache to 2008020400 version. 580Update root.cache to 2008020400 version.
569.It 581.It
570Fix IP packet forwording code to make sure to send a reasonable fragment size 582Fix IP packet forwording code to make sure to send a reasonable fragment size
571when IPSEC is configured. 583when IPSEC is configured.
572.It 584.It
573Fix a bug in TCP SACK code which causes data corruption. 585Fix a bug in TCP SACK code which causes data corruption.
574.It 586.It
575Fix an 587Fix an
576.Xr rc.d 8 588.Xr rc.d 8
577script for 589script for
578.Xr amd 8 590.Xr amd 8
579not to shutdown gracefully since it seems to cause problems for more people 591not to shutdown gracefully since it seems to cause problems for more people
580than the old (also broken) behavior. 592than the old (also broken) behavior.
 593.It
 594.Xr ftpd 8 :
 595Fix and reorganize PAM support.
581.bullet) 596.bullet)
582. 597.
583.Ss2 Libraries 598.Ss2 Libraries
584.(bullet 599.(bullet
585Pthread support of BIND has been disabled for future binary compatibility 600Pthread support of BIND has been disabled for future binary compatibility
586after removal of the scheduler activations. 601after removal of the scheduler activations.
587.It 602.It
588Fix coredump of gdtoa 603Fix coredump of gdtoa
589.Pq conversion between binary floating-point and ASCII string 604.Pq conversion between binary floating-point and ASCII string
590functions on out of memory conditions. 605functions on out of memory conditions.
591.bullet) 606.bullet)
592. 607.
593.Ss2 Drivers 608.Ss2 Drivers
@@ -614,27 +629,27 @@ in string literals. @@ -614,27 +629,27 @@ in string literals.
614Fix compilation of native sh3 gcc on 64-bit build machines. 629Fix compilation of native sh3 gcc on 64-bit build machines.
615.It 630.It
616Fix an internal compiler error on compiling m68k softfloat or 631Fix an internal compiler error on compiling m68k softfloat or
617m68010 targets on 64-bit build machines. 632m68010 targets on 64-bit build machines.
618.bullet) 633.bullet)
619.It 634.It
620.Xr zgrep 1 : 635.Xr zgrep 1 :
621Make 636Make
622.Sq Fl h 637.Sq Fl h
623option 638option
624.Pq suppress filenames on output when multiple files are searched 639.Pq suppress filenames on output when multiple files are searched
625actually work. 640actually work.
626.It 641.It
627Fix parallel build failure on building hpcarm, hpcarm and hpcsh releases. 642Fix parallel build failure on building hpcarm, hpcmips and hpcsh releases.
628.bullet) 643.bullet)
629. 644.
630.Ss2 Platforms specific 645.Ss2 Platforms specific
631.(bullet 646.(bullet
632acorn32: Fix a bootloader problem on some RiscPCs. 647acorn32: Fix a bootloader problem on some RiscPCs.
633.It 648.It
634cobalt: 649cobalt:
635.(bullet 650.(bullet
636Add a workaround to avoid panic on probing a multi function PCI device 651Add a workaround to avoid panic on probing a multi function PCI device
637on Qube's PCI slot. 652on Qube's PCI slot.
638.It 653.It
639Fix a bug in the interrupt handler which causes network freeze 654Fix a bug in the interrupt handler which causes network freeze
640if more than one interfaces are used. 655if more than one interfaces are used.