| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | .\" $NetBSD: main,v 1.320.2.10.2.4 2008/09/24 17:31:12 bouyer Exp $ | | 1 | .\" $NetBSD: main,v 1.320.2.10.2.5 2008/10/04 14:30:25 bouyer Exp $ |
2 | .\" | | 2 | .\" |
3 | .\" Copyright (c) 1999-2005 The NetBSD Foundation, Inc. | | 3 | .\" Copyright (c) 1999-2005 The NetBSD Foundation, Inc. |
4 | .\" All rights reserved. | | 4 | .\" All rights reserved. |
5 | .\" | | 5 | .\" |
6 | .\" Redistribution and use in source and binary forms, with or without | | 6 | .\" Redistribution and use in source and binary forms, with or without |
7 | .\" modification, are permitted provided that the following conditions | | 7 | .\" modification, are permitted provided that the following conditions |
8 | .\" are met: | | 8 | .\" are met: |
9 | .\" 1. Redistributions of source code must retain the above copyright | | 9 | .\" 1. Redistributions of source code must retain the above copyright |
10 | .\" notice, this list of conditions and the following disclaimer. | | 10 | .\" notice, this list of conditions and the following disclaimer. |
11 | .\" 2. Redistributions in binary form must reproduce the above copyright | | 11 | .\" 2. Redistributions in binary form must reproduce the above copyright |
12 | .\" notice, this list of conditions and the following disclaimer in the | | 12 | .\" notice, this list of conditions and the following disclaimer in the |
13 | .\" documentation and/or other materials provided with the distribution. | | 13 | .\" documentation and/or other materials provided with the distribution. |
14 | .\" 3. All advertising materials mentioning features or use of this software | | 14 | .\" 3. All advertising materials mentioning features or use of this software |
| @@ -526,26 +526,38 @@ file. | | | @@ -526,26 +526,38 @@ file. |
526 | .It | | 526 | .It |
527 | NetBSD-SA2008-010, | | 527 | NetBSD-SA2008-010, |
528 | Malicious PPPoE discovery packet can overrun a kernel buffer (CVE-2008-3584), | | 528 | Malicious PPPoE discovery packet can overrun a kernel buffer (CVE-2008-3584), |
529 | has been fixed. | | 529 | has been fixed. |
530 | .It | | 530 | .It |
531 | NetBSD-SA2008-011, | | 531 | NetBSD-SA2008-011, |
532 | ICMPv6 MLD query (CVE-2008-2464), has been fixed. | | 532 | ICMPv6 MLD query (CVE-2008-2464), has been fixed. |
533 | .It | | 533 | .It |
534 | NetBSD-SA2008-012, | | 534 | NetBSD-SA2008-012, |
535 | Denial of Service issues in | | 535 | Denial of Service issues in |
536 | .Xr racoon 8 | | 536 | .Xr racoon 8 |
537 | (CVE-2008-3652), has been fixed by upgrading ipsec-tools to release 0.7.1. | | 537 | (CVE-2008-3652), has been fixed by upgrading ipsec-tools to release 0.7.1. |
538 | Note this also fixes CVE-2008-3651. | | 538 | Note this also fixes CVE-2008-3651. |
| | | 539 | .It |
| | | 540 | upcoming NetBSD-SA2008-013, |
| | | 541 | IPv6 Neighbor Discovery Protocol routing vulnerability (CVE-2008-2476), |
| | | 542 | has been fixed. |
| | | 543 | .It |
| | | 544 | upcoming NetBSD-SA2008-014, |
| | | 545 | Remote cross-site request forgery attack issue in |
| | | 546 | .Xr ftpd 8 |
| | | 547 | (CVE-2008-4247), has been fixed. |
| | | 548 | .It |
| | | 549 | upcoming NetBSD-SA2008-015, |
| | | 550 | Remote kernel panics on IPv6 connections (CVE-2008-3530), has been fixed. |
539 | .bullet) | | 551 | .bullet) |
540 | .(Note | | 552 | .(Note |
541 | NetBSD-SA2008-007 and advisories prior to NetBSD-SA2008-004 don't affect | | 553 | NetBSD-SA2008-007 and advisories prior to NetBSD-SA2008-004 don't affect |
542 | .Nx | | 554 | .Nx |
543 | 4.0. | | 555 | 4.0. |
544 | .Note) | | 556 | .Note) |
545 | . | | 557 | . |
546 | .Ss2 Other Security Fixes | | 558 | .Ss2 Other Security Fixes |
547 | .(bullet | | 559 | .(bullet |
548 | Fix a buffer overrun which could crash a FAST_IPSEC kernel. | | 560 | Fix a buffer overrun which could crash a FAST_IPSEC kernel. |
549 | .It | | 561 | .It |
550 | .Xr tcpdump 8 : | | 562 | .Xr tcpdump 8 : |
551 | Fix CVE-2007-1218, CVE-2007-3798 and CAN-2005-1278 in base-tcpdump. | | 563 | Fix CVE-2007-1218, CVE-2007-3798 and CAN-2005-1278 in base-tcpdump. |
| @@ -568,26 +580,29 @@ code. | | | @@ -568,26 +580,29 @@ code. |
568 | Update root.cache to 2008020400 version. | | 580 | Update root.cache to 2008020400 version. |
569 | .It | | 581 | .It |
570 | Fix IP packet forwording code to make sure to send a reasonable fragment size | | 582 | Fix IP packet forwording code to make sure to send a reasonable fragment size |
571 | when IPSEC is configured. | | 583 | when IPSEC is configured. |
572 | .It | | 584 | .It |
573 | Fix a bug in TCP SACK code which causes data corruption. | | 585 | Fix a bug in TCP SACK code which causes data corruption. |
574 | .It | | 586 | .It |
575 | Fix an | | 587 | Fix an |
576 | .Xr rc.d 8 | | 588 | .Xr rc.d 8 |
577 | script for | | 589 | script for |
578 | .Xr amd 8 | | 590 | .Xr amd 8 |
579 | not to shutdown gracefully since it seems to cause problems for more people | | 591 | not to shutdown gracefully since it seems to cause problems for more people |
580 | than the old (also broken) behavior. | | 592 | than the old (also broken) behavior. |
| | | 593 | .It |
| | | 594 | .Xr ftpd 8 : |
| | | 595 | Fix and reorganize PAM support. |
581 | .bullet) | | 596 | .bullet) |
582 | . | | 597 | . |
583 | .Ss2 Libraries | | 598 | .Ss2 Libraries |
584 | .(bullet | | 599 | .(bullet |
585 | Pthread support of BIND has been disabled for future binary compatibility | | 600 | Pthread support of BIND has been disabled for future binary compatibility |
586 | after removal of the scheduler activations. | | 601 | after removal of the scheduler activations. |
587 | .It | | 602 | .It |
588 | Fix coredump of gdtoa | | 603 | Fix coredump of gdtoa |
589 | .Pq conversion between binary floating-point and ASCII string | | 604 | .Pq conversion between binary floating-point and ASCII string |
590 | functions on out of memory conditions. | | 605 | functions on out of memory conditions. |
591 | .bullet) | | 606 | .bullet) |
592 | . | | 607 | . |
593 | .Ss2 Drivers | | 608 | .Ss2 Drivers |
| @@ -614,27 +629,27 @@ in string literals. | | | @@ -614,27 +629,27 @@ in string literals. |
614 | Fix compilation of native sh3 gcc on 64-bit build machines. | | 629 | Fix compilation of native sh3 gcc on 64-bit build machines. |
615 | .It | | 630 | .It |
616 | Fix an internal compiler error on compiling m68k softfloat or | | 631 | Fix an internal compiler error on compiling m68k softfloat or |
617 | m68010 targets on 64-bit build machines. | | 632 | m68010 targets on 64-bit build machines. |
618 | .bullet) | | 633 | .bullet) |
619 | .It | | 634 | .It |
620 | .Xr zgrep 1 : | | 635 | .Xr zgrep 1 : |
621 | Make | | 636 | Make |
622 | .Sq Fl h | | 637 | .Sq Fl h |
623 | option | | 638 | option |
624 | .Pq suppress filenames on output when multiple files are searched | | 639 | .Pq suppress filenames on output when multiple files are searched |
625 | actually work. | | 640 | actually work. |
626 | .It | | 641 | .It |
627 | Fix parallel build failure on building hpcarm, hpcarm and hpcsh releases. | | 642 | Fix parallel build failure on building hpcarm, hpcmips and hpcsh releases. |
628 | .bullet) | | 643 | .bullet) |
629 | . | | 644 | . |
630 | .Ss2 Platforms specific | | 645 | .Ss2 Platforms specific |
631 | .(bullet | | 646 | .(bullet |
632 | acorn32: Fix a bootloader problem on some RiscPCs. | | 647 | acorn32: Fix a bootloader problem on some RiscPCs. |
633 | .It | | 648 | .It |
634 | cobalt: | | 649 | cobalt: |
635 | .(bullet | | 650 | .(bullet |
636 | Add a workaround to avoid panic on probing a multi function PCI device | | 651 | Add a workaround to avoid panic on probing a multi function PCI device |
637 | on Qube's PCI slot. | | 652 | on Qube's PCI slot. |
638 | .It | | 653 | .It |
639 | Fix a bug in the interrupt handler which causes network freeze | | 654 | Fix a bug in the interrupt handler which causes network freeze |
640 | if more than one interfaces are used. | | 655 | if more than one interfaces are used. |