Mon Jan 26 11:51:16 2015 UTC ()
Ticket #1945


(martin)
diff -r1.1.2.12 -r1.1.2.13 src/doc/CHANGES-5.1.6
cvs diff -r1.1.2.12 -r1.1.2.13 src/doc/Attic/CHANGES-5.1.6 (expand / switch to unified diff)

--- src/doc/Attic/CHANGES-5.1.6 2015/01/07 18:44:13 1.1.2.12
+++ src/doc/Attic/CHANGES-5.1.6 2015/01/26 11:51:16 1.1.2.13
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1# $NetBSD: CHANGES-5.1.6,v 1.1.2.12 2015/01/07 18:44:13 msaitoh Exp $ 1# $NetBSD: CHANGES-5.1.6,v 1.1.2.13 2015/01/26 11:51:16 martin Exp $
2 2
3A complete list of changes from the NetBSD 5.1.5 release to the NetBSD 5.1.6 3A complete list of changes from the NetBSD 5.1.5 release to the NetBSD 5.1.6
4release: 4release:
5 5
6doc/LAST_MINUTE patched by hand 6doc/LAST_MINUTE patched by hand
7doc/README.files patched by hand 7doc/README.files patched by hand
8gnu/usr.bin/groff/tmac/mdoc.local patched by hand 8gnu/usr.bin/groff/tmac/mdoc.local patched by hand
9sys/sys/param.h patched by hand 9sys/sys/param.h patched by hand
10 10
11 Welcome to 5.1.5_PATCH. 11 Welcome to 5.1.5_PATCH.
12 [snj] 12 [snj]
13 13
14sys/dev/raidframe/raidframevar.h 1.17 14sys/dev/raidframe/raidframevar.h 1.17
@@ -2439,13 +2439,88 @@ usr.sbin/ntp/ntptrace/ntptrace.awk de @@ -2439,13 +2439,88 @@ usr.sbin/ntp/ntptrace/ntptrace.awk de
2439usr.sbin/ntp/scripts/mkver delete 2439usr.sbin/ntp/scripts/mkver delete
2440usr.sbin/sntp/Makefile delete 2440usr.sbin/sntp/Makefile delete
2441usr.sbin/sntp/sntp.1 delete 2441usr.sbin/sntp/sntp.1 delete
2442 2442
2443 Update ntp to 4.2.8. CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, 2443 Update ntp to 4.2.8. CVE-2014-9293, CVE-2014-9294, CVE-2014-9295,
2444 and CVE-2014-9296. 2444 and CVE-2014-9296.
2445 [he, ticket #1938] 2445 [he, ticket #1938]
2446 2446
2447etc/rc.d/ntpd 1.15 2447etc/rc.d/ntpd 1.15
2448 2448
2449 New ntpd wants to be able to translate ntp into a port number after 2449 New ntpd wants to be able to translate ntp into a port number after
2450 chroot, so give it its own small copy of /etc/services in the chroot 2450 chroot, so give it its own small copy of /etc/services in the chroot
2451 [he, ticket #1940] 2451 [he, ticket #1940]
 2452
 2453crypto/dist/openssl/apps/s_client.c patch
 2454crypto/dist/openssl/apps/s_server.c patch
 2455crypto/dist/openssl/apps/speed.c patch
 2456crypto/dist/openssl/crypto/Makefile patch
 2457crypto/dist/openssl/crypto/constant_time_locl.h patch
 2458crypto/dist/openssl/crypto/cversion.c patch
 2459crypto/dist/openssl/crypto/asn1/a_bitstr.c patch
 2460crypto/dist/openssl/crypto/asn1/a_type.c patch
 2461crypto/dist/openssl/crypto/asn1/a_verify.c patch
 2462crypto/dist/openssl/crypto/asn1/asn1.h patch
 2463crypto/dist/openssl/crypto/asn1/asn1_err.c patch
 2464crypto/dist/openssl/crypto/asn1/tasn_dec.c patch
 2465crypto/dist/openssl/crypto/asn1/x_algor.c patch
 2466crypto/dist/openssl/crypto/bio/bio.h patch
 2467crypto/dist/openssl/crypto/bio/bss_dgram.c patch
 2468crypto/dist/openssl/crypto/bn/bn_asm.c patch
 2469crypto/dist/openssl/crypto/bn/bntest.c patch
 2470crypto/dist/openssl/crypto/bn/asm/mips3.s patch
 2471crypto/dist/openssl/crypto/bn/asm/x86_64-gcc.c patch
 2472crypto/dist/openssl/crypto/dsa/dsa_vrf.c patch
 2473crypto/dist/openssl/crypto/ec/ec_mult.c patch
 2474crypto/dist/openssl/crypto/ec/ec_pmeth.c patch
 2475crypto/dist/openssl/crypto/ecdsa/ecs_vrf.c patch
 2476crypto/dist/openssl/crypto/evp/Makefile patch
 2477crypto/dist/openssl/crypto/evp/evp_enc.c patch
 2478crypto/dist/openssl/crypto/objects/obj_xref.h patch
 2479crypto/dist/openssl/crypto/objects/objxref.pl patch
 2480crypto/dist/openssl/crypto/ts/ts_rsp_sign.c patch
 2481crypto/dist/openssl/crypto/x509/x509.h patch
 2482crypto/dist/openssl/crypto/x509/x509_vpm.c patch
 2483crypto/dist/openssl/crypto/x509/x_all.c patch
 2484crypto/dist/openssl/ssl/d1_both.c patch
 2485crypto/dist/openssl/ssl/d1_clnt.c patch
 2486crypto/dist/openssl/ssl/d1_enc.c patch
 2487crypto/dist/openssl/ssl/d1_lib.c patch
 2488crypto/dist/openssl/ssl/d1_pkt.c patch
 2489crypto/dist/openssl/ssl/d1_srvr.c patch
 2490crypto/dist/openssl/ssl/dtls1.h patch
 2491crypto/dist/openssl/ssl/s23_srvr.c patch
 2492crypto/dist/openssl/ssl/s2_enc.c patch
 2493crypto/dist/openssl/ssl/s2_pkt.c patch
 2494crypto/dist/openssl/ssl/s2_srvr.c patch
 2495crypto/dist/openssl/ssl/s3_both.c patch
 2496crypto/dist/openssl/ssl/s3_clnt.c patch
 2497crypto/dist/openssl/ssl/s3_enc.c patch
 2498crypto/dist/openssl/ssl/s3_lib.c patch
 2499crypto/dist/openssl/ssl/s3_pkt.c patch
 2500crypto/dist/openssl/ssl/s3_srvr.c patch
 2501crypto/dist/openssl/ssl/ssl.h patch
 2502crypto/dist/openssl/ssl/ssl_cert.c patch
 2503crypto/dist/openssl/ssl/ssl_lib.c patch
 2504crypto/dist/openssl/ssl/ssl_locl.h patch
 2505crypto/dist/openssl/util/libeay.num patch
 2506crypto/dist/openssl/util/mk1mf.pl patch
 2507crypto/dist/openssl/util/mkbuildinf.pl patch
 2508distrib/sets/lists/base/md.amd64 patch
 2509distrib/sets/lists/base/md.sparc64 patch
 2510distrib/sets/lists/base/shl.mi patch
 2511lib/libcrypto/shlib_version patch
 2512lib/libssl/shlib_version patch
 2513
 2514 Apply fixes for the following OpenSSL vulnerabilities:
 2515
 2516 DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)
 2517 DTLS memory leak in dtls1_buffer_record (CVE-2015-0206)
 2518 no-ssl3 configuration sets method to NULL (CVE-2014-3569)
 2519 ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)
 2520 RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
 2521 DH client certificates accepted without verification [Server] (CVE-2015-0205)
 2522 Certificate fingerprints can be modified (CVE-2014-8275)
 2523 Bignum squaring may produce incorrect results (CVE-2014-3570)
 2524 [spz, ticket #1945]
 2525
 2526