| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | # $NetBSD: CHANGES-5.1.6,v 1.1.2.12 2015/01/07 18:44:13 msaitoh Exp $ | | 1 | # $NetBSD: CHANGES-5.1.6,v 1.1.2.13 2015/01/26 11:51:16 martin Exp $ |
2 | | | 2 | |
3 | A complete list of changes from the NetBSD 5.1.5 release to the NetBSD 5.1.6 | | 3 | A complete list of changes from the NetBSD 5.1.5 release to the NetBSD 5.1.6 |
4 | release: | | 4 | release: |
5 | | | 5 | |
6 | doc/LAST_MINUTE patched by hand | | 6 | doc/LAST_MINUTE patched by hand |
7 | doc/README.files patched by hand | | 7 | doc/README.files patched by hand |
8 | gnu/usr.bin/groff/tmac/mdoc.local patched by hand | | 8 | gnu/usr.bin/groff/tmac/mdoc.local patched by hand |
9 | sys/sys/param.h patched by hand | | 9 | sys/sys/param.h patched by hand |
10 | | | 10 | |
11 | Welcome to 5.1.5_PATCH. | | 11 | Welcome to 5.1.5_PATCH. |
12 | [snj] | | 12 | [snj] |
13 | | | 13 | |
14 | sys/dev/raidframe/raidframevar.h 1.17 | | 14 | sys/dev/raidframe/raidframevar.h 1.17 |
| @@ -2439,13 +2439,88 @@ usr.sbin/ntp/ntptrace/ntptrace.awk de | | | @@ -2439,13 +2439,88 @@ usr.sbin/ntp/ntptrace/ntptrace.awk de |
2439 | usr.sbin/ntp/scripts/mkver delete | | 2439 | usr.sbin/ntp/scripts/mkver delete |
2440 | usr.sbin/sntp/Makefile delete | | 2440 | usr.sbin/sntp/Makefile delete |
2441 | usr.sbin/sntp/sntp.1 delete | | 2441 | usr.sbin/sntp/sntp.1 delete |
2442 | | | 2442 | |
2443 | Update ntp to 4.2.8. CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, | | 2443 | Update ntp to 4.2.8. CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, |
2444 | and CVE-2014-9296. | | 2444 | and CVE-2014-9296. |
2445 | [he, ticket #1938] | | 2445 | [he, ticket #1938] |
2446 | | | 2446 | |
2447 | etc/rc.d/ntpd 1.15 | | 2447 | etc/rc.d/ntpd 1.15 |
2448 | | | 2448 | |
2449 | New ntpd wants to be able to translate ntp into a port number after | | 2449 | New ntpd wants to be able to translate ntp into a port number after |
2450 | chroot, so give it its own small copy of /etc/services in the chroot | | 2450 | chroot, so give it its own small copy of /etc/services in the chroot |
2451 | [he, ticket #1940] | | 2451 | [he, ticket #1940] |
| | | 2452 | |
| | | 2453 | crypto/dist/openssl/apps/s_client.c patch |
| | | 2454 | crypto/dist/openssl/apps/s_server.c patch |
| | | 2455 | crypto/dist/openssl/apps/speed.c patch |
| | | 2456 | crypto/dist/openssl/crypto/Makefile patch |
| | | 2457 | crypto/dist/openssl/crypto/constant_time_locl.h patch |
| | | 2458 | crypto/dist/openssl/crypto/cversion.c patch |
| | | 2459 | crypto/dist/openssl/crypto/asn1/a_bitstr.c patch |
| | | 2460 | crypto/dist/openssl/crypto/asn1/a_type.c patch |
| | | 2461 | crypto/dist/openssl/crypto/asn1/a_verify.c patch |
| | | 2462 | crypto/dist/openssl/crypto/asn1/asn1.h patch |
| | | 2463 | crypto/dist/openssl/crypto/asn1/asn1_err.c patch |
| | | 2464 | crypto/dist/openssl/crypto/asn1/tasn_dec.c patch |
| | | 2465 | crypto/dist/openssl/crypto/asn1/x_algor.c patch |
| | | 2466 | crypto/dist/openssl/crypto/bio/bio.h patch |
| | | 2467 | crypto/dist/openssl/crypto/bio/bss_dgram.c patch |
| | | 2468 | crypto/dist/openssl/crypto/bn/bn_asm.c patch |
| | | 2469 | crypto/dist/openssl/crypto/bn/bntest.c patch |
| | | 2470 | crypto/dist/openssl/crypto/bn/asm/mips3.s patch |
| | | 2471 | crypto/dist/openssl/crypto/bn/asm/x86_64-gcc.c patch |
| | | 2472 | crypto/dist/openssl/crypto/dsa/dsa_vrf.c patch |
| | | 2473 | crypto/dist/openssl/crypto/ec/ec_mult.c patch |
| | | 2474 | crypto/dist/openssl/crypto/ec/ec_pmeth.c patch |
| | | 2475 | crypto/dist/openssl/crypto/ecdsa/ecs_vrf.c patch |
| | | 2476 | crypto/dist/openssl/crypto/evp/Makefile patch |
| | | 2477 | crypto/dist/openssl/crypto/evp/evp_enc.c patch |
| | | 2478 | crypto/dist/openssl/crypto/objects/obj_xref.h patch |
| | | 2479 | crypto/dist/openssl/crypto/objects/objxref.pl patch |
| | | 2480 | crypto/dist/openssl/crypto/ts/ts_rsp_sign.c patch |
| | | 2481 | crypto/dist/openssl/crypto/x509/x509.h patch |
| | | 2482 | crypto/dist/openssl/crypto/x509/x509_vpm.c patch |
| | | 2483 | crypto/dist/openssl/crypto/x509/x_all.c patch |
| | | 2484 | crypto/dist/openssl/ssl/d1_both.c patch |
| | | 2485 | crypto/dist/openssl/ssl/d1_clnt.c patch |
| | | 2486 | crypto/dist/openssl/ssl/d1_enc.c patch |
| | | 2487 | crypto/dist/openssl/ssl/d1_lib.c patch |
| | | 2488 | crypto/dist/openssl/ssl/d1_pkt.c patch |
| | | 2489 | crypto/dist/openssl/ssl/d1_srvr.c patch |
| | | 2490 | crypto/dist/openssl/ssl/dtls1.h patch |
| | | 2491 | crypto/dist/openssl/ssl/s23_srvr.c patch |
| | | 2492 | crypto/dist/openssl/ssl/s2_enc.c patch |
| | | 2493 | crypto/dist/openssl/ssl/s2_pkt.c patch |
| | | 2494 | crypto/dist/openssl/ssl/s2_srvr.c patch |
| | | 2495 | crypto/dist/openssl/ssl/s3_both.c patch |
| | | 2496 | crypto/dist/openssl/ssl/s3_clnt.c patch |
| | | 2497 | crypto/dist/openssl/ssl/s3_enc.c patch |
| | | 2498 | crypto/dist/openssl/ssl/s3_lib.c patch |
| | | 2499 | crypto/dist/openssl/ssl/s3_pkt.c patch |
| | | 2500 | crypto/dist/openssl/ssl/s3_srvr.c patch |
| | | 2501 | crypto/dist/openssl/ssl/ssl.h patch |
| | | 2502 | crypto/dist/openssl/ssl/ssl_cert.c patch |
| | | 2503 | crypto/dist/openssl/ssl/ssl_lib.c patch |
| | | 2504 | crypto/dist/openssl/ssl/ssl_locl.h patch |
| | | 2505 | crypto/dist/openssl/util/libeay.num patch |
| | | 2506 | crypto/dist/openssl/util/mk1mf.pl patch |
| | | 2507 | crypto/dist/openssl/util/mkbuildinf.pl patch |
| | | 2508 | distrib/sets/lists/base/md.amd64 patch |
| | | 2509 | distrib/sets/lists/base/md.sparc64 patch |
| | | 2510 | distrib/sets/lists/base/shl.mi patch |
| | | 2511 | lib/libcrypto/shlib_version patch |
| | | 2512 | lib/libssl/shlib_version patch |
| | | 2513 | |
| | | 2514 | Apply fixes for the following OpenSSL vulnerabilities: |
| | | 2515 | |
| | | 2516 | DTLS segmentation fault in dtls1_get_record (CVE-2014-3571) |
| | | 2517 | DTLS memory leak in dtls1_buffer_record (CVE-2015-0206) |
| | | 2518 | no-ssl3 configuration sets method to NULL (CVE-2014-3569) |
| | | 2519 | ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572) |
| | | 2520 | RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204) |
| | | 2521 | DH client certificates accepted without verification [Server] (CVE-2015-0205) |
| | | 2522 | Certificate fingerprints can be modified (CVE-2014-8275) |
| | | 2523 | Bignum squaring may produce incorrect results (CVE-2014-3570) |
| | | 2524 | [spz, ticket #1945] |
| | | 2525 | |
| | | 2526 | |