Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/Attic/CHANGES-1.5.4,v retrieving revision 1.1.2.116 retrieving revision 1.1.2.117 diff -u -p -r1.1.2.116 -r1.1.2.117 --- src/Attic/CHANGES-1.5.4 2003/10/06 09:26:50 1.1.2.116 +++ src/Attic/CHANGES-1.5.4 2003/11/06 08:26:19 1.1.2.117 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-1.5.4,v 1.1.2.116 2003/10/06 09:26:50 itojun Exp $ +# $NetBSD: CHANGES-1.5.4,v 1.1.2.117 2003/11/06 08:26:19 msaitoh Exp $ A complete list of changes from NetBSD 1.5.3 to NetBSD 1.5.4: @@ -2265,3 +2265,40 @@ sys/dev/ic/wdc.c 1.132 Fix a typo that prevented pre-ata drives from working since 1999. [bouyer, ticket #85] + +sys/kern/kern_sysctl.c 1.147 (via patch) + + make debug_sysctl() sysctl MIB check more strict. from smak. + attack similar to NetBSD-SA2003-014 can be mounted due to this flaw. + [itojun, ticket #88] + +crypto/dist/openssl/ssl/ssl_ciph.c 1.6 (via patch) + + Correct some off-by-ones. They currently don't matter, but this + is for future safety and consistency. + [itojun, ticket #90] + +crypto/dist/openssl/ssl/s3_clnt.c 1.5 +crypto/dist/openssl/ssl/s3_srvr.c 1.6 + + more fixes from 0.9.7c, from openbsd + [itojun, ticket #90] + +crypto/dist/openssl/crypto/asn1/asn1_lib.c 1.7 (via patch) +crypto/dist/openssl/crypto/x509/x509_vfy.c 1.2 (via patch) + + Fix various bugs revealed by running the NISCC test suite: + Stop out of bounds reads in the ASN1 code when presented with + invalid tags (CAN-2003-0543 and CAN-2003-0544). + If verify callback ignores invalid public key errors don't try to check + certificate signature with the NULL public key. + [itojun, ticket #95] + +crypto/dist/openssl/crypto/asn1/a_bytes.c patch +crypto/dist/openssl/ssl/ssl_ciph.c patch + + Changes between 0.9.6k and 0.9.6l [04 Nov 2003] + *) Fix additional bug revealed by the NISCC test suite: + Stop bug triggering large recursion when presented with + certain ASN.1 tags (CAN-2003-0851). From Steve Henson. + [itojun, ticket#107]