Wednesday, October 31, 2007

OpenBSD 4.2 Released

PuffyTheo de Raadt announced the release of OpenBSD 4.2 today (November 1) on misc@. See my article on Undeadly for more details.

This release offers many new features including an install42.iso that includes all installation sets. This is a great convenience that people have been clamoring for, but I'm concerned it will affect CD sales (which drive the project). Please, please be sure to donate (pick the "SECURE Web Ordering Form") if you ftp installation sets or the install42.iso file.

This release also marks the first release in which I'm a developer (merdely@)! Honest. My name is at the bottom of the announcement in the list of developers.

Tuesday, October 16, 2007

4.2 Binpatches Added

PuffyI've added binpatches for OpenBSD 4.2 errata entries:


Like with 4.1 & 4.0, I've created a cumulative binpatch.

Thursday, October 11, 2007

Errata 011

PuffyThe OpenBSD team has released a patch 011 for OpenBSD 4.1 (patch 002 for OpenBSD 4.2 and patch 017 for OpenBSD 4.0).

This is a security fix and applies to all architectures.

Quote from the commit messages (1.16 & 1.17):
Replace use of strcpy(3) and other pointer goo in
SSL_get_shared_ciphers() with strlcat(3).



Fix off-by-one buffer overflow in SSL_get_shared_ciphers().
From OpenSSL_0_9_8-stable branch.


Binpatches exist for OpenBSD 4.1 and OpenBSD 4.0. Note, I do not have a 4.2 box set up, so no binpatches for 4.2 yet.

Tuesday, October 9, 2007

Errata 010

PuffyThe OpenBSD team has released a patch 010 for OpenBSD 4.1 (patch 016 for OpenBSD 4.0).



This is a security fix and applies to all architectures.



Quote from the commit message:

"Minimum IP MTU" means what it says. Ensure that packets returned by dhcpd are the minimum size or larger no matter what the client thinks the minimum allowable size is. Found by Nahuel Riva and Gera Richarte. 
Fix by millert@.


Binpatches exist for OpenBSD 4.1 and OpenBSD 4.0.