Follow @Openwall on Twitter for new release announcements and other news
Owl homepage

Andere Sprachen:
Englisch, Russisch

Konzepte
Architekturen
Arbeitsumgebung
Installationsanweisungen

Download (HTTP, FTP, rsync, anoncvs, CVSweb)

Änderungen:
Änderungen in current
Änderungen in 3.1-stable
Änderungen in 3.1
Änderungen in 3.0-stable
Änderungen in 3.0
Änderungen in 2.0-stable
Änderungen in 2.0
Änderungen in 1.1-stable
Änderungen in 1.1
Änderungen in 1.0
Änderungen in 0.1-stable

Kunstwerk
Screenshots
Präsentationsfolien

Owl VPS-Hosting

This file lists the major changes made between Owl releases. While some of the changes listed here may also be made to a stable branch, the complete lists of stable branch changes are included with those branches and as errata for the corresponding Owl releases only.

This is very far from an exhaustive list of changes. Small changes to individual packages won't be mentioned here unless they fix a security or a critical reliability problem. They are, however, mentioned in change logs for the packages themselves.

Changes made between Owl 0.1-prerelease and Owl 1.0.

2002/10/14	Owl/doc/fr/*

Updated French translations.

2002/10/13	Package: postfix

RELIABILITY FIX: Use fcntl(2) locking, not flock(2).

2002/10/12	Package: slang

Updated to 1.4.6. Reviewed all of the library code for environment variable uses and restricted those which would be unsafe in SUID/SGID programs (although such uses of slang are strongly discouraged).

2002/09/20 -
2002/10/07	Owl/doc/ru/*

New files: Russian translations of the documentation, by Gremlin from Kremlin.

2002/10/05	Package: newt

Dropped newt from Owl, it's a Red Hat'ism that we never made use of.

2002/10/04	Package: owl-setup

Support for LILO boot loader configuration.

2002/10/01	Package: glibc
SECURITY FIX	Severity: none to low, remote, passive to active

Avoid read buffer overruns in glibc itself and applications that naively assume the length returned by res_* is always less than or equal to the answer buffer size (CERT VU#738331, CVE CAN-2002-1146), by truncating the answer in res_send(3); the patch is by Olaf Kirch of SuSE. Avoid some potential reads beyond end of undersized DNS responses; pointed out by Dmitry V. Levin of ALT Linux.

2002/09/28	Package: tar
SECURITY FIX	Severity: high, local to remote, passive to active

Fixed two security and one reliability bug, all introduced into GNU tar with 1.13.19. The contains_dot_dot() bug discovered by 3APA3A and further analyzed by Mark J Cox of Red Hat and Bencsath Boldizsar resulted in tar following ".." references to outside the intended directory tree when extracting archives. Another bug effectively disabled the symlink safety introduced in 1.13.18 that was meant to avoid the problem described by Willy TARREAU where tar could be made to follow a symlink it just extracted and also place a file outside of the intended directory tree. Finally, there was a hard link storage bug discovered by Jose Pedro Oliveira. Although the two security bugs are now fixed, please keep in mind that tar has traditionally been intended for making and extracting tape backups rather than archives obtained from untrusted sources. Be very careful with what input you pass it and what user you run it as. References:
https://marc.info/?l=bugtraq&m=99496364810666
https://marc.info/?l=bugtraq&m=103314336129887
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1267
https://marc.info/?l=bugtraq&m=90674255917321

2002/09/19 -
2002/09/28	Package: xinetd

Updated to 2.3.8 with a new set of minor fixes and then to 2.3.9.

2002/09/17	kernel

Updated to 2.2.22-ow1.

2002/09/10	kernel
SECURITY FIX	Severity: high, local, active

Updated to Linux 2.2.21-ow2 which includes many security fixes for issues with the Linux kernel discovered during code reviews by Silvio Cesare, Solar Designer, and others.

2002/09/09	Package: owl-setup

Support for keyboard layout configuration, thanks to Matthias Schmidt.

2002/08/19 -
2002/08/27	Packages: acct, autoconf, automake, bc, binutils,
		bison, cpio, diffutils, e2fsprogs, ed, fileutils,
		findutils, flex, gawk, gcc, gdb, gdbm, glibc, gnupg,
		gpm, grep, gzip, libtermcap, libtool, m4, make,
		readline, screen, sed, tar, texinfo, time

Adjusted Texinfo directory entries such that the menu looks pretty.

2002/08/22	Packages: owl-cdrom, owl-startup

Added a "welcome" script to introduce the user to directory locations on the CDs.

2002/08/22	Packages: SimplePAMApps, pam

Patched pam_motd to behave on errors and configured it for login(1).

2002/08/13	Package: procmail

Updated to 3.15.2 adding temporary file handling fixes to scripts used during the builds.

2002/07/30 -
2002/08/12	Package: openssl
SECURITY FIX	Severity: high, remote, passive to active

Applied the official security patches against 0.9.6d and then did a series of package updates to ensure Owl always contains the fixes for the currently publicly-known vulnerabilities, ending up with 0.9.6g. Please refer to the package change log for the intermediate steps that occurred during this update process. The vulnerabilities have been discovered by Ben Laurie and others of A.L. Digital Ltd and The Bunker under DARPA's CHATS program, by consultants at Neohapsis, and by Adi Stav and James Yonan. The patches have been prepared by Ben Laurie and Dr. Stephen Henson, with one of the fixes partly based on a version by Adi Stav. The vulnerabilities affect applications that use OpenSSL to provide SSL or TLS or use OpenSSL's ASN.1 parsing code on untrusted input. It hasn't been fully researched whether OpenSSH is affected, but the ASN.1 parsing vulnerability may affect OpenSSH's implementation of SSH protocol 2 in both the server and the client. As Owl currently only includes SSL clients (lftp and links), only passive attacks are possible via the SSL/TLS vulnerabilities on default installs. If, however, any SSL server software that uses OpenSSL is added, active attacks will likely become possible as well.

2002/08/04 -
2002/08/12	Packages: fileutils, sh-utils, textutils;
		Owl/build/installorder.conf

Updated fileutils to 4.1.11 with a number of additional patches.

2002/08/11	Package: perl
SECURITY FIX	Severity: none to high, remote, active

Back-ported bound checking fixes for File::Glob from Perl 5.8.0. Thanks to Pavel Kankovsky for the report and to Michael Tokarev for discussing other possible approaches to fixing this. Without these fixes, it was possible that certain otherwise correct Perl scripts would expose the lack of bound checking in the Perl module code to be exploited via user input to those scripts, which, depending on the nature of such scripts, may be coming from a remote system.

2002/08/11	Package: xinetd

Updated to 2.3.6 adding fixes or workarounds for issues introduced after 2.3.3 including the signal pipe leak into child processes (a security hole with 2.3.4+ which never got into Owl).

2002/08/04	Package: glibc

Made the FreeSec code (that supports the extended BSDI-style DES-based password hashes) reentrant, adjusted crypt*(3) wrappers and the manual page accordingly. This means that you no longer have to use the plain_crypt option with pam_tcb(8) when support for these password hashes is desired.

2002/08/01	Package: glibc
SECURITY FIX	Severity: low to high, remote, passive to active

Patched two potential integer overflows (and thus buffer overflows) in calloc(3) and Sun RPC xdr_array(3) code (the latter discovered by ISS X-Force). The calloc(3) integer overflow possibility is currently not known to allow for an attack on a particular application, but has been patched as a proactive measure. The Sun RPC xdr_array(3) overflow may allow for passive attacks on mount(8) by malicious or spoofed NFSv3 servers as well as for both passive and active attacks on RPC clients or services that one might install on Owl.

2002/07/30	Package: man-pages

Updated to 1.52 with additional corrections.

2002/07/28	Package: mtree

Updated to version from current OpenBSD (post-3.1) which is able to encode special characters in filenames.

2002/07/21 -
2002/07/28	Packages: pam_passwdqc, pam

Imported the pam_passwdqc(8) manual page back from FreeBSD with minor corrections to it and the README, also moving the pam.d and pam.conf pages to section 5 where they belong.

2002/07/23	Package: gawk

Moved profiling gawk (pgawk) into separate subpackage (gawk-profile), not built or installed by default. The PostScript documentation is now installed compressed.

2002/07/14 -
2002/07/18	Package: perl
SECURITY FIX	Severity: low, local, passive

Added File::Temp module to the package and corrected unsafe temporary file handling in the Configure script, perldoc(1) (patch from ALT Linux), perlbug(1), perlcc(1) (by updating to the version from Perl 5.6.1 which actually works), s2p(1), c2ph(1), dotsh.pl, perl5db.pl, and ExtUtils/inst (also making it work with GNU tar). Applied many fixes to documentation and code comments to not suggest bad practices on the use of temporary files. perlbug(1) will now default to using vitmp(1). Corrected the generation of *.ph files and re-considered which C header files to process during package build by default. The package will now try to no longer include information specific to the build system's last kernel compile.

2002/07/15	Package: gawk

Updated to 3.1.1 and switched to using Paul Eggert's patch to igawk which makes it not use temporary files at all.

2002/07/13	Package: texinfo

Updated to 4.2 with an additional temporary file handling fix to texi2dvi.

2002/06/27 -
2002/07/07	Package: openssh
SECURITY FIX	Severity: none to high, remote, active

Updated to 3.4p1 with a lot of additional modifications to restore most of the functionality lost or broken with the recent rushed update to 3.3p1 and to be safer. Please refer to change log for the package for details. OpenSSH 3.4p1 fixes the lack of bound checking resulting in an integer and buffer overflow with the PAMAuthenticationViaKbdInt code (and thus potentially allowing for a remote server compromise). On Owl, PAMAuthenticationViaKbdInt has always defaulted to no and is in fact not supported by our PAM configuration file for OpenSSH. A comment in /etc/ssh/sshd_config incorrectly seemed to imply that PAMAuthenticationViaKbdInt defaulted to yes, which was never the case. That comment has since been corrected.

2002/07/06	Package: pam

pam_limits will now support stacking for account management (as well as for session setup), be fail-close on configuration file reads, and report the "too many logins" via PAM conversation rather than direct printf(3). The first change is needed for the new OpenSSH package.

2002/07/04 -
2002/07/05	Package: glibc
SECURITY FIX	Severity: none to high, remote, passive

Back-ported the fix to a buffer overflow affecting network lookups with getnetby{addr,name}{,_r}(3) family of functions when "dns" is listed on "networks" line in /etc/nsswitch.conf (which is not the default). Added the patch by NISHIMURA Daisuke and Tomohiro 'Tomo-p' KATO of Vine Linux to fix the DNS resolver buffer overflows affecting both host and network lookups in the compatibility code that is used by binaries built against glibc 2.0 (there are no such binaries in Owl itself). Improved the code used to produce unpredictable DNS query IDs to make it generate different sequences of IDs in forked processes (problem noted by Jarno Huuskonen), conserve the kernel's randomness pool (based on feedback from Michael Tokarev), and properly reseed when chrooted.

2002/06/23 -
2002/06/25	Packages: openssh, owl-etc

Updated OpenSSH to 3.3p1 with privilege separation enabled by default and a patch to make it work on Linux 2.2 (as well as 2.4).

2002/06/21 -
2002/06/22	Owl/build/buildworld.{sh,conf}, Owl/build/Makefile,
		Owl/doc/BUILD

SRPMs are no longer built by default, the old behavior may be restored by setting BUILDSOURCE=yes in buildworld.conf. Owl does not use SRPMs for anything. The build environment now looks for binary packages to determine which sources and foreign source packages need to be built. Individual packages, both native and foreign, may now be (re-)built with "make PACKAGE=..." as documented in Owl/doc/BUILD. When building on SMP, the number of processors will now be detected automatically unless specified explicitly in buildworld.conf.

2002/06/13	Owl/doc/de/*

New files: German translations of the documentation, from Matthias Schmidt.

2002/06/10 -
2002/06/13	Package: modutils

Updated to 2.4.16.

2002/06/12	Package: glibc

ldd(1) will no longer try to invoke programs directly, even when it seems like that would work. The dynamic linker will be invoked as a program instead. This makes a difference primarily when the program is SGID and is being ldd'ed by root. If the program was executed directly, glibc would detect its SGID status and drop LD_* variables, resulting in the program being actually started rather than ldd'ed. Thanks to Dmitry V. Levin of ALT Linux for suggesting this solution. syslog(3) will now use ctime_r() instead of strftime_r() so that month names will not depend on current locale settings. The patch is originally by Michael Tokarev. The glibcbug script will now use mktemp(1) in a fail-close way, let it use $TMPDIR, and will default to vitmp(1) for the editor.

2002/06/11	Package: bison

Updated to 1.35.

2002/06/09	Packages: owl-dev, owl-hier

Support Linux 2.4.x's /proc/devices entries. Support and create frame buffer devices. Support up to 8 IDE controllers (16 devices), create device files for 8 IDE devices by default.

2002/05/28 -
2002/06/08	Package: strace;
		Owl/build/installorder.conf

Updated to current CVS version (post-4.4) with an additional fix for displaying all possible ioctl names when there's more than one match for a number. The strace-graph Perl script is now packaged, in its own subpackage.

2002/06/04	Package: silo

Updated to 1.2.5.

2002/05/30 -
2002/06/03	Package: iputils

Updated to ss020124.

2002/05/25 -
2002/05/27	Package: popa3d

Added two interoperability fixes. Please refer to change log for the package for details.

2002/05/27	kernel

Updated to Linux 2.2.21-ow1. This changes certain permissions on /proc entries, fixes the getcwd(2) instance of the d_path() truncation problem in the Linux kernel pointed out by Wojciech Purczynski on public mailing lists, and fixes the fsuid/fsgid handling inconsistency in the Linux kernel discovered by Hao Chen.

2002/05/19	Packages: screen, pam, tcb, utempter, owl-etc

RELIABILITY FIX: Grant screen(1) access to both chkpwd and utempter helpers such that screen session (un)locking works in our default install. Previously, locked screen sessions couldn't be unlocked by the user because of screen not being able to possess and make use of the privilege of validating the user's password.

2002/05/17 -
2002/05/19	Package: gnupg

Updated to 1.0.7.

2002/05/14	Package: findutils

Updated to 4.1.7.

2002/05/12	Package: openssl

Updated to 0.9.6d with a patch by Ben Laurie for "openssl dgst" to behave on read errors and additional corrections to the package.

2002/05/09	Package: vixie-cron
SECURITY FIX	Severity: none to low, local, active

Ensure all files are closed in crontab(1) when the editor is run. This fixes the problem pointed out by Paul Starzetz on Bugtraq where crontab(1) could leak read-only access to /etc/cron.{allow,deny} even if those files are made readable to just group crontab.

2002/04/25	Package: e2fsprogs

Updated to 1.27 (ext3fs support).

2002/04/19 -
2002/04/25	Packages: vim, bash, quota, vixie-cron

Updated vim to 6.1 patchlevel 18, with various additional changes to the package. The package now includes vitmp(1), a wrapper around VIM to be used for editing temporary files with in-place rewrites. It is now the default editor for crontab(1), edquota(8), the "fix command" (fc) history editor in bash, and the bashbug script.

2002/04/10	Package: john

New package: John the Ripper, a fast password cracker.

2002/04/02	Package: vsftpd

Updated to 1.0.2pre3, made use of the new option to hide numeric IDs.

2002/04/01 -
2002/04/02	Packages: iproute2, owl-cdrom, owl-startup,
		pam_mktemp, pam_userpass, traceroute

Applied modifications to better support Alpha in the distribution as a whole. Marked owl-cdrom x86-specific because at this stage it really is. /proc is now mounted early as needed for hwclock(8) and glibc's I/O port access routines. traceroute(8) should no longer do unaligned accesses on 64-bit architectures.

2002/03/30	Package: stmpclean

New package: a safe temporary directory cleaner. Modifications have been applied for extra safety and to provide tmpwatch emulation.

2002/03/22 -
2002/03/24	Package: acct

Applied bug fixes to sa(8) to properly report real time in minutes or seconds and to lastcomm(1) to properly report process creation times on 64-bit architectures. Heavy documentation corrections and cleanups (both man pages and texinfo).

2002/03/22	Package: popa3d

Re-worked all of the UIDL calculation, adding support for multi-line headers and re-considering which headers to use.

2002/03/13 -
2002/03/21	Package: pam_mktemp

Make the /tmp/.private directory append-only (where supported) such that the directory or its subdirectories don't get removed by a /tmp cleaner. A third-party /tmp cleaner may complain, but that isn't as bad as removing the directories could be.

2002/03/20	Packages: glibc, pam_mktemp, pam_passwdqc,
		pam_userpass, popa3d, scanlogd, tcb;
		Owl/build/buildworld.sh, Owl/build/Makefile

The non-Owl-specific pieces of software developed by the Openwall team now live in the Owl CVS tree. This includes crypt_blowfish (a part of the glibc package), pam_mktemp, pam_passwdqc, pam_userpass, popa3d, scanlogd, and tcb. For these, the updated buildworld script may now produce source archives which we may be releasing separately from Owl. Of course, the corresponding Owl packages are built as usual.

2002/03/17	Package: openssh

Updated to 3.1p1.

2002/03/15	Package: dev86

Updated to 0.16.0.

2002/03/13	Package: zlib

Updated to 1.1.4.

2002/03/13	Package: logrotate

Updated to 3.6.2.

2002/03/05	Package: openssh
SECURITY FIX	Severity: high, local/remote, active/passive

Patched an off by one channel id check bug discovered by Joost Pol. The bug could be exploited by either a user able to login into a vulnerable OpenSSH server or a malicious SSH server attacking a vulnerable OpenSSH client. If successful, this could let one execute arbitrary code in the context of the remote server or client process.

2002/03/03	kernel
SECURITY FIX	Severity: medium to high, local to remote, active

Updated to Linux 2.2.20-ow2. This fixes an x86-specific vulnerability in the Linux kernel discovered by Stephan Springl where local users could abuse a binary compatibility interface (lcall) to kill processes not belonging to them (including system processes). Additionally, a kernel instance of the zlib double-free vulnerability is now fixed. Fortunately, the affected parts of the Linux kernel (Deflate compression support for PPP and the experimental Deflate compression extension to IrDA) are normally not used by the Owl userland.

2002/02/15	Package: lilo

Updated to 22.1.

2002/02/13	Packages: owl-startup, SysVinit

Don't unlink the old /sbin/init on SysVinit package upgrades as that would actually leave it pending for delete on process termination and prevent remounting the filesystem read-only during shutdown. Avoid the same problem with glibc upgrades by linking /sbin/init statically. Combined with the swapoff(2) fix in Linux 2.2.20-ow1+, this completes the changes needed for system shutdown to work cleanly after a "make installworld" over the running system.

2002/02/11	Packages: zlib, rpm, texinfo
SECURITY FIX	Severity: high, remote, active

There was a vulnerability in the zlib data compression library which, on certain invalid input to decompression, could cause segments of dynamically allocated memory to be deallocated twice (a double-free bug). The second attempt at deallocation would incorrectly treat what may happen to be user-supplied input as data structures internal to the dynamic memory implementation. As a result, the worst case impact is ability to execute arbitrary code within the context of the process doing decompression via carefully crafted invalid "compressed" input. On Owl, the zlib vulnerability affected the following packages: gnupg, openssh, rpm, texinfo, and any third-party software which may use the library. Of these, the rpm and texinfo packages contain binaries statically linked against zlib and thus needed a rebuild. They now have a build dependency on the corrected version of zlib introduced. OpenSSH could potentially allow for an active remote attack resulting in a root compromise. If only SSH protocol version 1 is allowed in the OpenSSH server this is reduced to a local attack on the server, but reverse remote attack possibilities by a malicious server remain.

2002/01/24 -
2002/02/08	Owl/doc/CONVENTIONS;
		Owl/build/buildworld.sh, Owl/build/installworld.sh;
		Owl/packages/*

Defined and moved to new package version numbering conventions which should let us better support multiple branches. At the same time any previously specified conventions have been actually enforced for old packages, heavy cleanups applied to all of the RPM spec files, and lots of minor improvements to the packages have been made.

2002/02/07	Package: iproute2

New package: enhanced IP routing configuration tools.

2002/02/07	Owl/doc/fr/{DOWNLOAD,INSTALL,CONVENTIONS}

Updated French translations, from Denis Ducamp.

2002/02/01	Package: bzip2

Updated to 1.0.2, with significant changes to the way the package is built.

2002/01/24	Package: bison

Updated to 1.32.

2002/01/11	Package: openssl

Updated to 0.9.6c.

2001/12/22 -
2001/12/26	Package: postfix

Hardening of the Postfix queue file permissions and access methods, in case someone compromises the postfix account. The fixes are by Wietse Venema and have been back-ported from the 20011217 snapshot. Thanks to Michael Tokarev for his help in handling these issues. At the same time, additional postfix-script fail-closeness fixes have been applied and the package has been updated to 19991231-pl13.

2001/12/16	Package: vsftpd

New package: a File Transfer Protocol (FTP) server.

2001/12/14	Package: glibc
SECURITY FIX	Severity: none to high, remote, active

Back-ported a glob(3) buffer overflow fix from the CVS. The bug has been discovered and an initial patch produced by Flavio Veloso of Magnux. While no Owl package is known to be affected by this glibc bug, it is likely that it may result in a security hole with certain third-party software such as FTP servers which support globbing and make use of the glob(3) interface. At the same time, asprintf(3) and vasprintf(3) have been modified to behave on errors and match the semantics of Todd Miller's implementation found on *BSD, -- thanks to Dmitry V. Levin of ALT Linux for discovering and looking into these issues.

2001/12/12	Package: openssh
SECURITY FIX	Severity: none to high, local, active

Updated to 3.0.2p1 which fixes a security problem with UseLogin where, if UseLogin is enabled in the sshd configuration, a local user could gain root access by passing arbitrary environment variable settings to login(1) via authorized_keys file options. UseLogin has never been enabled on Owl by default and its use is discouraged.

2001/12/10	Package: ipchains

New package: an interface to the Linux IP packet filtering code.

2001/11/27	Package: logrotate

Updated to 3.5.9 with additional corrections.

2001/11/25	Package: telnet

New package: Telnet protocol client and server ported from OpenBSD (post-3.0), with significant modifications. The Telnet protocol handling in telnetd is performed in a process running as a dedicated pseudo-user and chrooted to /var/empty. This uses the approach introduced by Chris Evans in his NetKit telnetd patches, but the code is different. Please refer to change log for the package itself for descriptions of the many modifications applied during the week this package was in development.

2001/11/22	Owl/doc/CONVENTIONS

New file: explains some of the conventions to follow for those wishing to contribute to the project.

2001/11/19	Packages: SimplePAMApps, pam

Use pam_lastlog with login(1). Additionally, several bug fixes and other changes have been applied to libpam, pam_lastlog, pam_securetty, and login. Please refer to change logs for the packages for details.

2001/11/16	Packages: SimplePAMApps, openssh, popa3d, screen,
		owl-setup

Use pam_tcb instead of pam_pwdb.

2001/11/15	Packages: pam, tcb

No longer build pam_unix, the tcb package will provide compatibility symlinks instead.

2001/11/13	Package: screen

Updated to 3.9.10.

2001/11/13	Package: mktemp

Updated to 1.4 (uses $TMPDIR and a hard-coded template by default).

2001/11/12	Packages: tcb, shadow-utils, util-linux

This is the first in a series of changes needed for us to move to the tcb password shadowing scheme (please refer to the tcb(5) manual page for information on what tcb is about and why we designed it). The tcb package consists of three components: pam_tcb, libnss_tcb, and libtcb. pam_tcb is a PAM module which supersedes pam_unix. libnss_tcb is the accompanying NSS module. libtcb contains code shared by the PAM and NSS modules and is also used by programs from the updated shadow-utils package. At the same time, the shadow suite (shadow-utils) has been updated to version 4.0.0 with many additional fixes and modifications and, of course, with tcb support added. The non-tcb-specific changes to shadow-utils include: optional mailbox creation in useradd(8), the use of PAM with most user management commands (where that made sense), support for arbitrary password hashing methods for group passwords set with gpasswd(1), packaging of gshadow-aware versions of newgrp(1) and sg(1) commands (previously, newgrp(1) was a part of our util-linux package), numerous bug fixes and reliability improvements, and quite likely new bugs. chpasswd(8) and newusers(8) will now use PAM to set passwords that haven't already been hashed. Other commands which set passwords will invoke the PAM password management stack to possibly rebuild additional password databases. chage(1), once enabled, will now use PAM authentication which is by default set to require non-root users to authenticate themselves prior to being let to see their password aging information. Other user management commands will now support PAM authentication, too, although that isn't of much use given that we don't officially support running user management commands on behalf of trusted but not root-privileged users.

2001/11/09	Package: pam_userpass

Updated to 0.5 which is now stackable for password management as well as authentication. This is to be used by programs such as chpasswd(8) and newusers(8).

2001/11/08	Package: netlist

New package: a program for regular users to list their active Internet connections and listening sockets despite possible access restrictions on /proc.

2001/11/08	Package: glibc

If syslog(3) is called by a SUID/SGID program without a preceding call to openlog(3), don't blindly trust __progname for the syslog ident. This situation may occur because of bad interaction between a program and PAM modules where either a PAM module relies on the program to have initialized logging or one or more of the PAM modules utilize syslog calls followed by a call to closelog(3) and the program doesn't bother to re-initialize its logging before making further calls to syslog(3). All of this is of course a consequence of PAM lacking a logging framework. Without this change to glibc, such situations would go unnoticed while allowing for malicious users to play games with messages logged by privileged programs.

2001/11/08	Package: bison

Updated to 1.30.

2001/11/04	Package: pam_passwdqc

Updated to 0.4 which permits for stacking of more than one instance of the module (no statics).

2001/11/03	kernel
SECURITY FIX	Severity: none to medium, remote, active

Updated to Linux 2.2.20-ow1. Compared to our previous recommended kernel version/patch (2.2.19-ow3 or 2.2.19-ow4), Linux 2.2.20 adds a workaround for a vulnerability with certain packet filter setups and SYN cookies (http://cr.yp.to/syncookies.html) where the packet filter rules could be bypassed. Additionally, 2.2.20-ow1 moves even more of the support for combined ELF/a.out setups (in particular, uselib(2) and its related a.out library loaders) under the configuration option introduced with 2.2.19-ow4.

2001/10/28	Package: popa3d

Updated to 0.5 which adds a popa3d(8) man page.

2001/10/24 -
2001/10/27	Package: bash

Updated to 2.05 with many additional fixes.

2001/10/22	kernel

RELIABILITY FIX: Updated to Linux 2.2.19-ow4 which fixes a symbol export issue introduced with 2.2.19-ow3 and moves the support for ELF executables which use an a.out format interpreter (dynamic linker) into a separate configuration option (disabled by default).

2001/10/18	kernel
SECURITY FIX	Severity: low to high, local, active

A new revision of the Openwall Linux kernel patch, 2.2.19-ow3, is now available. It contains fixes for two Linux kernel vulnerabilities discovered by Rafal Wojtczuk, and it is strongly recommended for use with Owl. One of the vulnerabilities affected SUID/SGID execution by processes being traced with ptrace(2). It was possible to trick the kernel into recognizing an unsuspecting SUID root program as the (privileged) tracer process. Then, if that program would execute a program supplied by the malicious user (with the user's credentials), the user's program would inherit the ability to trace. Fortunately, there's no program that would meet all of the requirements for this attack in the default Owl install. However, certain supported non-default configurations of Owl are affected. In particular, if newgrp(1) is made available to untrusted users (which is a supported owl-control setting) or certain third-party software that contains SUID root binaries is installed, the vulnerability may become exploitable and result in a local root compromise. The other vulnerability allowed for an effective local DoS attack by causing the kernel to spend an almost arbitrary amount of time on dereferencing a single symlink, without giving a chance for processes to run.

2001/10/08	Packages: sysklogd, owl-etc

Updated sysklogd to 1.4.1. Based the new klogd drop root patch on one from CAEN Linux. Added syslogd patches derived from CAEN Linux to allow specifying a bind address for the UDP socket and to let syslogd run as non-root. klogd is now running chrooted to /var/empty (it has been running as non-root since before Owl 0.1-prerelease). syslogd is now running as its dedicated pseudo-user, too.

2001/10/07	Packages: pam, openssh, screen;
		Owl/build/installorder.conf

Updated PAM to Red Hat's 0.75-10 plus our usual patches. Replaced pam_listfile with Michael Tokarev's implementation (see http://archives.neohapsis.com/archives/pam-list/2000-12/0084.html). Patched the new pam_chroot to catch the most common misuses which would result in a security problem, updated its README and example configuration file to discourage such misuses. Moved development libraries and header files into a subpackage, moved the main Linux-PAM documentation into a documentation subpackage.

2001/10/06	Package: gpm

Updated to 1.19.6 with some additional fixes.

2001/10/03	Owl/doc/DOWNLOAD, Owl/doc/INSTALL

Documented the availability and installation instructions for ISO-9660 images of Owl CDs.

2001/10/02	Package: mktemp

Updated to 1.3.1 (built-in $TMPDIR support).

2001/09/27	Package: gzip
SECURITY FIX	Severity: low, local, passive

Patched unsafe temporary file handling in gzexe, zdiff, and znew based on work by Todd Miller of OpenBSD.

2001/09/27	Package: openssh
SECURITY FIX	Severity: low to high, remote, passive to active

Updated to 2.9.9p2, which fixes three security issues compared to our previous package version. The issues are: 1. The "from=" restriction in ~/.ssh/authorized_keys2 could fail to work when the file defines a mix of RSA and DSA keys. 2. A documentation problem that the authorized_keys* options didn't restrict the use of sftp. They do so now. sftp has never been enabled on Owl by default (it is owl-control'able). 3. As discovered by Yang Yu, the "echo simulation" traffic analysis countermeasure produced an extra echo packet for the carriage return after password entry. That could serve as a traffic signature for attackers.

2001/09/11	Package: popa3d

Updated to 0.4.9.4. The same popa3d binary may now be run as a standalone server as well as via xinetd, an /etc/xinetd.d file is provided. Parts of the daemon code are now run in a chroot jail.

2001/09/05	Package: man-pages

Updated to 1.39 with additional corrections.

2001/09/02	Package: groff
SECURITY FIX	Severity: none to high, remote, active

zen-parse has demonstrated a security problem with format string processing in the plot command of pic(1) when groff is used with LPRng on Red Hat Linux. While Owl doesn't (yet?) include a print server, our groff package did have the unfortunate pic(1) property and did provide a print filter for use on potentially untrusted input by a third-party print server package one could install. This has now been corrected. A patch by Sebastian Krahmer of SuSE Security Team has been applied to pic(1) to restrict the format string processing. The print filter has been dropped from the package. Additionally, the package has been updated to 1.17.2.

2001/09/02	Package: popa3d

Updated to 0.4.9.2.

2001/08/30	Package: xinetd

Updated to 2.3.3.

2001/07/30	Package: pam

RELIABILITY FIX: Fixed a double-free bug in pam_pwdb which caused it to segfault after successful password changes in some cases. The bug was specific to Owl. :-( Fortunately, this had no security impact as the memory area was zeroed out before the second call to free(3) such that no user input would reach it.

2001/07/28	Package: owl-cdrom

New package: directory hierarchy changes and additional files needed for Owl bootable CD-ROMs.

2001/07/27	Package: links

Updated to 0.96.

2001/07/05 -
2001/07/22	Package: xinetd
SECURITY FIX	Severity: none to high, remote, active

Performed an audit of the xinetd source code for several classes of vulnerabilities, and applied _many_ security and reliability fixes. The patch is 100 KB large. See AUDIT in the package documentation. None of the vulnerabilities are known to affect the default xinetd configuration on Owl.

2001/07/18	Package: vixie-cron

Added support for /etc/cron.d directory.

2001/07/12	Package: gdb

New package: the GNU debugger.

2001/07/12	Package: scanlogd

New package: a tool to detect and log TCP port scans.

2001/07/11	Packages: openssl, openssh

Updated OpenSSL to 0.9.6b.

2001/07/10	Package: tar

RELIABILITY FIX: There was a bug which caused tar to loop endlessly on a read error when verifying archives (this affected both -W, --verify, and -d, --diff, --compare). The bug is now fixed. Additionally, the package has been updated to 1.13.19 with other patches needed for this new version.

2001/07/06	Package: openssl
SECURITY FIX	Severity: none to medium, remote, passive to active

Applied patches provided by the OpenSSL team to correct a PRNG weakness which under unusual circumstances could allow an attacker to determine internal state of the PRNG and thus to predict future PRNG output. This problem has been discovered and reported to the OpenSSL team by Markku-Juhani O. Saarinen. No applications are known to be affected at this time.

2001/06/29	Package: xinetd
SECURITY FIX	Severity: none to high, remote, active

Updated to 2.3.0, which fixes the problem with xinetd's string handling routines discovered by Sebastian Krahmer of SuSE Security Team. This should complete an earlier security fix to the buffer overflow in the xinetd logging code discovered by zen-parse. The buffer overflow could be triggered by a remote attacker via xinetd's ident (RFC 1413) lookup feature and could allow for the execution of arbitrary code as the user xinetd is running as (typically root). ident lookups are and have always been disabled in the Owl xinetd package by default.

2001/06/29	Owl/doc/fr/*

Updated French translations, from Denis Ducamp.

2001/06/29	Package: mktemp

Switched to packaging the portable mktemp, now that Todd Miller maintains it in addition to the OpenBSD-specific version. :-)

2001/06/27	Package: gpm
SECURITY FIX	Severity: none to low, physical, active

The mouse event handler gpm-root, if enabled, handled user-supplied configuration files unsafely, allowing a user with physical access to the mouse to gain root privileges on the running system. gpm-root was never started on Owl by default, and has now been moved to a separate subpackage which would need to be explicitly enabled to build. The support for user-supplied configuration files is now patched out and the documentation is updated accordingly. Additionally, many gpm-root reliability bugs including the format string bug reported by Colin Phipps to Debian (http://bugs.debian.org/102031) have been fixed.

2001/06/25	Package: quota

New package: tools for monitoring users' disk usage and managing disk usage quotas.

2001/06/24	Owl/doc/CHANGES

New file: the system-wide change log will now be maintained.

2001/06/21	Owl build environment

First attempt at supporting multiple branches.

2001/06/21 -
2001/06/23	Package: owl-setup

RELIABILITY FIX: Set the domain in /etc/resolv.conf, ensure the newly created /etc/resolv.conf and /etc/hosts are mode 644.

2001/06/20	Package: tcsh

Updated to 6.10.01 which includes a number of minor bugfixes.

2001/06/18	Package: pwdb

Updated to 0.61.1 which adds some header files.

2001/06/17	Package: libnet

Support alpha* targets other than plain alpha (don't even try to check for unaligned accesses when building for an Alpha).

2001/06/17	Package: man-pages

Updated to 1.38.

2001/06/15	Package: shadow-utils

DOCUMENTATION FIX: Rewrote most of the login.defs(5) man page and enabled its packaging. Added more defaults to /etc/login.defs, added a reference to login.defs(5). Fixed a bug in the lastlog(8) man page reported by Jarno Huuskonen.

2001/06/14	Package: openssh
SECURITY FIX	Severity: none to low, remote, active

Prevent additional timing leaks with null passwords (when allowed). The default OpenSSH server configuration on Owl doesn't allow null passwords, making this a non-issue (not that it's much of an issue either way). When null passwords were allowed, the old package made it somewhat easier for a remote attacker to check whether a username is valid.

2001/06/14	Package: pam_userpass

RELIABILITY FIX: Deal with null passwords correctly. Before this change null passwords wouldn't work even when allowed for a service.

2001/06/13	Package: glibc

Back-ported a patch from the CVS to handle unaligned relocations on Alpha. Owl is now able to rebuild all of its packages on an Alpha without causing a single unaligned trap. References:
http://bugs.debian.org/43401
http://gcc.gnu.org/ml/gcc/1999-07n/msg00968.html
http://gcc.gnu.org/ml/gcc/1999-07n/msg01041.html

2001/06/12	Package: rpm

Updated to 3.0.6.

2001/06/12	Package: screen
SECURITY FIX	Severity: low, local, passive

Updated to 3.9.9, patched the unsafe temporary file handling in the configure script (which made it unsafe to _build_ screen).

2001/06/12	Package: xinetd

Updated to 2.1.8.9pre15. With includedir, skip all files with names containing a dot ('.') or ending with a tilde ('~'); this replaces the Red Hat Linux derived patch. Minor man page fixes.

2001/06/11	Package: openssh
SECURITY FIX	Severity: low, local, active

Switch credentials when cleaning up temporary files and sockets to fix the vulnerability reported by zen-parse on Bugtraq which could allow a local user to remove files named "cookies" located anywhere on the system. The patch is by Markus Friedl (intended for testing only) with a later OpenSSH CVS change added and two bugs fixed.

2001/06/10 -
2001/06/13	Package: dialog

Updated to 0.9a-20010527 with minor bugfixes.

2001/06/07	Package: links

New package: a Lynx-like text WWW browser with support for frames.

2001/06/04	Owl/doc/CONTACT

New file: explains Owl public mailing lists (only owl-users at the moment) and e-mail contacts.

2001/06/04	Package: logrotate

Enabled the daily cron job now that we have /etc/cron.daily (finally). If log compression is requested, use gzip at its default compression level (no "-9").

2001/06/03	Package: glibc
SECURITY FIX	Severity: low to medium, local, passive

Synced the fts(3) routines with current OpenBSD and FreeBSD; this is triggered by Nick Cleaton's report of yet another FTS vulnerability to FreeBSD, and a discussion with Kris Kennaway and Todd Miller. It should no longer be possible to trick FTS into leaving the intended directory hierarchy, but DoS attacks on FTS itself remain possible. The FTS code is used by software ported from BSD, including the Owl mtree package. GNU software uses other implementations, several of which will need fixing as well (our findutils package includes a fix since before the 0.1-prerelease, but there's room for improvement).

2001/06/03	Package: glibc

DOCUMENTATION FIX: Updated to crypt_blowfish-0.4.1 which includes a crypt.3 man page that is more friendly to makewhatis.

2001/05/30	Package: gnupg
SECURITY FIX	Severity: high, remote, passive

Updated to 1.0.6, which includes a fix to the format string vulnerability discovered by fish stiqz of Synnergy Networks. This vulnerability can allow a (possibly remote) attacker to execute arbitrary code as the user who attempted decryption of a specially crafted file. While the potential impact of this vulnerability is high, the chances of its successful exploitation in a real-world attack are low due to technical and social reasons.

2001/05/29	Packages: SysVinit, xinetd, owl-startup
SECURITY FIX	Severity: none to medium, local, passive to active

Ensure the umask is no less restrictive than 022 when starting programs from init, start-stop-daemon, and xinetd. Set umask to 077 in daemon() for the case when a service is started manually rather than from rc.sysinit. Of these, only the xinetd behavior was a real vulnerability on setups we support (Owl with third-party services installed). The change to init is only critical when running certain 2.4.x Linux kernel versions, which we don't yet support. The changes to start-stop-daemon and owl-startup are redundant.

2001/05/27	Package: gawk
SECURITY FIX	Severity: low, local, passive

Patched unsafe temporary file handling in igawk, based on report and patch from Jarno Huuskonen (updated the igawk example in the texinfo documentation for gawk, which is used as the source for building the final igawk script). This is a very minor security problem as igawk is hardly ever used.

2001/05/27 -
2001/06/19	Package: popa3d

RELIABILITY FIX: Updated from an earlier development version to 0.4.9 and later to 0.4.9.1.

2001/05/23	Package: sysklogd
SECURITY FIX	Severity: none to medium, local, active

Back-ported a klogd DoS fix from 1.4.1, thanks to the reports from Jarno Huuskonen and Thomas Roessler who initially reported the problem to Debian (see http://bugs.debian.org/85478). The problem would only show up when the kernel or a kernel module incorrectly passes a NUL byte for logging. Linux 2.2.19 isn't known to have bugs like this, some Linux 2.4.x kernels are.

2001/05/18	Owl/doc/CREDITS

New file: presents our development team and others involved with Owl.

2001/05/18 -
2001/05/25	Package: crontabs

New package: system crontab files which provide the /etc/cron.daily, weekly, and monthly files as required by the LSB specification draft, plus /etc/cron.hourly found on Red Hat Linux. The package is based on a modified version of the run-parts program derived from Debian.

2001/05/18 -
2001/06/12	Package: man

Updated to 1.5i and later to 1.5i2. These versions are meant to fix the published ways to attack man when it is installed SUID/SGID, but the fixes are imperfect by design. Owl has never installed man SUID or SGID. Additionally, our makewhatis script was fixed since before we've released. Thus, this isn't a security update.

2001/05/15	Owl/doc/fr/*

New files: French translations of the documentation, from Denis Ducamp.

$Owl: Owl/doc/CHANGES-1.0,v 1.12 2018/05/23 19:32:15 solar Exp $