From owner-freebsd-current@FreeBSD.ORG Sat Jan 24 07:30:34 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D4BCA16A4CE for ; Sat, 24 Jan 2004 07:30:34 -0800 (PST) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4630B43D5F for ; Sat, 24 Jan 2004 07:30:11 -0800 (PST) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "madman.celabo.org", Issuer "celabo.org CA" (verified OK)) by gw.celabo.org (Postfix) with ESMTP id CEEF05482B; Sat, 24 Jan 2004 09:30:10 -0600 (CST) Received: by madman.celabo.org (Postfix, from userid 1001) id 100686D455; Sat, 24 Jan 2004 09:30:10 -0600 (CST) Date: Sat, 24 Jan 2004 09:30:09 -0600 From: "Jacques A. Vidrine" To: current@freebsd.org, sagejona@theatre.msu.edu Message-ID: <20040124153009.GE96643@madman.celabo.org> References: <20040124070846.GA595@omoikane.mb.skyweb.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040124070846.GA595@omoikane.mb.skyweb.ca> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.4i-ja.1 Subject: Re: RFC: Weekly status update 17/01/04-23/01/04 (cvs-src summary) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Jan 2004 15:30:34 -0000 On Sat, Jan 24, 2004 at 01:08:46AM -0600, Mark Johnston wrote: > Last week's thread about status reports spurred me to come up with this > in a few idle hours. I've gone through the cvs-src mail from last week > and summarized what looked like the most important commits, along with > some of the longer threads that cropped up. I'm hoping for some comments > on this from some people who contributed to the thread; I'm also CCing > Jonathan Sage, who has rigged up an automated status update (and beaten me > to the punch by a damn sight), in hopes that we can work together on this > project. Excellent summaries. > First DragonflyBSD merge > ------------------------ > Jeffrey Hsu (hsu) merged some TCP code from DragonflyBSD_. Alexey > Dokuchaev suspects that this is the first merge from Dragonfly that > FreeBSD has seen. > > .. _DragonflyBSD: http://www.dragonflybsd.org/ Actually, the first merge was probably back in August. See FreeBSD-SA-03:10.ibcs2. David Rhodus discovered the issue in DragonFlyBSD and then Matt Dillon brought it to the attention of . > ============= > Major changes > ============= > cvs security update > ------------------- > Jacques Vidrine (nectar) added two security patches to CVS. The first > stops CVS's native server mode, pserver, from being configured to run as > root. The second patch catches malicious requests that would cause the > CVS server to attempt to create directories in the root of the > filesystem holding the CVS repository. These were not really `Major changes', IMHO. Neither of these issues presented any risk on their own. Really poor configuration choices also would have to have been made. (Thus no advisory nor merging to the security branches.) In general, it is probably hard to decide what is `Major' or `Less-Major' or `Minor' :-) I hope you keep this up, I enjoyed reading it. Cheers, -- Jacques Vidrine NTT/Verio SME FreeBSD UNIX Heimdal nectar@celabo.org jvidrine@verio.net nectar@freebsd.org nectar@kth.se