-$Id: CHANGES,v 1.61 2000/06/01 18:51:22 stelian Exp $
+$Id: CHANGES,v 1.66 2000/06/30 08:57:24 stelian Exp $
-Changes between versions 0.4b16 and 0.4b17 (released ??????????????)
+Changes between versions 0.4b17 and 0.4b18 (released ??????????????)
+====================================================================
+
+1. Fixed a potential buffer overflow in restore. Thanks
+ to Stan Bubrouski <satan@fastdial.net> for reporting
+ the bug.
+
+2. Fixed a readline-related bug which prevented
+ 'cat DUMPFILE | restore -i -f -' from working. Thanks
+ to Charles Karney <karney@users.sourceforge.net>
+ for the bug report.
+
+3. Changed a few "panic" into "exit", causing restore to
+ be more stable against some attacks (like the last one
+ reported on Bugtraq, although the last version of restore
+ was not vulnerable - just dumped core). Thanks to
+ Andreas Hasenack <andreas@conectiva.com.br> for reporting
+ the bugs to me.
+
+4. Removed the suid-root bit on dump and restore in the
+ default build (and generated RPMs). It should be safer
+ now. Users who need the suid-root capabilities in order
+ to make network backups should read first the man page
+ of dump and enable the suid bit manually.
+
+Changes between versions 0.4b16 and 0.4b17 (released June 1st, 2000)
====================================================================
1. The -F script is called now *only* at the end of a tape,
git.wh0rd.org / dump.git / blobdiff