NEWLOG VERSION 1.0.4 IS NOW AVAILABLE ---------------------------------------------------------------------- newlog should be available from: ftp://ftp.cs.columbia.edu/pub/sos/lib ftp://ftp.soscorp.com/pub/sos/lib and other SOS mirrors. ---------------------------------------------------------------------- newlog is a replacement syslog(3) library (which includes snprintf(3)) to fix the vulnerability of standard syslog(3) to a buffer-overflow attack. People have constructed exploit programs which use this vulnerability to break into machines. Programs which are recompiled using this replacement syslog(3) should NOT be vulnerable to this attack or any derivative of this attack. ---------------------------------------------------------------------- newlog version 1.0.4 works on SunOS, Solaris, IRIX, BSDI, and NeXT. It probably works on many other operating systems as well. ---------------------------------------------------------------------- Changes from 1.0.3 to 1.0.4 CERT provided compiler portability fixes (basically for pcc and acc C compilers). ---------------------------------------------------------------------- Changes from 1.0.2 to 1.0.3 Append [ TRUNCATED ] to provide visable warning of someone trying to exploit this hole--suggested by CERT. ---------------------------------------------------------------------- Changes from 1.0.1 to 1.0.2 NeXT support, better Irix support for Irix funkiness. ---------------------------------------------------------------------- Change from 1.0 to 1.0.1 Give __dtoa a unique prefix to avoid conflicts. Various changes to make this a more formal package. ----------------------------------------------------------------------