www/plus.html - diff

Return to plus.html CVS log

Up to [local] / www

Diff for /www/plus.html between version 1.903 and 1.904

version 1.903, 2004/02/07 13:14:48

version 1.904, 2004/02/08 18:12:49

Line 53

<h3>We are working on OpenBSD-current.</h3>

The following list sums up (almost) all the changes made up to January 30.

The following list sums up (almost) all the changes made up to February 7.

<ul>

<li>Don't fully unroll kernel rijndael code to save some space.

<li>Some fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ahc&sektion=4">ahc(4)</a>, mostly from FreeBSD.

<li>Additional sanity checks when probing <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scsi&sektion=4">scsi(4)</a> luns.

<li>Disable interrupts on a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scsi&sektion=4">scsi(4)</a> controller for polled commands, fixing a long-standing hang at attach time on i386.

<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient&sektion=8">dhclient(8)</a> burping interface information to stderr.

<li>Have lib<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pcap&sektion=3">pcap(3)</a> use the kernel default buffer size instead of setting its own size.

<li>Bump the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bpf&sektion=4">bpf(4)</a> maximum buffer size to 2MB, and the default size to 32KB, to allow for faster networks and larger frame sizes.

<li>Turn on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ddb&sektion=4">ddb(4)</a> logging (<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> ddb.log) by default.

<li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bind&sektion=2">bind(2)</a> to work in an IPv6-only (no IPv4) configuration.

<li>First cut of a filtering language for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a>.

<li>Another pass at making <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient&sektion=8">dhclient(8)</a>'s code readable.

<li>Fix a curiously familiar reference-counting bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uvm&sektion=9">uvm(9)</a>.

<li>SECURITY FIX: A reference-counting bug exists in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=shmat&sektion=2">shmat(2)</a> system call that could be used by an attacker to write to kernel memory under certain circumstances. Adapted from FreeBSD.

<a href="errata.html#sysvshm">A source code patch is available</a>.

<a href="stable.html">[Applied to stable]</a>

<li>Fix a CVS merge error in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xterm&sektion=1">xterm(1)</a>'s app-defaults file.

<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> -vvsq loop again (PR#3675.)

<li>Unbreak the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> progress meter ETA for files larger than 4GB (OpenSSH bugzilla #791.)

<li>Fix a memory leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient&sektion=8">dhclient(8)</a> (PR#3668.)

<li>If <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> is in privsep mode, pass the SIGALRM from LoginGraceTime expiry through to the child process.

<li>Apply the same strict RFC 2460 interpretation used for the IPv6 MTU to the tcp MSS calculation.

<li>New parser for ifstated(8), and more features. Still more to come.

<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=grep&sektion=1">grep(1)</a>'s ^ and $ anchors that were broken by the recent -w fixes.

<li>For programs that don't support long options, stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getopt&sektion=3">getopt(3)</a> treating '--foo' the same way it treats '--', as per POSIX (PR#3666.)

<li>Let <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> deal gracefully with 'modulate state' on rules with protos to which it might not apply in the same way as 'keep state', e.g. 'pass proto {tcp udp} modulate state' is now acceptable.

<li>Don't use a valid user id as a flag value in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ps&sektion=1">ps(1)</a>.

<li>Remove the earlier fix for the IPv6 MTU crash bug now that the full fix is in place.

<li>SECURITY FIX: An IPv6 MTU handling problem exists that could be used by an attacker to cause a denial of service attack against hosts with reachable IPv6 TCP ports. Fix this fully by applying a strict interpretation of RFC 2460 section 5, last paragraph.

<a href="errata.html#ip6">A source code patch is available</a>.

<a href="stable.html">[Applied to stable]</a>

<li>Memory alignment fixes in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a>.

<li>Huge amount of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9">style(9)</a>, ANSI and other cleanup in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient&sektion=8">dhclient(8)</a>. More to come.

<li>Some std:: namespace and other C++ mode fixes for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=flex&sektion=1">flex(1)</a>. From NetBSD.

<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> macro expansion in tags (PR#3664.)

<li>Unbreak and reapply the don't-use-<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inet_net_pton&sektion=3">inet_net_pton(3)</a>-without-a-slash fix (PR#3638.)

<li>Teach lib<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=3">crypto(3)</a> how to use the VIA C3 crypto functions for (seriously) accelerated aes-{128,192,256}-cbc.

<li>Do temp file cleanup for signals as well as exits in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spell&sektion=1">spell(1)</a>.

<li>Sanity check memory allocation when attaching <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wd&sektion=4">wd(4)</a> devices.

<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a> create a buffer list window when started with more than two files, just like emacs.

<li>Fix compile breakage in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a> and netinet6 when <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> isn't present.

<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsecadm&sektion=8">ipsecadm(8)</a> monitor mode, reorder <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=memset&sektion=3">memset(3)</a> arguments so it works less like a nop.

<li>For safety, only do <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> interface lookups (pfi_index2kif()) if the filter is enabled.

<li>Remove the special-case LBL_ALIGN code in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a> and act as if we're always on a platform that requires aligned memory access.

<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=leave&sektion=1">leave(1)</a>, don't allow alarms to be set in the past as this is unlikely to be useful. Also some cleanup based on NetBSD.

<li>On i386, allow userland apps to use the VIA C3 crypto instructions if they're present.

<li>Temporarily work around an MTU-related crash in IPv6 by simply enforcing a minimum link MTU of 296. Real fix to come.

<li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=as&sektion=1">as(1)</a> support for the VIA C3 xmove-rng and xcrypt-{ecb,cbc,cfb,ofb} instructions.

<li>Allow '-' as a valid character in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=as&sektion=1">as(1)</a> mnemonics, as required by a few VIA C3 instructions.

<li>Add a 'paper.txt' <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=make&sektion=1">make(1)</a> target to generate ASCII output for the documents under /usr/share/doc.

<li>Sync i386 option USER_LDT code with NetBSD, fixing some ports panics.

<li>In libpthread, add a simple work-around for deadlocking on recursive readlocks on a rwlock while there are writers waiting (from FreeBSD PR#24641.)

<li>Add ARM support and a new port for <a href="http://www.openbsd.org/cats.html">cats</a> boards.

<li>Rename TCP socket option from TCP_SIGNATURE_ENABLE to TCP_MD5SIG.

<li>Build <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=protoize&sektion=1">protoize(1)</a> for gcc3.

<li>Reverse the enable logic for TCP selective acks, so TCP_SACK_DISABLE becomes TCP_SACK_ENABLE.

<li>Really commit -L (localbase) support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pkg_create&sektion=1">pkg_create(1)</a>, as well as the related -S and -B options.

<li>Some types cleanup and better SIGCHLD handling in privsep <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a>.

<li>Fix an old logic bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nlist&sektion=3">nlist(3)</a> that caused lookups for names with a leading underscore to fail on ELF systems.

<li>Install <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ex&sektion=1">ex(1)</a> documentation in doc/usd/13.ex.

Line 66

Line 131

<li>Enable tcpmd5 on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a>'s listen socket. For peers configured with md5sig, require <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=accept&sektion=2">accept(2)</a>ed sockets to have signatures enabled.

<li>New TCP_SIGNATURE_ENABLE option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getsockopt&sektion=2">getsockopt(2)</a>, allowing a process to check the tcpmd5 status of an <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=accept&sektion=2">accept(2)</a>ed socket.

<li>Support <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> version 2 password change. password-dead must be set to non-zero in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login.conf&sektion=5">login.conf(5)</a> for this to work.

<li>New update-moduli target in /usr/src/etc/Makefile, for regenerating /etc/<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=moduli&sektion=5">moduli(5)</a>.

<li>Format string fixes and other cleanup for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fvwm&sektion=1">fvwm(1)</a> in the wake of -ansi removal.

<li>Remove -ansi from the list of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc&sektion=1">gcc(1)</a> build options for XFree86.

Line 75

Line 141

<li>Reset the tcp keepalive timer to tcp.keepidle (normally four hours) after the three-way handshake completes. (syncache sets it to tcp.keepinittime, normally 150 seconds.)

<li>Allow a single listen socket to be used for connections with and without tcpmd5.

<li>Avoid a long <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scsi&sektion=4">scsi(4)</a> freeze when attaching live scsibus* devices.

<li>Support RFC3390 'Increasing TCP's initial window' extension, enabled using <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=8">sysctl(8)</a> net.inet.tcp.rfc3390.

<li>Support RFC 3390 'Increasing TCP's initial window' extension, enabled using <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=8">sysctl(8)</a> net.inet.tcp.rfc3390.

<li>When TCP is in the SYN_SENT state, don't increase cwnd by 1*MSS on receipt of the SYN/ACK.

<li>Note that 'pegasos' is not quite the same as 'pegosos'.

<li>Clean up the output from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> with '-s all'.

Line 104

Line 170

<li>Hash tcpmd5 TDB lookups by source address instead of the spi

<li>Add missing case for TCP MD5 sigs in SADB_GETPROTO().

<li>Let <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsecadm&sektion=8">ipsecadm(8)</a> pass the spi for TCP signatures.

<li>Handle <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tftpd&sektion=8">tftpd(8)</a> tsize and timeout options. From FreeBSD, as was the RFC2347 support.

<li>Handle <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tftpd&sektion=8">tftpd(8)</a> tsize and timeout options. From FreeBSD, as was the RFC 2347 support.

<li>Add RFC2347 "TFTP Option Extension" support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tftpd&sektion=8">tftpd(8)</a>. Try to ignore trailing garbage that Apple OpenFirmware can leave where an option should be.

<li>Add RFC 2347 "TFTP Option Extension" support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tftpd&sektion=8">tftpd(8)</a>. Try to ignore trailing garbage that Apple OpenFirmware can leave where an option should be.

<li>Make the package tools show <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strerror&sektion=3">strerror(3)</a> output when die()ing on filesystem errors.

<li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pkg_delete&sektion=1">pkg_delete(1)</a> to handle removal of packages with bogus dependencies, as could be created by earlier versions of the new package tools.

Line 238

Line 304

<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=authpf&sektion=8">authpf(8)</a> ruleset names that contain the username (PR#3627.)

<li>'=' != '==' in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fsck&sektion=8">fsck(8)</a>.

<li>Let <ctype.h> compile on non-gcc compilers.

<li>Reintroduce old TCP MD5 signature (RFC2385) code from 4.5 years ago, hopefully with a reduced likelihood of kernel borkage.

<li>Reintroduce old TCP MD5 signature (RFC 2385) code from 4.5 years ago, hopefully with a reduced likelihood of kernel borkage.

<li>Improvements to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a> batch mode: Allow batchfile input from stdin, and remove stderr junk (OpenSSH bugzilla #754.)

<li>Add IPv6 loopback routes and allow connection to the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4">carp(4)</a> shared IPv6 address from the MASTER host, like for IPv4.

<li>Fix a signed buffer length variable in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslogd&sektion=8">syslogd(8)</a>.

Line 343

Line 409

<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> only allow an INITIAL-CONTACT when a main-mode SA is in place, and never delete SPIs based on it.

<li>gcc3 handles varargs differently, change the kernel sources to deal with it.

<li>Some <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=poll&sektion=2">poll(2)</a>-related fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=select&sektion=2">select(2)</a> under pthreads. From FreeBSD.

<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=objcopy&sektion=1">objcopy(1)</a>'s long options list, unbreaking <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strip&sektion=1">strip(1)</a>'s -s option and others (PR#3623.)

<a href="stable.html">[Applied to stable]</a>

<li>Don't create a pid file for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rtsold&sektion=8">rtsold(8)</a>.

<li>If the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scsi&sektion=4">scsi(4)</a> error code is unknown, at least show the code we didn't have a message for.

Line 863

Line 930

<li>Add division and modulus operator '~' to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dc&sektion=1">dc(1)</a>.

<li>Remove GNU bc and dc from the tree.

<li>Merge in expat 1.95.6 from XFree86 4.3.99.14.

<li>Search for keys in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> agent in reverse order to solve duplicate key problems (OpenSSH bug #684.)

<li>Search for keys in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> agent in reverse order to solve duplicate key problems (OpenSSH bugzilla #684.)

<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> option ForwardX11 now has <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xauth&sektion=1">xauth(1)</a> generate untrusted keys by default. Option ForwardX11Trusted restores the old behaviour.

<li>Change <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vnd&sektion=4">vnd(4)</a> major/minor numbering to allow more devices. Requires a MAKEDEV.

Line 1051

Line 1118

<li>Some int -> u_int paranoia in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>.

<li>More <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> buffer management fixes (CAN-2003-0682.)

<li>Further EDD detection improvements on i386.

<li>Properly flush the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> RSA1 public key from memory when its output file cannot be opened (OpenSSH PR#662.)

<li>Properly flush the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> RSA1 public key from memory when its output file cannot be opened (OpenSSH bugzilla #662.)

<li>Correct a double-free in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> buffer management code (OpenSSH PR#660.)

<li>Fix the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> ConnectTimeout option (OpenSSH PR#656.)

<li>On i386, try harder to boot from removable media by allowing for their removal and insertion.