===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.397
retrieving revision 1.398
diff -c -r1.397 -r1.398
*** www/plus.html	1999/02/16 06:51:18	1.397
--- www/plus.html	1999/02/16 06:52:23	1.398
***************
*** 58,69 ****
  <li>Merge changes from db.1.86 (but do not merge new hash code, since it has an incompatible format)
  <li>Handle kernel malloc() failing, for TCP SACK block allocation.
  <li>Do more careful system call range-checking and introduce socklen_t.
! <li><font color=#e00000><strong>FUNCTIONALITY FIX: Fix a bug we introduced before 2.4 shipped: readv(2) and writev(2) with iov_len == 0 is legal.<a href=errata.html#uio>A patch is available</a></strong></font>.
  <li>Fix a pcmcia mapping bug regarding address space allocation.
  <li>For wds(4) and ex(4) drivers, unmap address space if probing fails.
  <li>In ipsecadm(8), verify that keys and IVs are specified in hex.
  <li>Document that MD4 is pretty much broken, and MD5 is looking pretty bad too (so much for quality designs from RSA).
! <li><font color=#e00000><strong>SECURITY ISSUE: i386 T_TRCTRAP DDB handling could cause a system crash.<a href=errata.html#trctrap>A patch is available</a></strong></font>.
  <li>tcpdump(8) out-of-range access in LLC decoding.
  <li>Flesh out the vpn(8) manpage.
  <li>Add old dbm-compatible interface code, from db-1.86
--- 58,69 ----
  <li>Merge changes from db.1.86 (but do not merge new hash code, since it has an incompatible format)
  <li>Handle kernel malloc() failing, for TCP SACK block allocation.
  <li>Do more careful system call range-checking and introduce socklen_t.
! <li><font color=#e00000><strong>FUNCTIONALITY FIX: Fix a bug we introduced before 2.4 shipped: readv(2) and writev(2) with iov_len == 0 is legal. <a href=errata.html#uio>A patch is available</a></strong></font>.
  <li>Fix a pcmcia mapping bug regarding address space allocation.
  <li>For wds(4) and ex(4) drivers, unmap address space if probing fails.
  <li>In ipsecadm(8), verify that keys and IVs are specified in hex.
  <li>Document that MD4 is pretty much broken, and MD5 is looking pretty bad too (so much for quality designs from RSA).
! <li><font color=#e00000><strong>SECURITY ISSUE: i386 T_TRCTRAP DDB handling could cause a system crash. <a href=errata.html#trctrap>A patch is available</a></strong></font>.
  <li>tcpdump(8) out-of-range access in LLC decoding.
  <li>Flesh out the vpn(8) manpage.
  <li>Add old dbm-compatible interface code, from db-1.86
***************
*** 75,81 ****
  <li>ncurses-4.2-990206
  <li>Correct various freebsd/linux emulation issues.
  <li>Correct directory entry reads for numerous binary emulators.
! <li><font color=#e00000><strong>SECURITY ISSUE: Better RST handling in tcp input.<a href=errata.html#rst>A patch is available</a></strong></font>.
  <li>BeOS/i386 support in fdisk(8).
  <li>Two more nop instructions in sparc locore.s for greater reliability on Viking CPUs.
  <li>Pluralization fix in rup(1).
--- 75,81 ----
  <li>ncurses-4.2-990206
  <li>Correct various freebsd/linux emulation issues.
  <li>Correct directory entry reads for numerous binary emulators.
! <li><font color=#e00000><strong>SECURITY ISSUE: Better RST handling in tcp input. <a href=errata.html#rst>A patch is available</a></strong></font>.
  <li>BeOS/i386 support in fdisk(8).
  <li>Two more nop instructions in sparc locore.s for greater reliability on Viking CPUs.
  <li>Pluralization fix in rup(1).
***************
*** 736,742 ****
  <li>Make getty(8) default to 8 bit mode.
  <li>Autodetect ATAPI cdrom drives that do not support ATAPI_READ_CD_CAPACITY.
  <li>The following patch was deleted later, ignore it: <font color=#e00000><strong>If a process is being ptraced, do not permit execution of an immutable binary, also, if a process is running an immutable binary, do not permit ptrace.  This can be a security issue. <a href=errata23.html#ptrace>A patch is available which fixes this problem</a></strong></font>.
! <li><font color=#e00000><strong>Various fixes to the i386 pctr(4) driver -- previously any user could crash most non-Intel processors.<a href=errata23.html#pctr>Fixes for 2.2 and 2.3 are detailed here</a></strong></font>.
  <li>Various new smtpd(8) fixes.
  <li>Change all modifications of struct sigaction's sa_mask field to use sigsetops(3).
  <li>Teach adduser(8) about the /sbin/nologin shell.
--- 736,742 ----
  <li>Make getty(8) default to 8 bit mode.
  <li>Autodetect ATAPI cdrom drives that do not support ATAPI_READ_CD_CAPACITY.
  <li>The following patch was deleted later, ignore it: <font color=#e00000><strong>If a process is being ptraced, do not permit execution of an immutable binary, also, if a process is running an immutable binary, do not permit ptrace.  This can be a security issue. <a href=errata23.html#ptrace>A patch is available which fixes this problem</a></strong></font>.
! <li><font color=#e00000><strong>Various fixes to the i386 pctr(4) driver -- previously any user could crash most non-Intel processors. <a href=errata23.html#pctr>Fixes for 2.2 and 2.3 are detailed here</a></strong></font>.
  <li>Various new smtpd(8) fixes.
  <li>Change all modifications of struct sigaction's sa_mask field to use sigsetops(3).
  <li>Teach adduser(8) about the /sbin/nologin shell.
***************
*** 1845,1851 ****
  <hr>
  <a href="index.html"><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a> 
  <a href=mailto:www@openbsd.org>www@openbsd.org</a>
! <br><small>$OpenBSD: plus.html,v 1.397 1999/02/16 06:51:18 deraadt Exp $</small>
  
  </body>
  </html>
--- 1845,1851 ----
  <hr>
  <a href="index.html"><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a> 
  <a href=mailto:www@openbsd.org>www@openbsd.org</a>
! <br><small>$OpenBSD: plus.html,v 1.398 1999/02/16 06:52:23 deraadt Exp $</small>
  
  </body>
  </html>