===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.418
retrieving revision 1.419
diff -c -r1.418 -r1.419
*** www/plus.html	1999/03/24 19:18:51	1.418
--- www/plus.html	1999/04/12 08:41:53	1.419
***************
*** 42,56 ****
  <br>
  <a href=#24>To go straight to the changes up to OpenBSD 2.4, click here</a>.
  <br>
  </h3>
  
  <hr>
  
  <p>
  <a name=25></a>
! <h3><font color=#0000e0>We are working on what will become 2.5...</font></h3><p>
  <ul>
  
  <li>In sun4m trap handler stubs, rd %wim which makes viking cpus much happier.
  <li>lifetime expiration notifications for the IPSEC stack.
  <li>PF_KEYv2 support in isakmpd(8).
--- 42,76 ----
  <br>
  <a href=#24>To go straight to the changes up to OpenBSD 2.4, click here</a>.
  <br>
+ <a href=#25>To go straight to the changes up to OpenBSD 2.5, click here</a>.
+ <br>
  </h3>
  
  <hr>
  
  <p>
  <a name=25></a>
! <h3><font color=#0000e0>OpenBSD 2.5 will soon be released (May 19, 1999).</font></h3><p>
  <ul>
  
+ <li>Add a -q flag to newfs, so that it does not print out information about the superblock backups. This is used by the install process.
+ <li>Do not permit any IPSEC code unless theadmin has enabled it using sysctl.
+ <li>More ISAPNP devices.
+ <li>Do not permit local address spoofing using ip4.
+ <li>Do not permit ip4 tunneling unless the admin has enabled it using sysctl.
+ <li>More man page and games fixes.
+ <li>Significant improvements to disklabel(8) and the install procedure.
+ <li>For CD support, if READ_CD_CAPACITY fails as it does on some units, provide nice defaults so that other things do not fail later.
+ <li>Rearrange default interrupt ordering for pcmcia somewhat more.
+ <li>Improve multicast handling in /etc/rc.
+ <li>Silence initgroups(3), it should not spew to stderr on failure.
+ <li>sudo 1.5.9
+ <li>Numerous ipsec changes, further making isakmpd useful, etc. etc.
+ <li>Support hostname.bridge* files.
+ <li>Support some 100Mbit ne2000-like pcmcia cards.
+ <li>Further Qlogic ISP support for PCI and sbus versions..
+ <li>Add ssl log rotation to newsyslog.conf
+ 
  <li>In sun4m trap handler stubs, rd %wim which makes viking cpus much happier.
  <li>lifetime expiration notifications for the IPSEC stack.
  <li>PF_KEYv2 support in isakmpd(8).
***************
*** 62,70 ****
  <li>Workaround sun4m STP1020A errata #148494 regarding cache initialization. 
  <li>In ipsend(8), do not crash if no options provided.
  <li>Various powerpc fixes, including further PIC support, and fix a kernel pmap crash.
! <li><font color=#e00000><strong>SECURITY ISSUE: In poll(2), constrain the <strong>nfds</strong> parameter better, so that kvm starvation is less likely. <a href=errata.html#poll>A patch is available</a></strong></font>.
  <li>Make at(1) easier to use next year (ie. Y2K issue).
! <li><font color=#e00000><strong>SECURITY ISSUE: Fix TSS fault handling. <a href=errata.html#tss>A patch is available</a></strong></font>.
  <li>In the ncr(4) driver, disable tagged queuing by default.  Our filesystems and vfs layer is not prepared for this play-it-loose behaviour.
  <li>Repair <strong>ypwhich -h</strong> support; it was broken when running on non-server machines.
  <li>Add non-learning and non-discovery modes to the bridging code.
--- 82,90 ----
  <li>Workaround sun4m STP1020A errata #148494 regarding cache initialization. 
  <li>In ipsend(8), do not crash if no options provided.
  <li>Various powerpc fixes, including further PIC support, and fix a kernel pmap crash.
! <li><font color=#e00000><strong>SECURITY ISSUE: In poll(2), constrain the <strong>nfds</strong> parameter better, so that kvm starvation is less likely. <a href=errata24.html#poll>A patch is available</a></strong></font>.
  <li>Make at(1) easier to use next year (ie. Y2K issue).
! <li><font color=#e00000><strong>SECURITY ISSUE: Fix TSS fault handling. <a href=errata24.html#tss>A patch is available</a></strong></font>.
  <li>In the ncr(4) driver, disable tagged queuing by default.  Our filesystems and vfs layer is not prepared for this play-it-loose behaviour.
  <li>Repair <strong>ypwhich -h</strong> support; it was broken when running on non-server machines.
  <li>Add non-learning and non-discovery modes to the bridging code.
***************
*** 171,181 ****
  <li>Move ls(1) into ftpd(8).. directly.
  <li>In setproctitle(3), if sysctl(2) fails do not crash.
  <li>Constify getcap(3) API.
! <li><font color=#e00000><strong>For the i386, fix /boot argument mapping. <a href=errata.html#bootargv>A patch is available</a></strong></font>.
  <li>Put skipjack in libc.
  <li>Continue squishing new bugs in new ipsec PF_KEY code...
  <li>Fix autosetting of d_type and _dtypename in wd(4).
! <li><font color=#e00000><strong>SECURITY ISSUE: Fix the nlink overflow in FFS and EXT2FS. <a href=errata.html#nlink>A patch is available</a></strong></font>.
  <li>Add zegrep(1) and zfgrep(1).
  <li>Change IPSEC stack to support PFKEYv2.
  <li>PentiumIII detection.
--- 191,201 ----
  <li>Move ls(1) into ftpd(8).. directly.
  <li>In setproctitle(3), if sysctl(2) fails do not crash.
  <li>Constify getcap(3) API.
! <li><font color=#e00000><strong>For the i386, fix /boot argument mapping. <a href=errata24.html#bootargv>A patch is available</a></strong></font>.
  <li>Put skipjack in libc.
  <li>Continue squishing new bugs in new ipsec PF_KEY code...
  <li>Fix autosetting of d_type and _dtypename in wd(4).
! <li><font color=#e00000><strong>SECURITY ISSUE: Fix the nlink overflow in FFS and EXT2FS. <a href=errata24.html#nlink>A patch is available</a></strong></font>.
  <li>Add zegrep(1) and zfgrep(1).
  <li>Change IPSEC stack to support PFKEYv2.
  <li>PentiumIII detection.
***************
*** 190,196 ****
  <li>Better promisc and multicast handling in sparc hme(4).
  <li>Fix an rdist(8) bug.
  <li>Handle powered-down xl(4) cards better.
! <li><font color=#e00000><strong>SECURITY ISSUE: Fix an overflow in ping(8). <a href=errata.html#ping>A patch is available</a></strong></font>.
  <li>In fork(2), always spare 5 last processes for root.
  <li>Better vis(3) support in savecore(8).
  <li>Quiet apm(4) and add machdep.apmwarn sysctl.
--- 210,216 ----
  <li>Better promisc and multicast handling in sparc hme(4).
  <li>Fix an rdist(8) bug.
  <li>Handle powered-down xl(4) cards better.
! <li><font color=#e00000><strong>SECURITY ISSUE: Fix an overflow in ping(8). <a href=errata24.html#ping>A patch is available</a></strong></font>.
  <li>In fork(2), always spare 5 last processes for root.
  <li>Better vis(3) support in savecore(8).
  <li>Quiet apm(4) and add machdep.apmwarn sysctl.
***************
*** 200,206 ****
  <li>Add -x, -p, and -m options to ls(1).
  <li>In ld(1) and ld.so(1), do not optimize the search path when dealing with duplicate shared library names (even though both alternatives have problems).
  <li>Fix an kernel ipf bug relating to out-going icmp.
! <li><font color=#e00000><strong>SECURITY ISSUE: Fix an ipq race in ipintr(). <a href=errata.html#ipqrace>A patch is available</a>, which must be applied after the <a href=errata.html#maxqueue>maxqueue patch</a> has been installed.</strong></font>
  <li>Allocate u-area early in fork1(), instead of vm_fork().
  <li>Fix msdosfs bug regarding corrupted FAT32 root directories.
  <li>Improve vfs lkm interface.
--- 220,226 ----
  <li>Add -x, -p, and -m options to ls(1).
  <li>In ld(1) and ld.so(1), do not optimize the search path when dealing with duplicate shared library names (even though both alternatives have problems).
  <li>Fix an kernel ipf bug relating to out-going icmp.
! <li><font color=#e00000><strong>SECURITY ISSUE: Fix an ipq race in ipintr(). <a href=errata24.html#ipqrace>A patch is available</a>, which must be applied after the <a href=errata24.html#maxqueue>maxqueue patch</a> has been installed.</strong></font>
  <li>Allocate u-area early in fork1(), instead of vm_fork().
  <li>Fix msdosfs bug regarding corrupted FAT32 root directories.
  <li>Improve vfs lkm interface.
***************
*** 209,215 ****
  <li>Fix DES weak key checking in libdes (and netinet/libdeslite).
  <li>Improve the ipsec(4) man page.
  <li>Fix <strong>netstat -A</strong> header.
! <li><font color=#e00000><strong>SECURITY ISSUE: Improved fragment flood protection in the IP layer. <a href=errata.html#maxqueue>A patch is available</a></strong></font>.
  <li>IPSEC skipjack support (do not bother using this unless you are .gov or .mil).
  <li>Check sub-regions better in subr_extent.c, which affects pcmcia.
  <li>Add <strong>-f</strong> option to comm(1) for case folding.
--- 229,235 ----
  <li>Fix DES weak key checking in libdes (and netinet/libdeslite).
  <li>Improve the ipsec(4) man page.
  <li>Fix <strong>netstat -A</strong> header.
! <li><font color=#e00000><strong>SECURITY ISSUE: Improved fragment flood protection in the IP layer. <a href=errata24.html#maxqueue>A patch is available</a></strong></font>.
  <li>IPSEC skipjack support (do not bother using this unless you are .gov or .mil).
  <li>Check sub-regions better in subr_extent.c, which affects pcmcia.
  <li>Add <strong>-f</strong> option to comm(1) for case folding.
***************
*** 225,236 ****
  <li>Merge changes from db.1.86 (but do not merge new hash code, since it has an incompatible format)
  <li>Handle kernel malloc() failing, for TCP SACK block allocation.
  <li>Do more careful system call range-checking and introduce socklen_t.
! <li><font color=#e00000><strong>Fix a bug we introduced before 2.4 shipped: readv(2) and writev(2) with iov_len == 0 is legal. <a href=errata.html#uio>A patch is available</a></strong></font>.
  <li>Fix a pcmcia mapping bug regarding address space allocation.
  <li>For wds(4) and ex(4) drivers, unmap address space if probing fails.
  <li>In ipsecadm(8), verify that keys and IVs are specified in hex.
  <li>Document that MD4 is pretty much broken, and MD5 is looking pretty bad too (so much for quality designs from RSA).
! <li><font color=#e00000><strong>SECURITY ISSUE: i386 T_TRCTRAP DDB handling could cause a system crash. <a href=errata.html#trctrap>A patch is available</a></strong></font>.
  <li>tcpdump(8) out-of-range access in LLC decoding.
  <li>Flesh out the vpn(8) manpage.
  <li>Add old dbm-compatible interface code, from db-1.86
--- 245,256 ----
  <li>Merge changes from db.1.86 (but do not merge new hash code, since it has an incompatible format)
  <li>Handle kernel malloc() failing, for TCP SACK block allocation.
  <li>Do more careful system call range-checking and introduce socklen_t.
! <li><font color=#e00000><strong>Fix a bug we introduced before 2.4 shipped: readv(2) and writev(2) with iov_len == 0 is legal. <a href=errata24.html#uio>A patch is available</a></strong></font>.
  <li>Fix a pcmcia mapping bug regarding address space allocation.
  <li>For wds(4) and ex(4) drivers, unmap address space if probing fails.
  <li>In ipsecadm(8), verify that keys and IVs are specified in hex.
  <li>Document that MD4 is pretty much broken, and MD5 is looking pretty bad too (so much for quality designs from RSA).
! <li><font color=#e00000><strong>SECURITY ISSUE: i386 T_TRCTRAP DDB handling could cause a system crash. <a href=errata24.html#trctrap>A patch is available</a></strong></font>.
  <li>tcpdump(8) out-of-range access in LLC decoding.
  <li>Flesh out the vpn(8) manpage.
  <li>Add old dbm-compatible interface code, from db-1.86
***************
*** 242,248 ****
  <li>ncurses-4.2-990206
  <li>Correct various freebsd/linux emulation issues.
  <li>Correct directory entry reads for numerous binary emulators.
! <li><font color=#e00000><strong>SECURITY ISSUE: Better RST handling in tcp input. <a href=errata.html#rst>A patch is available</a></strong></font>.
  <li>BeOS/i386 support in fdisk(8).
  <li>Two more nop instructions in sparc locore.s for greater reliability on Viking CPUs.
  <li>Pluralization fix in rup(1).
--- 262,268 ----
  <li>ncurses-4.2-990206
  <li>Correct various freebsd/linux emulation issues.
  <li>Correct directory entry reads for numerous binary emulators.
! <li><font color=#e00000><strong>SECURITY ISSUE: Better RST handling in tcp input. <a href=errata24.html#rst>A patch is available</a></strong></font>.
  <li>BeOS/i386 support in fdisk(8).
  <li>Two more nop instructions in sparc locore.s for greater reliability on Viking CPUs.
  <li>Pluralization fix in rup(1).
***************
*** 253,259 ****
  <li>Handle MNT_NODEV in nullfs.
  <li>Correct a tcp ISS bug.
  <li>Support sparc bootpath handling in qe(4) and be(4).
! <li><font color=#e00000><strong>hp300 X in the 2.4 release has an installation issue. <a href=errata.html#hp300X>Further details available</a></strong></font>.
  <li>Fix isa_check_intr() support on the alpha.
  <li>Fix breaking support in <strong>fold -s</strong>.
  <li>Improve long line support in hexdump(1).
--- 273,279 ----
  <li>Handle MNT_NODEV in nullfs.
  <li>Correct a tcp ISS bug.
  <li>Support sparc bootpath handling in qe(4) and be(4).
! <li><font color=#e00000><strong>hp300 X in the 2.4 release has an installation issue. <a href=errata24.html#hp300X>Further details available</a></strong></font>.
  <li>Fix isa_check_intr() support on the alpha.
  <li>Fix breaking support in <strong>fold -s</strong>.
  <li>Improve long line support in hexdump(1).
***************
*** 290,296 ****
  <li>Add <strong>-b</strong> flag to install(1).
  <li>For the bootblocks, fix error returns when running in decompressing mode.
  <li>Disable i386 bootblocks E801 memory probing test.
! <li><font color=#e00000><strong>SECURITY ISSUE: Fix a select(2)/accept(2) race condition. <a href=errata.html#accept>A patch is available</a></strong></font>.
  <li>Support & username expansion in sendbug, and fix the /tmp race.
  <li>Avoid a sendmail DOS regarding huge numbers of header lines.
  <li>rmdir(".") now returns EBUSY, as XPG2 says.
--- 310,316 ----
  <li>Add <strong>-b</strong> flag to install(1).
  <li>For the bootblocks, fix error returns when running in decompressing mode.
  <li>Disable i386 bootblocks E801 memory probing test.
! <li><font color=#e00000><strong>SECURITY ISSUE: Fix a select(2)/accept(2) race condition. <a href=errata24.html#accept>A patch is available</a></strong></font>.
  <li>Support & username expansion in sendbug, and fix the /tmp race.
  <li>Avoid a sendmail DOS regarding huge numbers of header lines.
  <li>rmdir(".") now returns EBUSY, as XPG2 says.
***************
*** 309,315 ****
  <li>Fix a varargs related bug in patch(1).
  <li>MNT_NOATIME support in msdosfs.
  <li>VIA Rhine ethernet driver.
! <li><font color=#e00000><strong>Fix an nfs v3 bug when talking to the pedantic solaris7 server. <a href=errata.html#nfs3_solaris7>A patch is available</a></strong></font>.
  <li>Merge other fixes from ksh 5.2.13.6
  <li>Add RFNOWAIT support to rfork(2).
  <li>Careful strtol() use in make(1).
--- 329,335 ----
  <li>Fix a varargs related bug in patch(1).
  <li>MNT_NOATIME support in msdosfs.
  <li>VIA Rhine ethernet driver.
! <li><font color=#e00000><strong>Fix an nfs v3 bug when talking to the pedantic solaris7 server. <a href=errata24.html#nfs3_solaris7>A patch is available</a></strong></font>.
  <li>Merge other fixes from ksh 5.2.13.6
  <li>Add RFNOWAIT support to rfork(2).
  <li>Careful strtol() use in make(1).
***************
*** 348,354 ****
  <li>Correct nested <strong>ip_sum</strong> in icmp packets.
  <li>Correct the values of <strong>ip_len</strong>, <strong>ip_off</strong>, <strong>ip_id</strong>, and udp <strong>uh_sum</strong> fields for the embedded ip packet inside an icmp packet. (<strong>ip_sum</strong> is still wrong.)
  <li>More locking fixes in the vfs layer.
! <li><font color=#e00000><strong>Fix df(1) on NFS v3 filesystems. <a href=errata.html#nfs3>A source code patch is available which solves this problem</a></strong></font>.
  <li>Crank PID_MAX to 65535.
  <li>Do better pcmcia interrupt allocation.
  <li>Make <strong>ip_id</strong> non-repeating random, like DNS id's.
--- 368,374 ----
  <li>Correct nested <strong>ip_sum</strong> in icmp packets.
  <li>Correct the values of <strong>ip_len</strong>, <strong>ip_off</strong>, <strong>ip_id</strong>, and udp <strong>uh_sum</strong> fields for the embedded ip packet inside an icmp packet. (<strong>ip_sum</strong> is still wrong.)
  <li>More locking fixes in the vfs layer.
! <li><font color=#e00000><strong>Fix df(1) on NFS v3 filesystems. <a href=errata24.html#nfs3>A source code patch is available which solves this problem</a></strong></font>.
  <li>Crank PID_MAX to 65535.
  <li>Do better pcmcia interrupt allocation.
  <li>Make <strong>ip_id</strong> non-repeating random, like DNS id's.
***************
*** 362,374 ****
  <li>Newer version of isakmpd. 
  <li>In kgmon(8), let libkvm decide the default kernel name.
  <li>Repeat open operations in cdio, in case of slow changers.
! <li><font color=#e00000><strong>SECURITY ISSUE: Even more bootpd paranoia.  Updated patches are available for <a href=errata23.html#bootpd>2.3</a> and <a href=errata.html#bootpd>2.4</a></strong></font>.
  <li>Make sa(8) 64bit clean.
  <li>In install(1), handle sparse files the same way pax(1) does.
! <li><font color=#e00000><strong>Replace raw termcap/terminfo databases with new ones based on a common and shared termtypes database. <a href=errata.html#terminfo>Since these databases had problems in the 2.4 release, updated versions are available</a></strong></font>.
  <li>Permit csh(1)-builtin printf function to have arguments.
  <li>Fix a display problem in hexdump(1).
! <li><font color=#e00000><strong>Fix an i386 installboot bug which prevents proper installation when the root partition (or the root partition end) are placed BEYOND the 4GB line. <a href=errata.html#installboot>A source code patch is available which solves this problem</a></strong></font>.
  <li>Flesh mktemp(3) manpage out significantly.
  <li>Working <a href=mvme88k.html>mvme88k</a> port.
  <li>For IPHDRINCL, check <strong>ip_hl</strong> for validity, too.
--- 382,394 ----
  <li>Newer version of isakmpd. 
  <li>In kgmon(8), let libkvm decide the default kernel name.
  <li>Repeat open operations in cdio, in case of slow changers.
! <li><font color=#e00000><strong>SECURITY ISSUE: Even more bootpd paranoia.  Updated patches are available for <a href=errata23.html#bootpd>2.3</a> and <a href=errata24.html#bootpd>2.4</a></strong></font>.
  <li>Make sa(8) 64bit clean.
  <li>In install(1), handle sparse files the same way pax(1) does.
! <li><font color=#e00000><strong>Replace raw termcap/terminfo databases with new ones based on a common and shared termtypes database. <a href=errata24.html#terminfo>Since these databases had problems in the 2.4 release, updated versions are available</a></strong></font>.
  <li>Permit csh(1)-builtin printf function to have arguments.
  <li>Fix a display problem in hexdump(1).
! <li><font color=#e00000><strong>Fix an i386 installboot bug which prevents proper installation when the root partition (or the root partition end) are placed BEYOND the 4GB line. <a href=errata24.html#installboot>A source code patch is available which solves this problem</a></strong></font>.
  <li>Flesh mktemp(3) manpage out significantly.
  <li>Working <a href=mvme88k.html>mvme88k</a> port.
  <li>For IPHDRINCL, check <strong>ip_hl</strong> for validity, too.
***************
*** 394,400 ****
  <li>Make -ltermcap be -lcurses; and -lotermcap be -locurses, via links.
  <li>For kerberosIV, install <strong>prot.h</strong> (some things require it).
  <li>XFree86 3.3.3
! <li><font color=#e00000><strong>SECURITY ISSUE: Fix a remote exploit problem in bootpd (which noone runs anyways, without filtering, right?).  This fixes a security problem. Patches are available for <a href=errata23.html#bootpd>2.3</a> and <a href=errata.html#bootpd>2.4</a></strong></font>.
  <li>In cut(1), avoid an infinite loop.
  <li>In top(1), skip disabled swap spaces.
  <li>Even more man page fixes courtesy of our local man page repair fanatic.
--- 414,420 ----
  <li>Make -ltermcap be -lcurses; and -lotermcap be -locurses, via links.
  <li>For kerberosIV, install <strong>prot.h</strong> (some things require it).
  <li>XFree86 3.3.3
! <li><font color=#e00000><strong>SECURITY ISSUE: Fix a remote exploit problem in bootpd (which noone runs anyways, without filtering, right?).  This fixes a security problem. Patches are available for <a href=errata23.html#bootpd>2.3</a> and <a href=errata24.html#bootpd>2.4</a></strong></font>.
  <li>In cut(1), avoid an infinite loop.
  <li>In top(1), skip disabled swap spaces.
  <li>Even more man page fixes courtesy of our local man page repair fanatic.
***************
*** 426,432 ****
  <li>Fix a crash of ksh(1).
  <li>Ignore out-of-range environment LINES and COLUMNS in libocurses.
  <li>In libcurses in the issetugid(2) case, ignore $TERMINFO.
! <li><font color=#e00000><strong>SECURITY ISSUE: In libocurses and libcurses in the issetugid(2) case, only ignore $TERMCAP if it is a path. <a href=errata.html#termcap>A patch is available</a></strong></font>.
  <li>Support full set of pty devices in the MAKEDEV scripts.
  <li>Make rl(4) match the Accton 1207D cards too.
  <li>Prototype getpgid(2)
--- 446,452 ----
  <li>Fix a crash of ksh(1).
  <li>Ignore out-of-range environment LINES and COLUMNS in libocurses.
  <li>In libcurses in the issetugid(2) case, ignore $TERMINFO.
! <li><font color=#e00000><strong>SECURITY ISSUE: In libocurses and libcurses in the issetugid(2) case, only ignore $TERMCAP if it is a path. <a href=errata24.html#termcap>A patch is available</a></strong></font>.
  <li>Support full set of pty devices in the MAKEDEV scripts.
  <li>Make rl(4) match the Accton 1207D cards too.
  <li>Prototype getpgid(2)
***************
*** 448,460 ****
  <li>Fix an expression handling bug in as(1).
  <li>Improve setregid() and setreuid() emulated behaviour.
  <li>ftok() is now XPG compliant.
! <li><font color=#e00000><strong>Put userdir support back into httpd(8). <a href=errata.html#userdir>A patch is available</a></strong></font>.
  <li>Put userdir support back into httpd(8).
  <li>New daemon: isakmpd (ISAKMP/Oakley ipsec daemon).
  <li>Move /tmp/bootpd.dump to /var/run to avoid filesystem race.
  <li>Fix some manpages
  <li>sudo 1.5.6p6
! <li><font color=#e00000><strong>Fix a remote lockup problem in the TCP packet decoding code.  This fixes a security problem. Patches are available for <a href=errata23.html#tcpfix>2.3</a> and <a href=errata.html#tcpfix>2.4</a></strong></font>.
  <li>Fix a deadlock in deadfs VOP_LOCK().
  <li>Support -p option in ipmon(8).
  <li>Change bpf to support full frame-grabbing for FDDI packets.
--- 468,480 ----
  <li>Fix an expression handling bug in as(1).
  <li>Improve setregid() and setreuid() emulated behaviour.
  <li>ftok() is now XPG compliant.
! <li><font color=#e00000><strong>Put userdir support back into httpd(8). <a href=errata24.html#userdir>A patch is available</a></strong></font>.
  <li>Put userdir support back into httpd(8).
  <li>New daemon: isakmpd (ISAKMP/Oakley ipsec daemon).
  <li>Move /tmp/bootpd.dump to /var/run to avoid filesystem race.
  <li>Fix some manpages
  <li>sudo 1.5.6p6
! <li><font color=#e00000><strong>Fix a remote lockup problem in the TCP packet decoding code.  This fixes a security problem. Patches are available for <a href=errata23.html#tcpfix>2.3</a> and <a href=errata24.html#tcpfix>2.4</a></strong></font>.
  <li>Fix a deadlock in deadfs VOP_LOCK().
  <li>Support -p option in ipmon(8).
  <li>Change bpf to support full frame-grabbing for FDDI packets.
***************
*** 485,491 ****
  <li>Use correct ioctl for flushing in ipmon(8).
  <li>Fix various tcp options bugs.
  <li>Fix tcp timestamps.
! <li><font color=#e00000><strong>Repair sparc kvm dump header problem. <a href=errata.html#kvm_mkdb>A patch is available</a></strong></font>.
  <li>More carefully check /etc/hostname.* file contents before using it.
  <li>Fix mktemp() problems in lynx(1).
  
--- 505,511 ----
  <li>Use correct ioctl for flushing in ipmon(8).
  <li>Fix various tcp options bugs.
  <li>Fix tcp timestamps.
! <li><font color=#e00000><strong>Repair sparc kvm dump header problem. <a href=errata24.html#kvm_mkdb>A patch is available</a></strong></font>.
  <li>More carefully check /etc/hostname.* file contents before using it.
  <li>Fix mktemp() problems in lynx(1).
  
***************
*** 524,530 ****
  <li>In i386 wd(4) driver, set d_type properly in spoofed labels.
  <li>Import learn(1) -- but still disabled.
  <li>Add <strong>file://</strong> support to ftp(1).
! <li><font color=#e00000><strong>The sparc hme(4) and le(4) drivers had bugs in the 2.4 release. <a href=errata.html#hme>Patches are available</a></strong></font>.
  <li>Fix media negotiation in the SS5/10 le(4) driver.
  <li>Fix mail(1) to deal with the changed lockspool(1) protocol.
  <li>In lockspool(1), permit root to lock other spools.
--- 544,550 ----
  <li>In i386 wd(4) driver, set d_type properly in spoofed labels.
  <li>Import learn(1) -- but still disabled.
  <li>Add <strong>file://</strong> support to ftp(1).
! <li><font color=#e00000><strong>The sparc hme(4) and le(4) drivers had bugs in the 2.4 release. <a href=errata24.html#hme>Patches are available</a></strong></font>.
  <li>Fix media negotiation in the SS5/10 le(4) driver.
  <li>Fix mail(1) to deal with the changed lockspool(1) protocol.
  <li>In lockspool(1), permit root to lock other spools.
***************
*** 2012,2018 ****
  <hr>
  <a href="index.html"><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a> 
  <a href=mailto:www@openbsd.org>www@openbsd.org</a>
! <br><small>$OpenBSD: plus.html,v 1.418 1999/03/24 19:18:51 deraadt Exp $</small>
  
  </body>
  </html>
--- 2032,2038 ----
  <hr>
  <a href="index.html"><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a> 
  <a href=mailto:www@openbsd.org>www@openbsd.org</a>
! <br><small>$OpenBSD: plus.html,v 1.419 1999/04/12 08:41:53 deraadt Exp $</small>
  
  </body>
  </html>