===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.418
retrieving revision 1.419
diff -c -r1.418 -r1.419
*** www/plus.html 1999/03/24 19:18:51 1.418
--- www/plus.html 1999/04/12 08:41:53 1.419
***************
*** 42,56 ****
To go straight to the changes up to OpenBSD 2.4, click here.
!
We are working on what will become 2.5...
- In sun4m trap handler stubs, rd %wim which makes viking cpus much happier.
- lifetime expiration notifications for the IPSEC stack.
- PF_KEYv2 support in isakmpd(8).
--- 42,76 ----
To go straight to the changes up to OpenBSD 2.4, click here.
+ To go straight to the changes up to OpenBSD 2.5, click here.
+
!
OpenBSD 2.5 will soon be released (May 19, 1999).
+ - Add a -q flag to newfs, so that it does not print out information about the superblock backups. This is used by the install process.
+
- Do not permit any IPSEC code unless theadmin has enabled it using sysctl.
+
- More ISAPNP devices.
+
- Do not permit local address spoofing using ip4.
+
- Do not permit ip4 tunneling unless the admin has enabled it using sysctl.
+
- More man page and games fixes.
+
- Significant improvements to disklabel(8) and the install procedure.
+
- For CD support, if READ_CD_CAPACITY fails as it does on some units, provide nice defaults so that other things do not fail later.
+
- Rearrange default interrupt ordering for pcmcia somewhat more.
+
- Improve multicast handling in /etc/rc.
+
- Silence initgroups(3), it should not spew to stderr on failure.
+
- sudo 1.5.9
+
- Numerous ipsec changes, further making isakmpd useful, etc. etc.
+
- Support hostname.bridge* files.
+
- Support some 100Mbit ne2000-like pcmcia cards.
+
- Further Qlogic ISP support for PCI and sbus versions..
+
- Add ssl log rotation to newsyslog.conf
+
- In sun4m trap handler stubs, rd %wim which makes viking cpus much happier.
- lifetime expiration notifications for the IPSEC stack.
- PF_KEYv2 support in isakmpd(8).
***************
*** 62,70 ****
- Workaround sun4m STP1020A errata #148494 regarding cache initialization.
- In ipsend(8), do not crash if no options provided.
- Various powerpc fixes, including further PIC support, and fix a kernel pmap crash.
!
- SECURITY ISSUE: In poll(2), constrain the nfds parameter better, so that kvm starvation is less likely. A patch is available.
- Make at(1) easier to use next year (ie. Y2K issue).
!
- SECURITY ISSUE: Fix TSS fault handling. A patch is available.
- In the ncr(4) driver, disable tagged queuing by default. Our filesystems and vfs layer is not prepared for this play-it-loose behaviour.
- Repair ypwhich -h support; it was broken when running on non-server machines.
- Add non-learning and non-discovery modes to the bridging code.
--- 82,90 ----
- Workaround sun4m STP1020A errata #148494 regarding cache initialization.
- In ipsend(8), do not crash if no options provided.
- Various powerpc fixes, including further PIC support, and fix a kernel pmap crash.
!
- SECURITY ISSUE: In poll(2), constrain the nfds parameter better, so that kvm starvation is less likely. A patch is available.
- Make at(1) easier to use next year (ie. Y2K issue).
!
- SECURITY ISSUE: Fix TSS fault handling. A patch is available.
- In the ncr(4) driver, disable tagged queuing by default. Our filesystems and vfs layer is not prepared for this play-it-loose behaviour.
- Repair ypwhich -h support; it was broken when running on non-server machines.
- Add non-learning and non-discovery modes to the bridging code.
***************
*** 171,181 ****
- Move ls(1) into ftpd(8).. directly.
- In setproctitle(3), if sysctl(2) fails do not crash.
- Constify getcap(3) API.
!
- For the i386, fix /boot argument mapping. A patch is available.
- Put skipjack in libc.
- Continue squishing new bugs in new ipsec PF_KEY code...
- Fix autosetting of d_type and _dtypename in wd(4).
!
- SECURITY ISSUE: Fix the nlink overflow in FFS and EXT2FS. A patch is available.
- Add zegrep(1) and zfgrep(1).
- Change IPSEC stack to support PFKEYv2.
- PentiumIII detection.
--- 191,201 ----
- Move ls(1) into ftpd(8).. directly.
- In setproctitle(3), if sysctl(2) fails do not crash.
- Constify getcap(3) API.
!
- For the i386, fix /boot argument mapping. A patch is available.
- Put skipjack in libc.
- Continue squishing new bugs in new ipsec PF_KEY code...
- Fix autosetting of d_type and _dtypename in wd(4).
!
- SECURITY ISSUE: Fix the nlink overflow in FFS and EXT2FS. A patch is available.
- Add zegrep(1) and zfgrep(1).
- Change IPSEC stack to support PFKEYv2.
- PentiumIII detection.
***************
*** 190,196 ****
- Better promisc and multicast handling in sparc hme(4).
- Fix an rdist(8) bug.
- Handle powered-down xl(4) cards better.
!
- SECURITY ISSUE: Fix an overflow in ping(8). A patch is available.
- In fork(2), always spare 5 last processes for root.
- Better vis(3) support in savecore(8).
- Quiet apm(4) and add machdep.apmwarn sysctl.
--- 210,216 ----
- Better promisc and multicast handling in sparc hme(4).
- Fix an rdist(8) bug.
- Handle powered-down xl(4) cards better.
!
- SECURITY ISSUE: Fix an overflow in ping(8). A patch is available.
- In fork(2), always spare 5 last processes for root.
- Better vis(3) support in savecore(8).
- Quiet apm(4) and add machdep.apmwarn sysctl.
***************
*** 200,206 ****
- Add -x, -p, and -m options to ls(1).
- In ld(1) and ld.so(1), do not optimize the search path when dealing with duplicate shared library names (even though both alternatives have problems).
- Fix an kernel ipf bug relating to out-going icmp.
!
- SECURITY ISSUE: Fix an ipq race in ipintr(). A patch is available, which must be applied after the maxqueue patch has been installed.
- Allocate u-area early in fork1(), instead of vm_fork().
- Fix msdosfs bug regarding corrupted FAT32 root directories.
- Improve vfs lkm interface.
--- 220,226 ----
- Add -x, -p, and -m options to ls(1).
- In ld(1) and ld.so(1), do not optimize the search path when dealing with duplicate shared library names (even though both alternatives have problems).
- Fix an kernel ipf bug relating to out-going icmp.
!
- SECURITY ISSUE: Fix an ipq race in ipintr(). A patch is available, which must be applied after the maxqueue patch has been installed.
- Allocate u-area early in fork1(), instead of vm_fork().
- Fix msdosfs bug regarding corrupted FAT32 root directories.
- Improve vfs lkm interface.
***************
*** 209,215 ****
- Fix DES weak key checking in libdes (and netinet/libdeslite).
- Improve the ipsec(4) man page.
- Fix netstat -A header.
!
- SECURITY ISSUE: Improved fragment flood protection in the IP layer. A patch is available.
- IPSEC skipjack support (do not bother using this unless you are .gov or .mil).
- Check sub-regions better in subr_extent.c, which affects pcmcia.
- Add -f option to comm(1) for case folding.
--- 229,235 ----
- Fix DES weak key checking in libdes (and netinet/libdeslite).
- Improve the ipsec(4) man page.
- Fix netstat -A header.
!
- SECURITY ISSUE: Improved fragment flood protection in the IP layer. A patch is available.
- IPSEC skipjack support (do not bother using this unless you are .gov or .mil).
- Check sub-regions better in subr_extent.c, which affects pcmcia.
- Add -f option to comm(1) for case folding.
***************
*** 225,236 ****
- Merge changes from db.1.86 (but do not merge new hash code, since it has an incompatible format)
- Handle kernel malloc() failing, for TCP SACK block allocation.
- Do more careful system call range-checking and introduce socklen_t.
!
- Fix a bug we introduced before 2.4 shipped: readv(2) and writev(2) with iov_len == 0 is legal. A patch is available.
- Fix a pcmcia mapping bug regarding address space allocation.
- For wds(4) and ex(4) drivers, unmap address space if probing fails.
- In ipsecadm(8), verify that keys and IVs are specified in hex.
- Document that MD4 is pretty much broken, and MD5 is looking pretty bad too (so much for quality designs from RSA).
!
- SECURITY ISSUE: i386 T_TRCTRAP DDB handling could cause a system crash. A patch is available.
- tcpdump(8) out-of-range access in LLC decoding.
- Flesh out the vpn(8) manpage.
- Add old dbm-compatible interface code, from db-1.86
--- 245,256 ----
- Merge changes from db.1.86 (but do not merge new hash code, since it has an incompatible format)
- Handle kernel malloc() failing, for TCP SACK block allocation.
- Do more careful system call range-checking and introduce socklen_t.
!
- Fix a bug we introduced before 2.4 shipped: readv(2) and writev(2) with iov_len == 0 is legal. A patch is available.
- Fix a pcmcia mapping bug regarding address space allocation.
- For wds(4) and ex(4) drivers, unmap address space if probing fails.
- In ipsecadm(8), verify that keys and IVs are specified in hex.
- Document that MD4 is pretty much broken, and MD5 is looking pretty bad too (so much for quality designs from RSA).
!
- SECURITY ISSUE: i386 T_TRCTRAP DDB handling could cause a system crash. A patch is available.
- tcpdump(8) out-of-range access in LLC decoding.
- Flesh out the vpn(8) manpage.
- Add old dbm-compatible interface code, from db-1.86
***************
*** 242,248 ****
- ncurses-4.2-990206
- Correct various freebsd/linux emulation issues.
- Correct directory entry reads for numerous binary emulators.
!
- SECURITY ISSUE: Better RST handling in tcp input. A patch is available.
- BeOS/i386 support in fdisk(8).
- Two more nop instructions in sparc locore.s for greater reliability on Viking CPUs.
- Pluralization fix in rup(1).
--- 262,268 ----
- ncurses-4.2-990206
- Correct various freebsd/linux emulation issues.
- Correct directory entry reads for numerous binary emulators.
!
- SECURITY ISSUE: Better RST handling in tcp input. A patch is available.
- BeOS/i386 support in fdisk(8).
- Two more nop instructions in sparc locore.s for greater reliability on Viking CPUs.
- Pluralization fix in rup(1).
***************
*** 253,259 ****
- Handle MNT_NODEV in nullfs.
- Correct a tcp ISS bug.
- Support sparc bootpath handling in qe(4) and be(4).
!
- hp300 X in the 2.4 release has an installation issue. Further details available.
- Fix isa_check_intr() support on the alpha.
- Fix breaking support in fold -s.
- Improve long line support in hexdump(1).
--- 273,279 ----
- Handle MNT_NODEV in nullfs.
- Correct a tcp ISS bug.
- Support sparc bootpath handling in qe(4) and be(4).
!
- hp300 X in the 2.4 release has an installation issue. Further details available.
- Fix isa_check_intr() support on the alpha.
- Fix breaking support in fold -s.
- Improve long line support in hexdump(1).
***************
*** 290,296 ****
- Add -b flag to install(1).
- For the bootblocks, fix error returns when running in decompressing mode.
- Disable i386 bootblocks E801 memory probing test.
!
- SECURITY ISSUE: Fix a select(2)/accept(2) race condition. A patch is available.
- Support & username expansion in sendbug, and fix the /tmp race.
- Avoid a sendmail DOS regarding huge numbers of header lines.
- rmdir(".") now returns EBUSY, as XPG2 says.
--- 310,316 ----
- Add -b flag to install(1).
- For the bootblocks, fix error returns when running in decompressing mode.
- Disable i386 bootblocks E801 memory probing test.
!
- SECURITY ISSUE: Fix a select(2)/accept(2) race condition. A patch is available.
- Support & username expansion in sendbug, and fix the /tmp race.
- Avoid a sendmail DOS regarding huge numbers of header lines.
- rmdir(".") now returns EBUSY, as XPG2 says.
***************
*** 309,315 ****
- Fix a varargs related bug in patch(1).
- MNT_NOATIME support in msdosfs.
- VIA Rhine ethernet driver.
!
- Fix an nfs v3 bug when talking to the pedantic solaris7 server. A patch is available.
- Merge other fixes from ksh 5.2.13.6
- Add RFNOWAIT support to rfork(2).
- Careful strtol() use in make(1).
--- 329,335 ----
- Fix a varargs related bug in patch(1).
- MNT_NOATIME support in msdosfs.
- VIA Rhine ethernet driver.
!
- Fix an nfs v3 bug when talking to the pedantic solaris7 server. A patch is available.
- Merge other fixes from ksh 5.2.13.6
- Add RFNOWAIT support to rfork(2).
- Careful strtol() use in make(1).
***************
*** 348,354 ****
- Correct nested ip_sum in icmp packets.
- Correct the values of ip_len, ip_off, ip_id, and udp uh_sum fields for the embedded ip packet inside an icmp packet. (ip_sum is still wrong.)
- More locking fixes in the vfs layer.
!
- Fix df(1) on NFS v3 filesystems. A source code patch is available which solves this problem.
- Crank PID_MAX to 65535.
- Do better pcmcia interrupt allocation.
- Make ip_id non-repeating random, like DNS id's.
--- 368,374 ----
- Correct nested ip_sum in icmp packets.
- Correct the values of ip_len, ip_off, ip_id, and udp uh_sum fields for the embedded ip packet inside an icmp packet. (ip_sum is still wrong.)
- More locking fixes in the vfs layer.
!
- Fix df(1) on NFS v3 filesystems. A source code patch is available which solves this problem.
- Crank PID_MAX to 65535.
- Do better pcmcia interrupt allocation.
- Make ip_id non-repeating random, like DNS id's.
***************
*** 362,374 ****
- Newer version of isakmpd.
- In kgmon(8), let libkvm decide the default kernel name.
- Repeat open operations in cdio, in case of slow changers.
!
- SECURITY ISSUE: Even more bootpd paranoia. Updated patches are available for 2.3 and 2.4.
- Make sa(8) 64bit clean.
- In install(1), handle sparse files the same way pax(1) does.
!
- Replace raw termcap/terminfo databases with new ones based on a common and shared termtypes database. Since these databases had problems in the 2.4 release, updated versions are available.
- Permit csh(1)-builtin printf function to have arguments.
- Fix a display problem in hexdump(1).
!
- Fix an i386 installboot bug which prevents proper installation when the root partition (or the root partition end) are placed BEYOND the 4GB line. A source code patch is available which solves this problem.
- Flesh mktemp(3) manpage out significantly.
- Working mvme88k port.
- For IPHDRINCL, check ip_hl for validity, too.
--- 382,394 ----
- Newer version of isakmpd.
- In kgmon(8), let libkvm decide the default kernel name.
- Repeat open operations in cdio, in case of slow changers.
!
- SECURITY ISSUE: Even more bootpd paranoia. Updated patches are available for 2.3 and 2.4.
- Make sa(8) 64bit clean.
- In install(1), handle sparse files the same way pax(1) does.
!
- Replace raw termcap/terminfo databases with new ones based on a common and shared termtypes database. Since these databases had problems in the 2.4 release, updated versions are available.
- Permit csh(1)-builtin printf function to have arguments.
- Fix a display problem in hexdump(1).
!
- Fix an i386 installboot bug which prevents proper installation when the root partition (or the root partition end) are placed BEYOND the 4GB line. A source code patch is available which solves this problem.
- Flesh mktemp(3) manpage out significantly.
- Working mvme88k port.
- For IPHDRINCL, check ip_hl for validity, too.
***************
*** 394,400 ****
- Make -ltermcap be -lcurses; and -lotermcap be -locurses, via links.
- For kerberosIV, install prot.h (some things require it).
- XFree86 3.3.3
!
- SECURITY ISSUE: Fix a remote exploit problem in bootpd (which noone runs anyways, without filtering, right?). This fixes a security problem. Patches are available for 2.3 and 2.4.
- In cut(1), avoid an infinite loop.
- In top(1), skip disabled swap spaces.
- Even more man page fixes courtesy of our local man page repair fanatic.
--- 414,420 ----
- Make -ltermcap be -lcurses; and -lotermcap be -locurses, via links.
- For kerberosIV, install prot.h (some things require it).
- XFree86 3.3.3
!
- SECURITY ISSUE: Fix a remote exploit problem in bootpd (which noone runs anyways, without filtering, right?). This fixes a security problem. Patches are available for 2.3 and 2.4.
- In cut(1), avoid an infinite loop.
- In top(1), skip disabled swap spaces.
- Even more man page fixes courtesy of our local man page repair fanatic.
***************
*** 426,432 ****
- Fix a crash of ksh(1).
- Ignore out-of-range environment LINES and COLUMNS in libocurses.
- In libcurses in the issetugid(2) case, ignore $TERMINFO.
!
- SECURITY ISSUE: In libocurses and libcurses in the issetugid(2) case, only ignore $TERMCAP if it is a path. A patch is available.
- Support full set of pty devices in the MAKEDEV scripts.
- Make rl(4) match the Accton 1207D cards too.
- Prototype getpgid(2)
--- 446,452 ----
- Fix a crash of ksh(1).
- Ignore out-of-range environment LINES and COLUMNS in libocurses.
- In libcurses in the issetugid(2) case, ignore $TERMINFO.
!
- SECURITY ISSUE: In libocurses and libcurses in the issetugid(2) case, only ignore $TERMCAP if it is a path. A patch is available.
- Support full set of pty devices in the MAKEDEV scripts.
- Make rl(4) match the Accton 1207D cards too.
- Prototype getpgid(2)
***************
*** 448,460 ****
- Fix an expression handling bug in as(1).
- Improve setregid() and setreuid() emulated behaviour.
- ftok() is now XPG compliant.
!
- Put userdir support back into httpd(8). A patch is available.
- Put userdir support back into httpd(8).
- New daemon: isakmpd (ISAKMP/Oakley ipsec daemon).
- Move /tmp/bootpd.dump to /var/run to avoid filesystem race.
- Fix some manpages
- sudo 1.5.6p6
!
- Fix a remote lockup problem in the TCP packet decoding code. This fixes a security problem. Patches are available for 2.3 and 2.4.
- Fix a deadlock in deadfs VOP_LOCK().
- Support -p option in ipmon(8).
- Change bpf to support full frame-grabbing for FDDI packets.
--- 468,480 ----
- Fix an expression handling bug in as(1).
- Improve setregid() and setreuid() emulated behaviour.
- ftok() is now XPG compliant.
!
- Put userdir support back into httpd(8). A patch is available.
- Put userdir support back into httpd(8).
- New daemon: isakmpd (ISAKMP/Oakley ipsec daemon).
- Move /tmp/bootpd.dump to /var/run to avoid filesystem race.
- Fix some manpages
- sudo 1.5.6p6
!
- Fix a remote lockup problem in the TCP packet decoding code. This fixes a security problem. Patches are available for 2.3 and 2.4.
- Fix a deadlock in deadfs VOP_LOCK().
- Support -p option in ipmon(8).
- Change bpf to support full frame-grabbing for FDDI packets.
***************
*** 485,491 ****
- Use correct ioctl for flushing in ipmon(8).
- Fix various tcp options bugs.
- Fix tcp timestamps.
!
- Repair sparc kvm dump header problem. A patch is available.
- More carefully check /etc/hostname.* file contents before using it.
- Fix mktemp() problems in lynx(1).
--- 505,511 ----
- Use correct ioctl for flushing in ipmon(8).
- Fix various tcp options bugs.
- Fix tcp timestamps.
!
- Repair sparc kvm dump header problem. A patch is available.
- More carefully check /etc/hostname.* file contents before using it.
- Fix mktemp() problems in lynx(1).
***************
*** 524,530 ****
- In i386 wd(4) driver, set d_type properly in spoofed labels.
- Import learn(1) -- but still disabled.
- Add file:// support to ftp(1).
!
- The sparc hme(4) and le(4) drivers had bugs in the 2.4 release. Patches are available.
- Fix media negotiation in the SS5/10 le(4) driver.
- Fix mail(1) to deal with the changed lockspool(1) protocol.
- In lockspool(1), permit root to lock other spools.
--- 544,550 ----
- In i386 wd(4) driver, set d_type properly in spoofed labels.
- Import learn(1) -- but still disabled.
- Add file:// support to ftp(1).
!
- The sparc hme(4) and le(4) drivers had bugs in the 2.4 release. Patches are available.
- Fix media negotiation in the SS5/10 le(4) driver.
- Fix mail(1) to deal with the changed lockspool(1) protocol.
- In lockspool(1), permit root to lock other spools.
***************
*** 2012,2018 ****
www@openbsd.org
!
$OpenBSD: plus.html,v 1.418 1999/03/24 19:18:51 deraadt Exp $