===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.720
retrieving revision 1.721
diff -c -r1.720 -r1.721
*** www/plus.html 2001/02/01 02:56:09 1.720
--- www/plus.html 2001/02/10 09:09:05 1.721
***************
*** 52,276 ****
SECURITY FIX: fix some buffer overflows in named.
A patch is available.
[Applied to stable]
! SECURITY FIX: The rnd device does not use all of its input when data is written to it.
A patch is available.
[Applied to stable]
! Fix sprintf overflow in
! fsinfo(8).
! fdisk(8)
! can change only the partition ID if desired.
! Use gif* instead of enc* for IPsec bridges.
! Permit multiple
! dhclient(8)s
! to run simultaneously.
! Have rc initialize RAID parity.
! Let talk(1)
! pass high characters without escaping; for use with other charsets (disabled by default).
! Prevent mountd(8)
! from deadlocking due to DNS issues.
! ftpd(8)
! logs actual bytes transferred as opposed to original file size.
! fsck_ffs(8)
! no longer marks filesystem clean if fsck needs to be rerun.
! dhclient(8)
! gracefuly handles missing LEASE_TIME.
! gprof(1)
! now works under mvme88k.
! ssh(1)
! option: HostKeyAlias. Other minor ssh(d) fixes.
! Make the
! auvia(4)
! driver behave nicely with fixed rate codecs.
! Revoke root privileges as early as possible in
! ping6(8).
! Make edquota(8)
! and repquota(8)
! handle quotas over 4 gigabytes correctly.
! SSH cleanups.
! In ksh(1),
! don't reset nonblock if it's not interactive.
!
SECURITY FIX: xlock now authenticates via a pipe.
A patch is available.
[Applied to stable]
-
IMPLEMENTATION FIX: PS/2 mouse driver, pms, lockup fix.
A patch is available.
[Applied to stable]
! Only invoke DMA transfers when transferring over 100 bytes for some drives.
!
SECURITY FIX: Fix holes in procfs.
A patch is available.
[Applied to stable]
!
Fix setting of nwid for wi(4).
[Applied to stable]
! Compaq SMART Array RAID controllers supported.
! New machdep.allowaperature sysctl value of "2" to provide access
! to entire first megabyte of memory.
! Fixed some obscure PCMCIA related panics.
! Merged Apache 1.3.14 and mod_ssl 2.7.1.
! Add support for the Natsemi 83820.
! Fix /etc/sudoers permissions and initial creation handling.
! Merged openssl-engine-0.9.6.
! More photurisd(8)
! cleanup.
! Allow sys/netinet/ip_spd.c to compile in non-INET6 kernels.
! Synchronized pfkeyv2 implementation with pfkey RFC.
!
In ipsec(9), look for TDB if gateway is unspecified.
[Applied to stable]
! New CRYPTO option for
! options(4).
! Add bytecounter stats to
! netstat(1).
! New timeouts in some SCSI and RAID drivers.
! Strengthen random TCP sequence numbers.
!
! IMPLEMENTATION FIX: Compute crypto(9) session IDs correctly for kernel.
! A patch is available.
! [Applied to stable]
! In ssh(8),
! don't abort login when failing to set tty owner and mode if the tty already has
! correct owner and permissions.
! sshd(8)
! no longer requires a source port > 1024 for rhosts-rsa.
! New ICMP types and codes.
! Add support for the 802.1D spanning tree protocol for bridges.
! Add transport protocol/ports negotiation support to
! isakmpd(8),
! among other IPsec changes from the EOM-branch merge.
! Turn off path MTU when ICMP needfrag messages are blocked.
! Big batch of Alpha drivers added to Alpha's GENERIC kernel.
! Don't let
! route(8)
! touch region after free.
! Removed libgmp.
! Make
! photurisd(8)
! use bignum.
!
! SECURITY FIX: Fix another security problem in the KerberosIV code.
! A patch is available.
! [Applied to stable]
! In ssh(1)
! when using skey/tis-auth always request new challenge.
! Support newer cy cards in the
! cy(4)
! driver.
! New Swiss and jp106 keyboard maps.
! CVS_RSH is set to "ssh" by default in
! cvs(1).
! Fix endianess issues in
! ssh(1);
! Overhaul the
! adw(4)
! driver.
! Add vrrp, smb, and timed printing to
! tcpdump(8).
! calendar(4)
! only accepts real files.
! Fix perror() calls in
! pcvt(4)
! that were buffer overflows.
! Avoid argv passing overflow in
! tftp(1).
! Support I/O Data USB-ET/T USB ethernet in the
! kue(4)
! driver.
! Fix (partially) the reset sequence for 16-bit PCMCIA cards.
! Extend paranoia surrounding passed KRB environment variables in
! telnet(1).
! Update the
! isp(4)
! driver adding maxluns support, among other things.
! PCI LIVENGOOD chipset support.
! libtermlib obsolete; removed.
! Fix RIPv0 (RFC 1058) and NFS port-number printing in
! tcpdump(8).
! Make pcap generated BPF filters work on the tun interface.
! Add
! ssh-keyscan(1)
! to the arsenal.
!
SECURITY FIX: Fix buffer overflow in ftpd.
A patch is available.
[Applied to stable]
-
IMPLEMENTATION FIX: Fix fastroute related panic.
A patch is available.
[Applied to stable]
!
SECURITY FIX: Fix two security problems in the KerberosIV code.
A patch is available.
[Applied to stable]
! ftpd(8)
! can get umask via a login class in login.conf.
! VLAN devices stop sending packets if the parent interface isn't running.
! Stability fixes in
! isakmpd(8).
! ssh-agent(1)
! disables agent, x11, and port forwarding if hostkey has changed.
! Prevent
! ssh-agent(1)
! from dumping core.
! isakmpd(8)'s
! x509 handling ignores the ID length.
! Support hot insertion and removal of Texas Instruments PCI113X CardBus bridges.
!
Fix deletion of flows in pf_key_v2 handling of isakmpd(8)
[Applied to stable]
! Avoid race conditition in
! adduser(8).
! Fix pciide on 164sx Alphas.
! Variable handling in
! make(1)
! improved, along with other fixes.
! MAKEDEV(8)
! enforces ttyC[0-f].
! ssh(1)
! can gracefuly handle invalid ciphers.
! General isakmpd(8)
! improvements, including PGPnet interoperability fixes.
! Bigger RAM probe delay in
! hifn(4)
! driver.
! Assorted
! ksh(1) fixes.
! Support for kernel events on vnodes.
!
! fix CAST-128 key size in isakmpd(8)
! [Applied to stable]
!
IMPLEMENTATION FIX: Imac DV reports the VGA device improperly.
A patch is available.
[Applied to stable]
! Avoid SIGHUP log issue in
! ypserv(8).
! Support kernel event queues via
! kqueue(2).
! Support for quite a few more USB devices, including scanners.
RELIABILITY FIX: The qec+qe ethernet cards should not generate NMIs.
A patch is available.
[Applied to stable]
Repair overriding of pseudo devices in config(8)
[Applied to stable]
! Harden ftpd(8)'s
! EPSV and EPRT handling.
! Fix off-by-one error in
! ssh-agent(1).
RELIABILITY FIX: repair AES (rijndael)
kernel support.
A patch is available.
[Applied to stable]
IMPLEMENTATION FIX: In sshd(8), fix skey support in SSH1 protocol.
A patch is available.
[Applied to stable]
! Fix ifconfig(8)
! induced panic when given a specific IPv6 option combination.
! RELIABILITY FIX: The ThunderLAN driver, tl(4), should not claim all interrupts.
! A patch is available.
! [Applied to stable]
Correct free-before-reference bugs in rshd(8) and rlogind(8).
Improve queue handling in gdt(4).
New Adaptec FSA RAID driver called aac(4).
--- 52,322 ----
SECURITY FIX: fix some buffer overflows in named.
A patch is available.
[Applied to stable]
! SECURITY FIX: The rnd(4) device does not use all of its input when data is written to it.
A patch is available.
[Applied to stable]
! IMPLEMENTATION FIX: Compute crypto(9) session IDs correctly for kernel.
! A patch is available.
! [Applied to stable]
! Change bridge(4) to use gif* instead of enc*.
! Set SO_REUSEPORT socket option in DHCP code, so multiple dhclients work.
! Allow printing of 8-bit ASCII characters in talk(1) through an option.
! Do not perform getnetbyname() in mountd(8) if the address is already in dot-notation.
! In ftpd(8), log the actual number of bytes transferred instead of the original file size.
! Fix ^C in termtype prompt.
! Prevent fsck_ffs(8) from marking a filesystem clean if fsck(8) needs to be rerun.
! Resolve scheduling conflict in newsyslog(8).
! In dhclient(8), set a reasonable default lease time if the server does not provide one.
! Suppress uninteresting PCI bus error messages in ahc(4).
! Add m88k support to gprof(1).
! Add HostKeyAlias option to ssh(1).
! Behave nicely with fixed-rate codecs in auvia(4).
! Fix a minor off-by-one error in gprof(1).
! In the ports infrastructure, take the old non-fake code out-of-line.
! Repair a disgusting rwhod(8) crash.
! Fix buffer overflow in csh(1) builtin printf(1) implementation.
! Convert atoi(3) to strtoul(3) in top(1).
! Emulate Linux truncate64, stat64, lstat64, and fstat64 syscalls.
! Revoke root privileges earlier in ping6(8) and traceroute6(8).
! Many man page fixes.
! Use arc4random(3) in jot(1).
! Handle quotas over 4GB in edquota(8) and repquota(8).
! Fix IPv6 Path MTU Discovery.
! Give up euid more carefully in mrinfo(8) and mtrace(8).
! Various OpenSSH fixes.
! Add support for ActivCard, CRYPTOCard, and SNK-004 authentication for the BSD authentication framework.
! In ksh(1), remain in non-blocking mode if the shell is not interactive.
SECURITY FIX: xlock now authenticates via a pipe.
A patch is available.
[Applied to stable]
IMPLEMENTATION FIX: PS/2 mouse driver, pms, lockup fix.
A patch is available.
[Applied to stable]
! Implement a workaround in atapiscsi(4) for buggy Toshiba drivers.
SECURITY FIX: Fix holes in procfs.
A patch is available.
[Applied to stable]
! Put strlcat(3) and strlcpy(3) into libkern for kernel use.
Fix setting of nwid for wi(4).
[Applied to stable]
! Change /etc/security to spit out unified diffs.
! Add driver for Compaq SMART Array RAID controllers, cac(4).
! Extend the i386 allowaperature sysctl to allow access to the whole 1st MB of memory.
! Add some more sanity checking to the PCMCIA code to fix some obscure panics.
! Import Apache 1.3.14 + mod_ssl 2.7.1.
! Support multiple pfkeyv2 keying daemons.
! Compute diffie-hellman in parallel between server and client in OpenSSH.
! Support Amigas with more than 64MB of RAM.
! Ensure /etc/sudoers is created with a proper secure mode.
! Import OpenSSL 0.9.6.
! More photurisd(8) improvements.
! Update kernel pfkeyv2 code for better conformance to the RFC.
! Enable loading of ELF kernels for alpha.
! Add extraction support for shell archives to the bsd.port.mk infrastructure.
In ipsec(9), look for TDB if gateway is unspecified.
[Applied to stable]
! Fixes to patch(1) -f and -b.
! Convert some more drivers to the new timeout(9) interface.
! Add bytecounter statistics reporting to netstat(8).
! Instrument more random TCP sequence numbers.
! In sshd(8), permit logins with read-only root filesystems if the tty already has sane modes set.
! Source port < 1024 is no longer required for rhosts-rsa in sshd(8).
! Remove dead code in hifn(4) driver.
! Proper getopt(3) usage in compress(1).
! Fix a time specification in last(1).
! Do not disable PMTU for established TCP connections unless there is data to send.
! Add support for the 802.1D spanning tree protocol to bridge(4).
! New BSD authentication login scripts.
! Listen to pfkeyv2 acquire messages in photurisd(8), and setup SAs accordingly.
! isakmpd(8) update.
! APM bug fix that helps a few laptops.
! Remove unnecessary code from photurisd(8) in preparation of new SPD framework.
! Repair a memory leak in ICMPv6 code.
! Turn off PMTU when ICMP needfrag messages get blocked.
! Finnish updates for inter.phone.
! Display number of successful IPv6 PMTU changes in netstat(8) -s output.
! Do not re-print ETA on completion in scp(1) when copying 0-sized files.
! Validate ICMPv6 "too big" messages based on PCB.
! Do not use already-freed memory in route(8).
! Avoid repeated host controller halted messages in uhci(4).
! Remove unused libgmp.
! Import KerberosIV v1.0.4.
! Always request a new challenge for skey/tis-auth in ssh(1).
! Support newer cy(4) communication cards.
! Provide new international keymaps for pcvt(4).
! Ignore filesystems marked "xx" in the install scripts.
! Document that pipe(2) is bidirectional, although this behavior is unportable.
! Move the default cvs(1) connection protocol from rsh(1) to ssh(1).
! Remove a bogus memory free in getnetgrent(3).
! Fix a buffer overflow in bad144(8).
! Revert back to the old rijndael implementation and solve byte ordering bugs there instead.
! Drop unneeded support for RTF_TUNNEL in route(8).
! Maintain count of routing table timer entries in route(8).
! In makewhatis(8), strip weird characters first, then sequences of spaces.
! Big improvements to adw(4).
! Teach tcpdump(8) about VRRP, SMB, and timed.
! Force calendar(1) to only accept real calendar files as input.
! Fix various perror() overflows in pcvt(4).
! Repair a tftp(1) argv parsing overflow.
! Conditionalize some BPF code in wx(4).
! Finally remove remaining references to extra RSA libs, since the patent has expired.
! New rijndael implementation which solves endian issues.
! Support Intel 82801BA pciide(4) controllers.
! Exercise more paranoia with passed KRB environment settings in telnetd(8).
! Convert some more drivers to the new timeout(9) interface.
! Many improvements and modernizations to isp(4).
! Update wx(4) with LIVENGOOD support.
! Recognize and support the IODATA USB-ET/T Ethernet adapter in kue(4).
! Implement asynchronous connections for ssh(1) -R and -L.
! Simplify atrun(8) tasks by using asprintf(3).
! Kill unused libtermlib.
! Import new pool(9) code.
! Fix RIPv0 packet printing and NFS port number parsing in tcpdump(8).
! Make pcap-generated BPF filters work on the tun(4) interface.
! Import David Maziere's ssh-keyscan(1).
SECURITY FIX: Fix buffer overflow in ftpd.
A patch is available.
[Applied to stable]
IMPLEMENTATION FIX: Fix fastroute related panic.
A patch is available.
[Applied to stable]
! Teach OpenSSH about more version strings to improve interoperability.
! SECURITY FIX: Fix another security problem in the KerberosIV code.
! A patch is available.
! [Applied to stable]
SECURITY FIX: Fix two security problems in the KerberosIV code.
A patch is available.
[Applied to stable]
! Permit ftpd(8) umask setting via both the command line and through a login class in login.conf(5).
! Prevent VLAN devices from emitting packets if the parent interface is not up and running.
! Better error checking in ping6(8).
! Some stability fixes to isakmpd(8).
! In ssh(1), disable agent/X11 port forwarding if the hostkey has changed.
! Fix a coredump in ssh-agent(1).
! Reset 16-bit PCMCIA during chip initialization in pccbb(4).
! Correct PCI interrupt setup for TI PCI113X CardBus bridges.
! Properly powerdown PC cards in pccbb(4) at shutdown time.
! Add -D option to sshd(8) to cause startup without a daemon.
! Show both the IP address and hostname when a new key is encountered in ssh(1).
! Fix a bug in MSChapv2 challenge hashing in ppp(8).
! More make(1) tweaks.
! Use -n to test for non-zero variables in /etc/netstart.
! Be more careful with ARP packets.
Fix deletion of flows in pf_key_v2 handling of isakmpd(8)
[Applied to stable]
! Prevent setusercontext(3) in ftpd(8) from setting the umask as this conflicts with any command-line umask specification.
! Clock fixes for the alpha architecture.
! Print select collisions in vmstat(8) -s output.
! Implement login_check_expire(3) for libutil.
! Add -u username support to pwd_mkdb(8).
! Properly implement errno handling for the threaded libc (libc_r) on powerpc.
! In adduser(8), get rid of a race condition and use /etc/ptmp as a lock file.
! Set reasonable defaults for RSA1, RSA, and DSA keys in ssh-keygen(1).
! Reorder check for illegal ciphers in ssh(1) protocol 1 connection code.
! Fix pciide(4) support on Alpha 164SX models.
! Support 16 slices per device on VAX machines.
! Considerable cleanups to make(1).
! Improve key repeat logic in wskbd(4).
! Changes from KAME to make ifm_data available in getifaddrs(3).
! Fix absolute path handling in crunchgen(1).
! Shorten /dev/ttyC* device names.
! Complain about invalid ciphers in ssh(1), falling back to reasonable defaults when necessary.
! Avoid tty races in wsdisplay(4) when switching virtual terminals.
! Update isakmpd(8).
! Repair lun support in umass(4).
! Zero pw_passwd before freeing its memory in the libc BSD authentication routines.
! Train makewhatis(8) to handle more special cases.
! Avoid double fclose(3) in getcap(3).
! Increase delay in RAM probe for hifn(4).
! Suffix list fix in make(1).
! Various bug fixes in ksh(1).
! When using the tail(1) -f flag on stdin, don't reopen a local file named stdin.
! Extend kqueue(2) to support kernel events on vnodes.
! Bring in BSD authentication support for sudo(8).
! Zap MULOG in inetd(8) to improve code readability.
! Avoid whacking errno in top(1) signal handlers.
! Do not include MFS partitions in quot(8) statistics output.
! Add support for the Acenic Copper and Netgear GA620T Gigabit Ethernet cards.
! Prevent a type overflow in recno(3).
IMPLEMENTATION FIX: Imac DV reports the VGA device improperly.
A patch is available.
[Applied to stable]
! Import BSD authentication mechanisms from BSDI BSD/OS.
! Implement pw_dup(3), a function which copies struct passwd.
! Replace getpass(3) with a more flexible readpassphrase(3) interface.
! Add strnvis(3), a length-bounded version of the strvis(3) libc function.
! Better prompting logic in libskey.
! Resurrect binutils on alpha.
! Recognize newer Intel audio devices in auich(4).
! Stop amphy(4) from attaching to network devices it doesn't belong to.
! Enable support for pciide(4) found in newer Intel chipsets.
! Correct URL handling in the install scripts.
! Limit the number of SCSI luns in umass(4).
! Page size fixes to the alpha port.
! Import ssh-ask-pass support for X11.
! Fix a signal race in ypserv(8) SIGHUP handling.
! Enable uaudio(4) by default in GENERIC/i386.
! Reserve all-1s addresses in the IPSec code for future policy discovery features.
! Resolve HMAC nomenclautre issues.
! Be sure to clear passwords out of memory after use in ppp(8).
! Support kernel event queues.
! Add support for USB scanners through the uscanner(4) driver.
! More fixes to qec(4).
! Recognize newer AMD CPUs.
! Repair incorrect buffer size logic in telnetd(8).
! Add a slew of devices to usbdevs.
! Do not use perror(3) in sshd(8) after forking a child.
RELIABILITY FIX: The qec+qe ethernet cards should not generate NMIs.
A patch is available.
[Applied to stable]
+ Add ifmedia(4) support to qec(4), among other improvements.
+ Extra sanity checking in skeyinit(1).
+ Repair timeout computations in atapiscsi(4).
+ Add initial support for DEC Alpha 21264 systems.
+ Bring the alpha port a bit closer to a fully operational console.
+ Support Accton EN2242 MiniPCI Ethernet adapters.
+ Permit O_RDWR on FIFOs to handle legacy applications that depend on it.
+ Add scrollback support to wscons(4) through the vga(4) driver.
+ Color change in wscons(4) vt100 emulation to more closely imitate PCVT.
Repair overriding of pseudo devices in config(8)
[Applied to stable]
! Accept -inet and -inet6 as options for the show command in route(8).
! Don't reorder keys in ssh-agent(1) upon key removal.
! Avoid parsing options in ssh(1) if there is an RSA key mismatch.
! Various cleanups to ftpd(8).
! In many programs, sync usage() output with their respective man page SYNOPSIS.
! RELIABILITY FIX: The ThunderLAN driver, tl(4), should not claim all interrupts.
! A patch is available.
! [Applied to stable]
! In pciide(4), do not map unsafe registers from controllers that require 16-bit I/O space.
! Import new pckbc(4), pckbd(4), vga(4), pcdisplay(4), and ega(4) drivers for wscons(4).
! In ftpd(8), assert check_login upon receipt of EPSV/LPSV.
! Make the aha(4) driver compile without UVM.
! Enforce non-cacheable device space on real 80386 machines.
! Add RSA authentication support for SSH2 to OpenSSH.
! Allow serial mice to work with moused(8) and XFree86 simultaneously.
! Repair an off-by-one error in ssh-agent(1).
! Convert some old drivers to the new timeout(9) interface.
RELIABILITY FIX: repair AES (rijndael)
kernel support.
A patch is available.
[Applied to stable]
+ Import PCI support for Alpha EB164 machines.
+ Add bus_space_barrier macros for the powerpc.
+ Endian fixes to the USB code.
+ Better command line parsing in encrypt(1).
+ Numbering fixups in pfkeyv2 to match IANA assignments.
+ Crank maximum mbuf size in ppp(8) in order to handle full-sized HDLC frames.
+ Improve handling of IPv6 Node Information Query packets for better specification conformance.
+ Fix a panic induced by assigning lo0 an IPv6 alias.
IMPLEMENTATION FIX: In sshd(8), fix skey support in SSH1 protocol.
A patch is available.
[Applied to stable]
! Deprecate pltime=0 in ifconfig(8).
! Modifications to the ktrace(2) interface to reduce redundancy.
! Do not advertise dynamic/cloned routes in route6d(8).
! Allow ping6(8) to send ICMP6 packets smaller than 8 bytes.
!
Correct free-before-reference bugs in rshd(8) and rlogind(8).
Improve queue handling in gdt(4).
New Adaptec FSA RAID driver called aac(4).
***************
*** 341,347 ****
www@openbsd.org
!
$OpenBSD: plus.html,v 1.720 2001/02/01 02:56:09 jason Exp $