=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v retrieving revision 1.720 retrieving revision 1.721 diff -c -r1.720 -r1.721 *** www/plus.html 2001/02/01 02:56:09 1.720 --- www/plus.html 2001/02/10 09:09:05 1.721 *************** *** 52,276 ****

SECURITY FIX: fix some buffer overflows in named.
A patch is available.
[Applied to stable] !

SECURITY FIX: The rnd device does not use all of its input when data is written to it.
A patch is available.
[Applied to stable] !

Fix sprintf overflow in ! fsinfo(8). !

fdisk(8) ! can change only the partition ID if desired. !

Use gif* instead of enc* for IPsec bridges. !

Permit multiple ! dhclient(8)s ! to run simultaneously. !

Have rc initialize RAID parity. !

Let talk(1) ! pass high characters without escaping; for use with other charsets (disabled by default). !

Prevent mountd(8) ! from deadlocking due to DNS issues. !

ftpd(8) ! logs actual bytes transferred as opposed to original file size. !

fsck_ffs(8) ! no longer marks filesystem clean if fsck needs to be rerun. !

dhclient(8) ! gracefuly handles missing LEASE_TIME. !

gprof(1) ! now works under mvme88k. !

ssh(1) ! option: HostKeyAlias. Other minor ssh(d) fixes. !

Make the ! auvia(4) ! driver behave nicely with fixed rate codecs. !

Revoke root privileges as early as possible in ! ping6(8). !

Make edquota(8) ! and repquota(8) ! handle quotas over 4 gigabytes correctly. !

SSH cleanups. !

In ksh(1), ! don't reset nonblock if it's not interactive. !

SECURITY FIX: xlock now authenticates via a pipe.
A patch is available.
[Applied to stable] -

IMPLEMENTATION FIX: PS/2 mouse driver, pms, lockup fix.
A patch is available.
[Applied to stable] !

Only invoke DMA transfers when transferring over 100 bytes for some drives. !

SECURITY FIX: Fix holes in procfs.
A patch is available.
[Applied to stable] !

Fix setting of nwid for wi(4).
[Applied to stable] !

Compaq SMART Array RAID controllers supported. !

New machdep.allowaperature sysctl value of "2" to provide access ! to entire first megabyte of memory. !

Fixed some obscure PCMCIA related panics. !

Merged Apache 1.3.14 and mod_ssl 2.7.1. !

Add support for the Natsemi 83820. !

Fix /etc/sudoers permissions and initial creation handling. !

Merged openssl-engine-0.9.6. !

More photurisd(8) ! cleanup. !

Allow sys/netinet/ip_spd.c to compile in non-INET6 kernels. !

Synchronized pfkeyv2 implementation with pfkey RFC. !

In ipsec(9), look for TDB if gateway is unspecified.
[Applied to stable] !

New CRYPTO option for ! options(4). !

Add bytecounter stats to ! netstat(1). !

New timeouts in some SCSI and RAID drivers. !

Strengthen random TCP sequence numbers. ! !

IMPLEMENTATION FIX: Compute crypto(9) session IDs correctly for kernel.
! A patch is available.
! [Applied to stable] !

In ssh(8), ! don't abort login when failing to set tty owner and mode if the tty already has ! correct owner and permissions. !

sshd(8) ! no longer requires a source port > 1024 for rhosts-rsa. !

New ICMP types and codes. !

Add support for the 802.1D spanning tree protocol for bridges. !

Add transport protocol/ports negotiation support to ! isakmpd(8), ! among other IPsec changes from the EOM-branch merge. !

Turn off path MTU when ICMP needfrag messages are blocked. !

Big batch of Alpha drivers added to Alpha's GENERIC kernel. !

Don't let ! route(8) ! touch region after free. !

Removed libgmp. !

Make ! photurisd(8) ! use bignum. ! !

SECURITY FIX: Fix another security problem in the KerberosIV code.
! A patch is available.
! [Applied to stable] !

In ssh(1) ! when using skey/tis-auth always request new challenge. !

Support newer cy cards in the ! cy(4) ! driver. !

New Swiss and jp106 keyboard maps. !

CVS_RSH is set to "ssh" by default in ! cvs(1). !

Fix endianess issues in ! ssh(1); !

Overhaul the ! adw(4) ! driver. !

Add vrrp, smb, and timed printing to ! tcpdump(8). !

calendar(4) ! only accepts real files. !

Fix perror() calls in ! pcvt(4) ! that were buffer overflows. !

Avoid argv passing overflow in ! tftp(1). !

Support I/O Data USB-ET/T USB ethernet in the ! kue(4) ! driver. !

Fix (partially) the reset sequence for 16-bit PCMCIA cards. !

Extend paranoia surrounding passed KRB environment variables in ! telnet(1). !

Update the ! isp(4) ! driver adding maxluns support, among other things. !

PCI LIVENGOOD chipset support. !

libtermlib obsolete; removed. !

Fix RIPv0 (RFC 1058) and NFS port-number printing in ! tcpdump(8). !

Make pcap generated BPF filters work on the tun interface. !

Add ! ssh-keyscan(1) ! to the arsenal. !

SECURITY FIX: Fix buffer overflow in ftpd.
A patch is available.
[Applied to stable] -

IMPLEMENTATION FIX: Fix fastroute related panic.
A patch is available.
[Applied to stable] !

SECURITY FIX: Fix two security problems in the KerberosIV code.
A patch is available.
[Applied to stable] !

ftpd(8) ! can get umask via a login class in login.conf. !

VLAN devices stop sending packets if the parent interface isn't running. !

Stability fixes in ! isakmpd(8). !

ssh-agent(1) ! disables agent, x11, and port forwarding if hostkey has changed. !

Prevent ! ssh-agent(1) ! from dumping core. !

isakmpd(8)'s ! x509 handling ignores the ID length. !

Support hot insertion and removal of Texas Instruments PCI113X CardBus bridges. !

Fix deletion of flows in pf_key_v2 handling of isakmpd(8)
[Applied to stable] !

Avoid race conditition in ! adduser(8). !

Fix pciide on 164sx Alphas. !

Variable handling in ! make(1) ! improved, along with other fixes. !

MAKEDEV(8) ! enforces ttyC[0-f]. !

ssh(1) ! can gracefuly handle invalid ciphers. !

General isakmpd(8) ! improvements, including PGPnet interoperability fixes. !

Bigger RAM probe delay in ! hifn(4) ! driver. !

Assorted ! ksh(1) fixes. !

Support for kernel events on vnodes. ! !

fix CAST-128 key size in isakmpd(8)
! [Applied to stable] !

IMPLEMENTATION FIX: Imac DV reports the VGA device improperly.
A patch is available.
[Applied to stable] !

Avoid SIGHUP log issue in ! ypserv(8). !

Support kernel event queues via ! kqueue(2). !

Support for quite a few more USB devices, including scanners.

RELIABILITY FIX: The qec+qe ethernet cards should not generate NMIs.
A patch is available.
[Applied to stable]

Repair overriding of pseudo devices in config(8)
[Applied to stable] !

Harden ftpd(8)'s ! EPSV and EPRT handling. !

Fix off-by-one error in ! ssh-agent(1).

RELIABILITY FIX: repair AES (rijndael) kernel support.
A patch is available.
[Applied to stable]

IMPLEMENTATION FIX: In sshd(8), fix skey support in SSH1 protocol.
A patch is available.
[Applied to stable] !

Fix ifconfig(8) ! induced panic when given a specific IPv6 option combination. !

RELIABILITY FIX: The ThunderLAN driver, tl(4), should not claim all interrupts.
! A patch is available.
! [Applied to stable]

Correct free-before-reference bugs in rshd(8) and rlogind(8).

Improve queue handling in gdt(4).

New Adaptec FSA RAID driver called aac(4). --- 52,322 ----

SECURITY FIX: fix some buffer overflows in named.
A patch is available.
[Applied to stable] !

SECURITY FIX: The rnd(4) device does not use all of its input when data is written to it.
A patch is available.
[Applied to stable] !

IMPLEMENTATION FIX: Compute crypto(9) session IDs correctly for kernel.
! A patch is available.
! [Applied to stable] !

Change bridge(4) to use gif* instead of enc*. !

Set SO_REUSEPORT socket option in DHCP code, so multiple dhclients work. !

Allow printing of 8-bit ASCII characters in talk(1) through an option. !

Do not perform getnetbyname() in mountd(8) if the address is already in dot-notation. !

In ftpd(8), log the actual number of bytes transferred instead of the original file size. !

Fix ^C in termtype prompt. !

Prevent fsck_ffs(8) from marking a filesystem clean if fsck(8) needs to be rerun. !

Resolve scheduling conflict in newsyslog(8). !

In dhclient(8), set a reasonable default lease time if the server does not provide one. !

Suppress uninteresting PCI bus error messages in ahc(4). !

Add m88k support to gprof(1). !

Add HostKeyAlias option to ssh(1). !

Behave nicely with fixed-rate codecs in auvia(4). !

Fix a minor off-by-one error in gprof(1). !

In the ports infrastructure, take the old non-fake code out-of-line. !

Repair a disgusting rwhod(8) crash. !

Fix buffer overflow in csh(1) builtin printf(1) implementation. !

Convert atoi(3) to strtoul(3) in top(1). !

Emulate Linux truncate64, stat64, lstat64, and fstat64 syscalls. !

Revoke root privileges earlier in ping6(8) and traceroute6(8). !

Many man page fixes. !

Use arc4random(3) in jot(1). !

Handle quotas over 4GB in edquota(8) and repquota(8). !

Fix IPv6 Path MTU Discovery. !

Give up euid more carefully in mrinfo(8) and mtrace(8). !

Various OpenSSH fixes. !

Add support for ActivCard, CRYPTOCard, and SNK-004 authentication for the BSD authentication framework. !

In ksh(1), remain in non-blocking mode if the shell is not interactive.

SECURITY FIX: xlock now authenticates via a pipe.
A patch is available.
[Applied to stable]

IMPLEMENTATION FIX: PS/2 mouse driver, pms, lockup fix.
A patch is available.
[Applied to stable] !

Implement a workaround in atapiscsi(4) for buggy Toshiba drivers.

SECURITY FIX: Fix holes in procfs.
A patch is available.
[Applied to stable] !

Put strlcat(3) and strlcpy(3) into libkern for kernel use.

Fix setting of nwid for wi(4).
[Applied to stable] !

Change /etc/security to spit out unified diffs. !

Add driver for Compaq SMART Array RAID controllers, cac(4). !

Extend the i386 allowaperature sysctl to allow access to the whole 1st MB of memory. !

Add some more sanity checking to the PCMCIA code to fix some obscure panics. !

Import Apache 1.3.14 + mod_ssl 2.7.1. !

Support multiple pfkeyv2 keying daemons. !

Compute diffie-hellman in parallel between server and client in OpenSSH. !

Support Amigas with more than 64MB of RAM. !

Ensure /etc/sudoers is created with a proper secure mode. !

Import OpenSSL 0.9.6. !

More photurisd(8) improvements. !

Update kernel pfkeyv2 code for better conformance to the RFC. !

Enable loading of ELF kernels for alpha. !

Add extraction support for shell archives to the bsd.port.mk infrastructure.

In ipsec(9), look for TDB if gateway is unspecified.
[Applied to stable] !

Fixes to patch(1) -f and -b. !

Convert some more drivers to the new timeout(9) interface. !

Add bytecounter statistics reporting to netstat(8). !

Instrument more random TCP sequence numbers. !

In sshd(8), permit logins with read-only root filesystems if the tty already has sane modes set. !

Source port < 1024 is no longer required for rhosts-rsa in sshd(8). !

Remove dead code in hifn(4) driver. !

Proper getopt(3) usage in compress(1). !

Fix a time specification in last(1). !

Do not disable PMTU for established TCP connections unless there is data to send. !

Add support for the 802.1D spanning tree protocol to bridge(4). !

New BSD authentication login scripts. !

Listen to pfkeyv2 acquire messages in photurisd(8), and setup SAs accordingly. !

isakmpd(8) update. !

APM bug fix that helps a few laptops. !

Remove unnecessary code from photurisd(8) in preparation of new SPD framework. !

Repair a memory leak in ICMPv6 code. !

Turn off PMTU when ICMP needfrag messages get blocked. !

Finnish updates for inter.phone. !

Display number of successful IPv6 PMTU changes in netstat(8) -s output. !

Do not re-print ETA on completion in scp(1) when copying 0-sized files. !

Validate ICMPv6 "too big" messages based on PCB. !

Do not use already-freed memory in route(8). !

Avoid repeated host controller halted messages in uhci(4). !

Remove unused libgmp. !

Import KerberosIV v1.0.4. !

Always request a new challenge for skey/tis-auth in ssh(1). !

Support newer cy(4) communication cards. !

Provide new international keymaps for pcvt(4). !

Ignore filesystems marked "xx" in the install scripts. !

Document that pipe(2) is bidirectional, although this behavior is unportable. !

Move the default cvs(1) connection protocol from rsh(1) to ssh(1). !

Remove a bogus memory free in getnetgrent(3). !

Fix a buffer overflow in bad144(8). !

Revert back to the old rijndael implementation and solve byte ordering bugs there instead. !

Drop unneeded support for RTF_TUNNEL in route(8). !

Maintain count of routing table timer entries in route(8). !

In makewhatis(8), strip weird characters first, then sequences of spaces. !

Big improvements to adw(4). !

Teach tcpdump(8) about VRRP, SMB, and timed. !

Force calendar(1) to only accept real calendar files as input. !

Fix various perror() overflows in pcvt(4). !

Repair a tftp(1) argv parsing overflow. !

Conditionalize some BPF code in wx(4). !

Finally remove remaining references to extra RSA libs, since the patent has expired. !

New rijndael implementation which solves endian issues. !

Support Intel 82801BA pciide(4) controllers. !

Exercise more paranoia with passed KRB environment settings in telnetd(8). !

Convert some more drivers to the new timeout(9) interface. !

Many improvements and modernizations to isp(4). !

Update wx(4) with LIVENGOOD support. !

Recognize and support the IODATA USB-ET/T Ethernet adapter in kue(4). !

Implement asynchronous connections for ssh(1) -R and -L. !

Simplify atrun(8) tasks by using asprintf(3). !

Kill unused libtermlib. !

Import new pool(9) code. !

Fix RIPv0 packet printing and NFS port number parsing in tcpdump(8). !

Make pcap-generated BPF filters work on the tun(4) interface. !

Import David Maziere's ssh-keyscan(1).

SECURITY FIX: Fix buffer overflow in ftpd.
A patch is available.
[Applied to stable]

IMPLEMENTATION FIX: Fix fastroute related panic.
A patch is available.
[Applied to stable] !

Teach OpenSSH about more version strings to improve interoperability. !

SECURITY FIX: Fix another security problem in the KerberosIV code.
! A patch is available.
! [Applied to stable]

SECURITY FIX: Fix two security problems in the KerberosIV code.
A patch is available.
[Applied to stable] !

Permit ftpd(8) umask setting via both the command line and through a login class in login.conf(5). !

Prevent VLAN devices from emitting packets if the parent interface is not up and running. !

Better error checking in ping6(8). !

Some stability fixes to isakmpd(8). !

In ssh(1), disable agent/X11 port forwarding if the hostkey has changed. !

Fix a coredump in ssh-agent(1). !

Reset 16-bit PCMCIA during chip initialization in pccbb(4). !

Correct PCI interrupt setup for TI PCI113X CardBus bridges. !

Properly powerdown PC cards in pccbb(4) at shutdown time. !

Add -D option to sshd(8) to cause startup without a daemon. !

Show both the IP address and hostname when a new key is encountered in ssh(1). !

Fix a bug in MSChapv2 challenge hashing in ppp(8). !

More make(1) tweaks. !

Use -n to test for non-zero variables in /etc/netstart. !

Be more careful with ARP packets.

Fix deletion of flows in pf_key_v2 handling of isakmpd(8)
[Applied to stable] !

Prevent setusercontext(3) in ftpd(8) from setting the umask as this conflicts with any command-line umask specification. !

Clock fixes for the alpha architecture. !

Print select collisions in vmstat(8) -s output. !

Implement login_check_expire(3) for libutil. !

Add -u username support to pwd_mkdb(8). !

Properly implement errno handling for the threaded libc (libc_r) on powerpc. !

In adduser(8), get rid of a race condition and use /etc/ptmp as a lock file. !

Set reasonable defaults for RSA1, RSA, and DSA keys in ssh-keygen(1). !

Reorder check for illegal ciphers in ssh(1) protocol 1 connection code. !

Fix pciide(4) support on Alpha 164SX models. !

Support 16 slices per device on VAX machines. !

Considerable cleanups to make(1). !

Improve key repeat logic in wskbd(4). !

Changes from KAME to make ifm_data available in getifaddrs(3). !

Fix absolute path handling in crunchgen(1). !

Shorten /dev/ttyC* device names. !

Complain about invalid ciphers in ssh(1), falling back to reasonable defaults when necessary. !

Avoid tty races in wsdisplay(4) when switching virtual terminals. !

Update isakmpd(8). !

Repair lun support in umass(4). !

Zero pw_passwd before freeing its memory in the libc BSD authentication routines. !

Train makewhatis(8) to handle more special cases. !

Avoid double fclose(3) in getcap(3). !

Increase delay in RAM probe for hifn(4). !

Suffix list fix in make(1). !

Various bug fixes in ksh(1). !

When using the tail(1) -f flag on stdin, don't reopen a local file named stdin. !

Extend kqueue(2) to support kernel events on vnodes. !

Bring in BSD authentication support for sudo(8). !

Zap MULOG in inetd(8) to improve code readability. !

Avoid whacking errno in top(1) signal handlers. !

Do not include MFS partitions in quot(8) statistics output. !

Add support for the Acenic Copper and Netgear GA620T Gigabit Ethernet cards. !

Prevent a type overflow in recno(3).

IMPLEMENTATION FIX: Imac DV reports the VGA device improperly.
A patch is available.
[Applied to stable] !

Import BSD authentication mechanisms from BSDI BSD/OS. !

Implement pw_dup(3), a function which copies struct passwd. !

Replace getpass(3) with a more flexible readpassphrase(3) interface. !

Add strnvis(3), a length-bounded version of the strvis(3) libc function. !

Better prompting logic in libskey. !

Resurrect binutils on alpha. !

Recognize newer Intel audio devices in auich(4). !

Stop amphy(4) from attaching to network devices it doesn't belong to. !

Enable support for pciide(4) found in newer Intel chipsets. !

Correct URL handling in the install scripts. !

Limit the number of SCSI luns in umass(4). !

Page size fixes to the alpha port. !

Import ssh-ask-pass support for X11. !

Fix a signal race in ypserv(8) SIGHUP handling. !

Enable uaudio(4) by default in GENERIC/i386. !

Reserve all-1s addresses in the IPSec code for future policy discovery features. !

Resolve HMAC nomenclautre issues. !

Be sure to clear passwords out of memory after use in ppp(8). !

Support kernel event queues. !

Add support for USB scanners through the uscanner(4) driver. !

More fixes to qec(4). !

Recognize newer AMD CPUs. !

Repair incorrect buffer size logic in telnetd(8). !

Add a slew of devices to usbdevs. !

Do not use perror(3) in sshd(8) after forking a child.

RELIABILITY FIX: The qec+qe ethernet cards should not generate NMIs.
A patch is available.
[Applied to stable] +

Add ifmedia(4) support to qec(4), among other improvements. +

Extra sanity checking in skeyinit(1). +

Repair timeout computations in atapiscsi(4). +

Add initial support for DEC Alpha 21264 systems. +

Bring the alpha port a bit closer to a fully operational console. +

Support Accton EN2242 MiniPCI Ethernet adapters. +

Permit O_RDWR on FIFOs to handle legacy applications that depend on it. +

Add scrollback support to wscons(4) through the vga(4) driver. +

Color change in wscons(4) vt100 emulation to more closely imitate PCVT.

Repair overriding of pseudo devices in config(8)
[Applied to stable] !

Accept -inet and -inet6 as options for the show command in route(8). !

Don't reorder keys in ssh-agent(1) upon key removal. !

Avoid parsing options in ssh(1) if there is an RSA key mismatch. !

Various cleanups to ftpd(8). !

In many programs, sync usage() output with their respective man page SYNOPSIS. !

RELIABILITY FIX: The ThunderLAN driver, tl(4), should not claim all interrupts.
! A patch is available.
! [Applied to stable] !

In pciide(4), do not map unsafe registers from controllers that require 16-bit I/O space. !

Import new pckbc(4), pckbd(4), vga(4), pcdisplay(4), and ega(4) drivers for wscons(4). !

In ftpd(8), assert check_login upon receipt of EPSV/LPSV. !

Make the aha(4) driver compile without UVM. !

Enforce non-cacheable device space on real 80386 machines. !

Add RSA authentication support for SSH2 to OpenSSH. !

Allow serial mice to work with moused(8) and XFree86 simultaneously. !

Repair an off-by-one error in ssh-agent(1). !

Convert some old drivers to the new timeout(9) interface.

RELIABILITY FIX: repair AES (rijndael) kernel support.
A patch is available.
[Applied to stable] +

Import PCI support for Alpha EB164 machines. +

Add bus_space_barrier macros for the powerpc. +

Endian fixes to the USB code. +

Better command line parsing in encrypt(1). +

Numbering fixups in pfkeyv2 to match IANA assignments. +

Crank maximum mbuf size in ppp(8) in order to handle full-sized HDLC frames. +

Improve handling of IPv6 Node Information Query packets for better specification conformance. +

Fix a panic induced by assigning lo0 an IPv6 alias.

IMPLEMENTATION FIX: In sshd(8), fix skey support in SSH1 protocol.
A patch is available.
[Applied to stable] !

Deprecate pltime=0 in ifconfig(8). !

Modifications to the ktrace(2) interface to reduce redundancy. !

Do not advertise dynamic/cloned routes in route6d(8). !

Allow ping6(8) to send ICMP6 packets smaller than 8 bytes. !

Correct free-before-reference bugs in rshd(8) and rlogind(8).

Improve queue handling in gdt(4).

New Adaptec FSA RAID driver called aac(4). *************** *** 341,347 ****

www@openbsd.org !
$OpenBSD: plus.html,v 1.720 2001/02/01 02:56:09 jason Exp $ --- 387,393 ----

www@openbsd.org !
$OpenBSD: plus.html,v 1.721 2001/02/10 09:09:05 aaron Exp $