=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v retrieving revision 1.755 retrieving revision 1.756 diff -c -r1.755 -r1.756 *** www/plus.html 2001/04/18 01:08:46 1.755 --- www/plus.html 2001/04/23 23:03:31 1.756 *************** *** 48,64 ****

We are working on OpenBSD-current.

Fix ipf fragment caching bug.
[Applied to stable]
SECURITY FIX: Fix buffer overflows contained in glob(3) function.
! A patch is available.
[Applied to stable]
Check for short packets and bad types sent to timed(8).
[Applied to stable]
OpenSSH 2.5.2 released.
[Applied to stable]
SECURITY FIX: Be careful with file permissions in readline library
! A patch is available.
[Applied to stable]
Make buffer size 8k on NE1000, and 16k otherwise for ne.
--- 48,68 ----

We are working on OpenBSD-current.
- Avoid DoS attack in ftpd using glob patch.
  ! A patch is available.
  [Applied to stable] +
- Fix ipf fragment caching bug.
  + A patch is available.
  + [Applied to stable]
- SECURITY FIX: Fix buffer overflows contained in glob(3) function.
  ! A patch is available.
  [Applied to stable]
- Check for short packets and bad types sent to timed(8).
  [Applied to stable]
- OpenSSH 2.5.2 released.
  [Applied to stable]
- SECURITY FIX: Be careful with file permissions in readline library
  ! A patch is available.
  [Applied to stable]
- Make buffer size 8k on NE1000, and 16k otherwise for ne.
  *************** *** 66,83 ****
- Move bogus packet length test in udp packets to avoid being stuck at splsoftnet.
  [Applied to stable]
- SECURITY FIX: for ipsec(4), handle AH packets with IP options more strictly.
  ! A patch is available.
  [Applied to stable]
- SECURITY FIX: on i386, check arguments to USER_LDT (not enabled by default) mappings.
  ! A patch is available.
  [Applied to stable]
- SECURITY FIX: update to sudo-1.6.3p6 which fixes a buffer overflow on very long argv components.
  ! A patch is available.
  [Applied to stable]
- OpenSSH 2.5.1 released.
  [Applied to stable]
- IMPLEMENTATION FIX: fix port number computation in libwrap client side ident implementation.
  ! A patch is available.
  [Applied to stable]
- Disable bogus file check in cvs(1).
  [Applied to stable] --- 70,87 ----
- Move bogus packet length test in udp packets to avoid being stuck at splsoftnet.
  [Applied to stable]
- SECURITY FIX: for ipsec(4), handle AH packets with IP options more strictly.
  ! A patch is available.
  [Applied to stable]
- SECURITY FIX: on i386, check arguments to USER_LDT (not enabled by default) mappings.
  ! A patch is available.
  [Applied to stable]
- SECURITY FIX: update to sudo-1.6.3p6 which fixes a buffer overflow on very long argv components.
  ! A patch is available.
  [Applied to stable]
- OpenSSH 2.5.1 released.
  [Applied to stable]
- IMPLEMENTATION FIX: fix port number computation in libwrap client side ident implementation.
  ! A patch is available.
  [Applied to stable]
- Disable bogus file check in cvs(1).
  [Applied to stable] *************** *** 201,207 ****
- If a pccbb(4) bridge does not have the right voltages, assume it is dead. Permits single connector adapters to work.
- Fix some bugs in the bridge(4), especially regarding gif(4).
- IMPLEMENTATION FIX: fix memory allocation in the PCI LANCE ethernet driver, le(4).
  ! A patch is available.
  [Applied to stable]
- In config(8) -e and -u, do not write out a new kernel if nothing changed.
- Numerous fat utmp(5) changes to utilities. --- 205,211 ----
- If a pccbb(4) bridge does not have the right voltages, assume it is dead. Permits single connector adapters to work.
- Fix some bugs in the bridge(4), especially regarding gif(4).
- IMPLEMENTATION FIX: fix memory allocation in the PCI LANCE ethernet driver, le(4).
  ! A patch is available.
  [Applied to stable]
- In config(8) -e and -u, do not write out a new kernel if nothing changed.
- Numerous fat utmp(5) changes to utilities. *************** *** 238,244 ****
- USB sync.
- SECURITY FIX: fix some buffer overflows in named(8).
  ! A patch is available.
  [Applied to stable]
- Support Cheetah vaxes.
- Improve MAKEDEV(8) manual pages on many architectures. --- 242,248 ----
- USB sync.
- SECURITY FIX: fix some buffer overflows in named(8).
  ! A patch is available.
  [Applied to stable]
- Support Cheetah vaxes.
- Improve MAKEDEV(8) manual pages on many architectures. *************** *** 297,303 ****
- ipf 3.4.15
- Fix a vi(1) crash.
- SECURITY FIX: The rnd(4) device does not use all of its input when data is written to it.
  ! A patch is available.
  [Applied to stable]
- Fix C sequence point issues in dd(1), monop(6), tail(1), and rbootd(8).
- Fix previous inetd(8) fix. --- 301,307 ----
- ipf 3.4.15
- Fix a vi(1) crash.
- SECURITY FIX: The rnd(4) device does not use all of its input when data is written to it.
  ! A patch is available.
  [Applied to stable]
- Fix C sequence point issues in dd(1), monop(6), tail(1), and rbootd(8).
- Fix previous inetd(8) fix. *************** *** 437,450 ****
- Add support for ActivCard, CRYPTOCard, and SNK-004 authentication for the BSD authentication framework.
- In ksh(1), remain in non-blocking mode if the shell is not interactive.
- SECURITY FIX: xlock now authenticates via a pipe.
  ! A patch is available.
  [Applied to stable]
- IMPLEMENTATION FIX: PS/2 mouse driver, pms, lockup fix.
  ! A patch is available.
  [Applied to stable]
- Implement a workaround in atapiscsi(4) for buggy Toshiba drivers.
- SECURITY FIX: Fix holes in procfs(8).
  ! A patch is available.
  [Applied to stable]
- Put strlcat(3) and strlcpy(3) into libkern for kernel use.
- Fix setting of nwid for wi(4).
  --- 441,454 ----
- Add support for ActivCard, CRYPTOCard, and SNK-004 authentication for the BSD authentication framework.
- In ksh(1), remain in non-blocking mode if the shell is not interactive.
- SECURITY FIX: xlock now authenticates via a pipe.
  ! A patch is available.
  [Applied to stable]
- IMPLEMENTATION FIX: PS/2 mouse driver, pms, lockup fix.
  ! A patch is available.
  [Applied to stable]
- Implement a workaround in atapiscsi(4) for buggy Toshiba drivers.
- SECURITY FIX: Fix holes in procfs(8).
  ! A patch is available.
  [Applied to stable]
- Put strlcat(3) and strlcpy(3) into libkern for kernel use.
- Fix setting of nwid for wi(4).
  *************** *** 470,476 ****
- Add bytecounter statistics reporting to netstat(1).
- Instrument more random TCP sequence numbers.
- IMPLEMENTATION FIX: Compute crypto(9) session IDs correctly for kernel.
  ! A patch is available.
  [Applied to stable]
- In sshd(8), permit logins with read-only root filesystems if the tty already has sane modes set.
- Source port < 1024 is no longer required for rhosts-rsa in sshd(8). --- 474,480 ----
- Add bytecounter statistics reporting to netstat(1).
- Instrument more random TCP sequence numbers.
- IMPLEMENTATION FIX: Compute crypto(9) session IDs correctly for kernel.
  ! A patch is available.
  [Applied to stable]
- In sshd(8), permit logins with read-only root filesystems if the tty already has sane modes set.
- Source port < 1024 is no longer required for rhosts-rsa in sshd(8). *************** *** 528,544 ****
- Make pcap(3)-generated BPF filters work on the tun(4) interface.
- Import David Maziere's ssh-keyscan(1).
- SECURITY FIX: Fix buffer overflow in ftpd(8).
  ! A patch is available.
  [Applied to stable]
- IMPLEMENTATION FIX: Fix fastroute related panic.
  ! A patch is available.
  [Applied to stable]
- Teach OpenSSH about more version strings to improve interoperability.
- SECURITY FIX: Fix another security problem in the KerberosIV code.
  ! A patch is available.
  [Applied to stable]
- SECURITY FIX: Fix two security problems in the KerberosIV code.
  ! A patch is available.
  [Applied to stable]
- Permit ftpd(8) umask setting via both the command line and through a login class in login.conf(5).
- Prevent vlan(4) devices from emitting packets if the parent interface is not up and running. --- 532,548 ----
- Make pcap(3)-generated BPF filters work on the tun(4) interface.
- Import David Maziere's ssh-keyscan(1).
- SECURITY FIX: Fix buffer overflow in ftpd(8).
  ! A patch is available.
  [Applied to stable]
- IMPLEMENTATION FIX: Fix fastroute related panic.
  ! A patch is available.
  [Applied to stable]
- Teach OpenSSH about more version strings to improve interoperability.
- SECURITY FIX: Fix another security problem in the KerberosIV code.
  ! A patch is available.
  [Applied to stable]
- SECURITY FIX: Fix two security problems in the KerberosIV code.
  ! A patch is available.
  [Applied to stable]
- Permit ftpd(8) umask setting via both the command line and through a login class in login.conf(5).
- Prevent vlan(4) devices from emitting packets if the parent interface is not up and running. *************** *** 593,599 ****
- Add support for the Acenic Copper and Netgear GA620T Gigabit Ethernet cards.
- Prevent a type overflow in recno(3).
- IMPLEMENTATION FIX: Imac DV reports the VGA device improperly.
  ! A patch is available.
  [Applied to stable]
- Import BSD authentication mechanisms from BSDI BSD/OS.
- Implement pw_dup(3), a function which copies struct passwd. --- 597,603 ----
- Add support for the Acenic Copper and Netgear GA620T Gigabit Ethernet cards.
- Prevent a type overflow in recno(3).
- IMPLEMENTATION FIX: Imac DV reports the VGA device improperly.
  ! A patch is available.
  [Applied to stable]
- Import BSD authentication mechanisms from BSDI BSD/OS.
- Implement pw_dup(3), a function which copies struct passwd. *************** *** 621,627 ****
- Add a slew of devices to usbdevs(8).
- Do not use perror(3) in sshd(8) after forking a child.
- RELIABILITY FIX: The qec+qe ethernet cards should not generate NMIs.
  ! A patch is available.
  [Applied to stable]
- Add ifmedia(4) support to qec(4), among other improvements.
- Extra sanity checking in skeyinit(1). --- 625,631 ----
- Add a slew of devices to usbdevs(8).
- Do not use perror(3) in sshd(8) after forking a child.
- RELIABILITY FIX: The qec+qe ethernet cards should not generate NMIs.
  ! A patch is available.
  [Applied to stable]
- Add ifmedia(4) support to qec(4), among other improvements.
- Extra sanity checking in skeyinit(1). *************** *** 639,646 ****
- Avoid parsing options in ssh(1) if there is an RSA key mismatch.
- Various cleanups to ftpd(8).
- In many programs, sync usage() output with their respective man page SYNOPSIS. !
- RELIABILITY FIX: The ThunderLAN driver, tl(4), should not claim all interrupts.
  ! A patch is available.
  [Applied to stable]
- In pciide(4), do not map unsafe registers from controllers that require 16-bit I/O space.
- Import new pckbc(4), pckbd(4), vga(4), pcdisplay(4), and ega(4) drivers for wscons(4). --- 643,650 ----
- Avoid parsing options in ssh(1) if there is an RSA key mismatch.
- Various cleanups to ftpd(8).
- In many programs, sync usage() output with their respective man page SYNOPSIS. !
- RELIABILITY FIX: The ThunderLAN driver, tl(4), should not claim all interrupts.
  ! A patch is available.
  [Applied to stable]
- In pciide(4), do not map unsafe registers from controllers that require 16-bit I/O space.
- Import new pckbc(4), pckbd(4), vga(4), pcdisplay(4), and ega(4) drivers for wscons(4). *************** *** 651,659 ****
- Allow serial mice to work with moused(8) and XFree86 simultaneously.
- Repair an off-by-one error in ssh-agent(1).
- Convert some old drivers to the new timeout(9) interface. !
- RELIABILITY FIX: repair AES (rijndael) ! kernel support.
  ! A patch is available.
  [Applied to stable]
- Import PCI support for Alpha EB164 machines.
- Add bus_space_barrier macros for the powerpc. --- 655,662 ----
- Allow serial mice to work with moused(8) and XFree86 simultaneously.
- Repair an off-by-one error in ssh-agent(1).
- Convert some old drivers to the new timeout(9) interface. !
- RELIABILITY FIX: repair AES (rijndael) kernel support.
  ! A patch is available.
  [Applied to stable]
- Import PCI support for Alpha EB164 machines.
- Add bus_space_barrier macros for the powerpc. *************** *** 663,670 ****
- Crank maximum mbuf size in ppp(8) in order to handle full-sized HDLC frames.
- Improve handling of IPv6 Node Information Query packets for better specification conformance.
- Fix a panic induced by assigning lo0 an IPv6 alias. !
- IMPLEMENTATION FIX: In sshd(8), fix skey support in SSH1 protocol.
  ! A patch is available.
  [Applied to stable]
- Deprecate pltime=0 in ifconfig(8).
- Modifications to the ktrace(2) interface to reduce redundancy. --- 666,673 ----
- Crank maximum mbuf size in ppp(8) in order to handle full-sized HDLC frames.
- Improve handling of IPv6 Node Information Query packets for better specification conformance.
- Fix a panic induced by assigning lo0 an IPv6 alias. !
- IMPLEMENTATION FIX: In sshd(8), fix skey support in SSH1 protocol.
  ! A patch is available.
  [Applied to stable]
- Deprecate pltime=0 in ifconfig(8).
- Modifications to the ktrace(2) interface to reduce redundancy. *************** *** 699,705 **** [Applied to stable]
- Add pcibios(4) interrupt setup support for AMD750 chipset.
- RELIABILITY FIX: In sparc zs(4), when using serial console, the interrupt routine was unable to distinguish it's own interrupts.
  ! A patch is available.
  [Applied to stable]
- Generate new hashkey every time a bridge(4) is brought up.
- Change bridge(4) code to use lower spl. --- 702,708 ---- [Applied to stable]
- Add pcibios(4) interrupt setup support for AMD750 chipset.
- RELIABILITY FIX: In sparc zs(4), when using serial console, the interrupt routine was unable to distinguish it's own interrupts.
  ! A patch is available.
  [Applied to stable]
- Generate new hashkey every time a bridge(4) is brought up.
- Change bridge(4) code to use lower spl. *************** *** 741,747 ****
  www@openbsd.org !
  $OpenBSD: plus.html,v 1.755 2001/04/18 01:08:46 jason Exp $ --- 744,750 ----
  www@openbsd.org !
  $OpenBSD: plus.html,v 1.756 2001/04/23 23:03:31 jason Exp $