===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.755
retrieving revision 1.756
diff -c -r1.755 -r1.756
*** www/plus.html 2001/04/18 01:08:46 1.755
--- www/plus.html 2001/04/23 23:03:31 1.756
***************
*** 48,64 ****
We are working on OpenBSD-current.
! - Fix ipf fragment caching bug.
[Applied to stable]
- SECURITY FIX: Fix buffer overflows contained in glob(3) function.
! A patch is available.
[Applied to stable]
- Check for short packets and bad types sent to timed(8).
[Applied to stable]
- OpenSSH 2.5.2 released.
[Applied to stable]
- SECURITY FIX: Be careful with file permissions in readline library
! A patch is available.
[Applied to stable]
- Make buffer size 8k on NE1000, and 16k otherwise for
ne.
--- 48,68 ----
We are working on OpenBSD-current.
! - Avoid DoS attack in ftpd using glob patch.
! A patch is available.
[Applied to stable]
+ - Fix ipf fragment caching bug.
+ A patch is available.
+ [Applied to stable]
- SECURITY FIX: Fix buffer overflows contained in glob(3) function.
! A patch is available.
[Applied to stable]
- Check for short packets and bad types sent to timed(8).
[Applied to stable]
- OpenSSH 2.5.2 released.
[Applied to stable]
- SECURITY FIX: Be careful with file permissions in readline library
! A patch is available.
[Applied to stable]
- Make buffer size 8k on NE1000, and 16k otherwise for
ne.
***************
*** 66,83 ****
- Move bogus packet length test in udp packets to avoid being stuck at splsoftnet.
[Applied to stable]
- SECURITY FIX: for ipsec(4), handle AH packets with IP options more strictly.
! A patch is available.
[Applied to stable]
- SECURITY FIX: on i386, check arguments to USER_LDT (not enabled by default) mappings.
! A patch is available.
[Applied to stable]
- SECURITY FIX: update to sudo-1.6.3p6 which fixes a buffer overflow on very long argv components.
! A patch is available.
[Applied to stable]
- OpenSSH 2.5.1 released.
[Applied to stable]
- IMPLEMENTATION FIX: fix port number computation in libwrap client side ident implementation.
! A patch is available.
[Applied to stable]
- Disable bogus file check in cvs(1).
[Applied to stable]
--- 70,87 ----
- Move bogus packet length test in udp packets to avoid being stuck at splsoftnet.
[Applied to stable]
- SECURITY FIX: for ipsec(4), handle AH packets with IP options more strictly.
! A patch is available.
[Applied to stable]
- SECURITY FIX: on i386, check arguments to USER_LDT (not enabled by default) mappings.
! A patch is available.
[Applied to stable]
- SECURITY FIX: update to sudo-1.6.3p6 which fixes a buffer overflow on very long argv components.
! A patch is available.
[Applied to stable]
- OpenSSH 2.5.1 released.
[Applied to stable]
- IMPLEMENTATION FIX: fix port number computation in libwrap client side ident implementation.
! A patch is available.
[Applied to stable]
- Disable bogus file check in cvs(1).
[Applied to stable]
***************
*** 201,207 ****
- If a pccbb(4) bridge does not have the right voltages, assume it is dead. Permits single connector adapters to work.
- Fix some bugs in the bridge(4), especially regarding gif(4).
- IMPLEMENTATION FIX: fix memory allocation in the PCI LANCE ethernet driver, le(4).
! A patch is available.
[Applied to stable]
- In config(8) -e and -u, do not write out a new kernel if nothing changed.
- Numerous fat utmp(5) changes to utilities.
--- 205,211 ----
- If a pccbb(4) bridge does not have the right voltages, assume it is dead. Permits single connector adapters to work.
- Fix some bugs in the bridge(4), especially regarding gif(4).
- IMPLEMENTATION FIX: fix memory allocation in the PCI LANCE ethernet driver, le(4).
! A patch is available.
[Applied to stable]
- In config(8) -e and -u, do not write out a new kernel if nothing changed.
- Numerous fat utmp(5) changes to utilities.
***************
*** 238,244 ****
- USB sync.
- SECURITY FIX: fix some buffer overflows in named(8).
! A patch is available.
[Applied to stable]
- Support Cheetah vaxes.
- Improve MAKEDEV(8) manual pages on many architectures.
--- 242,248 ----
- USB sync.
- SECURITY FIX: fix some buffer overflows in named(8).
! A patch is available.
[Applied to stable]
- Support Cheetah vaxes.
- Improve MAKEDEV(8) manual pages on many architectures.
***************
*** 297,303 ****
- ipf 3.4.15
- Fix a vi(1) crash.
- SECURITY FIX: The rnd(4) device does not use all of its input when data is written to it.
! A patch is available.
[Applied to stable]
- Fix C sequence point issues in dd(1), monop(6), tail(1), and rbootd(8).
- Fix previous inetd(8) fix.
--- 301,307 ----
- ipf 3.4.15
- Fix a vi(1) crash.
- SECURITY FIX: The rnd(4) device does not use all of its input when data is written to it.
! A patch is available.
[Applied to stable]
- Fix C sequence point issues in dd(1), monop(6), tail(1), and rbootd(8).
- Fix previous inetd(8) fix.
***************
*** 437,450 ****
- Add support for ActivCard, CRYPTOCard, and SNK-004 authentication for the BSD authentication framework.
- In ksh(1), remain in non-blocking mode if the shell is not interactive.
- SECURITY FIX: xlock now authenticates via a pipe.
! A patch is available.
[Applied to stable]
- IMPLEMENTATION FIX: PS/2 mouse driver, pms, lockup fix.
! A patch is available.
[Applied to stable]
- Implement a workaround in atapiscsi(4) for buggy Toshiba drivers.
- SECURITY FIX: Fix holes in procfs(8).
! A patch is available.
[Applied to stable]
- Put strlcat(3) and strlcpy(3) into libkern for kernel use.
- Fix setting of nwid for wi(4).
--- 441,454 ----
- Add support for ActivCard, CRYPTOCard, and SNK-004 authentication for the BSD authentication framework.
- In ksh(1), remain in non-blocking mode if the shell is not interactive.
- SECURITY FIX: xlock now authenticates via a pipe.
! A patch is available.
[Applied to stable]
- IMPLEMENTATION FIX: PS/2 mouse driver, pms, lockup fix.
! A patch is available.
[Applied to stable]
- Implement a workaround in atapiscsi(4) for buggy Toshiba drivers.
- SECURITY FIX: Fix holes in procfs(8).
! A patch is available.
[Applied to stable]
- Put strlcat(3) and strlcpy(3) into libkern for kernel use.
- Fix setting of nwid for wi(4).
***************
*** 470,476 ****
- Add bytecounter statistics reporting to netstat(1).
- Instrument more random TCP sequence numbers.
- IMPLEMENTATION FIX: Compute crypto(9) session IDs correctly for kernel.
! A patch is available.
[Applied to stable]
- In sshd(8), permit logins with read-only root filesystems if the tty already has sane modes set.
- Source port < 1024 is no longer required for rhosts-rsa in sshd(8).
--- 474,480 ----
- Add bytecounter statistics reporting to netstat(1).
- Instrument more random TCP sequence numbers.
- IMPLEMENTATION FIX: Compute crypto(9) session IDs correctly for kernel.
! A patch is available.
[Applied to stable]
- In sshd(8), permit logins with read-only root filesystems if the tty already has sane modes set.
- Source port < 1024 is no longer required for rhosts-rsa in sshd(8).
***************
*** 528,544 ****
- Make pcap(3)-generated BPF filters work on the tun(4) interface.
- Import David Maziere's ssh-keyscan(1).
- SECURITY FIX: Fix buffer overflow in ftpd(8).
! A patch is available.
[Applied to stable]
- IMPLEMENTATION FIX: Fix fastroute related panic.
! A patch is available.
[Applied to stable]
- Teach OpenSSH about more version strings to improve interoperability.
- SECURITY FIX: Fix another security problem in the KerberosIV code.
! A patch is available.
[Applied to stable]
- SECURITY FIX: Fix two security problems in the KerberosIV code.
! A patch is available.
[Applied to stable]
- Permit ftpd(8) umask setting via both the command line and through a login class in login.conf(5).
- Prevent vlan(4) devices from emitting packets if the parent interface is not up and running.
--- 532,548 ----
- Make pcap(3)-generated BPF filters work on the tun(4) interface.
- Import David Maziere's ssh-keyscan(1).
- SECURITY FIX: Fix buffer overflow in ftpd(8).
! A patch is available.
[Applied to stable]
- IMPLEMENTATION FIX: Fix fastroute related panic.
! A patch is available.
[Applied to stable]
- Teach OpenSSH about more version strings to improve interoperability.
- SECURITY FIX: Fix another security problem in the KerberosIV code.
! A patch is available.
[Applied to stable]
- SECURITY FIX: Fix two security problems in the KerberosIV code.
! A patch is available.
[Applied to stable]
- Permit ftpd(8) umask setting via both the command line and through a login class in login.conf(5).
- Prevent vlan(4) devices from emitting packets if the parent interface is not up and running.
***************
*** 593,599 ****
- Add support for the Acenic Copper and Netgear GA620T Gigabit Ethernet cards.
- Prevent a type overflow in recno(3).
- IMPLEMENTATION FIX: Imac DV reports the VGA device improperly.
! A patch is available.
[Applied to stable]
- Import BSD authentication mechanisms from BSDI BSD/OS.
- Implement pw_dup(3), a function which copies struct passwd.
--- 597,603 ----
- Add support for the Acenic Copper and Netgear GA620T Gigabit Ethernet cards.
- Prevent a type overflow in recno(3).
- IMPLEMENTATION FIX: Imac DV reports the VGA device improperly.
! A patch is available.
[Applied to stable]
- Import BSD authentication mechanisms from BSDI BSD/OS.
- Implement pw_dup(3), a function which copies struct passwd.
***************
*** 621,627 ****
- Add a slew of devices to usbdevs(8).
- Do not use perror(3) in sshd(8) after forking a child.
- RELIABILITY FIX: The qec+qe ethernet cards should not generate NMIs.
! A patch is available.
[Applied to stable]
- Add ifmedia(4) support to qec(4), among other improvements.
- Extra sanity checking in skeyinit(1).
--- 625,631 ----
- Add a slew of devices to usbdevs(8).
- Do not use perror(3) in sshd(8) after forking a child.
- RELIABILITY FIX: The qec+qe ethernet cards should not generate NMIs.
! A patch is available.
[Applied to stable]
- Add ifmedia(4) support to qec(4), among other improvements.
- Extra sanity checking in skeyinit(1).
***************
*** 639,646 ****
- Avoid parsing options in ssh(1) if there is an RSA key mismatch.
- Various cleanups to ftpd(8).
- In many programs, sync usage() output with their respective man page SYNOPSIS.
!
- RELIABILITY FIX: The ThunderLAN driver, tl(4), should not claim all interrupts.
! A patch is available.
[Applied to stable]
- In pciide(4), do not map unsafe registers from controllers that require 16-bit I/O space.
- Import new pckbc(4), pckbd(4), vga(4), pcdisplay(4), and ega(4) drivers for wscons(4).
--- 643,650 ----
- Avoid parsing options in ssh(1) if there is an RSA key mismatch.
- Various cleanups to ftpd(8).
- In many programs, sync usage() output with their respective man page SYNOPSIS.
!
- RELIABILITY FIX: The ThunderLAN driver, tl(4), should not claim all interrupts.
! A patch is available.
[Applied to stable]
- In pciide(4), do not map unsafe registers from controllers that require 16-bit I/O space.
- Import new pckbc(4), pckbd(4), vga(4), pcdisplay(4), and ega(4) drivers for wscons(4).
***************
*** 651,659 ****
- Allow serial mice to work with moused(8) and XFree86 simultaneously.
- Repair an off-by-one error in ssh-agent(1).
- Convert some old drivers to the new timeout(9) interface.
!
- RELIABILITY FIX: repair AES (rijndael)
! kernel support.
! A patch is available.
[Applied to stable]
- Import PCI support for Alpha EB164 machines.
- Add bus_space_barrier macros for the powerpc.
--- 655,662 ----
- Allow serial mice to work with moused(8) and XFree86 simultaneously.
- Repair an off-by-one error in ssh-agent(1).
- Convert some old drivers to the new timeout(9) interface.
!
- RELIABILITY FIX: repair AES (rijndael) kernel support.
! A patch is available.
[Applied to stable]
- Import PCI support for Alpha EB164 machines.
- Add bus_space_barrier macros for the powerpc.
***************
*** 663,670 ****
- Crank maximum mbuf size in ppp(8) in order to handle full-sized HDLC frames.
- Improve handling of IPv6 Node Information Query packets for better specification conformance.
- Fix a panic induced by assigning lo0 an IPv6 alias.
!
- IMPLEMENTATION FIX: In sshd(8), fix skey support in SSH1 protocol.
! A patch is available.
[Applied to stable]
- Deprecate pltime=0 in ifconfig(8).
- Modifications to the ktrace(2) interface to reduce redundancy.
--- 666,673 ----
- Crank maximum mbuf size in ppp(8) in order to handle full-sized HDLC frames.
- Improve handling of IPv6 Node Information Query packets for better specification conformance.
- Fix a panic induced by assigning lo0 an IPv6 alias.
!
- IMPLEMENTATION FIX: In sshd(8), fix skey support in SSH1 protocol.
! A patch is available.
[Applied to stable]
- Deprecate pltime=0 in ifconfig(8).
- Modifications to the ktrace(2) interface to reduce redundancy.
***************
*** 699,705 ****
[Applied to stable]
- Add pcibios(4) interrupt setup support for AMD750 chipset.
- RELIABILITY FIX: In sparc zs(4), when using serial console, the interrupt routine was unable to distinguish it's own interrupts.
! A patch is available.
[Applied to stable]
- Generate new hashkey every time a bridge(4) is brought up.
- Change bridge(4) code to use lower spl.
--- 702,708 ----
[Applied to stable]
- Add pcibios(4) interrupt setup support for AMD750 chipset.
- RELIABILITY FIX: In sparc zs(4), when using serial console, the interrupt routine was unable to distinguish it's own interrupts.
! A patch is available.
[Applied to stable]
- Generate new hashkey every time a bridge(4) is brought up.
- Change bridge(4) code to use lower spl.
***************
*** 741,747 ****
www@openbsd.org
!
$OpenBSD: plus.html,v 1.755 2001/04/18 01:08:46 jason Exp $