===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.796
retrieving revision 1.797
diff -c -r1.796 -r1.797
*** www/plus.html 2001/08/30 05:40:04 1.796
--- www/plus.html 2001/09/04 01:59:07 1.797
***************
*** 53,70 ****
We are working on OpenBSD-current.
- SECURITY FIX: fix buffer overflow reading queue file in lpd.
A source code patch is available.
[Applied to stable]
! - ...
- SECURITY FIX: fix out of bounds handling in sendmail debug handling
A source code patch is available.
[Applied to stable]
! - ...
- SECURITY FIX: check filehandle size copied from userland
A source code patch is available.
[Applied to stable]
! - ...
- Promote PMAP_NEW option to mandatory status.
- In the netinet subsystem, zero the TCP checksum field before calculating the new value; fixes problem with bad checksums on keepalives.
- Use 64-bit integers for some ipcomp byte counts, fixing strange results with netstat(1).
--- 53,161 ----
We are working on OpenBSD-current.
+ - New src compilation target: cross-env; prints all environment variables that need to be set for cross-building.
+
- Import usbhidctl(1), a userland program to manipulate USB HID devices.
+
- Import usb(3) library libusb for USB HID processing.
+
- Rename powerpc port to macppc, allowing for code sharing between different powerpc-based platforms.
+
- Inherit vlan(4) baudrate from parent.
+
- Various lpd(8) improvements and fixes.
- SECURITY FIX: fix buffer overflow reading queue file in lpd.
A source code patch is available.
[Applied to stable]
! - Plug memory leak in scp(1) and rcp(1).
!
- Avoid segfault in dhclient(8) when the server specifies its name.
!
- Support the ! operator in host paramater lists in pfctl(8).
!
- Send a reset request for every packet recieved by ppp(8) when the encryption dictionaries are out of sync.
!
- Make pf(4) support ISN randomization (aka. phase modulation).
!
- Store argc as a long on the stack as opposed to an int.
!
- Switch rijndael code to the optimized AES reference release.
!
- Have isakmpd(8) send DELETE notifications for all active SAs when shutting down.
!
- In sudo(8), apply default login class if unable to look one up.
!
- Support macro expansion in pf.conf(5).
!
- Work some magic on the installation scripts for floppies, shrinking them.
!
- Correct the setup of the initial tcp(4) state window in pf(4).
!
- Import pflogd(8), logging daemon that writes pf(4) logs in tcpdump(8) binary format.
- SECURITY FIX: fix out of bounds handling in sendmail debug handling
A source code patch is available.
[Applied to stable]
! - Repair ppp(8)'s iface-alias option.
!
- Fix rule flushing code in bridge(4) devices.
!
- Support ip6(4) in ppp(8); crude IPV6CP support; many other smaller changes.
!
- Enhance file-change detection in vipw(8) and crontab(1).
!
- Add per-rule statistics and byte counter to pf(4).
!
- Don't reset xl(1)'s Rx/Tx without first turning them back on after a suspend.
!
- Support paramater lists in pfctl(8).
!
- Be sure to pass the interface to ipip_input() in the net subsystem so it can be used in bpf(4).
!
- Import ftp-proxy(8), a transparent ftp proxy.
!
- Loosen tcp(4) state code in pf(4), allowing "stupid stacks to shotgun their SYNs and provide better handling for pre-existing connections".
!
- Initial import of sparc64 port; much subsequent development, too much to list.
!
- Add the possibility to add a random offset to the stack on exec(3).
!
- Make the siop(4) driver pay attention to quirks table, eliminating INQUIRY snooping and ifdef toggling.
!
- New -s switch for pwd_mkdb(8) to only update the secure .db file.
!
- -e switch for nm(1) to show extra symbol information.
!
- Delay locking the passwd file until we have gotten a new password from the user. Also play with the file locking routine.
!
- Attempt to recover from PCI aborts in the hifn(4) driver.
!
- Import keyconv, a small utility to convert between openssl(1) and DNSSEC key formats.
!
- Support trusted public RSA keys as files in isakmpd(8).
!
- Fix lengths for PFKEYv2 and KAME messages in IPv4-in-IPv6 and IPv6-in-IPv4 flows.
!
- Import popa3d(8), Solar Designer's POP3 daemon.
!
- The valiant vm_extern.h, vm_inherit.h, vm_map.h, and vm_pager.h files ride off into the sunset.
!
- pf(4) support for icmp(4) errors referring to icmp(4) queries/replies.
!
- Allow file flags in mtree(8).
!
- Don't compare the source address on packets to the one in SA when doing ipsec(4) processing.
!
- Repair rijndael block alignment.
!
- Unshare sigaction(2) signal handlers on exec(3).
!
- Merge altq(9) options into just "altq" for base + red + cbq, and enable it by default.
!
- Support the -h flag for ln(1) that prevents following a symlink to a directory.
!
- Many new timeouts for a wide variety of devices.
!
- Remove the IPCOMP option as it's now part of the IPSEC option.
!
- Rewrite signal(3) handlers in altqd(8) to be race-safe.
!
- Add support for RC4 operations in the hifn(4) driver.
!
- Don't free(3) unallocated memory in mailwrapper(8).
!
- Change tsleep(9) into an ltsleep wrapper. ltsleep takes one more argument than tsleep(9), a simplelock that it unlocks when safe.
!
- Let kerberosV compile entirely on platforms without shared libraries.
!
- Avoid /tmp race in rcs2log by using mktemp(1).
!
- Tweak timekeeping code in dd(1) to produce a sane bandwidth measure for a short runs.
!
- Enable the ESP and AH ipsec(4) protocols by default.
!
- Make kernel crash(8) dumps work under mvme68k.
!
- No longer drop packets when using an ACQUIRE policy and an error occurs when notifying key management.
!
- New getrrsetbyname(3) function to retrieve arbitrary DNS records.
!
- Support protocol version 2 in ssh-keyscan(1).
!
- Move xdm(1)'s PID file from xdm-pid to xdm.pid in /var/run, maintaining consistancy.
!
- Delay decision to make a new hash(3) table or not until after calling open(2), clearing up problems with file locking.
!
- vlan(4) changes: utilize IFCAP_VLAN_MTU and IFCAP_VLAN_HWTAGGING capabilities; LINK0 and MTU ambiguity are no more; MTU's can only be changed within the scope of the parent's MTU.
!
- Repair non-blocking mode issues in syslogd(8), avoiding grief with locked terminals.
!
- Make all cases of .Sh AUTHOR and .Sh EXAMPLE plural in manual pages.
!
- New sysctl(3) nkmempages that reports how many pages are in kmem_map.
!
- Support stateless tcp(4) normalization in pf(4).
!
- Import x99token(1), a software x99 token calculator.
!
- Add support for EDNS0 extended flag DNSSEC OK to the resolver(3) routines.
!
- Don't send a NUL on the end of CHAP SUCCESS packets in ppp(8) so that WindowsME and Windows98 won't mysteriously fail when encryption is enabled.
!
- Allocate uvm(9) page buckets from kernel_map, saving kmem_map space on machines with lots of physical memory.
!
- In ppp(8), compensate for a Windows 98 bug when sending a CHAP81 challenge response.
!
- Support the SmartcardDevice option in ssh(1) to specify which smartcard device to use.
!
- Step down only one Ultra DMA mode at a time when downgrading.
!
- On DMA timeouts, stop busmaster PCIIDE and reset channel.
!
- Don't malloc(3) too much and choke in ELF execution.
!
- Support rule skipping in pf(4).
!
- Allow negative lock length with lockf(3), making it compliant to specification.
!
- In top(1), abort if stdout(4) ever produces EOF; prevents spinning output if controlling tty disappears.
!
- Implement startup and shutdown hooks via dohooks(9) and family.
- SECURITY FIX: check filehandle size copied from userland
A source code patch is available.
[Applied to stable]
! - Nuke edlabel.
!
- Add support for disabling swap devices via swapctl(8)'s -d option.
!
- Support sshd(8) configuration file and key testing via the -t option.
!
- Change vop_symlink and vop_mknod so that they return the created node in a way that the caller can actually utilize it.
!
- Use vfork(2) safely in sup(1).
!
- New flag PMAP_CANFAIL that tells pmap_enter that it can fail if there aren't enough resources instead of panicing.
!
- Make non-stateful and stateful pf(4) filtering work on bridge(4) devices.
!
- Initialize arpcom later; it could be incorrectly initialized if done before bridge_input().
!
- Enable challenge-response authentication by default in ssh(1).
!
- Fix/complete pf(4) binary operators.
!
- Repair signal race in m4(1).
!
- Ensure make(1) doesn't dump core when reporting open conditionals.
- Promote PMAP_NEW option to mandatory status.
- In the netinet subsystem, zero the TCP checksum field before calculating the new value; fixes problem with bad checksums on keepalives.
- Use 64-bit integers for some ipcomp byte counts, fixing strange results with netstat(1).
***************
*** 444,450 ****
www@openbsd.org
!
$OpenBSD: plus.html,v 1.796 2001/08/30 05:40:04 jason Exp $