===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.830
retrieving revision 1.831
diff -c -r1.830 -r1.831
*** www/plus.html 2002/07/02 01:20:25 1.830
--- www/plus.html 2002/07/05 23:32:44 1.831
***************
*** 46,85 ****
-
! The following list sums up (almost) all the changes made up to May 24th.
-t
key lifetime option to ssh-add(1).
/etc/inetd.conf
instead of 'localhost' to avoid DNS lookups.
-x
and -X
options to respectively lock and unlock ssh-agent(1).
getpid()
, getuid()
and getgid()
under Linux emulation.
! /dev/log
, it now waits a millisecond and retries.
[gs]etprogname()
from KerberosV.
-a <bind_address>
option to ssh-agent(1) so user can specify the agent's UNIX domain socket.
! The following list sums up (almost) all the changes made up to July 5.
loginterface
feature to be disabled.
+ volatile sig_atomic_t
.
+ distrib/notes
about the danger of skipping several versions when upgrading.
+ IP_PORTTANGE_HIGH
for active mode data channel of ftp(1).
+ LocalId
is too long.
+ SPL NOT LOWERED
' errors from the ami(4) RAID controller.
+ setuid(root)
toys back, but only work at all if HostbasedAuthentication
is globally disabled.
+ RAMDISK
kernel until new ahc(4) un-bloats itself.
+ debug_malloc()
aren't ever executed, so don't use VM_PROT_ALL
.
+ Compression
options
+ -X
' for some X
, instead of misinterpreting them as options to encrypt(1).
+ setuid(root)
from ssh-keysign(8), disabling it for now.
+ /etc/localtime
isn't needed after the chroot(2).
+ strtou?q()
into strtou?ll()
. Use weak aliases if available (wrappers otherwise) to fake strtou?q()
.
+ root
from inetd(8) again, but go to nobody
's jail at startup.
+ cgetclose()
entry in getcap(3) manpage.
+ 224/4
route.
+ /dev/wsmouse
instead of /dev/wsmouse0
by default.
+ bzero()
fix in sys/netinet/tcp_input.c
from -current into 3.0-stable.
+ uid_t
and gid_t
signedness fixes.
+ setsid()
when run from inetd(8).
+ pserver
talk IPv6.
+ sshd?_config(5)
manpage.
+ nell
driver on Solaris.)
+ setgid(kmem)
was not enough, remove trsp(8) altogether.
+ x
' for systrace(4)'d processes.
+ setgid(kmem)
privileges.
+ pccons
driver from i386, also the associated XSERVER
option from the kernel.
+ setgid(kmem)
from the enormously useful trsp(8).
! option CAPS_IS_CONTROL
.
! command never completed!
' warnings.
! eui64
option to ifconfig(8) for configuring the IPv6 interface index.
! pid_t
cleanup in /usr/bin
.
! <sys/hash.h>
.
! scrub(fragcache)
syntax in favour of the fragment ...
option in scrub
rules.
! mmap()
.
! splassert()
s.
! euid==0
even if it is installed setuid(root)
.
! distrib/miniroot
.
! -s state
print UDP and 'other' states nicely.
! scrub(fragcache) ...
syntax for pf(4).
! PACKET_TAG_PF_FRAGCACHE
to stop pf(4) misdetecting duplicate fragments.
! RhostsAuthentication
and RhostsRSAAuthentication
to 'no' now that ssh(1) is now longer setuid(root)
by default.
! -t 1h
'.
! __weak_alias()
for mvme88k.
! /dev
.
! rdr
rules.
! \n
's from syslog(3) and err(3) calls.
! KERN_{NFILES,TTYCOUNT,NUMVNODES,MBSTAT}
sysctl(3) entries.
! setgid(operator)
from df(1).
! setuid(kmem)
from ps(1) and w(1) now kvm can use sysctl for some stuff. We don't need no proc
filesystem...
! /etc/myname
.
! splsoftnet()
(instead of splnet()
) in IPv6 code.
! lo0
now only gets ::1
when it's brought up.
! libc
for powerpc, sparc and alpha (already enabled on i386.)
! splusb()
to prevent USB initialisation lossage.
! scp
command.
! FallbackToRsh
from scp(1) as well.
! var += ...
) macro concatenation to pfctl(8), then remove it again.
! FallbackToRsh
and UseRsh
options in ssh(1).
! DIAGNOSTIC
block from softdep kernel code.
! setuid(root)
to setgid(daemon)
. Connections can come from unprivileged ports for now.
! gem
instead of gm
.
! return-rst
.
! pf
. Add an mbuf_tag(9) to stop loops forming.
! $srcaddr
, $srcport
, $dstaddr
, $dstport
, $proto
and $nr
(rule number) can now be used in pfctl(8) rule labels.
! return-rst
look the same, to frustrate the nmap crowd.
! is_ipv6()
.
! net.inet6.ip6.v6only
sysctl(8) flag.
! ikecfg
as a valid flag in isakmpd.conf(5). Start coding SET/ACK mode support.
! bzero()
in sys/netinet/tcp_input.c
to fix link-local TCP.
! [gs]etprogname()
from KerberosIV
! libcsu
change from NetBSD to allow dlopen(3) to be used much earlier.
-t
key lifetime option to ssh-add(1).
/etc/inetd.conf
instead of 'localhost' to avoid DNS lookups.
-x
and -X
options to respectively lock and unlock ssh-agent(1).
getpid()
, getuid()
and getgid()
under Linux emulation.
! /dev/log
, it now waits a millisecond and retries.
[gs]etprogname()
from KerberosV.
-a <bind_address>
option to ssh-agent(1) so user can specify the agent's UNIX domain socket.
pfctl -s all
' now prints labels as well.
volatile
to sig_atomic_t
. Stand well back.
struct sockaddr
are cleared before use.
! fd_set
overrun in rtsold(8).
/etc/ptmp
deletion bug that occurred if rmuser(8) was aborted.
games
.
--- 351,374 ----
pfctl -s all
' now prints labels as well.
volatile
to sig_atomic_t
. Stand well back.
PMAP_CANFAIL
flag for m68k pmap.
struct sockaddr
are cleared before use.
! fd_set
overruns in rtsold(8), route6d(8) and rtadvd(8).
/etc/ptmp
deletion bug that occurred if rmuser(8) was aborted.
games
.
***************
*** 124,135 ****
netcat
.
! /usr/sbin/authpf
before running authpf(8) to prevent $SSH_CLIENT shenanigans.
-[46]
options to ftp(1).
! netcat
.
! /usr/sbin/authpf
before running authpf(8) to prevent $SSH_CLIENT
shenanigans.
-[46]
options to ftp(1).
! arc4random_8()
.
struct ifnet
now has an array of pointers to data for each address family. Move per-interface IPv6 state and neighbor discovery stuff here.
unsigned
-> unsigned int
cleanup.
pid_t
type cleanup.
arc4random_8()
.
struct ifnet
now has an array of pointers to data for each address family. Move per-interface IPv6 state and neighbor discovery stuff here.
unsigned
-> unsigned int
cleanup.
pid_t
type cleanup.