=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v retrieving revision 1.834 retrieving revision 1.835 diff -c -r1.834 -r1.835 *** www/plus.html 2002/07/17 02:37:44 1.834 --- www/plus.html 2002/07/22 21:58:12 1.835 *************** *** 149,155 ****

Add a number of resource limits to ssh(1).

Increase i386 kvm size to 768M.

The list of great Theo quotes for mg(1) continues to grow. -

Note: Resolver fix applied to 2.9-STABLE, 3.0-STABLE and 3.1-STABLE.

SECURITY FIX: A potential buffer overflow in the DNS resolver has been found.
A source code patch is available.
[Applied to stable] --- 149,154 ---- *************** *** 160,166 ****

Skip routing table lookup when {broad,multi}casting and the outgoing interface is set using setsockopt(2). Removes the need for a 224/4 route.

Make X use /dev/wsmouse instead of /dev/wsmouse0 by default.

Add some m68k opcode aliases for GNU as(1) from recent binutils. -

Pull the bzero() fix in sys/netinet/tcp_input.c from -current into 3.0-stable.

Fix the FTP relay in faithd(8).

Fix wi(4) reassociation after an AP reboot.

SECURITY FIX: A buffer overflow can --- 159,164 ---- *************** *** 377,385 ****

Add volatile to sig_atomic_t. Stand well back.

Use rasops instead of rcons in cgthree(4/SPARC) and cgsix(4/SPARC).

Simplify IPv6 link MTU code. -

Stop maintaining 2.9-stable. -

Bump 2.9-stable to OpenSSH version 3.2.3. -

Bump 3.0-stable to OpenSSH version 3.2.3.

Implement PMAP_CANFAIL flag for m68k pmap.

Enable console blanking on cgthree(4/SPARC).

Make sure some struct sockaddr are cleared before use. --- 375,380 ---- *************** *** 399,425 ****

Now that the Dungeon Master dm(1) has gone into well-earned retirement, make those games that need to save high scores, etc. run setgid games.

Per-socket ipsec(4) policies and options!

Stop a potential ipsec(4) DoS where an attacker could falsely advance the replay counter and so force valid traffic to be discarded. !

Add German keyboard map for Apple iBook.

On ELF platforms, allow gcc(1) to link Fortran code with other languages. !

Pull ldconfig(8) strlcpy() fix into -stable. !

Make sure every PCI interrupt is recorded, so ISA doesn't step on one of them later. !

Attach radio(4) devices properly.

Fix VIA8233 support in auvia(4).

Make nc(1) timeouts behave more like netcat.

Make sure user's shell is /usr/sbin/authpf before running authpf(8) to prevent $SSH_CLIENT shenanigans. !

In ssh, use OpenSSL's AES implementation instead of our own.

Add -[46] options to ftp(1).

Warn to syslog if IPv6 neighbor discovery tries to set the link MTU too small.

Make tip(1) query the driver with the user's baud rate setting rather than only accepting a compiled-in list. -

Better wscons(4) support for Sun type 5 keyboards.

Cleanup and small fixes to skeyaudit(1).

Fixes to fms(4).

Various fixes and enhancements to mg(1).

sshd(8) no longer starts in privilege-separated mode unless the PrivSep user sshd and chroot(2) dir /var/empty are both present. -

Recognise Intel 830 (laptop Celery support) and 312 southbridge.

Fix potential time overflow in dd(1).

Make bridge(4) refragment IP packets that are too large for the outgoing interface. !

Remove libdl, support is now in libc.

Recognise Nokia C110 and C111 PC cards as wi(4) devices.

Really sanitize ld.so(1)'s environment as promised in the manpage when running set[ug]id, and test for set[ug]id earlier.

Don't allow mktemp(3) to back up past the beginning of its input buffer. --- 394,417 ----

Now that the Dungeon Master dm(1) has gone into well-earned retirement, make those games that need to save high scores, etc. run setgid games.

Per-socket ipsec(4) policies and options!

Stop a potential ipsec(4) DoS where an attacker could falsely advance the replay counter and so force valid traffic to be discarded. !

Add German keyboard map for Apple laptops.

On ELF platforms, allow gcc(1) to link Fortran code with other languages. !

Make sure every PCI interrupt is recorded, so ISA doesn't step on one of them later. !

Better radio(4) devices attachment.

Fix VIA8233 support in auvia(4).

Make nc(1) timeouts behave more like netcat.

Make sure user's shell is /usr/sbin/authpf before running authpf(8) to prevent $SSH_CLIENT shenanigans. !

In ssh, use OpenSSL's AES implementation instead of our own.

Add -[46] options to ftp(1).

Warn to syslog if IPv6 neighbor discovery tries to set the link MTU too small.

Make tip(1) query the driver with the user's baud rate setting rather than only accepting a compiled-in list.

Cleanup and small fixes to skeyaudit(1).

Fixes to fms(4).

Various fixes and enhancements to mg(1).

sshd(8) no longer starts in privilege-separated mode unless the PrivSep user sshd and chroot(2) dir /var/empty are both present.

Fix potential time overflow in dd(1).

Make bridge(4) refragment IP packets that are too large for the outgoing interface. !

Remove libdl, support is in libc since a long time already.

Recognise Nokia C110 and C111 PC cards as wi(4) devices.

Really sanitize ld.so(1)'s environment as promised in the manpage when running set[ug]id, and test for set[ug]id earlier.

Don't allow mktemp(3) to back up past the beginning of its input buffer. *************** *** 428,435 ****

struct ifnet now has an array of pointers to data for each address family. Move per-interface IPv6 state and neighbor discovery stuff here.

netstat(1) cleanup.

ping6(8) and traceroute6(8) updates from KAME. !

unsigned -> unsigned int cleanup. !

pid_t type cleanup.

Fix big snprintf(3) parameter typo in strftime(3).

Don't use execlp(3) when invoking ssh-keysign(8). --- 420,429 ----

struct ifnet now has an array of pointers to data for each address family. Move per-interface IPv6 state and neighbor discovery stuff here.

netstat(1) cleanup.

ping6(8) and traceroute6(8) updates from KAME. !

unsigned -> unsigned int cleanup. !

Repair machdep.chipset sysctl on alpha. !

Audit pid_t type usage. !

Audit incorrect signal(2) usage.

Fix big snprintf(3) parameter typo in strftime(3).

Don't use execlp(3) when invoking ssh-keysign(8). *************** *** 438,456 ****

More IANA interface type values, including IFT_BRIDGE.

Split XFree86 bsd_video.c into architecture-specific files.

Add sysctl(8) toggle net.inet.icmp.tstamprepl (default: 1) for ICMP timestamp replies. !

Yet more safe string function fixes.

In XFree86 build, honour COPTS variable when building third-party apps.

Add LIBS option for crunchgen so custom libraries can be added to boot images.

Run rpc.rstatd(8) and rpc.rusersd(8) as user nobody (boo!) from inetd(8).

From ld.so(1), remove tests that have no license, and for the same reason replace parts of ld(1) and ldconfig(8).

Remove unnecessary instruction cache flushes on sparc64.

Many cleanups in ld.so(1). -

Fix disklabel(8) warnings on a SCSI - cd(4) with no data track. -

Allow incoming ssh(1) connections in the temporary pf(4) ruleset installed by /etc/rc, just in case the real rulebase fails to load later on.

Support mixed IPv4/IPv6 address lists in pfctl(8).

Add ssh-keysign(8).

Remove obsolete dm(8).

Hunt for biodone() calls not made at splbio() spl(9), and fix them.

Improve cd9660(8) filesystem read-ahead performance.

Support software brightness and backlight control on various macppc models. --- 432,453 ----