===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.846
retrieving revision 1.847
diff -c -r1.846 -r1.847
*** www/plus.html 2002/10/17 08:47:58 1.846
--- www/plus.html 2002/10/18 18:34:13 1.847
***************
*** 50,56 ****
--- 50,143 ----
We are working on OpenBSD-current.
+ The following list sums up (almost) all the changes made up to October 17.
+
+
+ - Improved media support and a boundary check fix for wi(4).
+
- Have route(8) correctly interpret -prefixlen 32 (or 128 for IPv6) network as a host route.
+
- Enable uvm_tree_sanity() check #ifdef DEBUG.
+
- Fix a potential null deref in route(8)'s arguments parser.
+
- Renumber ch(4) CHIO* ioctls. Old definitions renamed to OCHIO*, binary backwards compatibility will be left in intact until post-3.3.
+
- Teach kdump(1) to print AUDIO_* ioctls, and add a few missing syscall defines.
+
- Support fxp(4) on big-endian architectures.
+
- pf(4) allows protocols to be specified by a (valid) protocol number.
+
- Add a missing free() in pflogd(8).
+
+
- Treat manually- and auto-configured IPv6 address prefixes the same way.
+
- For positively POSIX reasons, implement isfdtype(3).
+
- Bring pax(1)'s date handling code back into sync with that in date(1). Four digit years parse now.
+
- Start to break out machine-dependent parts of MAKEDEV(8) into separate files.
+
- Send ksh.kshrc label() and ilable() output to /dev/tty insted of stdout, so command output streams doesn't get messed up.
+
- systrace(1) supports system call-granularity privilege elevation!
+
- Correct a typo in systrace(1) that was causing group predicates to be evaluated incorrectly.
+
- Range-check values given to atactl(8).
+
- Better mask comparision for pf(4) binat.
+
+
- Remove the setuid bit from login(1). If run with a non-root euid, it invokes su(1) with the new -L flag.
+
- Add '-L' flag to su(1) to make it work like login(1).
+
- Enable the META key in ksh(1) for 7-bit locales.
+
- Make sure some varargs end-of-list sentinel NULLs are pointer-width.
+
- Fix a subtle dangling pointer bug in BSD auth.
+
- Sync Brazil's Daylight Savings Time handling with new reality.
+ [Applied to stable]
+ - Stop makewhatis(8) grumbling about having Perl 5.8.x instead of 5.6.x.
+
+
- In the X server, work around problems caused by certain MTRR configurations whose details are only available under NDA.
+
- Kernel tweaks and hacks in preparation for GCC 3.x (kern/subr_prf.c)
+
- Some fixes in pool(9).
+
- pf(4) can now binat a whole netblock with one rule.
+
+
- Remove a potential null pointer deref in BSD authentication code.
+
- Fix a bad printf format string in ftpd(8). Non-critical because it's only ever fed by parts of the authentication system which sanitise the input first.
+
- Do some more unsigned checks to system call parameters, as with the setitimer(2) erratum.
+ [Applied to stable]
+
+ - Prepare the GNU floating-point emulation code on i386 for ELF.
+
+
- Update stable to OpenSSH 3.5.
+
- Catch some endianness nits and add zero-padding of keys in wi(4).
+
- Teach ALTQ CBQ the pf(4) API. The old API remains for now.
+
+
- Fix memory corruption that could cause panics in bridge(4)d systems with scrub enabled.
+
- Fix a bug in m_tag_copy_chain().
+
+
- Hush up noisy IPv6 neighbor discovery. Can be made loud again using sysctl net.inet6.icmp6.nd6_debug.
+
+
- In Sendmail, fix a potential bypass of smrsh(8) (see the Sendmail.org advisory.)
+
- Make predicates part of systrace(1)'s grammar.
+
+
- Start work on a merge of altq(9) and pf(4) functionality. Oh yes.
+
- Add a missing htons() in talkd(8).
+
- In pmdb, fix a crash that occurred when an attempt to set a breakpoint failed.
+
- Support SA_RESETHAND support to libc_r, in preparation for SA_SIGINFO support.
+
- Merge in Apache 1.3.27 and mod_ssl 2.8.11.
+
- New block-policy option to set the default response to a block rule.
+
- More rulebase reduction: "block return ..." now does The Right Thing, RST for TCP, ICMP for UDP, silent block otherwise.
+
- pf(4) support for icmpv6 returns in response to block rules.
+
- New route-to rule option for pf(4), works like route-to but applies to 'reply' packets in a stateful connection.
+
- httpd(8) restarts work even when srm.conf is not present.
+
- Have the X server complain less about unknown scancodes.
+
+
- Initialise the uvm_pglistalloc result list in the function, instead of requiring the caller to do it.
+
- syslog(3) and syslog_r(3) now take the new __syslog__ format attribute.
+
- Make the default httpd(8) config files use php4 instead of php3.
+
+
- pfctl(8) expands lists left-to-right instead of right-to-left.
+
- Teach pf(4) how to filter on the IP TOS field.
+
+
- Fix list handling problem in ALTQ CBQ that showed up with three or more CBQ instances.
+
- smtpd(8) has left the building.
+
- By default, add the -H option to the sort(1) invoked by locate.updatedb(8).
+
- Give window(1) the stdarg treatment.
+
- When routing via pf(4), use the outgoing interface as decided by the normal routing code, not the interface to which the rule applies.
+
- Fix cross-site scripting vulnerability (CAN-2002-0840) in the default error page of httpd(8). Only applies under specific (and non-OpenBSD default) conditions.
+
+
- In kernel IP processing, block interrupts with splsoftnet(9) around interface address routing table manipulations.
+
- Make sure wi(4) doesn't accept out-of-range TX keys.
+
- Stop ami(4) matching I2O-configured devices.
+
- 3.2 -> 3.2-current.
+
***************
*** 82,88 ****
www@openbsd.org
!
$OpenBSD: plus.html,v 1.846 2002/10/17 08:47:58 deraadt Exp $