=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v retrieving revision 1.846 retrieving revision 1.847 diff -c -r1.846 -r1.847 *** www/plus.html 2002/10/17 08:47:58 1.846 --- www/plus.html 2002/10/18 18:34:13 1.847 *************** *** 50,56 **** --- 50,143 ----

We are working on OpenBSD-current.

+ The following list sums up (almost) all the changes made up to October 17. +

Improved media support and a boundary check fix for wi(4). +
Have route(8) correctly interpret -prefixlen 32 (or 128 for IPv6) network as a host route. +
Enable uvm_tree_sanity() check #ifdef DEBUG. +
Fix a potential null deref in route(8)'s arguments parser. +
Renumber ch(4) CHIO* ioctls. Old definitions renamed to OCHIO*, binary backwards compatibility will be left in intact until post-3.3. +
Teach kdump(1) to print AUDIO_* ioctls, and add a few missing syscall defines. +
Support fxp(4) on big-endian architectures. +
pf(4) allows protocols to be specified by a (valid) protocol number. +
Add a missing free() in pflogd(8). + +
Treat manually- and auto-configured IPv6 address prefixes the same way. +
For positively POSIX reasons, implement isfdtype(3). +
Bring pax(1)'s date handling code back into sync with that in date(1). Four digit years parse now. +
Start to break out machine-dependent parts of MAKEDEV(8) into separate files. +
Send ksh.kshrc label() and ilable() output to /dev/tty insted of stdout, so command output streams doesn't get messed up. +
systrace(1) supports system call-granularity privilege elevation! +
Correct a typo in systrace(1) that was causing group predicates to be evaluated incorrectly. +
Range-check values given to atactl(8). +
Better mask comparision for pf(4) binat. + +
Remove the setuid bit from login(1). If run with a non-root euid, it invokes su(1) with the new -L flag. +
Add '-L' flag to su(1) to make it work like login(1). +
Enable the META key in ksh(1) for 7-bit locales. +
Make sure some varargs end-of-list sentinel NULLs are pointer-width. +
Fix a subtle dangling pointer bug in BSD auth. +
Sync Brazil's Daylight Savings Time handling with new reality.
+ [Applied to stable] +
Stop makewhatis(8) grumbling about having Perl 5.8.x instead of 5.6.x. + +
In the X server, work around problems caused by certain MTRR configurations whose details are only available under NDA. +
Kernel tweaks and hacks in preparation for GCC 3.x (kern/subr_prf.c) +
Some fixes in pool(9). +
pf(4) can now binat a whole netblock with one rule. + +
Remove a potential null pointer deref in BSD authentication code. +
Fix a bad printf format string in ftpd(8). Non-critical because it's only ever fed by parts of the authentication system which sanitise the input first. +
Do some more unsigned checks to system call parameters, as with the setitimer(2) erratum.
+ [Applied to stable] + +
Prepare the GNU floating-point emulation code on i386 for ELF. + +
Update stable to OpenSSH 3.5. +
Catch some endianness nits and add zero-padding of keys in wi(4). +
Teach ALTQ CBQ the pf(4) API. The old API remains for now. + +
Fix memory corruption that could cause panics in bridge(4)d systems with scrub enabled. +
Fix a bug in m_tag_copy_chain(). + +
Hush up noisy IPv6 neighbor discovery. Can be made loud again using sysctl net.inet6.icmp6.nd6_debug. + +
In Sendmail, fix a potential bypass of smrsh(8) (see the Sendmail.org advisory.) +
Make predicates part of systrace(1)'s grammar. + +
Start work on a merge of altq(9) and pf(4) functionality. Oh yes. +
Add a missing htons() in talkd(8). +
In pmdb, fix a crash that occurred when an attempt to set a breakpoint failed. +
Support SA_RESETHAND support to libc_r, in preparation for SA_SIGINFO support. +
Merge in Apache 1.3.27 and mod_ssl 2.8.11. +
New block-policy option to set the default response to a block rule. +
More rulebase reduction: "block return ..." now does The Right Thing, RST for TCP, ICMP for UDP, silent block otherwise. +
pf(4) support for icmpv6 returns in response to block rules. +
New route-to rule option for pf(4), works like route-to but applies to 'reply' packets in a stateful connection. +
httpd(8) restarts work even when srm.conf is not present. +
Have the X server complain less about unknown scancodes. + +
Initialise the uvm_pglistalloc result list in the function, instead of requiring the caller to do it. +
syslog(3) and syslog_r(3) now take the new __syslog__ format attribute. +
Make the default httpd(8) config files use php4 instead of php3. + +
pfctl(8) expands lists left-to-right instead of right-to-left. +
Teach pf(4) how to filter on the IP TOS field. + +
Fix list handling problem in ALTQ CBQ that showed up with three or more CBQ instances. +
smtpd(8) has left the building. +
By default, add the -H option to the sort(1) invoked by locate.updatedb(8). +
Give window(1) the stdarg treatment. +
When routing via pf(4), use the outgoing interface as decided by the normal routing code, not the interface to which the rule applies. +
Fix cross-site scripting vulnerability (CAN-2002-0840) in the default error page of httpd(8). Only applies under specific (and non-OpenBSD default) conditions. + +
In kernel IP processing, block interrupts with splsoftnet(9) around interface address routing table manipulations. +
Make sure wi(4) doesn't accept out-of-range TX keys. +
Stop ami(4) matching I2O-configured devices. +
3.2 -> 3.2-current. +

*************** *** 82,88 ****

www@openbsd.org !
$OpenBSD: plus.html,v 1.846 2002/10/17 08:47:58 deraadt Exp $ --- 169,175 ----

www@openbsd.org !
$OpenBSD: plus.html,v 1.847 2002/10/18 18:34:13 deraadt Exp $