=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v retrieving revision 1.858 retrieving revision 1.859 diff -c -r1.858 -r1.859 *** www/plus.html 2003/02/20 22:47:50 1.858 --- www/plus.html 2003/02/22 23:52:02 1.859 *************** *** 59,65 ****
  • pfctl(8) rejects non-existent interfaces in rules using dynamic interface syntax.
  • Move /var/at files into /var/cron since at(1) is now a part of cron(8).
  • Fix support for pf(4) syntax (if)/24 (dynamic interface name translation with a network prefix.) !
  • Pull in from OpenSSL 0.9.7a a fix for a timing-based attack against CBC (assigned CAN-2003-0078.)
  • Add a counter for netstat(1) showing how often ipcomp(4) was skipped because the packet size was below the compression threshold.
  • Fix a buffer overflow in pfctl(8) on 64-bit platforms.
  • Stability updates to vr(4). --- 59,68 ----
  • pfctl(8) rejects non-existent interfaces in rules using dynamic interface syntax.
  • Move /var/at files into /var/cron since at(1) is now a part of cron(8).
  • Fix support for pf(4) syntax (if)/24 (dynamic interface name translation with a network prefix.) ! !
  • SECURITY FIX: February 22, 2003: In ssl(8) an information leak can occur via timing by performing a MAC computation even if incorrrect block cipher padding has been found. This fix is a countermeasure against active attacks where the attacker has to distinguish between bad padding and a MAC verification error. (CAN-2003-0078). Also, check for negative sizes in memory allocation routines.
    ! A source code patch is available.
    ! [Applied to stable]
  • Add a counter for netstat(1) showing how often ipcomp(4) was skipped because the packet size was below the compression threshold.
  • Fix a buffer overflow in pfctl(8) on 64-bit platforms.
  • Stability updates to vr(4). *************** *** 94,99 **** --- 97,103 ----
  • When outputting raw IP and generating the header manually, make sure the packet is large enough for a full IP header.
  • Fix an mbuf leak in IPv6 TCP. + [Applied to stable]
  • Now that pf(4) tables spring into existence on demand, remove the unnecessary '-T create' option.
  • Have arc4random(3) stir the pool when the caller's pid changes.
  • Add 'scrub in all no-df' to the initial pf.conf(5) installed by /etc/rc. This helps diskless booters using Linux NFS servers. *************** *** 905,911 ****
    OpenBSD www@openbsd.org !
    $OpenBSD: plus.html,v 1.858 2003/02/20 22:47:50 deraadt Exp $ --- 909,915 ----
    OpenBSD www@openbsd.org !
    $OpenBSD: plus.html,v 1.859 2003/02/22 23:52:02 margarida Exp $