===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.889
retrieving revision 1.890
diff -c -r1.889 -r1.890
*** www/plus.html 2003/10/24 22:12:40 1.889
--- www/plus.html 2003/10/29 20:22:08 1.890
***************
*** 53,63 ****
We are working on OpenBSD-current.
! The following list sums up (almost) all the changes made up to September 17.
--- 53,286 ----
We are working on OpenBSD-current.
! The following list sums up (almost) all the changes made up to October 16.
!
! - strlcpy(3) -> memcpy(3) for non-string buffers in vi(1), along with some extra paranoia.
!
- Check for signals earlier in mountd(8), so they can be handled before we select(2) until a mount request comes in.
!
- New 'G' malloc.conf option to add a guard page after pagesize-or-larger chunks, and to return less-than-pagesize chunks in random order.
!
- Better SATA support in wdc(4).
!
- Fix faithd(8) args to poll(2).
!
!
- Fix a out-of-bounds read in libcurses.
!
- Have tip(1) return the terminal to a sensible state on fatal errors.
!
- Change malloc(3) so that it aborts the process on any error other than running out of memory. This is different to the 'A' malloc.conf switch that aborts on any error.
!
!
- More randomness for temporary directories created by ssh-agent(1) and sshd(8).
!
- Switch on the ssh(1) DNS fingerprint (sshfp) lookup code, previously not build by default. Still needs switched on in the config file.
!
- Make e.g. 'MAKEDEV tty08 - tty7f' work.
!
- Only endian-flip the fragment offset once on IPv6 input.
!
!
- Do a hardware receive checksum in sk(4) too, working around the fact that sometimes the hardware gets it wrong.
!
- On em(4) devices that support it, offload receive checksum calculation to the hardware. From FreeBSD.
!
- Update timezone files again, this time to tzcode2003d.
!
- Bring bge(4) and brgphy(4) more in line with updates in FreeBSD and NetBSD, both bug fixes and additional device support.
!
- Remember the filename given when using ^X^W in mg(1).
!
- Make shmat(2) under Linux compat work as expected.
!
- Fix a buffer overflow in timedc(8). Found by FreeBSD, fixed differently here.
!
!
- Add division and modulus operator '~' to dc(1).
!
- Remove GNU bc and dc from the tree.
!
- Merge in expat 1.95.6 from XFree86 4.3.99.14.
!
- Search for keys in the ssh(1) agent in reverse order to solve duplicate key problems (OpenSSH bug #684.)
!
- ssh(1) option ForwardX11 now has xauth(1) generate untrusted keys by default. Option ForwardX11Trusted restores the old behaviour.
!
- Change vnd(4) major/minor numbering to allow more devices. Requires a MAKEDEV.
!
!
- Do nfs-specific 'test -x' stuff in the right order in ksh(1) (PR#3465.)
!
- More work on vr(4).
!
- Have the linker generate a warning when using 43compat's getwd(3).
!
- Better calibration code for auich(4). From FreeBSD/NetBSD.
!
!
!
- Re-enable the random increment on the return value of uvm_map_hint() (called by uvm_map(9).)
!
- Install a sample config file for sensorsd(8).
!
- Prevent symlink races in systrace(1).
!
- Have GSSAPI default to off in the ssh(1) client as well as the server.
!
- Unbreak pf(4) on 64-bit architectures.
!
- Hack httpd(8) so digest authentication works with IE, Safari, etc. From FreeBSD.
!
- Fix potential signedness bug in fgets(3) (PR#1709.)
!
!
- Correct __bounded__ attributes for {MD4,MD5,RMD160,SHA1}DATA functions (PR#3505.)
!
- Allow newfs(8) to build small filesystems again by making sure ncyls >= 2.
!
- Plug a memory leak in netstat(1).
!
- Add nfs attribute cache tuning parameters to mount_nfs(8) (Inspired by PR#2567.)
!
- Kill a null deref in make(1).
!
- Allow a semicolon to terminate label strings in sed(1), so one-liners with labels can work.
!
- A few string and memory fixes in rup(1).
!
- Stability fixes for vr(4). From FreeBSD.
!
- Add arc4 support to the kernel, and have wi(4) use it instead of rolling its own.
!
- Unbreak sftp(1)'s handling of quotes in pathnames.
!
- More propolice fixes and improvements.
!
!
- Remove httpd(8) addon-breaking newsyslog.conf(5) sample lines.
!
- Install sensorsd(8) by default.
!
- Really really give xfs a poll(2) backend.
!
- Fix a badly broken gcc(1) optimisation when calculating structure offsets under certain conditions. See the commit log for details.
!
- Unbreak lge(4) compile.
!
- Update timezone info files to tzcode2003c.
!
!
- Stop em(4) stripping 802.1q headers from packets in a bridge(4).
!
- Add vlan(4) support to em(4).
!
- Avoid a division-by-zero panic when benchmarking the pchb(4) RNG device.
!
- A couple of read-from-device fixes to an(4). From FreeBSD.
!
!
- Remove non-free licensed xlock(1) bitmaps.
!
- Properly free resources when ffs_mountroot() fails.
!
- Stop isakmpd(8) crashing when the value for LIFE_DURATION is missing.
!
- Back out the new environment variable load in ld.so(1) due to sparc breakage.
!
- Unbreak the new xfs poll backend.
!
- Fix a long-standing memory leak in kernel libz (PR#2886.) From NetBSD.
!
- Print a more useful error message when a bad port number is given to whois(1).
!
- Fix broken time parsing in kadmin(8) (PR#3292.)
!
!
- Initialise environment variables in ld.so(1) before calling constructors and atexit(3) functions
!
- Have inetd(8) exit if no config file is found.
!
- In sendmail(8) submit.mc/cf, bind the msp to 127.0.0.1 instead of localhost just in case localhost doesn't resolve correctly.
!
- Teach netstat(1) how to deal with KAME embedded scope IDs for -f encap route dumps.
!
- Use arc4random(3) to generate cookies in the XSecurity extension.
!
- Fix a few off-by-ones in gethostbyname(3) and friends.
!
- Allow multiple RCPTs in spamd(8), and stop looping on invalid commands.
!
- Bring in a number of pipe(2) stability fixes from FreeBSD.
!
!
- Fix httpd(8)'s handling of SSLCertificateChainFile under the chroot.
!
- sshd(8) usage output now dumps the OpenSSL version too.
!
- Don't try to send incomplete IPv4 fragments in the ENOBUFS case. Note that this is a behaviour change from 4.4BSD and applies to output from bridge(4) and pf(4) as well as vanilla IP output.
!
- A couple of endianness fixes when setting the IPv4 output fragment offset.
!
- A couple of minor malloc(3) fixes related to recursive calls and debugging.
!
!
- Clean up IPv6 flowlabel handling.
!
- New IPv6 ID and flowlabel generation code using arc4random(9).
!
- Remove a bad m_cat(9) call when fragmenting outbound IPv6 packets.
!
- Add a missing initialisation in pflog(4) that allowed kernel stack garbage to leak into .pcap files.
!
- Have the libc stack protector code use the kernel __sysctl() call directly instead of using the libc sysctl(3) interface.
!
- Stop reading ~/.signature to pre-fill the Organisation: field in sendbug(1) (PR#3499.)
!
- Fixes to event(3) poll code.
!
- Have ftpd(8) listen on both IPv4 and IPv6 ports by default.
!
- Fix an out-of-bounds memory access in kernel compat_ibcs2(8) code.
!
- Add missing check for strdup(3) error in talk(1).
!
- Correct a couple of off-by-ones in banner(1) and ssl(3) (src/ssl/ssl_ciph.c.)
!
- Fix the code that grows ifindex2ifnet in sys/net/if.c.
!
- Add a stack of missing switch break statements needed after the _dl_errno changes to ld.so(1).
!
!
- Teach size(1) how to read ELF objects.
!
- POSIX and interoperability fixes for bc(1) and dc(1),
!
- SECURITY FIX: The use of certain ASN.1 encodings or malformed public keys may allow an attacker to mount a denial of service attack against applications linked with ssl(3). This does not affect OpenSSH.
! A source code patch is available.
! [Applied to stable]
!
! - Properly free resources on fxp(4) attach failures.
!
- Some reliability fixes in ahc(4) and siop(4).
!
- Allow sensorsd(8) to daemon(3)ize itself.
!
- Fix an unchecked strdup(3) in getnetgrent(3).
!
!
- Fix several kernel networking off-by-ones w.r.t. PRC_NCMDS.
!
- Better error checking for new bc(1) and dc(1).
!
- Make new bc(1) compile on sparc64.
!
!
!
- Further realloc(3) cleanup.
!
- Fix bogus getutmp() error check in battlestar(6).
!
- Change the xfs backend from select to poll.
!
- Introduce 64-bit byteorder(3) macros.
!
- strdup -> strlcpy in apmd(8), and make sure the socket gets unlinked at exit.
!
- Better malloc(3), realloc(3) and strdup(3) error checks in config(8).
!
- Stop pflogd(8) shouting 'Reopened logfile' at syslog.
!
- Add a number of missing checks for strdup(3) failure.
!
- Add an sscanf(3) bounds check to the neighbour cache file code in ndp(8).
!
- Reorder the pf(4) statistics counter code and fix some miscount bugs.
!
- In isakmpd(8), don't listen on INADDR_ANY if the Listen-on option is specified.
!
- Fix an off-by-one and a bad string bounds length in atc(6).
!
- Don't set sshd(8)'s listen socket to non-blocking mode.
!
- Build the new BSD bc(1) and dc(1) in favour of the GNU versions.
!
- Drop authpf(8)'s 15-character username restriction, it's no longer necessary (PR#3491.)
!
- Allocate a buffer large enough to store a full IPX address in ipx_ntoa(3).
!
- Unbreak netstat(1) -i display columns for interfaces with no address.
!
- Stop spamd(8) dying unceremoniously on accept(2) failures.
!
- Make talk(1) retry if accept(2) returns ECONNABORTED (the same as it does for EINTR.)
!
- realloc(3) fixes in brconfig(8), dhclient(8), lpd(8), pppd(8) and rwhod(8).
!
- Add a 'recipe' datafile to fortune(6), starting with some barbecue recipes from the hackathon.
!
- Use arc4random(3) instead of srand(3) to generate a more random salt for htpasswd(1).
!
- Start removing unnecessary null checks before doing free(3) on a possibly null pointer.
!
!
- Fix scrambled display when resuming a suspended less(1) process.
!
- Use strlcpy(3) instead of bcopy(3) to avoid overflowing the nodename and netname in an(4).
!
- Fix a couple of off-by-ones in adventure(6).
!
- Fix an out-of-bounds write in the isakmpd(8) privsep monitor code.
!
- Make dlerror(3) clear _dl_errno as expected (PR#3441.)
!
- Correct a couple of off-by-ones in libc.
!
- Fix overflows in the X font server overflow fix. Sigh.
!
- Add a missing free in cvs(1).
!
- New, BSD-licensed version of bc(1).
!
- Fix an off-by-one in csh(1) (PR#3163.)
!
- More realloc(3) fixes.
!
- Fix a bad bounds check that could crash sort(1).
!
!
- More paranoid privsep parent/child communication in syslogd(8).
!
- SECURITY FIX: It is possible for a local user to cause a system panic by flooding it with spoofed ARP requests.
! A source code patch is available.
! [Applied to stable]
! - A number of realloc(3) fixes (removing instances of the the bad idiom described in the manpage) in several programs.
!
- New program sensorsd(8) to monitor hardware sensors as exposed by the hw.sensors sysctl. Not installed yet.
!
- Unbreak tftp(1) put command.
!
- Remove and re-add SHA2 support in isakmpd(8), minus OpenSSL EVP-related fd leaks.
!
- Fix some realloc bugs in pfctl(8) tables code.
!
- Initial HIFN 7955/7956 crypto accelerator support.
!
- Increase spamd(8) maximum connections from 200 to 800.
!
!
- Install a more complete set of sendmail(8) empty config files under /etc/mail.
!
- Throttle 'proc: table is full' messages to once every ten seconds. From NetBSD.
!
- Further improvements to ssh(1)'s fatal exit handling.
!
- Use the much simpler getifaddrs(3) instead of sysctl(3) in rtadvd(8).
!
- Use getaddrinfo(3) for name-to-address resolution in isakmpd(8).
!
- Replace kernel select(2) backends with poll(2) backends. This allows for more complete poll() functionality. From NetBSD.
!
- In mtrace(8) only do mask checks for AF_INET.
!
- Add poll(2) support for event(3).
!
- Fix a few suspect strlcpy(3) calls in ifconfig(8).
!
!
- Allow getopt_long(3) to accept an optional argument separated by whitespace, unlike GNU getopt_long.
!
- Stop tsort(1) reading past the end of its buffer.
!
- Plug a realloc memory leak in mg(1).
!
- Off-by-one fixes in nc(1), pmdb(1), ppp(8), libssl, libpthread and a few in the kernel.
!
- Sync up named(8) with BIND 9.2.2-P3, with support for new zone type 'delegation-only'.
!
- In the new dc(1), Make all registers contain zero initially for compatibility.
!
- Fix, clean up and simplify the installer's handling of yes/no responses from the user.
!
- Use poll(2) instead of select(2) in skey_authenticate(3).
!
- Plug a memory leak in rtadvd(8).
!
- Stop extraneous 'no disk label' warnings in the installer.
!
!
- Implement hardwareflow (hf) option for tip(1). Off by default.
!
- Fix an out-of-order free() in rpc(3).
!
- Don't leak memory if memory allocation fails in libc rpc(3) code.
!
!
- Change the ld(1) script to make contructors and destructors in dynamic binaries non-writable.
!
- Completely new BSD-licensed version of dc(1) using the OpenSSL bn(3) routines.
!
- Have scp(1) check for an error code in remote->remote mode.
!
- When chrooting httpd(8), use initgroups(3) so that supplementary group IDs are initialised as well.
!
- Temporarily disable soft interrupts support in usb(4) for stability reasons.
!
- Several abnormal exit handler fixes to ssh(1).
!
- Better disk device probe on i386.
!
- Correct the signal number validity check in csh(1)'s kill command.
!
!
- Make grep(1)'s binary file test work for gzipped files the same as for other files, testing against isspace(3) as well as isprint(3).
!
- Make sure whois(1) can't zap straight past the beginning of the buffer when removing spaces from line endings.
!
- Stop pfctl(8) checking for a netmask if the address type being examined is a table.
!
- Fix a subtle use-after-free in modload(8).
!
- Some int -> u_int paranoia in ssh(1).
!
- More ssh(1) buffer management fixes (CAN-2003-0682.)
!
- Further EDD detection improvements on i386.
!
- Properly flush the ssh(1) RSA1 public key from memory when its output file cannot be opened (OpenSSH PR#662.)
!
- Correct a double-free in the ssh(1) buffer management code (OpenSSH PR#660.)
!
- Fix the ssh(1) ConnectTimeout option (OpenSSH PR#656.)
!
- On i386, try harder to boot from removable media by allowing for their removal and insertion.
!
!
- Updated and better-commented openbsd-proto.mc for sendmail(8).
!
- Upgrade sendmail(8) to version 8.12.10. The address parsing security fix went into 3.4 and -stable, but not the full version update.
!
!
!
- 3.4 -> 3.4-current.
!
***************
*** 91,97 ****
www@openbsd.org
!
$OpenBSD: plus.html,v 1.889 2003/10/24 22:12:40 david Exp $