=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v retrieving revision 1.889 retrieving revision 1.890 diff -c -r1.889 -r1.890 *** www/plus.html 2003/10/24 22:12:40 1.889 --- www/plus.html 2003/10/29 20:22:08 1.890 *************** *** 53,63 ****

We are working on OpenBSD-current.

! The following list sums up (almost) all the changes made up to September 17.

Nothing yet....

--- 53,286 ----

We are working on OpenBSD-current.

! The following list sums up (almost) all the changes made up to October 16.

strlcpy(3) -> memcpy(3) for non-string buffers in vi(1), along with some extra paranoia. !
Check for signals earlier in mountd(8), so they can be handled before we select(2) until a mount request comes in. !
New 'G' malloc.conf option to add a guard page after pagesize-or-larger chunks, and to return less-than-pagesize chunks in random order. !
Better SATA support in wdc(4). !
Fix faithd(8) args to poll(2). ! !
Fix a out-of-bounds read in libcurses. !
Have tip(1) return the terminal to a sensible state on fatal errors. !
Change malloc(3) so that it aborts the process on any error other than running out of memory. This is different to the 'A' malloc.conf switch that aborts on any error. ! !
More randomness for temporary directories created by ssh-agent(1) and sshd(8). !
Switch on the ssh(1) DNS fingerprint (sshfp) lookup code, previously not build by default. Still needs switched on in the config file. !
Make e.g. 'MAKEDEV tty08 - tty7f' work. !
Only endian-flip the fragment offset once on IPv6 input. ! !
Do a hardware receive checksum in sk(4) too, working around the fact that sometimes the hardware gets it wrong. !
On em(4) devices that support it, offload receive checksum calculation to the hardware. From FreeBSD. !
Update timezone files again, this time to tzcode2003d. !
Bring bge(4) and brgphy(4) more in line with updates in FreeBSD and NetBSD, both bug fixes and additional device support. !
Remember the filename given when using ^X^W in mg(1). !
Make shmat(2) under Linux compat work as expected. !
Fix a buffer overflow in timedc(8). Found by FreeBSD, fixed differently here. ! !
Add division and modulus operator '~' to dc(1). !
Remove GNU bc and dc from the tree. !
Merge in expat 1.95.6 from XFree86 4.3.99.14. !
Search for keys in the ssh(1) agent in reverse order to solve duplicate key problems (OpenSSH bug #684.) !
ssh(1) option ForwardX11 now has xauth(1) generate untrusted keys by default. Option ForwardX11Trusted restores the old behaviour. !
Change vnd(4) major/minor numbering to allow more devices. Requires a MAKEDEV. ! !
Do nfs-specific 'test -x' stuff in the right order in ksh(1) (PR#3465.) !
More work on vr(4). !
Have the linker generate a warning when using 43compat's getwd(3). !
Better calibration code for auich(4). From FreeBSD/NetBSD. ! ! !
Re-enable the random increment on the return value of uvm_map_hint() (called by uvm_map(9).) !
Install a sample config file for sensorsd(8). !
Prevent symlink races in systrace(1). !
Have GSSAPI default to off in the ssh(1) client as well as the server. !
Unbreak pf(4) on 64-bit architectures. !
Hack httpd(8) so digest authentication works with IE, Safari, etc. From FreeBSD. !
Fix potential signedness bug in fgets(3) (PR#1709.) ! !
Correct __bounded__ attributes for {MD4,MD5,RMD160,SHA1}DATA functions (PR#3505.) !
Allow newfs(8) to build small filesystems again by making sure ncyls >= 2. !
Plug a memory leak in netstat(1). !
Add nfs attribute cache tuning parameters to mount_nfs(8) (Inspired by PR#2567.) !
Kill a null deref in make(1). !
Allow a semicolon to terminate label strings in sed(1), so one-liners with labels can work. !
A few string and memory fixes in rup(1). !
Stability fixes for vr(4). From FreeBSD. !
Add arc4 support to the kernel, and have wi(4) use it instead of rolling its own. !
Unbreak sftp(1)'s handling of quotes in pathnames. !
More propolice fixes and improvements. ! !
Remove httpd(8) addon-breaking newsyslog.conf(5) sample lines. !
Install sensorsd(8) by default. !
Really really give xfs a poll(2) backend. !
Fix a badly broken gcc(1) optimisation when calculating structure offsets under certain conditions. See the commit log for details. !
Unbreak lge(4) compile. !
Update timezone info files to tzcode2003c. ! !
Stop em(4) stripping 802.1q headers from packets in a bridge(4). !
Add vlan(4) support to em(4). !
Avoid a division-by-zero panic when benchmarking the pchb(4) RNG device. !
A couple of read-from-device fixes to an(4). From FreeBSD. ! !
Remove non-free licensed xlock(1) bitmaps. !
Properly free resources when ffs_mountroot() fails. !
Stop isakmpd(8) crashing when the value for LIFE_DURATION is missing. !
Back out the new environment variable load in ld.so(1) due to sparc breakage. !
Unbreak the new xfs poll backend. !
Fix a long-standing memory leak in kernel libz (PR#2886.) From NetBSD. !
Print a more useful error message when a bad port number is given to whois(1). !
Fix broken time parsing in kadmin(8) (PR#3292.) ! !
Initialise environment variables in ld.so(1) before calling constructors and atexit(3) functions !
Have inetd(8) exit if no config file is found. !
In sendmail(8) submit.mc/cf, bind the msp to 127.0.0.1 instead of localhost just in case localhost doesn't resolve correctly. !
Teach netstat(1) how to deal with KAME embedded scope IDs for -f encap route dumps. !
Use arc4random(3) to generate cookies in the XSecurity extension. !
Fix a few off-by-ones in gethostbyname(3) and friends. !
Allow multiple RCPTs in spamd(8), and stop looping on invalid commands. !
Bring in a number of pipe(2) stability fixes from FreeBSD. ! !
Fix httpd(8)'s handling of SSLCertificateChainFile under the chroot. !
sshd(8) usage output now dumps the OpenSSL version too. !
Don't try to send incomplete IPv4 fragments in the ENOBUFS case. Note that this is a behaviour change from 4.4BSD and applies to output from bridge(4) and pf(4) as well as vanilla IP output. !
A couple of endianness fixes when setting the IPv4 output fragment offset. !
A couple of minor malloc(3) fixes related to recursive calls and debugging. ! !
Clean up IPv6 flowlabel handling. !
New IPv6 ID and flowlabel generation code using arc4random(9). !
Remove a bad m_cat(9) call when fragmenting outbound IPv6 packets. !
Add a missing initialisation in pflog(4) that allowed kernel stack garbage to leak into .pcap files. !
Have the libc stack protector code use the kernel __sysctl() call directly instead of using the libc sysctl(3) interface. !
Stop reading ~/.signature to pre-fill the Organisation: field in sendbug(1) (PR#3499.) !
Fixes to event(3) poll code. !
Have ftpd(8) listen on both IPv4 and IPv6 ports by default. !
Fix an out-of-bounds memory access in kernel compat_ibcs2(8) code. !
Add missing check for strdup(3) error in talk(1). !
Correct a couple of off-by-ones in banner(1) and ssl(3) (src/ssl/ssl_ciph.c.) !
Fix the code that grows ifindex2ifnet in sys/net/if.c. !
Add a stack of missing switch break statements needed after the _dl_errno changes to ld.so(1). ! !
Teach size(1) how to read ELF objects. !
POSIX and interoperability fixes for bc(1) and dc(1), !
SECURITY FIX: The use of certain ASN.1 encodings or malformed public keys may allow an attacker to mount a denial of service attack against applications linked with ssl(3). This does not affect OpenSSH.
! A source code patch is available.
! [Applied to stable] ! !
Properly free resources on fxp(4) attach failures. !
Some reliability fixes in ahc(4) and siop(4). !
Allow sensorsd(8) to daemon(3)ize itself. !
Fix an unchecked strdup(3) in getnetgrent(3). ! !
Fix several kernel networking off-by-ones w.r.t. PRC_NCMDS. !
Better error checking for new bc(1) and dc(1). !
Make new bc(1) compile on sparc64. ! ! !
Further realloc(3) cleanup. !
Fix bogus getutmp() error check in battlestar(6). !
Change the xfs backend from select to poll. !
Introduce 64-bit byteorder(3) macros. !
strdup -> strlcpy in apmd(8), and make sure the socket gets unlinked at exit. !
Better malloc(3), realloc(3) and strdup(3) error checks in config(8). !
Stop pflogd(8) shouting 'Reopened logfile' at syslog. !
Add a number of missing checks for strdup(3) failure. !
Add an sscanf(3) bounds check to the neighbour cache file code in ndp(8). !
Reorder the pf(4) statistics counter code and fix some miscount bugs. !
In isakmpd(8), don't listen on INADDR_ANY if the Listen-on option is specified. !
Fix an off-by-one and a bad string bounds length in atc(6). !
Don't set sshd(8)'s listen socket to non-blocking mode. !
Build the new BSD bc(1) and dc(1) in favour of the GNU versions. !
Drop authpf(8)'s 15-character username restriction, it's no longer necessary (PR#3491.) !
Allocate a buffer large enough to store a full IPX address in ipx_ntoa(3). !
Unbreak netstat(1) -i display columns for interfaces with no address. !
Stop spamd(8) dying unceremoniously on accept(2) failures. !
Make talk(1) retry if accept(2) returns ECONNABORTED (the same as it does for EINTR.) !
realloc(3) fixes in brconfig(8), dhclient(8), lpd(8), pppd(8) and rwhod(8). !
Add a 'recipe' datafile to fortune(6), starting with some barbecue recipes from the hackathon. !
Use arc4random(3) instead of srand(3) to generate a more random salt for htpasswd(1). !
Start removing unnecessary null checks before doing free(3) on a possibly null pointer. ! !
Fix scrambled display when resuming a suspended less(1) process. !
Use strlcpy(3) instead of bcopy(3) to avoid overflowing the nodename and netname in an(4). !
Fix a couple of off-by-ones in adventure(6). !
Fix an out-of-bounds write in the isakmpd(8) privsep monitor code. !
Make dlerror(3) clear _dl_errno as expected (PR#3441.) !
Correct a couple of off-by-ones in libc. !
Fix overflows in the X font server overflow fix. Sigh. !
Add a missing free in cvs(1). !
New, BSD-licensed version of bc(1). !
Fix an off-by-one in csh(1) (PR#3163.) !
More realloc(3) fixes. !
Fix a bad bounds check that could crash sort(1). ! !
More paranoid privsep parent/child communication in syslogd(8). !
SECURITY FIX: It is possible for a local user to cause a system panic by flooding it with spoofed ARP requests.
! A source code patch is available.
! [Applied to stable] !
A number of realloc(3) fixes (removing instances of the the bad idiom described in the manpage) in several programs. !
New program sensorsd(8) to monitor hardware sensors as exposed by the hw.sensors sysctl. Not installed yet. !
Unbreak tftp(1) put command. !
Remove and re-add SHA2 support in isakmpd(8), minus OpenSSL EVP-related fd leaks. !
Fix some realloc bugs in pfctl(8) tables code. !
Initial HIFN 7955/7956 crypto accelerator support. !
Increase spamd(8) maximum connections from 200 to 800. ! !
Install a more complete set of sendmail(8) empty config files under /etc/mail. !
Throttle 'proc: table is full' messages to once every ten seconds. From NetBSD. !
Further improvements to ssh(1)'s fatal exit handling. !
Use the much simpler getifaddrs(3) instead of sysctl(3) in rtadvd(8). !
Use getaddrinfo(3) for name-to-address resolution in isakmpd(8). !
Replace kernel select(2) backends with poll(2) backends. This allows for more complete poll() functionality. From NetBSD. !
In mtrace(8) only do mask checks for AF_INET. !
Add poll(2) support for event(3). !
Fix a few suspect strlcpy(3) calls in ifconfig(8). ! !
Allow getopt_long(3) to accept an optional argument separated by whitespace, unlike GNU getopt_long. !
Stop tsort(1) reading past the end of its buffer. !
Plug a realloc memory leak in mg(1). !
Off-by-one fixes in nc(1), pmdb(1), ppp(8), libssl, libpthread and a few in the kernel. !
Sync up named(8) with BIND 9.2.2-P3, with support for new zone type 'delegation-only'. !
In the new dc(1), Make all registers contain zero initially for compatibility. !
Fix, clean up and simplify the installer's handling of yes/no responses from the user. !
Use poll(2) instead of select(2) in skey_authenticate(3). !
Plug a memory leak in rtadvd(8). !
Stop extraneous 'no disk label' warnings in the installer. ! !
Implement hardwareflow (hf) option for tip(1). Off by default. !
Fix an out-of-order free() in rpc(3). !
Don't leak memory if memory allocation fails in libc rpc(3) code. ! !
Change the ld(1) script to make contructors and destructors in dynamic binaries non-writable. !
Completely new BSD-licensed version of dc(1) using the OpenSSL bn(3) routines. !
Have scp(1) check for an error code in remote->remote mode. !
When chrooting httpd(8), use initgroups(3) so that supplementary group IDs are initialised as well. !
Temporarily disable soft interrupts support in usb(4) for stability reasons. !
Several abnormal exit handler fixes to ssh(1). !
Better disk device probe on i386. !
Correct the signal number validity check in csh(1)'s kill command. ! !
Make grep(1)'s binary file test work for gzipped files the same as for other files, testing against isspace(3) as well as isprint(3). !
Make sure whois(1) can't zap straight past the beginning of the buffer when removing spaces from line endings. !
Stop pfctl(8) checking for a netmask if the address type being examined is a table. !
Fix a subtle use-after-free in modload(8). !
Some int -> u_int paranoia in ssh(1). !
More ssh(1) buffer management fixes (CAN-2003-0682.) !
Further EDD detection improvements on i386. !
Properly flush the ssh(1) RSA1 public key from memory when its output file cannot be opened (OpenSSH PR#662.) !
Correct a double-free in the ssh(1) buffer management code (OpenSSH PR#660.) !
Fix the ssh(1) ConnectTimeout option (OpenSSH PR#656.) !
On i386, try harder to boot from removable media by allowing for their removal and insertion. ! !
Updated and better-commented openbsd-proto.mc for sendmail(8). !
Upgrade sendmail(8) to version 8.12.10. The address parsing security fix went into 3.4 and -stable, but not the full version update. ! ! !
3.4 -> 3.4-current. !

*************** *** 91,97 ****

www@openbsd.org !
$OpenBSD: plus.html,v 1.889 2003/10/24 22:12:40 david Exp $ --- 314,320 ----

www@openbsd.org !
$OpenBSD: plus.html,v 1.890 2003/10/29 20:22:08 deraadt Exp $