===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.832
retrieving revision 1.833
diff -u -r1.832 -r1.833
--- www/plus.html 2002/07/10 06:46:40 1.832
+++ www/plus.html 2002/07/10 06:48:01 1.833
@@ -51,7 +51,7 @@
The following list sums up (almost) all the changes made up to July 9.
-- Make httpd(8)
chroot()
and drop root
privileges by default.
+ - Make httpd(8) chroot() and drop root privileges by default.
- pf(4) now accepts an interface in most of the places it can take an IP address, and picks up all the IPv4 and IPv6 addresses on that interface.
- Some updates to cron(8).
- Remove ab(1) from the Apache installation.
@@ -60,12 +60,12 @@
- Small fixes to IP-in-IP encapsulation code.
- Add Security Mode options to atactl(8).
- Support a few more HPT pciide(4) cards.
-
- Make
NEED_VERSION
obsolete in bsd.port.mk(5).
- - Fill IPv6 null pointer dereference in cvs(1)
pserver
.
+ - Make NEED_VERSION obsolete in bsd.port.mk(5).
+
- Fill IPv6 null pointer dereference in cvs(1) pserver.
- Remove some old upgrade hacks from the installer script.
-
- pf(4) chokes on invalid '
! <interface>
' syntax, instead of just ignoring the '!
'.
- - Fix pf(4) interface stats, and allow the
loginterface
feature to be disabled.
- - Make signal handler flags in isakmpd(8) of type
volatile sig_atomic_t
.
+ - pf(4) chokes on invalid '! <interface>' syntax, instead of just ignoring the '!'.
+
- Fix pf(4) interface stats, and allow the loginterface feature to be disabled.
+
- Make signal handler flags in isakmpd(8) of type volatile sig_atomic_t.
- Fix a few GCC 3.1 moans in isakmpd(8).
- Un-bloating of ahc(4).
- Cleanup of rpcgen(1).
@@ -74,23 +74,23 @@
[Applied to stable]
- ep(4) on isapnp(4) now works on alpha.
- Improve the way the installer's fileset selection UI works.
-
- Fix a potential buffer overflow in
xsystrace
.
- - Add a note to the unwary in
distrib/notes
about the danger of skipping several versions when upgrading.
+ - Fix a potential buffer overflow in xsystrace.
+
- Add a note to the unwary in distrib/notes about the danger of skipping several versions when upgrading.
- Don't have ssh(1) allocate memory for stuff we don't need, just to discard it straight away.
-
- Set
IP_PORTRANGE_HIGH
for active mode data channel of ftp(1).
+ - Set IP_PORTRANGE_HIGH for active mode data channel of ftp(1).
- Add some more usb(4) product IDs.
- Fix an off-by-one error in rmt(8) and improve string handling in general.
- Normalise nc(1)'s EOF handling.
- Plug a few ssh(1) memory leaks.
- Tweak the tga(4/ALPHA) driver.
- Fix several missing or broken malloc(3) and realloc(3) failure checks.
-
- In rcs(1), actually exit(3) after spotting that
LocalId
is too long.
+ - In rcs(1), actually exit(3) after spotting that LocalId is too long.
- Lots of ANSIfication of function declarations and prototypes.
-
- Fix bug causing '
SPL NOT LOWERED
' errors from the ami(4) RAID controller.
- - Give ssh-keysign(8) its
setuid(root)
toys back, but only work at all if HostbasedAuthentication
is globally disabled.
+ - Fix bug causing 'SPL NOT LOWERED' errors from the ami(4) RAID controller.
+
- Give ssh-keysign(8) its setuid(root) toys back, but only work at all if HostbasedAuthentication is globally disabled.
- Use RSA_blinding_on(3) to ward off a Kocher timing attack on ssh-keysign(8).
- Fix signal(3) race in ping(8).
-
- Remove adv(4) from the i386
RAMDISK
kernel until new ahc(4) un-bloats itself.
+ - Remove adv(4) from the i386 RAMDISK kernel until new ahc(4) un-bloats itself.
- Catch a null pointer dereference when fetching the routing table via sysctl(3).
- Make sis(4) compile and work on alpha.
- Return correct result sizes from ubsec(4).
@@ -98,28 +98,28 @@
- Cleanup of ftpd(8).
- Fix PIO writes code in wdc(4), broken since OpenBSD 2.5!
- Remove unnecessary longjmp(3) from login(1).
-
- Pages allocated with
debug_malloc()
aren't ever executed, so don't use VM_PROT_ALL
.
+ - Pages allocated with debug_malloc() aren't ever executed, so don't use VM_PROT_ALL.
- Finally fix bridge(4) address cache bug.
-
- Properly handle endpoint differences of opinion on ssh(1)
Compression
options
+ - Properly handle endpoint differences of opinion on ssh(1) Compression options
- Fix the wsdisplay(4) blanker after the X server has been running.
-
- Make the installer deal correctly with passwords starting with '
-X
' for some X
, instead of misinterpreting them as options to encrypt(1).
+ - Make the installer deal correctly with passwords starting with '-X ' for some X, instead of misinterpreting them as options to encrypt(1).
- Fix some compatibility quirks in ppp(8).
- Add a pushback buffer to pfctl(8)'s parser.
-
- Remove
setuid(root)
from ssh-keysign(8), disabling it for now.
- - Have named(8) call tzset(3) so
/etc/localtime
isn't needed after the chroot(2).
+ - Remove setuid(root) from ssh-keysign(8), disabling it for now.
+
- Have named(8) call tzset(3) so /etc/localtime isn't needed after the chroot(2).
- More fixes to the new ahc(4) driver.
- Add AlphaServer 800 and 1000 support.
- Enable lc(4) devices in alpha GENERIC kernel.
- Fix isapnp(4) panics on alpha.
-
- Make
xf86config
give the option of configuring a mouse wheel.
+ - Make xf86config give the option of configuring a mouse wheel.
- Gracefully handle i386_iopl(2) failure in the X server when trying to give up privileges.
- Add wscons(4) files to fbtab(5) on i386.
- Add kqueue(2) support to syslog(3).
-
- Evolve
strtou?q()
into strtou?ll()
. Use weak aliases if available (wrappers otherwise) to fake strtou?q()
.
- - Run rpc.rstatd(8) and rpc.rusersd(8) as
root
from inetd(8) again, but go to nobody
's jail at startup.
+ - Evolve strtou?q() into strtou?ll(). Use weak aliases if available (wrappers otherwise) to fake strtou?q().
+
- Run rpc.rstatd(8) and rpc.rusersd(8) as root from inetd(8) again, but go to nobody's jail at startup.
- Lots more bounds-checking all over the place.
- Recognise a few more fxp(4) devices.
-
- Correct misleading
cgetclose()
entry in getcap(3) manpage.
+ - Correct misleading cgetclose() entry in getcap(3) manpage.
- Try again with the new ahc(4) driver.
- Cleanups of chpass(1) and passwd(1).
- SECURITY FIX: The kernel would let any user ktrace(2) set[ug]id processes.
@@ -143,19 +143,19 @@
- Start work on IP-over-FireWire and IP-over-SCSI.
- Move a bunch of pfctl(8) options into pf.conf(5).
- c2k2-inspired changes to the installer.
-
- Skip routing table lookup when {broad,multi}casting and the outgoing interface is set using setsockopt(2). Removes the need for a
224/4
route.
- - Make X use
/dev/wsmouse
instead of /dev/wsmouse0
by default.
+ - Skip routing table lookup when {broad,multi}casting and the outgoing interface is set using setsockopt(2). Removes the need for a 224/4 route.
+
- Make X use /dev/wsmouse instead of /dev/wsmouse0 by default.
- Add some m68k opcode aliases for GNU as(1) from recent binutils.
-
- Pull the
bzero()
fix in sys/netinet/tcp_input.c
from -current into 3.0-stable.
+ - Pull the bzero() fix in sys/netinet/tcp_input.c from -current into 3.0-stable.
- Fix the FTP relay in faithd(8).
- Fix wi(4) reassociation after an AP reboot.
- SECURITY FIX: A buffer overflow can
occur in the .htaccess parsing code in the mod_ssl httpd(8) module, leading to possible remote crash or exploit (PR2767.)
A source code patch is available.
[Applied to stable]
- - Lots of
uid_t
and gid_t
signedness fixes.
- - sshd(8) no longer calls
setsid()
when run from inetd(8).
- - Make cvs(1)
pserver
talk IPv6.
+ - Lots of uid_t and gid_t signedness fixes.
+
- sshd(8) no longer calls setsid() when run from inetd(8).
+
- Make cvs(1) pserver talk IPv6.
- Increment boot(8) version to help debug the new memory probe and other fixes.
- Make wi(4) less twitchy on quick inserts/ejects.
- String handling and bounds checking fixes to login_fbtab(3).
@@ -167,33 +167,33 @@
- Fix some endianness nits in wi(4).
- Remove ifmcstat(8), the same information is available from netstat(1).
- More improvements to 4GB memory probing on i386.
-
- ssh(1) and sshd(8) options are now documented in their own
sshd?_config(5)
manpage.
+ - ssh(1) and sshd(8) options are now documented in their own sshd?_config(5) manpage.
- Add option for smooth scrolling to talk(1).
- Support a few more wireless cards in wi(4).
- Build wicontrol(8) on sparc64 as well.
- String handling cleanups in comsat(8).
- Support magma(4/SPARC), magma(4/SPARC64) serial/parallel boards.
-
- Support stp(4) sbus-PCMCIA bridge based on STP4020 chipset. (The
nell
driver on Solaris.)
+ - Support stp(4) sbus-PCMCIA bridge based on STP4020 chipset. (The nell driver on Solaris.)
- Cleanup of timed(8).
-
- Removing its
setgid(kmem)
was not enough, remove trsp(8) altogether.
+ - Removing its setgid(kmem) was not enough, remove trsp(8) altogether.
- Make yacc(1) errors look like C compiler errors, so parser utilities such as error(1) can deal with it.
- Add kqueue(2) support to random(9).
- Kill file descriptor leak in dhcpd(8).
- Fix lots of format strings in the dhcp(8) programs.
-
- ps(1) shows flag '
x
' for systrace(4)'d processes.
+ - ps(1) shows flag 'x' for systrace(4)'d processes.
- Lots of work on the gpr(4) driver.
- Fix uftdi(4).
-
- Make systat(1) revoke its
setgid(kmem)
privileges.
- - Remove old
pccons
driver from i386, also the associated XSERVER
option from the kernel.
+ - Make systat(1) revoke its setgid(kmem) privileges.
+
- Remove old pccons driver from i386, also the associated XSERVER option from the kernel.
- Fix ftpd(8)'s SIGALRM handler.
- SECURITY FIX: A buffer overflow can
occur during the interpretation of chunked encoding in httpd(8), leading to possible remote crash.
A source code patch is available.
[Applied to stable]
- Add the punctuation-challenged Nike psa[play^120 USB widget.
-
- Remove
setgid(kmem)
from the enormously useful trsp(8).
- - Add UK keyboard map to macppc (with '#' on Option-3) and also
option CAPS_IS_CONTROL
.
- - Increase xl(4) timeout to squash '
command never completed!
' warnings.
+ - Remove setgid(kmem) from the enormously useful trsp(8).
+
- Add UK keyboard map to macppc (with '#' on Option-3) and also option CAPS_IS_CONTROL.
+
- Increase xl(4) timeout to squash 'command never completed!' warnings.
- Add kqueue(2) support to audio(4).
- Import event(3), an API on top of select(2) or kqueue(2).
- Enable DMA on xl(4).
@@ -201,29 +201,29 @@
- Help ppp(8) to cope with yet more Microsoft PPP attributes.
- Extend ssh-agent(1) key lifetime constraints more flexible (i.e. more than just key lifetime.)
- Teach ECN attributes to isakmpd(8).
-
- Add
eui64
option to ifconfig(8) for configuring the IPv6 interface index.
+ - Add eui64 option to ifconfig(8) for configuring the IPv6 interface index.
- Add a sysctl(3) to get the CPU type on sparc and sparc64.
- Throw away the first 256 words of arc4 output in random(9).
-
- Gratuitous
pid_t
cleanup in /usr/bin
.
+ - Gratuitous pid_t cleanup in /usr/bin.
- Grab multicast vlan(4) code from NetBSD.
-
- Add some inlined hash functions for the kernel, in
<sys/hash.h>
.
+ - Add some inlined hash functions for the kernel, in <sys/hash.h>.
- Cleanup work on conditional evaluation in make(1).
- isakmpd(8) accepts IPComp flows.
-
- Drop pf(4)
scrub(fragcache)
syntax in favour of the fragment ...
option in scrub
rules.
+ - Drop pf(4) scrub(fragcache) syntax in favour of the fragment ... option in scrub rules.
- Teach tcpdump(8) about ipcomp(4).
-
- Show sparc64's X server which device it wants to
mmap()
.
+ - Show sparc64's X server which device it wants to mmap().
- Add ioctl to wscons(4) allowing sparc64 (other architectures later) to find out which PCI device it's using.
- Enable userland crypto(4) support for DSA. Maybe logging in using ssh2 on a 486 needn't take 20 seconds after all.
- Kernel changes and sysctl(3) switch for hardware asymmetric crypto(4) in userland.
- Add initial Ultra Port Architecture (upa(4/SPARC64)) support. Attach creator(4) and schizo(4) using it.
- Import new vax boot code from NetBSD.
- Add umct(4) USB serial driver and .umidi(4) USB MIDI driver. Not tested, not in GENERIC.
-
- Add IPL_STATCLOCK and add lots of
splassert()
s.
- - ssh(1) spends less time with
euid==0
even if it is installed setuid(root)
.
- - Much cleanup in
distrib/miniroot
.
- - Make pfctl(8)
-s state
print UDP and 'other' states nicely.
- - New
scrub(fragcache) ...
syntax for pf(4).
- - Add mbuf_tags(9)
PACKET_TAG_PF_FRAGCACHE
to stop pf(4) misdetecting duplicate fragments.
+ - Add IPL_STATCLOCK and add lots of splassert()s.
+
- ssh(1) spends less time with euid==0 even if it is installed setuid(root).
+
- Much cleanup in distrib/miniroot.
+
- Make pfctl(8) -s state print UDP and 'other' states nicely.
+
- New scrub(fragcache) ... syntax for pf(4).
+
- Add mbuf_tags(9) PACKET_TAG_PF_FRAGCACHE to stop pf(4) misdetecting duplicate fragments.
- pf(4) NAT proxy port ranges can be specified per-rule.
- Don't panic(9) if pf(4) tries to insert a duplicate key.
- pf(4) NAT and filter rules now all go in the one file (normally pf.conf(5).) New pfctl(8) file syntax. Oh yes.
@@ -236,14 +236,14 @@
- Add ioctl systrace(4) to retrieve the current emulation of a process.
- Remove dlopen(3) stuff from isakmpd(8).
- Fix BPF code for a gif(4) tunnel, and add some more sanity checks.
-
- Default
RhostsAuthentication
and RhostsRSAAuthentication
to 'no' now that ssh(1) is now longer setuid(root)
by default.
- - ssh-add(1) key lifetimes can now be specified in nice readable form, e.g. '
-t 1h
'.
- - Define
__weak_alias()
for mvme88k.
+ - Default RhostsAuthentication and RhostsRSAAuthentication to 'no' now that ssh(1) is now longer setuid(root) by default.
+
- ssh-add(1) key lifetimes can now be specified in nice readable form, e.g. '-t 1h'.
+
- Define __weak_alias() for mvme88k.
- Merge GNU TeXinfo 4.2.
- Prevent mbuf(9) leakage from bridge(4).
- New bad144(8).
- user(8) now checks the username length against MaxUserNameLen.
-
- Add bio(4) device, so userland can talk to devices that don't have nodes in
/dev
.
+ - Add bio(4) device, so userland can talk to devices that don't have nodes in /dev.
- Remove KerberosIV startup code from rc(8) files.
- Make pf(4) NAT rules work more like normal filter rules.
- Add SIO*PHYADDR to gif(4) so ifconfig(8) can set the outer address.
@@ -253,75 +253,75 @@
- Set FDDI link MTU the same as IPv4 MTU, fixes PR2714.
- Allow numeric group IDs in systrace(1).
- Changes to initialisation and media config of ep(4).
-
- Add list support for pf(4)
rdr
rules.
+ - Add list support for pf(4) rdr rules.
- Fix a number of bad strlcpy(3) calls.
- Fix PR2704 resuming eso(4) after standby.
- Change a lot of index(3) calls to strchr(3).
- Change "'cuz" to "because." Strewth!
- Add another mbuf(9) flag M_AUTH_AH, changing the meaning of M_AUTH.
-
- Remove a bunch of '
\n
's from syslog(3) and err(3) calls.
+ - Remove a bunch of '\n's from syslog(3) and err(3) calls.
- Make isakmpd(8) IKECFG support work for both SET/ACK and REQ/REPLY modes.
- Fixes for OpenSSL when talking to hardware crypto(4).
- Stop ftp(1) and ftpd(8) spilling the IPv6 scope ID onto the wire.
- The hardware is willing, and now xl(4) is able to offload TCP, UDP and IP checksumming to it.
- Support setting MTU on sk(4).
-
- Add
KERN_{NFILES,TTYCOUNT,NUMVNODES,MBSTAT}
sysctl(3) entries.
+ - Add KERN_{NFILES,TTYCOUNT,NUMVNODES,MBSTAT} sysctl(3) entries.
- For a bridge(4), handle IPv4 frag-needed-but-DF-set just like on a regular interface.
- Pull in some pciide(4) fixes from NetBSD.
-
- Remove (arguably) unnecessary
setgid(operator)
from df(1).
- - Remove
setuid(kmem)
from ps(1) and w(1) now kvm can use sysctl for some stuff. We don't need no proc
filesystem...
+ - Remove (arguably) unnecessary setgid(operator) from df(1).
+
- Remove setuid(kmem) from ps(1) and w(1) now kvm can use sysctl for some stuff. We don't need no proc filesystem...
- Make the kvm(3) library try to use the shiny new sysctls to fetch process arguments and environment.
- Add flag to stop kwm_open(3) opening any files, though limiting kvm functionality.
- Add sysctl(3) to retrieve process arguments and environment.
- Tweak kernel memory allocation on i386 to work better on 4GB machines.
- Work started on schizo(4/SPARC64) PCI controller. Who said that?
-
- Install script now puts FQDN in
/etc/myname
.
- - Make more use of
splsoftnet()
(instead of splnet()
) in IPv6 code.
- lo0
now only gets ::1
when it's brought up.
+- Install script now puts FQDN in /etc/myname.
+
- Make more use of splsoftnet() (instead of splnet()) in IPv6 code.
+
- lo0 now only gets ::1 when it's brought up.
- Merge kth-krb 1.1.1.
-
- Enable weak aliases in
libc
for powerpc, sparc and alpha (already enabled on i386.)
- - Add new
splusb()
to prevent USB initialisation lossage.
+ - Enable weak aliases in libc for powerpc, sparc and alpha (already enabled on i386.)
+
- Add new splusb() to prevent USB initialisation lossage.
- Improve SMART support in atactl(8).
-
- Silently ignore deprecated options to ssh(1) since they may be passed in for a remote
scp
command.
- - Remove
FallbackToRsh
from scp(1) as well.
+ - Silently ignore deprecated options to ssh(1) since they may be passed in for a remote scp command.
+
- Remove FallbackToRsh from scp(1) as well.
- pf(4) NAT rules now do macro expansion as well.
-
- Add Makefile-like (
var += ...
) macro concatenation to pfctl(8), then remove it again.
+ - Add Makefile-like (var += ...) macro concatenation to pfctl(8), then remove it again.
- Add per-rule state timeouts to pf(4).
- Fix well-hidden little bug in crypto(3) to unbork sparc64 SSL/TLS negotiation.
- On alpha, don't allow kernel symbols to be paged out.
-
- Deprecate
FallbackToRsh
and UseRsh
options in ssh(1).
+ - Deprecate FallbackToRsh and UseRsh options in ssh(1).
- ssh-keysign(8) now insists on 20-byte session IDs.
-
- Remove suspect
DIAGNOSTIC
block from softdep kernel code.
+ - Remove suspect DIAGNOSTIC block from softdep kernel code.
- Make wsdisplay(4) screen blanker play nice with the X server.
-
- lpr(1) and friends go from
setuid(root)
to setgid(daemon)
. Connections can come from unprivileged ports for now.
+ - lpr(1) and friends go from setuid(root) to setgid(daemon). Connections can come from unprivileged ports for now.
- Add Realtek 8129/8139 cardbus device support to rl(4).
-
- Switch macppc to use
gem
instead of gm
.
+ - Switch macppc to use gem instead of gm.
- Multicast fixes and Gigabit Ethernet support for gem(4).
- Rule label length increased from 32 to 64 characters.
-
- Allow modification of TTL with pf(4)
return-rst
.
+ - Allow modification of TTL with pf(4) return-rst.
- Timeout handling improvements to ohci(4).
- Make netstat(1) print RIP6 statistics.
- Allow a per-rule limit to the number of state table entries a pf.conf(5) rule can create.
- Switch pf(4) from AVL to red-black trees.
- Add Gemplus GPR400 PCMCIA smartcard reader.
-
- If sending on another interface, resubmit pf(4) routed packets for filtering and NAT by
pf
. Add an mbuf_tags(9) to stop loops forming.
+ - If sending on another interface, resubmit pf(4) routed packets for filtering and NAT by pf. Add an mbuf_tags(9) to stop loops forming.
- Don't propose IDEA when negotiating SSL connections.
-
$srcaddr
, $srcport
, $dstaddr
, $dstport
, $proto
and $nr
(rule number) can now be used in pfctl(8) rule labels.
-- Make a kernel TCP RST and a pf(4)
return-rst
look the same, to frustrate the nmap crowd.
+ - $srcaddr, $srcport, $dstaddr, $dstport, $proto and $nr (rule number) can now be used in pfctl(8) rule labels.
+
- Make a kernel TCP RST and a pf(4) return-rst look the same, to frustrate the nmap crowd.
- Some systrace(4) filter list optimizations.
-
- Remove IPv4 mapped address support from TCP input code, and remove
is_ipv6()
.
- - Add
net.inet6.ip6.v6only
sysctl(8) flag.
- - Add
ikecfg
as a valid flag in isakmpd.conf(5). Start coding SET/ACK mode support.
+ - Remove IPv4 mapped address support from TCP input code, and remove is_ipv6().
+
- Add net.inet6.ip6.v6only sysctl(8) flag.
+
- Add ikecfg as a valid flag in isakmpd.conf(5). Start coding SET/ACK mode support.
- inetd(8) no longer accepts UDP packets if the source is a broadcast address.
- Start work on KDrive (TinyX) low-footprint X server support.
-
- Add a missing
bzero()
in sys/netinet/tcp_input.c
to fix link-local TCP.
+ - Add a missing bzero() in sys/netinet/tcp_input.c to fix link-local TCP.
- Add flow type to ipsec(4) and isakmpd(8).
- Fix isakmpd(8) crasher PR2729.
- Deprecate SIO.*IFPREFIX_IN6 ioctls.
- Merge arla release 0.35.7.
- Merge OpenSSL 0.9.7-stable-20020605.
- TCP wrappers and pfctl(8) accept scoped IPv6 addresses.
-
- Remove
[gs]etprogname()
from KerberosIV
+ - Remove [gs]etprogname() from KerberosIV
- Fix ipsec(4) crash described in PR2721.
- Disable XF86_SVGA drivers in old XFree that are as good or better in XFree86 4.2.0, as defined in their status page.
- bpf(4) support for kqueue(2)
@@ -329,20 +329,20 @@
- Fix bktr(4) stereo.
- Support the RNG of AMD-768 southbridge (device amdpm(4).)
- Fix DMA handing of hme(4) (SPARC and SPARC64.)
-
- Pull in
libcsu
change from NetBSD to allow dlopen(3) to be used much earlier.
- - Add
-t
key lifetime option to ssh-add(1).
- - Use IPv4/IPv6 addresses in
/etc/inetd.conf
instead of 'localhost' to avoid DNS lookups.
+ - Pull in libcsu change from NetBSD to allow dlopen(3) to be used much earlier.
+
- Add -t key lifetime option to ssh-add(1).
+
- Use IPv4/IPv6 addresses in /etc/inetd.conf instead of 'localhost' to avoid DNS lookups.
- Add predicate suffixes to systrace(1).
-
- Add
-x
and -X
options to respectively lock and unlock ssh-agent(1).
- - Compatibility tweaks to
getpid()
, getuid()
and getgid()
under Linux emulation.
+ - Add -x and -X options to respectively lock and unlock ssh-agent(1).
+
- Compatibility tweaks to getpid(), getuid() and getgid() under Linux emulation.
- Start work on new debugger, pmdb.
- Additional check (#ifdef DIAGNOSTIC) for duplicate uvm(9) map entries.
-
- If syslog(3) fails with ENOBUFS when sending to
/dev/log
, it now waits a millisecond and retries.
+ - If syslog(3) fails with ENOBUFS when sending to /dev/log, it now waits a millisecond and retries.
- syslogd(8) doubles the socket receive buffer size.
- Automatic policy generation for systrace(4).
- lynx(1) now defaults to passive FTP.
-
- Remove
[gs]etprogname()
from KerberosV.
- - New
-a <bind_address>
option to ssh-agent(1) so user can specify the agent's UNIX domain socket.
+ - Remove [gs]etprogname() from KerberosV.
+
- New -a <bind_address> option to ssh-agent(1) so user can specify the agent's UNIX domain socket.
- Make tbrconfig(8) statically linked.
- Remove assumptions about MTU values for certain media types.
- Use the same byte-order kung fu as the kernel in atactl(8).
@@ -361,75 +361,75 @@
- Detect stereo radio reception in fms(4).
- Compatibility tweaks to creator(4/SPARC64).
- Replace mr(4) radio driver with new gtp(4) driver, which is better tested.
-
- '
pfctl -s all
' now prints labels as well.
- - Add
volatile
to sig_atomic_t
. Stand well back.
+ - 'pfctl -s all' now prints labels as well.
+
- Add volatile to sig_atomic_t. Stand well back.
- Use rasops instead of rcons in cgthree(4/SPARC) and cgsix(4/SPARC).
- Simplify IPv6 link MTU code.
- Stop maintaining 2.9-stable.
- Bump 2.9-stable to OpenSSH version 3.2.3.
- Bump 3.0-stable to OpenSSH version 3.2.3.
-
- Implement
PMAP_CANFAIL
flag for m68k pmap.
+ - Implement PMAP_CANFAIL flag for m68k pmap.
- Enable console blanking on cgthree(4/SPARC).
-
- Make sure some
struct sockaddr
are cleared before use.
+ - Make sure some struct sockaddr are cleared before use.
- Start work on NetOctave NSP2000 (hardware crypto) driver noct(4). Just the RNG for now.
- Apply BSD Airtools 0.2 patches.
- Teach ECN flags to pf(4).
- Dump mkisofs(8) in favor of mkhybrid(8).
-
- Avoid
fd_set
overruns in rtsold(8), route6d(8) and rtadvd(8).
+ - Avoid fd_set overruns in rtsold(8), route6d(8) and rtadvd(8).
- Clue in inetd(8) to IPv6 FTP bounce attacks.
-
- Fix
/etc/ptmp
deletion bug that occurred if rmuser(8) was aborted.
+ - Fix /etc/ptmp deletion bug that occurred if rmuser(8) was aborted.
- IBSS mode for Symbol cards (firmware >= 2.5) using the wi(4) driver.
- Add leading-zero padding to RSA signatures in ssh.
- Tweak altq(9) options(4) so the kernel compiles on i[34]86.
- Add support in the fxp(4) driver for more Intel PRO/100 VM cards.
- For those that do metric but refuse to work in meters and kilograms, kayser conversion has been added to units(1). Wow.
- Fix signal races in ping(8).
-
- Now that the Dungeon Master dm(1) has gone into well-earned retirement, make those games that need to save high scores, etc. run setgid
games
.
+ - Now that the Dungeon Master dm(1) has gone into well-earned retirement, make those games that need to save high scores, etc. run setgid games.
- Per-socket ipsec(4) policies and options!
- Stop a potential ipsec(4) DoS where an attacker could falsely advance the replay counter and so force valid traffic to be discarded.
- Add German keyboard map for Apple iBook.
- On ELF platforms, allow gcc(1) to link Fortran code with other languages.
-
- Pull ldconfig(8)
strlcpy()
fix into -stable.
+ - Pull ldconfig(8) strlcpy() fix into -stable.
- Make sure every PCI interrupt is recorded, so ISA doesn't step on one of them later.
- Attach radio(4) devices properly.
- Fix VIA8233 support in auvia(4).
-
- Make nc(1) timeouts behave more like
netcat
.
- - Make sure user's shell is
/usr/sbin/authpf
before running authpf(8) to prevent $SSH_CLIENT
shenanigans.
+ - Make nc(1) timeouts behave more like netcat.
+
- Make sure user's shell is /usr/sbin/authpf before running authpf(8) to prevent $SSH_CLIENT shenanigans.
- In ssh, use OpenSSL's AES implementation instead of our own.
-
- Add
-[46]
options to ftp(1).
+ - Add -[46] options to ftp(1).
- Warn to syslog if IPv6 neighbor discovery tries to set the link MTU too small.
- Make tip(1) query the driver with the user's baud rate setting rather than only accepting a compiled-in list.
- Better wscons(4) support for Sun type 5 keyboards.
- Cleanup and small fixes to skeyaudit(1).
- Fixes to fms(4).
- Various fixes and enhancements to mg(1).
-
- sshd(8) no longer starts in privilege-separated mode unless the PrivSep user
sshd
and chroot(2) dir /var/empty
are both present.
+ - sshd(8) no longer starts in privilege-separated mode unless the PrivSep user sshd and chroot(2) dir /var/empty are both present.
- Recognise Intel 830 (laptop Celery support) and 312 southbridge.
- Fix potential time overflow in dd(1).
- Make bridge(4) refragment IP packets that are too large for the outgoing interface.
-
- Remove
libdl
, support is now in libc
.
+ - Remove libdl, support is now in libc.
- Recognise Nokia C110 and C111 PC cards as wi(4) devices.
- Really sanitize ld.so(1)'s environment as promised in the manpage when running set[ug]id, and test for set[ug]id earlier.
- Don't allow mktemp(3) to back up past the beginning of its input buffer.
- Use the correct string buffer size for printing port numbers in pfctl(8).
-
- Remove
arc4random_8()
.
- struct ifnet
now has an array of pointers to data for each address family. Move per-interface IPv6 state and neighbor discovery stuff here.
+- Remove arc4random_8().
+
- struct ifnet now has an array of pointers to data for each address family. Move per-interface IPv6 state and neighbor discovery stuff here.
- netstat(1) cleanup.
- ping6(8) and traceroute6(8) updates from KAME.
-
unsigned
-> unsigned int
cleanup.
-pid_t
type cleanup.
+- unsigned -> unsigned int cleanup.
+
- pid_t type cleanup.
- Fix big snprintf(3)
parameter typo in strftime(3).
- Don't use execlp(3) when invoking ssh-keysign(8).
- Fix kill(2) parameter brainfade in amd(8) and KerberosIV's rlogin.
- vax: Add board type for VXT2000+.
- More IANA interface type values, including IFT_BRIDGE.
-
- Split XFree86
bsd_video.c
into architecture-specific files.
- - Add sysctl(8) toggle
net.inet.icmp.tstamprepl
(default: 1) for ICMP timestamp replies.
+ - Split XFree86 bsd_video.c into architecture-specific files.
+
- Add sysctl(8) toggle net.inet.icmp.tstamprepl (default: 1) for ICMP timestamp replies.
- Yet more safe string function fixes.
- In XFree86 build, honour COPTS variable when building third-party apps.
-
- Add
LIBS
option for crunchgen
so custom libraries can be added to boot images.
- - Run rpc.rstatd(8) and rpc.rusersd(8) as user
nobody
(boo!) from inetd(8).
+ - Add LIBS option for crunchgen so custom libraries can be added to boot images.
+
- Run rpc.rstatd(8) and rpc.rusersd(8) as user nobody (boo!) from inetd(8).
- From ld.so(1), remove tests that have no license, and for the same reason replace parts of ld(1) and ldconfig(8).
- Remove unnecessary instruction cache flushes on sparc64.
- Many cleanups in ld.so(1).
@@ -604,7 +604,7 @@
www@openbsd.org
-
$OpenBSD: plus.html,v 1.832 2002/07/10 06:46:40 deraadt Exp $
+
$OpenBSD: plus.html,v 1.833 2002/07/10 06:48:01 deraadt Exp $