===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.841
retrieving revision 1.842
diff -u -r1.841 -r1.842
--- www/plus.html 2002/08/27 21:27:35 1.841
+++ www/plus.html 2002/09/16 20:50:25 1.842
@@ -48,12 +48,112 @@
We are working on OpenBSD-current.
-The following list sums up (almost) all the changes made up to August 23.
+The following list sums up (almost) all the changes made up to September 15.
+- Periodically save changes to systrace(1) policies.
+
- Various fixes to newsyslog(8).
+
- Re-sync the siop(4) driver with NetBSD.
+
- Signal fixes in libevent.
+
+
- Merge in Sendmail 8.12.6.
+
- Give stdio's __cleanup handlers the same mprotect() treatment as atexit(3) now receives.
+
- Further tweaks to handling of address families in NAT rules. Try to infer the AF from the rule, if that fails then require the user to specify it.
+
- Various fixes to cy(4).
+
- Merge in OpenSSL-0.9.7-stable-SNAP-20020911, bump libcrypto minor version.
+
+
- Stop newsyslog(8) rotating logfiles that only contain logfile rotation messages.
+
+
- License fixes to pppd(8), nearly there now.
+
- Add -H option to identd(8) which hides info for non-existent users as well as existing ones. Useful when NATing.
+
- Remove the need for /dev/null and /etc/localtime in named(8)'s chroot jail.
+
- Add 'antispoof' keyword to pfctl(8). Oh yes.
+
- Improvements to pfctl(8)'s netmask handling.
+
+
- Add a missing pointer initialisation in in6_ifdetach().
+
- Make the sftp(1) client's ls command useful, with globbing and short/long listings.
+
- Fix initialisation of Broadcom 582x chips by ubsec(4).
+
+
- Various signedness fixes.
+
- Versioning info moves to 3.2-beta.
+
- Have ssh-agent(1) check the peer using getpeereid(2).
+
- pmap_{copy,zero}_page API changes.
+
- Merge in OpenSSL 0.9.7beta3.
+
+
- amd(8) now creates a socket listening on 127.0.0.1 as well as one on *, and only responds to amq requests on the former.
+
- Add support for the Silicon Image 680 ATA133 chip to the pciide(4) driver.
+
- sshd(8) now supports Kerberos authentication in PrivSep mode.
+
+
- pf(4)'s parser takes more care parsing address families in NAT rules.
+
- Add leap second support to rdate(8) running in RFC868 mode (it already supports this in NTP mode with the -N option.)
+
- Correct altq(9)'s representation of positive infinity.
+
+
- Signal handler fixes in bootpd(8), rtadvd(8) and rtsold(8).
+
- faithd(8) dies on FD_SET overruns.
+
- Fix a couple of off-by-ones in mopd(8).
+
+
- Make fsck(8) work properly with long block device filenames (handle MAXPATHLEN chars instead of 32.)
+
- Don't build the somewhat less than ubiquitous photurisd(8) by default any more.
+
- Lots and lots of ANSIfication.
+
- Lots of int -> socklen_t.
+
- Some signedness fixes to arp(8).
+
- Repair a missing msglog() arg in routed(8).
+
+
- Fix ahc(4)'s interrupt sharing.
+
- libusbhid(3) now available in the shared variety.
+
- Don't allow data to be appended to the receive buffer of a socket that's been shut down (see NetBSD PR#18185.)
+
- Merge in OpenSSL 0.9.7beta1. To be continued.
+
- isakmpd(8) interoperability fixes for FreeS/WAN and SSH Sentinel.
+
+
- Make rwalld(8) revoke its group privileges as well as user privs.
+
- Don't install safe_finger any more.
+
- Add support for the SCSI Reduced Block Command Set (RBC.)
+
- Bump sshd(8)'s LoginGraceTime from one minute to two.
+
- Various compatibility fixes and additions to ubsec(4).
+
- ifconfig(8) can now set whether or not use of IPv6 deprecated addresses are allowed.
+
+
- _x11 user and group added for xdm(1 to use.
+
- Pull in XFree86's fix for a serious Xlib security bug (which didn't affect OpenBSD.)
+
- Fix parsing of NAT port ranges.
+
- Check the interface specified with route-to/dup-to/fastroute actually exists. If it does, null terminate its name before moving on.
+
+
- Fix an uninitialised pointer bug in ld.so(1).
+
- The X server now tries to open the aperture driver before trying /dev/mem. Re-enable early privilege drop on i386.
+
+
+
- traceroute(8) now warns if DNS returns multiple addresses, like traceroute6.
+
- Add support for the Promise Ultra133 TX2 EIDE controller.
+
- Fix an mbuf leak in wi(4).
+
- Reenable the atexit(3) handler improvements backed out on 31 July.
+
- Add -I option to traceroute6(8) to get ICMP probes instead of UDP.
+
+
- Further reduce the amount of time ssh(1) runs as root when installed setuid.
+
- Fudge isakmpd(8) so it only honours the requirement to check against a CRL if there is a CRL loaded...
+
+
- Update the rt(4) Radiotrack driver, add isapnp support.
+
- Some casts to make 64-bit kernel work with varargs calls.
+
+
- Fixes to gem(4).
+
- Properly limit EDNS0 size to 0xffff.
+
- Fix a signedness problem in SSH so that RSA_public_decrypt(3) errors can be detected.
+
- Make X's module loader set PROT_EXEC using mprotect(2) on malloc'd pages containing code (needed since the heap is now mapped without PROT_EXEC.)
+
- DNS responses from getaddrinfo(3), gethostby*() and getnetby*() now get a 64K receive buffer.
+ [Applied to stable]
+
+ - traceroute6(8) warns if DNS returns multiple IP addresses for the target.
+
- Do a yyrestart() after a longjmp in pcap(3).
+
- Fix a dangling pointer bug in sbcompress().
+
- Make the X server option NoSilkenMouse work again.
+
+
- Make portmap(8) detect failure of svc_register and die nicely.
+
- X aperture driver for Alpha, works like i386.
+
+
- Skeleton ld.so(1) support for ELF in i386. Not enabled, nor is it promised anytime soon.
+
- ld.so(1) warns about symbol size mismatches.
+
- inet_ntop(3) handles snprintf errors properly.
- Map the heap non-executable.
-
- Change the way FREF() and FRELE() are called w.r.t. getvnode() (see file(9).)
+
- Change the way FREF() and FRELE() are called w.r.t. getvnode() and getsock().
- Fix a locking problem that can occur when an executable tries to exec(3) itself.
- Avoid a potential int overflow in comsat(8)
- Make the resolver ignore DNS AAAA replies containing IPv4-mapped addresses.
@@ -106,7 +206,8 @@
- Fix raw socket translation for Linux compatibility mode.
- Properly clear the argument list in pmdb.
- Die on fd_set overrun in mtrace(8), map-mbone(8) and mrouted(8) (not built by default.)
-
- When emulating Linux, don't have accept()ed sockets inherit flags from the listen socket.
+
- When emulating Linux, don't have accept()ed sockets inherit flags from the listen socket.
+ [Applied to 3.1-stable]
- Fix snprintf length in syslogd(8).
- Correct a sizeof bug in photurisd(8).
- Tweak IFF_PROMISC handling in wi(4) to avoid some unnecessary initialisations.
@@ -892,7 +993,7 @@
www@openbsd.org
-
$OpenBSD: plus.html,v 1.841 2002/08/27 21:27:35 markus Exp $
+
$OpenBSD: plus.html,v 1.842 2002/09/16 20:50:25 deraadt Exp $