===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.891
retrieving revision 1.892
diff -u -r1.891 -r1.892
--- www/plus.html 2003/10/30 17:42:07 1.891
+++ www/plus.html 2003/11/02 17:42:52 1.892
@@ -53,13 +53,113 @@
We are working on OpenBSD-current.
-The following list sums up (almost) all the changes made up to October 16.
+The following list sums up (almost) all the changes made up to November 1.
+- Preserve the debug flag when enabling pf(4).
+
+
- In top(1), check for signals at the right time and handle stdin failures better.
+
+
- Have patch(1) determine the filename in same manner as GNU patch.
+
- New --posix option for patch(1) for, uh, strict POSIX conformance.
+
- Set pkgpath in the correct order in pkg_add(1) etc.
+
- Re-add the SATA mode detection and reset-pause-IDENTIFY fixes to wdc(4). Drive reset fixes need further testing.
+
- Allocate the right number of elements in hashinit(9) (PR#3537.)
+
- Look up the groupname (not the username) when getting the gid from a tarfile in pkg_add(1) and friends. Also set file ownership before the mode.
+
- Add IPv6 support to carp(4).
+
- Sync libedit to NetBSD as of 2003-10-01, with some local string cleaning and history bug fixes. There are some api changes as a result of this update.
+
- New port, OPENBSD/pegasos.
+
- Fix insufficient length check in route6d(8) (KAME PR#507.)
+
+
- Try to deal with strdup(3) failures in init(8).
+
- More detective work from the spelling police, double-word branch.
+
- Fix lc(4) multicast filter initialisation.
+
+
- Backout recent wdc(4) reset, identify and mode detection changes, they are breaking things.
+
- Fix pf(4) binat for incoming connections when a netblock (not just a single address) is used as the rule source (PR#3535.)
+ [Applied to stable]
+ - RELIABILITY FIX: A user with write permission to httpd.conf or a .htaccess file can crash httpd(8) or potentially run arbitrary code as the user www (although it is believed that ProPolice will prevent code execution.)
+ A source code patch is available.
+ [Applied to stable]
+
+ - Do a better job of finding the proper partition in growfs(8).
+
- Evaluate dependencies earlier in pkg_delete(1), and if the check fails just give a list of the required removals and quit.
+
- Don't die if getsockopt(..., TCP_NODELAY, ...) fails in ssh(1).
+
+
- In wdc(4), add a pause between a drive reset and an IDENTIFY command, to allow for units that are sick just after a reset.
+
- Don't do ATA mode detection for SATA drives, some drives really don't like it.
+
- Set the skew properly when rescheduling carp(4) advertisements.
+
- Fix an mg(1) startup crash.
+
- Don't schedule a carp(4) advertisement if the interface is on its way down and we run out of mbufs.
+
- Really stop sending advertisements if the carp(4) interface is downed.
+
+
- Set the maximum value for sysctl(3) kern.stackgap_random maximum to 256MB.
+
- Remove artificial limit on the number of partitions that may be stretched by growfs(8).
+
- Early support in wi(4) for PRISM 2.5/3 USB adapters. Very limited for now.
+
- Make wdc(4) reset code more like that in FreeBSD and NetBSD, fixing slave device detection when the master behaves strangely.
+
+
- Reorganise pf(4) state searches for a 30% memory saving.
+
- Don't leak mbufs on carp_output() failures.
+
- Replace a linked list with a hash table for local IP port lookup, dramatically reducing the lookup time (in_pcblookup()) when there are many sockets.
+
- Precompute as much of the carp(4) sha1 hash as possible.
+
+
- Prevent occasional syslogd(8) hangs on receipt of a SIGHUP with a modified syslog.conf file.
+
- Remove a few comparisons of an int to NULL.
+
- Do initgroups(3) before chrooting httpd(8) instead of after, since /etc/group may be of use.
+
- Stop the new bpf(4) write filter blocking everything when no filter is set, and so unbreak DHCP.
+
+
- Only try to remove a dependent package once in pkg_delete(1).
+
- In carp(4), stir in the full inner hash instead of just sizeof(pointer) bytes of it.
+
- Finally, stop the long long pause for i386 laptop users with disconnected floppy drives.
+
- Make pkg_info(1) do the right thing with multiple packages sharing a common stem, e.g. multiple responses for 'pkg_info autoconf'.
+
- Allow pkg_delete(1) to work with package name stems. Oh yes.
+
+
- Another missing strdup(3) error check, this time in tn3270(1).
+
- Reduce the amount of logging spamd(8) does by default. The new -v option does verbose logging.
+
- Have privilege-separated syslogd(8) call setgroups when changing dropping privileges, in line with the same change in newly-separated pflogd(8).
+
- Fix a panic when traversing a corrupt msdos filesystem. From NetBSD.
+ [Applied to stable]
+ - Implement privilege separation in pflogd(8). Requires creation of _pflogd user and group.
+
- Add locking and write-filtering to bpf(4), so programs running as non-root can hold bpf descriptors without being able to write whatever they like at the link layer or issue dangerous ioctl(2)s.
+
- Fix dc(1)'s J operator with the new extended comparisons.
+
- Switch carp(4) from keyed sha1 to hmac-sha1.
+
- Implement extended comparison operators in dc(1), to allow for an if ... else construct in bc(1).
+
- Make un-getting a character from a string work the same as from a file in dc(1).
+
- Fix a kqueue(2) file descriptor leak under libpthread.
+
- In libpthread, don't bother resetting O_NONBLOCK on descriptors that are not flagged to survive the imminent execve(2).
+
+
- Add missing strdup(3) error check in tic(1).
+
- In mg(1), make undo work per-window instead of per-buffer.
+
- Fix late definition of enum XML_Status in <expat.h>. From expat CVS.
+
- A huge number of comment spelling fixes all over the tree.
+
- Make ssh(1) choke on too-short GSSAPI OIDs.
+
+
- Switch over to the new package tools.
+
- In netstart(8), don't try to initialise carp(4) interfaces until after physical interfaces are configured.
+
- Fix an endianness bug in carp(4) sha1 code.
+
- realloc(3) cleanup in ppp(8).
+
- Stop all carp(4) hosts advertising master status when preempt is disabled.
+
- When doing carp(4), Only give an error in ifconfig(8) when the user tries to set both of advbase and advskew to zero.
+
+
- Correct a missing strdup(3) return value check in nc(1).
+
- Fix numfds==0 case in pthreads-optimised select(2).
+
- Add functions to find package name 'stems' (package names without the version number) and use them in the soon-to-be-enabled new pkg_info(1).
+
- Add direct support in named(8) for SSHFP resource records.
+
+
- Fix bc(1)'s assignment operators (+=, -= etc.)
+
- Add J(jump) and M(mark) operators in dc(1), and use them to implement the continue statement in bc(1).
+
- Fix out-of-bounds reads in make(1), libfreetype and xterm(1).
+
+
- Make the recent vnd(4) numbering change work the way it should.
+
- Enter carp(4), OpenBSD's Common Address Redundancy Protocol for IP high availability and load balancing.
+
- Unbreak httpd(8) SHA1 code on 64-bit architectures.
+
- Make sure the inode generation number (obtained using arc4random()) is positive.
+
- pciide(4) DMA reliability fixes. From NetBSD.
- strlcpy(3) -> memcpy(3) for non-string buffers in vi(1), along with some extra paranoia.
- Check for signals earlier in mountd(8), so they can be handled before we select(2) until a mount request comes in.
+
- Import new package management tools under src/usr.sbin/pkg_add. Not built by default yet.
- New 'G' malloc.conf option to add a guard page after pagesize-or-larger chunks, and to return less-than-pagesize chunks in random order.
- Better SATA support in wdc(4).
- Fix faithd(8) args to poll(2).
@@ -258,7 +358,8 @@
- Completely new BSD-licensed version of dc(1) using the OpenSSL bn(3) routines.
- Have scp(1) check for an error code in remote->remote mode.
- When chrooting httpd(8), use initgroups(3) so that supplementary group IDs are initialised as well.
-
- Temporarily disable soft interrupts support in usb(4) for stability reasons.
+
- Temporarily disable soft interrupts support in usb(4) for stability reasons.
+ [Applied to stable]
- Several abnormal exit handler fixes to ssh(1).
- Better disk device probe on i386.
- Correct the signal number validity check in csh(1)'s kill command.
@@ -314,7 +415,7 @@
www@openbsd.org
-
$OpenBSD: plus.html,v 1.891 2003/10/30 17:42:07 deraadt Exp $
+
$OpenBSD: plus.html,v 1.892 2003/11/02 17:42:52 deraadt Exp $