version 1.839, 2002/08/16 00:16:44 |
version 1.840, 2002/08/23 23:44:48 |
|
|
|
|
<p> |
<p> |
<h3><font color=#0000e0>We are working on OpenBSD-current.</font></h3><p> |
<h3><font color=#0000e0>We are working on OpenBSD-current.</font></h3><p> |
The following list sums up (almost) all the changes made up to August 10. |
The following list sums up (almost) all the changes made up to August 23. |
<ul> |
<ul> |
|
|
|
<li>Map the heap non-executable. |
|
<!-- ^^^ 20020823 --> |
|
<li>Change the way FREF() and FRELE() are called w.r.t. getvnode() (see <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=file&sektion=9">file(9)</a>.) |
|
<li>Fix a locking problem that can occur when an executable tries to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=exec&sektion=3">exec(3)</a> itself. |
|
<li>Avoid a potential int overflow in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=comsat&sektion=8">comsat(8)</a> |
|
<li>Make the resolver ignore DNS AAAA replies containing IPv4-mapped addresses. |
|
<!-- ^^^ 20020822 --> |
|
<li>Bump the listen() backlog from 5 to 128 (!) in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>. |
|
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>'s default LoginGraceTime reduced from 600 to 60 seconds. |
|
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wscons&sektion=4">wscons(4)</a> now attaches to each wsdisplay device by default. |
|
<li>Fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strip&sektion=1">strip(1)</a>. -x now works. |
|
<!-- ^^^ 20020821 --> |
|
<li>net.inet6.ip6_use_deprecated is on by default again... |
|
<li>Fix some (but not all) signal races in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fsck_ffs&sektion=8">fsck_ffs(8)</a>. |
|
<li>New -n option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftpd&sektion=8">ftpd(8)</a> that disallows anonymous access even if the ftp user exists. |
|
<li>Perform /tmp/.{X11,ICE}-unix fixups before the system goes multiuser. |
|
<!-- ^^^ 20020820 --> |
|
<li>Fix sysctl <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=copyout&sektion=9">copyout(9)</a>s in IPv6 neigbour discovery. |
|
<!-- ^^^ 20020819 --> |
|
<li>Audit and cleanup of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inet_net_ntop&sektion=3">inet_net_ntop(3)</a>, inet_neta() and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inet_ntop&sektion=3">inet_ntop(3)</a>. |
|
<li>TCP now tries to act appropriately w.r.t. net.inet6.ip6_use_deprecated. |
|
<!-- ^^^ 20020818 --> |
|
<li>Use of IPv6 deprecated addresses switched off by default. (See <a href="http://www.ietf.org/rfc/rfc2462.txt">RFC2462</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=8">sysctl(8)</a> variable net.inet6.ip6_use_deprecated.) |
|
<li>Fixes to the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isp&sektion=4">isp(4)</a> SCSI driver. |
|
<!-- ^^^ 20020817 --> |
|
<li>Correct two sizeof bugs in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=9">crypto(9)</a>. |
|
<li>Allow a raw IP socket to see a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gre&sektion=4">gre(4)</a> packets for tunnels we haven't configured. |
|
<!-- ^^^ 20020816 --> |
|
<li>Add some more cross-compilation targets in /usr/src/Makefile. |
|
<li>Backfit Perl 5.80's File::Glob implementation (based on OpenBSD's code) to our <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=perl&sektion=1">perl(1)</a>. |
|
<li>Fix a null pointer dereference in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>. |
|
<!-- ^^^ 20020815 --> |
|
<!-- ^^^ 20020814 --> |
|
<!-- ^^^ some CVS breakage around here --> |
|
<!-- ^^^ 20020813 --> |
|
<li>Using the state table instead of a special-purpose list, allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT to use the same proxy port for multiple external peers. |
|
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a> setgid(_sshagnt). setuid/setgid processes can't be <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ptrace&sektion=2">ptrace(2)</a>ed. |
|
<li>SPARC consoles now use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wscons&sektion=4">wscons(4)</a>. |
|
<!-- ^^^ 20020812 --> |
|
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=traceroute&sektion=8">traceroute(8)</a> now displays '!X' when packets come back as ICMP administratively prohibited by filter. |
|
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rsh&sektion=1">rsh(1)</a> die on fd_set overruns. |
|
<li>In a number of places, switch the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=calloc&sektion=3">calloc(3)</a> round the right way. |
|
<li>Switch SPARC to ELF. |
|
<li>Fix an XFree runtime loader problem seen on Alpha, PowerPC, SPARC and SPARC64. |
<!-- ^^^ 20020811 --> |
<!-- ^^^ 20020811 --> |
<li><font color="#e00000"><strong>SECURITY FIX: An insufficient boundary check in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=select&sektion=2">select(2)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=poll&sektion=2">poll(2)</a> system calls allows an attacker to overwrite kernel memory and execute arbitrary code in kernel context.</strong></font><br> |
<li><font color="#e00000"><strong>SECURITY FIX: An insufficient boundary check in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=select&sektion=2">select(2)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=poll&sektion=2">poll(2)</a> system calls allows an attacker to overwrite kernel memory and execute arbitrary code in kernel context.</strong></font><br> |
<a href="errata.html#scarg">A source code patch is available</a>.<br> |
<a href="errata.html#scarg">A source code patch is available</a>.<br> |
|
|
<!-- ^^^ 20020722 --> |
<!-- ^^^ 20020722 --> |
<li>Add a sequence number to kernel messages for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>. |
<li>Add a sequence number to kernel messages for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>. |
<li>Teach pmdb about corefiles. |
<li>Teach pmdb about corefiles. |
|
<li>Map stack pages non-executable. |
<!-- ^^^ 20020721 --> |
<!-- ^^^ 20020721 --> |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=noct&sektion=4">noct(4)</a> now works around NSP2000 PCI bridge brokenness. Fix a similar problem in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hifn&sektion=4">hifn(4)</a>. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=noct&sektion=4">noct(4)</a> now works around NSP2000 PCI bridge brokenness. Fix a similar problem in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hifn&sektion=4">hifn(4)</a>. |
<li>Drop the requirement for commas in many <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> lists, useful when used in conjunction with the new variable concat feature. |
<li>Drop the requirement for commas in many <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> lists, useful when used in conjunction with the new variable concat feature. |