| version 1.857, 2003/02/03 23:59:32 |
version 1.858, 2003/02/20 22:47:50 |
|
|
| |
|
| <p> |
<p> |
| <h3><font color=#0000e0>We are working on OpenBSD-current.</font></h3><p> |
<h3><font color=#0000e0>We are working on OpenBSD-current.</font></h3><p> |
| The following list sums up (almost) all the changes made up to February 1. |
The following list sums up (almost) all the changes made up to February 19. |
| <p> |
<p> |
| |
|
| <ul> |
<ul> |
| |
<li>Fix a null deref triggered by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipcomp&sektion=4">ipcomp(4)</a>. |
| |
<!-- ^ 20030220 --> |
| |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> rejects non-existent interfaces in rules using dynamic interface syntax. |
| |
<li>Move /var/at files into /var/cron since <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=at&sektion=1">at(1)</a> is now a part of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cron&sektion=8">cron(8)</a>. |
| |
<li>Fix support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> syntax (if)/24 (dynamic interface name translation with a network prefix.) |
| |
<li>Pull in from OpenSSL 0.9.7a a fix for a <a href="http://www.openssl.org/news/secadv_20030219.txt">timing-based attack</a> against CBC (assigned <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0078">CAN-2003-0078</a>.) |
| |
<li>Add a counter for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a> showing how often <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipcomp&sektion=4">ipcomp(4)</a> was skipped because the packet size was below the compression threshold. |
| |
<li>Fix a buffer overflow in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> on 64-bit platforms. |
| |
<li>Stability updates to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vr&sektion=4">vr(4)</a>. |
| |
<li>LFS is not supported, so remove support for it from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=df&sektion=1">df(1)</a>. |
| |
<!-- ^ 20030219 --> |
| |
<li>More niggly fixes to newly-added LZS support. |
| |
<li>Don't load <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a> options when one of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>'s load switches (-A, -N, -R) is in force. |
| |
<li>Write the stack to core files properly for upward-growing stack architectures. |
| |
<li>Enable LZS support in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipcomp&sektion=4">ipcomp(4)</a>, missed when LZS was added earlier. |
| |
<li>Turn of BIND 9's logging of lame servers; some people never learn, and we don't want to know about them. |
| |
<li>Make min-ttl and random-id operate on inbound as well as outbound <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> scrub rules. |
| |
<li>Many missing copyright notices added to manpages. |
| |
<!-- ^ 200300218 --> |
| |
<li>Add privilege separation support to the X server. Fixes a lot of problems. |
| |
<li>Fix a double-free in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&sektion=1">ftp(1)</a>. |
| |
<li>Add -n 'no daemon' option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cron&sektion=8">cron(8)</a>. |
| |
<li>Enqueue the copy and not the original mbuf that's free four lines later, and so stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a> crashing the kernel. |
| |
<!-- ^ 20030217 --> |
| |
<li>Improve default route setup in the installer. |
| |
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> forced commands with 'PermitRootLogin forced-commands-only' set. |
| |
<li>Similar to the recent pid leak fix, stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> leaking inode numbers. More details in the <a href="http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/httpd/src/main/http_main.c?rev=1.28&content-type=text/x-cvsweb-markup&cvsroot=openbsd">checkin comment</a>. |
| |
<li>Some RFC-compliance fixes to the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> multipart MIME pid leak fix. |
| |
<li>Clean up <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> macro parsing. |
| |
<!-- ^ 20030216 --> |
| |
<li>Fix format string bugs in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=grep&sektion=1">grep(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nohup&sektion=1">nohup(1)</a>. |
| |
<li>strcpy -> strlcpy in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rpc.pcnfsd&sektion=8">rpc.pcnfsd(8)</a>. |
| |
<li>Add support framework for LZS compression to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=9">crypto(9)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a>. |
| |
<li>More write protection paranoia in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a>. |
| |
<li>Make bsd.rd an install/upgrade target. |
| |
<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> leaking child process IDs in multipart MIME boundary separators. (See the <a href="http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/httpd/src/main/http_protocol.c?rev=1.15&content-type=text/x-cvsweb-markup&cvsroot=openbsd">checkin comment</a> for an example.) |
| |
<li>Increase the size of the rates buffer in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> hostap so 802.11g stations can associate. |
| |
<li>When outputting raw IP and generating the header manually, make sure the packet is large enough for a full IP header. |
| |
<!-- ^ 20030215 --> |
| |
<li>Fix an mbuf leak in IPv6 TCP. |
| |
<li>Now that <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> tables spring into existence on demand, remove the unnecessary '-T create' option. |
| |
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=arc4random&sektion=3">arc4random(3)</a> stir the pool when the caller's pid changes. |
| |
<li>Add 'scrub in all no-df' to the initial <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a> installed by /etc/rc. This helps diskless booters using Linux NFS servers. |
| |
<li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> redirect to loopback interfaces again, now that looping can't occur. |
| |
<!-- ^ 20030214 --> |
| |
<li>Fix an fd locking bug in libpthread. |
| |
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&sektion=8">spamd(8)</a> use tables instead of regular rules on an anchor. |
| |
<li>Improvements to ATAPI PIO mode selection. |
| |
<li>Fix an mbuf leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a>. |
| |
<li>Really fix an <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lprm&sektion=1">lprm(1)</a> buffer overflow. |
| |
<li>Finish nForce support in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pciide&sektion=4">pciide(4)</a>. |
| |
<li>When <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> complains about an illegal netmask, have it show the offending article. |
| |
<!-- ^ 20030213 --> |
| |
<li>Fix busted <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ypxfr&sektion=8">ypxfr(8)</a>, the key and values are no longer swapped around. Which is nice. |
| |
<li>Add libedit line editing support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cdio&sektion=1">cdio(1)</a>. |
| |
<li>Teach <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=disklabel&sektion=8">disklabel(8)</a> to use units other than sectors on the command line. |
| |
<li>3.2-current -> 3.3-beta. |
| |
<li>Replace <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>'s and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a>'s crc32 code with BSD-licensed versions. |
| |
<li>Change <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> scrub option 'no-df' to better handle fragments with DF set, such as those sent by Linux NFS. |
| |
<li>When in async mode, signal the process group instead of the process from WSEVENT_WAKEUP in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wscons&sektion=4">wscons(4)</a>. |
| |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newsyslog.conf&sektion=5">newsyslog.conf(5)</a>, users can separated from groups now with ':' as well as '.'. |
| |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newsyslog&sektion=8">newsyslog(8)</a> can now rotate files at a specific time. |
| |
<li>Better <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bind&sektion=2">bind(2)</a> error checking in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>. |
| |
<li>Be consistent with ntohs() in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> translation code. |
| |
<li>Some consolidation and tidyup in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>'s rule parsing code. |
| |
<!-- ^ 20030212 --> |
| |
<li>More fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> routing. |
| |
<li>Don't ever send ICMP redirects for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>-redirected packets . |
| |
<li>Allow definition of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> macros on the command line. Oh yes. |
| |
<li>Remove sinful abbreviation of the unit of frequency as 'hz' (it's 'Hz', don't you know.) |
| |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a> now displays the DF flag for IP fragments. |
| |
<!-- ^ 20030211 --> |
| |
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&sektion=8">spamd(8)</a> pass sensible parameters to memset(). |
| |
<li>Allow IPv6 addresses in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=yp&sektion=8">yp(8)</a> host maps. |
| |
<!-- ^ 20030210 --> |
| |
<li>More <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> rule compression: 'from' and 'to' keywords are optional if 'any' is one of the addresses, and 'any' itself is optional when a port is specified. |
| |
<!-- ^ 20030209 --> |
| |
<li>Change <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chroot&sektion=8">chroot(8)</a>'s -u and -g options' semantics (-u is now what -U used to be, unless -g overrides it,) and remove -U and -G. |
| |
<li>Sync up the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spell&sektion=1">spell(1)</a> dictionaries with FreeBSD and NetBSD changes. |
| |
<li>Add new 'random-id' option for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> scrub rules. This randomises outbound IP IDs and defeats <a href="http://www.research.att.com/~smb/papers/fnat.pdf">NAT detection and OS fingerprinting</a>. |
| |
<li>Stop a number of scripts that use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mktemp&sektion=1">mktemp(1)</a> from leaving dead tempfiles around in failure cases. |
| |
<!-- ^ 20030208 --> |
| |
<li>A little extra paranoia in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chpass&sektion=1">chpass(1)</a>, check that the temp file is owned by our real uid. |
| |
<li>Don't burp <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslog&sektion=3">syslog(3)</a> output to the console unless <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslogd&sektion=8">syslogd(8)</a> was not contactable. |
| |
<!-- ^ 20030207 --> |
| |
<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> leaking information when PermitRootLogin is set to 'no'. |
| |
<li>Install <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a> mode 0600 by default. |
| |
<li>Fix races in the rename and symlink commands of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp-server&sektion=8">sftp-server(8)</a>. |
| |
<li>Allow 'ProxyCommand none' in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>. |
| |
<!-- ^ 20030206 --> |
| |
<li>Hack around a tools bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=disklabel&sektion=8">disklabel(8)</a>. |
| |
<li>Improve handling of invalid <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> redirections. |
| |
<li>Tidy up <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> ProxyCommand option parsing. |
| |
<!-- ^ 20030205 --> |
| |
<li>Last part of the threaded fd improvements, fixing some bugs from stage one on the way. |
| |
<li>Set an all-ones mask when doing <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> routing, since round-robin on the whole address space is unlikely to be the desired result. |
| |
<li>First installment of improvements to threaded file descriptor handling (see the <a href="http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libpthread/uthread/uthread_fd.c.diff?r1=1.16&r2=1.17&cvsroot=openbsd&f=h">checkin comment</a> for details.) |
| |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> now sets the Default-Phase-1-Configuration transform to 3DES-SHA-RSA_SIG, the same as OpenBSD 3.2. |
| |
<li>Don't load a signed int into the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> buffer when doing BSD auth; the buffer type only supports unsigned ints. |
| |
<!-- ^ 20030204 --> |
| |
<li>Note in the documentation that <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=snprintf&sektion=3">snprintf(3)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslog_r&sektion=3">syslog_r(3)</a> are safe (with caveats) for use in signal handlers. |
| |
<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> {dup,reply,route}-to rules using a loopback interface as the target - currently this can create loops. |
| |
<li>Don't have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> expand altq rules (and so check for parent queues etc.) unless altq rules are actually being loaded. |
| |
<li>More <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc&sektion=1">gcc(1)</a> stack protector fixes and tweaks. |
| |
<!-- ^ 20030203 --> |
| |
<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> closing a file it hasn't opened. |
| |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chpass&sektion=1">chpass(1)</a> more paranoid when opening its temp file. |
| |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=iostat&sektion=8">iostat(8)</a>'s disk throughput bar smarter. |
| |
<li>Implement key exchange guesses as per the secsh standard in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>. |
| |
<li>Relax parsing of usernames in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&sektion=1">scp(1)</a>. |
| <!-- ^ 20030202 --> |
<!-- ^ 20030202 --> |
| <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> build without IPv6. |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> build without IPv6. |
| <li>Fix an mbuf leak in the ESP code. |
<li>Fix an mbuf leak in the ESP code. |
![[BACK]](/icons/back.gif){kind=icon}
Return to plus.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www