===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.720
retrieving revision 1.721
diff -u -r1.720 -r1.721
--- www/plus.html 2001/02/01 02:56:09 1.720
+++ www/plus.html 2001/02/10 09:09:05 1.721
@@ -52,225 +52,271 @@
SECURITY FIX: fix some buffer overflows in named.
A patch is available.
[Applied to stable]
-SECURITY FIX: The rnd device does not use all of its input when data is written to it.
+SECURITY FIX: The rnd(4) device does not use all of its input when data is written to it.
A patch is available.
[Applied to stable]
-Fix sprintf overflow in
-fsinfo(8).
-fdisk(8)
-can change only the partition ID if desired.
-Use gif* instead of enc* for IPsec bridges.
-Permit multiple
-dhclient(8)s
-to run simultaneously.
-Have rc initialize RAID parity.
-Let talk(1)
-pass high characters without escaping; for use with other charsets (disabled by default).
-Prevent mountd(8)
-from deadlocking due to DNS issues.
-ftpd(8)
-logs actual bytes transferred as opposed to original file size.
-fsck_ffs(8)
-no longer marks filesystem clean if fsck needs to be rerun.
-dhclient(8)
-gracefuly handles missing LEASE_TIME.
-gprof(1)
-now works under mvme88k.
-ssh(1)
-option: HostKeyAlias. Other minor ssh(d) fixes.
-Make the
-auvia(4)
-driver behave nicely with fixed rate codecs.
-Revoke root privileges as early as possible in
-ping6(8).
-Make edquota(8)
-and repquota(8)
-handle quotas over 4 gigabytes correctly.
-SSH cleanups.
-In ksh(1),
-don't reset nonblock if it's not interactive.
-
+IMPLEMENTATION FIX: Compute crypto(9) session IDs correctly for kernel.
+ A patch is available.
+ [Applied to stable]
+Change bridge(4) to use gif* instead of enc*.
+Set SO_REUSEPORT socket option in DHCP code, so multiple dhclients work.
+Allow printing of 8-bit ASCII characters in talk(1) through an option.
+Do not perform getnetbyname() in mountd(8) if the address is already in dot-notation.
+In ftpd(8), log the actual number of bytes transferred instead of the original file size.
+Fix ^C in termtype prompt.
+Prevent fsck_ffs(8) from marking a filesystem clean if fsck(8) needs to be rerun.
+Resolve scheduling conflict in newsyslog(8).
+In dhclient(8), set a reasonable default lease time if the server does not provide one.
+Suppress uninteresting PCI bus error messages in ahc(4).
+Add m88k support to gprof(1).
+Add HostKeyAlias option to ssh(1).
+Behave nicely with fixed-rate codecs in auvia(4).
+Fix a minor off-by-one error in gprof(1).
+In the ports infrastructure, take the old non-fake code out-of-line.
+Repair a disgusting rwhod(8) crash.
+Fix buffer overflow in csh(1) builtin printf(1) implementation.
+Convert atoi(3) to strtoul(3) in top(1).
+Emulate Linux truncate64, stat64, lstat64, and fstat64 syscalls.
+Revoke root privileges earlier in ping6(8) and traceroute6(8).
+Many man page fixes.
+Use arc4random(3) in jot(1).
+Handle quotas over 4GB in edquota(8) and repquota(8).
+Fix IPv6 Path MTU Discovery.
+Give up euid more carefully in mrinfo(8) and mtrace(8).
+Various OpenSSH fixes.
+Add support for ActivCard, CRYPTOCard, and SNK-004 authentication for the BSD authentication framework.
+In ksh(1), remain in non-blocking mode if the shell is not interactive.
SECURITY FIX: xlock now authenticates via a pipe.
A patch is available.
[Applied to stable]
-
IMPLEMENTATION FIX: PS/2 mouse driver, pms, lockup fix.
A patch is available.
[Applied to stable]
-Only invoke DMA transfers when transferring over 100 bytes for some drives.
-
+Implement a workaround in atapiscsi(4) for buggy Toshiba drivers.
SECURITY FIX: Fix holes in procfs.
A patch is available.
[Applied to stable]
-
+Put strlcat(3) and strlcpy(3) into libkern for kernel use.
Fix setting of nwid for wi(4).
[Applied to stable]
-Compaq SMART Array RAID controllers supported.
-New machdep.allowaperature sysctl value of "2" to provide access
-to entire first megabyte of memory.
-Fixed some obscure PCMCIA related panics.
-Merged Apache 1.3.14 and mod_ssl 2.7.1.
-Add support for the Natsemi 83820.
-Fix /etc/sudoers permissions and initial creation handling.
-Merged openssl-engine-0.9.6.
-More photurisd(8)
-cleanup.
-Allow sys/netinet/ip_spd.c to compile in non-INET6 kernels.
-Synchronized pfkeyv2 implementation with pfkey RFC.
-
+Change /etc/security to spit out unified diffs.
+Add driver for Compaq SMART Array RAID controllers, cac(4).
+Extend the i386 allowaperature sysctl to allow access to the whole 1st MB of memory.
+Add some more sanity checking to the PCMCIA code to fix some obscure panics.
+Import Apache 1.3.14 + mod_ssl 2.7.1.
+Support multiple pfkeyv2 keying daemons.
+Compute diffie-hellman in parallel between server and client in OpenSSH.
+Support Amigas with more than 64MB of RAM.
+Ensure /etc/sudoers is created with a proper secure mode.
+Import OpenSSL 0.9.6.
+More photurisd(8) improvements.
+Update kernel pfkeyv2 code for better conformance to the RFC.
+Enable loading of ELF kernels for alpha.
+Add extraction support for shell archives to the bsd.port.mk infrastructure.
In ipsec(9), look for TDB if gateway is unspecified.
[Applied to stable]
-New CRYPTO option for
-options(4).
-Add bytecounter stats to
-netstat(1).
-New timeouts in some SCSI and RAID drivers.
-Strengthen random TCP sequence numbers.
-
-IMPLEMENTATION FIX: Compute crypto(9) session IDs correctly for kernel.
- A patch is available.
- [Applied to stable]
-In ssh(8),
-don't abort login when failing to set tty owner and mode if the tty already has
-correct owner and permissions.
-sshd(8)
-no longer requires a source port > 1024 for rhosts-rsa.
-New ICMP types and codes.
-Add support for the 802.1D spanning tree protocol for bridges.
-Add transport protocol/ports negotiation support to
-isakmpd(8),
-among other IPsec changes from the EOM-branch merge.
-Turn off path MTU when ICMP needfrag messages are blocked.
-Big batch of Alpha drivers added to Alpha's GENERIC kernel.
-Don't let
-route(8)
-touch region after free.
-Removed libgmp.
-Make
-photurisd(8)
-use bignum.
-
-SECURITY FIX: Fix another security problem in the KerberosIV code.
- A patch is available.
- [Applied to stable]
-In ssh(1)
-when using skey/tis-auth always request new challenge.
-Support newer cy cards in the
-cy(4)
-driver.
-New Swiss and jp106 keyboard maps.
-CVS_RSH is set to "ssh" by default in
-cvs(1).
-Fix endianess issues in
-ssh(1);
-Overhaul the
-adw(4)
-driver.
-Add vrrp, smb, and timed printing to
-tcpdump(8).
-calendar(4)
-only accepts real files.
-Fix perror() calls in
-pcvt(4)
-that were buffer overflows.
-Avoid argv passing overflow in
-tftp(1).
-Support I/O Data USB-ET/T USB ethernet in the
-kue(4)
-driver.
-Fix (partially) the reset sequence for 16-bit PCMCIA cards.
-Extend paranoia surrounding passed KRB environment variables in
-telnet(1).
-Update the
-isp(4)
-driver adding maxluns support, among other things.
-PCI LIVENGOOD chipset support.
-libtermlib obsolete; removed.
-Fix RIPv0 (RFC 1058) and NFS port-number printing in
-tcpdump(8).
-Make pcap generated BPF filters work on the tun interface.
-Add
-ssh-keyscan(1)
-to the arsenal.
-
+Fixes to patch(1) -f and -b.
+Convert some more drivers to the new timeout(9) interface.
+Add bytecounter statistics reporting to netstat(8).
+Instrument more random TCP sequence numbers.
+In sshd(8), permit logins with read-only root filesystems if the tty already has sane modes set.
+Source port < 1024 is no longer required for rhosts-rsa in sshd(8).
+Remove dead code in hifn(4) driver.
+Proper getopt(3) usage in compress(1).
+Fix a time specification in last(1).
+Do not disable PMTU for established TCP connections unless there is data to send.
+Add support for the 802.1D spanning tree protocol to bridge(4).
+New BSD authentication login scripts.
+Listen to pfkeyv2 acquire messages in photurisd(8), and setup SAs accordingly.
+isakmpd(8) update.
+APM bug fix that helps a few laptops.
+Remove unnecessary code from photurisd(8) in preparation of new SPD framework.
+Repair a memory leak in ICMPv6 code.
+Turn off PMTU when ICMP needfrag messages get blocked.
+Finnish updates for inter.phone.
+Display number of successful IPv6 PMTU changes in netstat(8) -s output.
+Do not re-print ETA on completion in scp(1) when copying 0-sized files.
+Validate ICMPv6 "too big" messages based on PCB.
+Do not use already-freed memory in route(8).
+Avoid repeated host controller halted messages in uhci(4).
+Remove unused libgmp.
+Import KerberosIV v1.0.4.
+Always request a new challenge for skey/tis-auth in ssh(1).
+Support newer cy(4) communication cards.
+Provide new international keymaps for pcvt(4).
+Ignore filesystems marked "xx" in the install scripts.
+Document that pipe(2) is bidirectional, although this behavior is unportable.
+Move the default cvs(1) connection protocol from rsh(1) to ssh(1).
+Remove a bogus memory free in getnetgrent(3).
+Fix a buffer overflow in bad144(8).
+Revert back to the old rijndael implementation and solve byte ordering bugs there instead.
+Drop unneeded support for RTF_TUNNEL in route(8).
+Maintain count of routing table timer entries in route(8).
+In makewhatis(8), strip weird characters first, then sequences of spaces.
+Big improvements to adw(4).
+Teach tcpdump(8) about VRRP, SMB, and timed.
+Force calendar(1) to only accept real calendar files as input.
+Fix various perror() overflows in pcvt(4).
+Repair a tftp(1) argv parsing overflow.
+Conditionalize some BPF code in wx(4).
+Finally remove remaining references to extra RSA libs, since the patent has expired.
+New rijndael implementation which solves endian issues.
+Support Intel 82801BA pciide(4) controllers.
+Exercise more paranoia with passed KRB environment settings in telnetd(8).
+Convert some more drivers to the new timeout(9) interface.
+Many improvements and modernizations to isp(4).
+Update wx(4) with LIVENGOOD support.
+Recognize and support the IODATA USB-ET/T Ethernet adapter in kue(4).
+Implement asynchronous connections for ssh(1) -R and -L.
+Simplify atrun(8) tasks by using asprintf(3).
+Kill unused libtermlib.
+Import new pool(9) code.
+Fix RIPv0 packet printing and NFS port number parsing in tcpdump(8).
+Make pcap-generated BPF filters work on the tun(4) interface.
+Import David Maziere's ssh-keyscan(1).
SECURITY FIX: Fix buffer overflow in ftpd.
A patch is available.
[Applied to stable]
-
IMPLEMENTATION FIX: Fix fastroute related panic.
A patch is available.
[Applied to stable]
-
+Teach OpenSSH about more version strings to improve interoperability.
+SECURITY FIX: Fix another security problem in the KerberosIV code.
+ A patch is available.
+ [Applied to stable]
SECURITY FIX: Fix two security problems in the KerberosIV code.
A patch is available.
[Applied to stable]
-ftpd(8)
-can get umask via a login class in login.conf.
-VLAN devices stop sending packets if the parent interface isn't running.
-Stability fixes in
-isakmpd(8).
-ssh-agent(1)
-disables agent, x11, and port forwarding if hostkey has changed.
-Prevent
-ssh-agent(1)
-from dumping core.
-isakmpd(8)'s
-x509 handling ignores the ID length.
-Support hot insertion and removal of Texas Instruments PCI113X CardBus bridges.
-
+Permit ftpd(8) umask setting via both the command line and through a login class in login.conf(5).
+Prevent VLAN devices from emitting packets if the parent interface is not up and running.
+Better error checking in ping6(8).
+Some stability fixes to isakmpd(8).
+In ssh(1), disable agent/X11 port forwarding if the hostkey has changed.
+Fix a coredump in ssh-agent(1).
+Reset 16-bit PCMCIA during chip initialization in pccbb(4).
+Correct PCI interrupt setup for TI PCI113X CardBus bridges.
+Properly powerdown PC cards in pccbb(4) at shutdown time.
+Add -D option to sshd(8) to cause startup without a daemon.
+Show both the IP address and hostname when a new key is encountered in ssh(1).
+Fix a bug in MSChapv2 challenge hashing in ppp(8).
+More make(1) tweaks.
+Use -n to test for non-zero variables in /etc/netstart.
+Be more careful with ARP packets.
Fix deletion of flows in pf_key_v2 handling of isakmpd(8)
[Applied to stable]
-Avoid race conditition in
-adduser(8).
-Fix pciide on 164sx Alphas.
-Variable handling in
-make(1)
-improved, along with other fixes.
-MAKEDEV(8)
-enforces ttyC[0-f].
-ssh(1)
-can gracefuly handle invalid ciphers.
-General isakmpd(8)
-improvements, including PGPnet interoperability fixes.
-Bigger RAM probe delay in
-hifn(4)
-driver.
-Assorted
-ksh(1) fixes.
-Support for kernel events on vnodes.
-
-fix CAST-128 key size in isakmpd(8)
- [Applied to stable]
-
+Prevent setusercontext(3) in ftpd(8) from setting the umask as this conflicts with any command-line umask specification.
+Clock fixes for the alpha architecture.
+Print select collisions in vmstat(8) -s output.
+Implement login_check_expire(3) for libutil.
+Add -u username support to pwd_mkdb(8).
+Properly implement errno handling for the threaded libc (libc_r) on powerpc.
+In adduser(8), get rid of a race condition and use /etc/ptmp as a lock file.
+Set reasonable defaults for RSA1, RSA, and DSA keys in ssh-keygen(1).
+Reorder check for illegal ciphers in ssh(1) protocol 1 connection code.
+Fix pciide(4) support on Alpha 164SX models.
+Support 16 slices per device on VAX machines.
+Considerable cleanups to make(1).
+Improve key repeat logic in wskbd(4).
+Changes from KAME to make ifm_data available in getifaddrs(3).
+Fix absolute path handling in crunchgen(1).
+Shorten /dev/ttyC* device names.
+Complain about invalid ciphers in ssh(1), falling back to reasonable defaults when necessary.
+Avoid tty races in wsdisplay(4) when switching virtual terminals.
+Update isakmpd(8).
+Repair lun support in umass(4).
+Zero pw_passwd before freeing its memory in the libc BSD authentication routines.
+Train makewhatis(8) to handle more special cases.
+Avoid double fclose(3) in getcap(3).
+Increase delay in RAM probe for hifn(4).
+Suffix list fix in make(1).
+Various bug fixes in ksh(1).
+When using the tail(1) -f flag on stdin, don't reopen a local file named stdin.
+Extend kqueue(2) to support kernel events on vnodes.
+Bring in BSD authentication support for sudo(8).
+Zap MULOG in inetd(8) to improve code readability.
+Avoid whacking errno in top(1) signal handlers.
+Do not include MFS partitions in quot(8) statistics output.
+Add support for the Acenic Copper and Netgear GA620T Gigabit Ethernet cards.
+Prevent a type overflow in recno(3).
IMPLEMENTATION FIX: Imac DV reports the VGA device improperly.
A patch is available.
[Applied to stable]
-Avoid SIGHUP log issue in
-ypserv(8).
-Support kernel event queues via
-kqueue(2).
-Support for quite a few more USB devices, including scanners.
+Import BSD authentication mechanisms from BSDI BSD/OS.
+Implement pw_dup(3), a function which copies struct passwd.
+Replace getpass(3) with a more flexible readpassphrase(3) interface.
+Add strnvis(3), a length-bounded version of the strvis(3) libc function.
+Better prompting logic in libskey.
+Resurrect binutils on alpha.
+Recognize newer Intel audio devices in auich(4).
+Stop amphy(4) from attaching to network devices it doesn't belong to.
+Enable support for pciide(4) found in newer Intel chipsets.
+Correct URL handling in the install scripts.
+Limit the number of SCSI luns in umass(4).
+Page size fixes to the alpha port.
+Import ssh-ask-pass support for X11.
+Fix a signal race in ypserv(8) SIGHUP handling.
+Enable uaudio(4) by default in GENERIC/i386.
+Reserve all-1s addresses in the IPSec code for future policy discovery features.
+Resolve HMAC nomenclautre issues.
+Be sure to clear passwords out of memory after use in ppp(8).
+Support kernel event queues.
+Add support for USB scanners through the uscanner(4) driver.
+More fixes to qec(4).
+Recognize newer AMD CPUs.
+Repair incorrect buffer size logic in telnetd(8).
+Add a slew of devices to usbdevs.
+Do not use perror(3) in sshd(8) after forking a child.
RELIABILITY FIX: The qec+qe ethernet cards should not generate NMIs.
A patch is available.
[Applied to stable]
+Add ifmedia(4) support to qec(4), among other improvements.
+Extra sanity checking in skeyinit(1).
+Repair timeout computations in atapiscsi(4).
+Add initial support for DEC Alpha 21264 systems.
+Bring the alpha port a bit closer to a fully operational console.
+Support Accton EN2242 MiniPCI Ethernet adapters.
+Permit O_RDWR on FIFOs to handle legacy applications that depend on it.
+Add scrollback support to wscons(4) through the vga(4) driver.
+Color change in wscons(4) vt100 emulation to more closely imitate PCVT.
Repair overriding of pseudo devices in config(8)
[Applied to stable]
-Harden ftpd(8)'s
-EPSV and EPRT handling.
-Fix off-by-one error in
-ssh-agent(1).
+Accept -inet and -inet6 as options for the show command in route(8).
+Don't reorder keys in ssh-agent(1) upon key removal.
+Avoid parsing options in ssh(1) if there is an RSA key mismatch.
+Various cleanups to ftpd(8).
+In many programs, sync usage() output with their respective man page SYNOPSIS.
+RELIABILITY FIX: The ThunderLAN driver, tl(4), should not claim all interrupts.
+ A patch is available.
+ [Applied to stable]
+In pciide(4), do not map unsafe registers from controllers that require 16-bit I/O space.
+Import new pckbc(4), pckbd(4), vga(4), pcdisplay(4), and ega(4) drivers for wscons(4).
+In ftpd(8), assert check_login upon receipt of EPSV/LPSV.
+Make the aha(4) driver compile without UVM.
+Enforce non-cacheable device space on real 80386 machines.
+Add RSA authentication support for SSH2 to OpenSSH.
+Allow serial mice to work with moused(8) and XFree86 simultaneously.
+Repair an off-by-one error in ssh-agent(1).
+Convert some old drivers to the new timeout(9) interface.
RELIABILITY FIX: repair AES (rijndael)
kernel support.
A patch is available.
[Applied to stable]
+Import PCI support for Alpha EB164 machines.
+Add bus_space_barrier macros for the powerpc.
+Endian fixes to the USB code.
+Better command line parsing in encrypt(1).
+Numbering fixups in pfkeyv2 to match IANA assignments.
+Crank maximum mbuf size in ppp(8) in order to handle full-sized HDLC frames.
+Improve handling of IPv6 Node Information Query packets for better specification conformance.
+Fix a panic induced by assigning lo0 an IPv6 alias.
IMPLEMENTATION FIX: In sshd(8), fix skey support in SSH1 protocol.
A patch is available.
[Applied to stable]
-Fix ifconfig(8)
-induced panic when given a specific IPv6 option combination.
-RELIABILITY FIX: The ThunderLAN driver, tl(4), should not claim all interrupts.
- A patch is available.
- [Applied to stable]
+Deprecate pltime=0 in ifconfig(8).
+Modifications to the ktrace(2) interface to reduce redundancy.
+Do not advertise dynamic/cloned routes in route6d(8).
+Allow ping6(8) to send ICMP6 packets smaller than 8 bytes.
+
Correct free-before-reference bugs in rshd(8) and rlogind(8).
Improve queue handling in gdt(4).
New Adaptec FSA RAID driver called aac(4).
@@ -341,7 +387,7 @@
www@openbsd.org
-
$OpenBSD: plus.html,v 1.720 2001/02/01 02:56:09 jason Exp $
+
$OpenBSD: plus.html,v 1.721 2001/02/10 09:09:05 aaron Exp $