=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v retrieving revision 1.720 retrieving revision 1.721 diff -u -r1.720 -r1.721 --- www/plus.html 2001/02/01 02:56:09 1.720 +++ www/plus.html 2001/02/10 09:09:05 1.721 @@ -52,225 +52,271 @@
  • SECURITY FIX: fix some buffer overflows in named.
    A patch is available.
    [Applied to stable] -
  • SECURITY FIX: The rnd device does not use all of its input when data is written to it.
    +
  • SECURITY FIX: The rnd(4) device does not use all of its input when data is written to it.
    A patch is available.
    [Applied to stable] -
  • Fix sprintf overflow in -fsinfo(8). -
  • fdisk(8) -can change only the partition ID if desired. -
  • Use gif* instead of enc* for IPsec bridges. -
  • Permit multiple -dhclient(8)s -to run simultaneously. -
  • Have rc initialize RAID parity. -
  • Let talk(1) -pass high characters without escaping; for use with other charsets (disabled by default). -
  • Prevent mountd(8) -from deadlocking due to DNS issues. -
  • ftpd(8) -logs actual bytes transferred as opposed to original file size. -
  • fsck_ffs(8) -no longer marks filesystem clean if fsck needs to be rerun. -
  • dhclient(8) -gracefuly handles missing LEASE_TIME. -
  • gprof(1) -now works under mvme88k. -
  • ssh(1) -option: HostKeyAlias. Other minor ssh(d) fixes. -
  • Make the -auvia(4) -driver behave nicely with fixed rate codecs. -
  • Revoke root privileges as early as possible in -ping6(8). -
  • Make edquota(8) -and repquota(8) -handle quotas over 4 gigabytes correctly. -
  • SSH cleanups. -
  • In ksh(1), -don't reset nonblock if it's not interactive. - +
  • IMPLEMENTATION FIX: Compute crypto(9) session IDs correctly for kernel.
    + A patch is available.
    + [Applied to stable] +
  • Change bridge(4) to use gif* instead of enc*. +
  • Set SO_REUSEPORT socket option in DHCP code, so multiple dhclients work. +
  • Allow printing of 8-bit ASCII characters in talk(1) through an option. +
  • Do not perform getnetbyname() in mountd(8) if the address is already in dot-notation. +
  • In ftpd(8), log the actual number of bytes transferred instead of the original file size. +
  • Fix ^C in termtype prompt. +
  • Prevent fsck_ffs(8) from marking a filesystem clean if fsck(8) needs to be rerun. +
  • Resolve scheduling conflict in newsyslog(8). +
  • In dhclient(8), set a reasonable default lease time if the server does not provide one. +
  • Suppress uninteresting PCI bus error messages in ahc(4). +
  • Add m88k support to gprof(1). +
  • Add HostKeyAlias option to ssh(1). +
  • Behave nicely with fixed-rate codecs in auvia(4). +
  • Fix a minor off-by-one error in gprof(1). +
  • In the ports infrastructure, take the old non-fake code out-of-line. +
  • Repair a disgusting rwhod(8) crash. +
  • Fix buffer overflow in csh(1) builtin printf(1) implementation. +
  • Convert atoi(3) to strtoul(3) in top(1). +
  • Emulate Linux truncate64, stat64, lstat64, and fstat64 syscalls. +
  • Revoke root privileges earlier in ping6(8) and traceroute6(8). +
  • Many man page fixes. +
  • Use arc4random(3) in jot(1). +
  • Handle quotas over 4GB in edquota(8) and repquota(8). +
  • Fix IPv6 Path MTU Discovery. +
  • Give up euid more carefully in mrinfo(8) and mtrace(8). +
  • Various OpenSSH fixes. +
  • Add support for ActivCard, CRYPTOCard, and SNK-004 authentication for the BSD authentication framework. +
  • In ksh(1), remain in non-blocking mode if the shell is not interactive.
  • SECURITY FIX: xlock now authenticates via a pipe.
    A patch is available.
    [Applied to stable] -
  • IMPLEMENTATION FIX: PS/2 mouse driver, pms, lockup fix.
    A patch is available.
    [Applied to stable] -
  • Only invoke DMA transfers when transferring over 100 bytes for some drives. - +
  • Implement a workaround in atapiscsi(4) for buggy Toshiba drivers.
  • SECURITY FIX: Fix holes in procfs.
    A patch is available.
    [Applied to stable] - +
  • Put strlcat(3) and strlcpy(3) into libkern for kernel use.
  • Fix setting of nwid for wi(4).
    [Applied to stable] -
  • Compaq SMART Array RAID controllers supported. -
  • New machdep.allowaperature sysctl value of "2" to provide access -to entire first megabyte of memory. -
  • Fixed some obscure PCMCIA related panics. -
  • Merged Apache 1.3.14 and mod_ssl 2.7.1. -
  • Add support for the Natsemi 83820. -
  • Fix /etc/sudoers permissions and initial creation handling. -
  • Merged openssl-engine-0.9.6. -
  • More photurisd(8) -cleanup. -
  • Allow sys/netinet/ip_spd.c to compile in non-INET6 kernels. -
  • Synchronized pfkeyv2 implementation with pfkey RFC. - +
  • Change /etc/security to spit out unified diffs. +
  • Add driver for Compaq SMART Array RAID controllers, cac(4). +
  • Extend the i386 allowaperature sysctl to allow access to the whole 1st MB of memory. +
  • Add some more sanity checking to the PCMCIA code to fix some obscure panics. +
  • Import Apache 1.3.14 + mod_ssl 2.7.1. +
  • Support multiple pfkeyv2 keying daemons. +
  • Compute diffie-hellman in parallel between server and client in OpenSSH. +
  • Support Amigas with more than 64MB of RAM. +
  • Ensure /etc/sudoers is created with a proper secure mode. +
  • Import OpenSSL 0.9.6. +
  • More photurisd(8) improvements. +
  • Update kernel pfkeyv2 code for better conformance to the RFC. +
  • Enable loading of ELF kernels for alpha. +
  • Add extraction support for shell archives to the bsd.port.mk infrastructure.
  • In ipsec(9), look for TDB if gateway is unspecified.
    [Applied to stable] -
  • New CRYPTO option for -options(4). -
  • Add bytecounter stats to -netstat(1). -
  • New timeouts in some SCSI and RAID drivers. -
  • Strengthen random TCP sequence numbers. - -
  • IMPLEMENTATION FIX: Compute crypto(9) session IDs correctly for kernel.
    - A patch is available.
    - [Applied to stable] -
  • In ssh(8), -don't abort login when failing to set tty owner and mode if the tty already has -correct owner and permissions. -
  • sshd(8) -no longer requires a source port > 1024 for rhosts-rsa. -
  • New ICMP types and codes. -
  • Add support for the 802.1D spanning tree protocol for bridges. -
  • Add transport protocol/ports negotiation support to -isakmpd(8), -among other IPsec changes from the EOM-branch merge. -
  • Turn off path MTU when ICMP needfrag messages are blocked. -
  • Big batch of Alpha drivers added to Alpha's GENERIC kernel. -
  • Don't let -route(8) -touch region after free. -
  • Removed libgmp. -
  • Make -photurisd(8) -use bignum. - -
  • SECURITY FIX: Fix another security problem in the KerberosIV code.
    - A patch is available.
    - [Applied to stable] -
  • In ssh(1) -when using skey/tis-auth always request new challenge. -
  • Support newer cy cards in the -cy(4) -driver. -
  • New Swiss and jp106 keyboard maps. -
  • CVS_RSH is set to "ssh" by default in -cvs(1). -
  • Fix endianess issues in -ssh(1); -
  • Overhaul the -adw(4) -driver. -
  • Add vrrp, smb, and timed printing to -tcpdump(8). -
  • calendar(4) -only accepts real files. -
  • Fix perror() calls in -pcvt(4) -that were buffer overflows. -
  • Avoid argv passing overflow in -tftp(1). -
  • Support I/O Data USB-ET/T USB ethernet in the -kue(4) -driver. -
  • Fix (partially) the reset sequence for 16-bit PCMCIA cards. -
  • Extend paranoia surrounding passed KRB environment variables in -telnet(1). -
  • Update the -isp(4) -driver adding maxluns support, among other things. -
  • PCI LIVENGOOD chipset support. -
  • libtermlib obsolete; removed. -
  • Fix RIPv0 (RFC 1058) and NFS port-number printing in -tcpdump(8). -
  • Make pcap generated BPF filters work on the tun interface. -
  • Add -ssh-keyscan(1) -to the arsenal. - +
  • Fixes to patch(1) -f and -b. +
  • Convert some more drivers to the new timeout(9) interface. +
  • Add bytecounter statistics reporting to netstat(8). +
  • Instrument more random TCP sequence numbers. +
  • In sshd(8), permit logins with read-only root filesystems if the tty already has sane modes set. +
  • Source port < 1024 is no longer required for rhosts-rsa in sshd(8). +
  • Remove dead code in hifn(4) driver. +
  • Proper getopt(3) usage in compress(1). +
  • Fix a time specification in last(1). +
  • Do not disable PMTU for established TCP connections unless there is data to send. +
  • Add support for the 802.1D spanning tree protocol to bridge(4). +
  • New BSD authentication login scripts. +
  • Listen to pfkeyv2 acquire messages in photurisd(8), and setup SAs accordingly. +
  • isakmpd(8) update. +
  • APM bug fix that helps a few laptops. +
  • Remove unnecessary code from photurisd(8) in preparation of new SPD framework. +
  • Repair a memory leak in ICMPv6 code. +
  • Turn off PMTU when ICMP needfrag messages get blocked. +
  • Finnish updates for inter.phone. +
  • Display number of successful IPv6 PMTU changes in netstat(8) -s output. +
  • Do not re-print ETA on completion in scp(1) when copying 0-sized files. +
  • Validate ICMPv6 "too big" messages based on PCB. +
  • Do not use already-freed memory in route(8). +
  • Avoid repeated host controller halted messages in uhci(4). +
  • Remove unused libgmp. +
  • Import KerberosIV v1.0.4. +
  • Always request a new challenge for skey/tis-auth in ssh(1). +
  • Support newer cy(4) communication cards. +
  • Provide new international keymaps for pcvt(4). +
  • Ignore filesystems marked "xx" in the install scripts. +
  • Document that pipe(2) is bidirectional, although this behavior is unportable. +
  • Move the default cvs(1) connection protocol from rsh(1) to ssh(1). +
  • Remove a bogus memory free in getnetgrent(3). +
  • Fix a buffer overflow in bad144(8). +
  • Revert back to the old rijndael implementation and solve byte ordering bugs there instead. +
  • Drop unneeded support for RTF_TUNNEL in route(8). +
  • Maintain count of routing table timer entries in route(8). +
  • In makewhatis(8), strip weird characters first, then sequences of spaces. +
  • Big improvements to adw(4). +
  • Teach tcpdump(8) about VRRP, SMB, and timed. +
  • Force calendar(1) to only accept real calendar files as input. +
  • Fix various perror() overflows in pcvt(4). +
  • Repair a tftp(1) argv parsing overflow. +
  • Conditionalize some BPF code in wx(4). +
  • Finally remove remaining references to extra RSA libs, since the patent has expired. +
  • New rijndael implementation which solves endian issues. +
  • Support Intel 82801BA pciide(4) controllers. +
  • Exercise more paranoia with passed KRB environment settings in telnetd(8). +
  • Convert some more drivers to the new timeout(9) interface. +
  • Many improvements and modernizations to isp(4). +
  • Update wx(4) with LIVENGOOD support. +
  • Recognize and support the IODATA USB-ET/T Ethernet adapter in kue(4). +
  • Implement asynchronous connections for ssh(1) -R and -L. +
  • Simplify atrun(8) tasks by using asprintf(3). +
  • Kill unused libtermlib. +
  • Import new pool(9) code. +
  • Fix RIPv0 packet printing and NFS port number parsing in tcpdump(8). +
  • Make pcap-generated BPF filters work on the tun(4) interface. +
  • Import David Maziere's ssh-keyscan(1).
  • SECURITY FIX: Fix buffer overflow in ftpd.
    A patch is available.
    [Applied to stable] -
  • IMPLEMENTATION FIX: Fix fastroute related panic.
    A patch is available.
    [Applied to stable] - +
  • Teach OpenSSH about more version strings to improve interoperability. +
  • SECURITY FIX: Fix another security problem in the KerberosIV code.
    + A patch is available.
    + [Applied to stable]
  • SECURITY FIX: Fix two security problems in the KerberosIV code.
    A patch is available.
    [Applied to stable] -
  • ftpd(8) -can get umask via a login class in login.conf. -
  • VLAN devices stop sending packets if the parent interface isn't running. -
  • Stability fixes in -isakmpd(8). -
  • ssh-agent(1) -disables agent, x11, and port forwarding if hostkey has changed. -
  • Prevent -ssh-agent(1) -from dumping core. -
  • isakmpd(8)'s -x509 handling ignores the ID length. -
  • Support hot insertion and removal of Texas Instruments PCI113X CardBus bridges. - +
  • Permit ftpd(8) umask setting via both the command line and through a login class in login.conf(5). +
  • Prevent VLAN devices from emitting packets if the parent interface is not up and running. +
  • Better error checking in ping6(8). +
  • Some stability fixes to isakmpd(8). +
  • In ssh(1), disable agent/X11 port forwarding if the hostkey has changed. +
  • Fix a coredump in ssh-agent(1). +
  • Reset 16-bit PCMCIA during chip initialization in pccbb(4). +
  • Correct PCI interrupt setup for TI PCI113X CardBus bridges. +
  • Properly powerdown PC cards in pccbb(4) at shutdown time. +
  • Add -D option to sshd(8) to cause startup without a daemon. +
  • Show both the IP address and hostname when a new key is encountered in ssh(1). +
  • Fix a bug in MSChapv2 challenge hashing in ppp(8). +
  • More make(1) tweaks. +
  • Use -n to test for non-zero variables in /etc/netstart. +
  • Be more careful with ARP packets.
  • Fix deletion of flows in pf_key_v2 handling of isakmpd(8)
    [Applied to stable] -
  • Avoid race conditition in -adduser(8). -
  • Fix pciide on 164sx Alphas. -
  • Variable handling in -make(1) -improved, along with other fixes. -
  • MAKEDEV(8) -enforces ttyC[0-f]. -
  • ssh(1) -can gracefuly handle invalid ciphers. -
  • General isakmpd(8) -improvements, including PGPnet interoperability fixes. -
  • Bigger RAM probe delay in -hifn(4) -driver. -
  • Assorted -ksh(1) fixes. -
  • Support for kernel events on vnodes. - -
  • fix CAST-128 key size in isakmpd(8)
    - [Applied to stable] - +
  • Prevent setusercontext(3) in ftpd(8) from setting the umask as this conflicts with any command-line umask specification. +
  • Clock fixes for the alpha architecture. +
  • Print select collisions in vmstat(8) -s output. +
  • Implement login_check_expire(3) for libutil. +
  • Add -u username support to pwd_mkdb(8). +
  • Properly implement errno handling for the threaded libc (libc_r) on powerpc. +
  • In adduser(8), get rid of a race condition and use /etc/ptmp as a lock file. +
  • Set reasonable defaults for RSA1, RSA, and DSA keys in ssh-keygen(1). +
  • Reorder check for illegal ciphers in ssh(1) protocol 1 connection code. +
  • Fix pciide(4) support on Alpha 164SX models. +
  • Support 16 slices per device on VAX machines. +
  • Considerable cleanups to make(1). +
  • Improve key repeat logic in wskbd(4). +
  • Changes from KAME to make ifm_data available in getifaddrs(3). +
  • Fix absolute path handling in crunchgen(1). +
  • Shorten /dev/ttyC* device names. +
  • Complain about invalid ciphers in ssh(1), falling back to reasonable defaults when necessary. +
  • Avoid tty races in wsdisplay(4) when switching virtual terminals. +
  • Update isakmpd(8). +
  • Repair lun support in umass(4). +
  • Zero pw_passwd before freeing its memory in the libc BSD authentication routines. +
  • Train makewhatis(8) to handle more special cases. +
  • Avoid double fclose(3) in getcap(3). +
  • Increase delay in RAM probe for hifn(4). +
  • Suffix list fix in make(1). +
  • Various bug fixes in ksh(1). +
  • When using the tail(1) -f flag on stdin, don't reopen a local file named stdin. +
  • Extend kqueue(2) to support kernel events on vnodes. +
  • Bring in BSD authentication support for sudo(8). +
  • Zap MULOG in inetd(8) to improve code readability. +
  • Avoid whacking errno in top(1) signal handlers. +
  • Do not include MFS partitions in quot(8) statistics output. +
  • Add support for the Acenic Copper and Netgear GA620T Gigabit Ethernet cards. +
  • Prevent a type overflow in recno(3).
  • IMPLEMENTATION FIX: Imac DV reports the VGA device improperly.
    A patch is available.
    [Applied to stable] -
  • Avoid SIGHUP log issue in -ypserv(8). -
  • Support kernel event queues via -kqueue(2). -
  • Support for quite a few more USB devices, including scanners. +
  • Import BSD authentication mechanisms from BSDI BSD/OS. +
  • Implement pw_dup(3), a function which copies struct passwd. +
  • Replace getpass(3) with a more flexible readpassphrase(3) interface. +
  • Add strnvis(3), a length-bounded version of the strvis(3) libc function. +
  • Better prompting logic in libskey. +
  • Resurrect binutils on alpha. +
  • Recognize newer Intel audio devices in auich(4). +
  • Stop amphy(4) from attaching to network devices it doesn't belong to. +
  • Enable support for pciide(4) found in newer Intel chipsets. +
  • Correct URL handling in the install scripts. +
  • Limit the number of SCSI luns in umass(4). +
  • Page size fixes to the alpha port. +
  • Import ssh-ask-pass support for X11. +
  • Fix a signal race in ypserv(8) SIGHUP handling. +
  • Enable uaudio(4) by default in GENERIC/i386. +
  • Reserve all-1s addresses in the IPSec code for future policy discovery features. +
  • Resolve HMAC nomenclautre issues. +
  • Be sure to clear passwords out of memory after use in ppp(8). +
  • Support kernel event queues. +
  • Add support for USB scanners through the uscanner(4) driver. +
  • More fixes to qec(4). +
  • Recognize newer AMD CPUs. +
  • Repair incorrect buffer size logic in telnetd(8). +
  • Add a slew of devices to usbdevs. +
  • Do not use perror(3) in sshd(8) after forking a child.
  • RELIABILITY FIX: The qec+qe ethernet cards should not generate NMIs.
    A patch is available.
    [Applied to stable] +
  • Add ifmedia(4) support to qec(4), among other improvements. +
  • Extra sanity checking in skeyinit(1). +
  • Repair timeout computations in atapiscsi(4). +
  • Add initial support for DEC Alpha 21264 systems. +
  • Bring the alpha port a bit closer to a fully operational console. +
  • Support Accton EN2242 MiniPCI Ethernet adapters. +
  • Permit O_RDWR on FIFOs to handle legacy applications that depend on it. +
  • Add scrollback support to wscons(4) through the vga(4) driver. +
  • Color change in wscons(4) vt100 emulation to more closely imitate PCVT.
  • Repair overriding of pseudo devices in config(8)
    [Applied to stable] -
  • Harden ftpd(8)'s -EPSV and EPRT handling. -
  • Fix off-by-one error in -ssh-agent(1). +
  • Accept -inet and -inet6 as options for the show command in route(8). +
  • Don't reorder keys in ssh-agent(1) upon key removal. +
  • Avoid parsing options in ssh(1) if there is an RSA key mismatch. +
  • Various cleanups to ftpd(8). +
  • In many programs, sync usage() output with their respective man page SYNOPSIS. +
  • RELIABILITY FIX: The ThunderLAN driver, tl(4), should not claim all interrupts.
    + A patch is available    .
    + [Applied to stable] +
  • In pciide(4), do not map unsafe registers from controllers that require 16-bit I/O space. +
  • Import new pckbc(4), pckbd(4), vga(4), pcdisplay(4), and ega(4) drivers for wscons(4). +
  • In ftpd(8), assert check_login upon receipt of EPSV/LPSV. +
  • Make the aha(4) driver compile without UVM. +
  • Enforce non-cacheable device space on real 80386 machines. +
  • Add RSA authentication support for SSH2 to OpenSSH. +
  • Allow serial mice to work with moused(8) and XFree86 simultaneously. +
  • Repair an off-by-one error in ssh-agent(1). +
  • Convert some old drivers to the new timeout(9) interface.
  • RELIABILITY FIX: repair AES (rijndael) kernel support.
    A patch is available.
    [Applied to stable] +
  • Import PCI support for Alpha EB164 machines. +
  • Add bus_space_barrier macros for the powerpc. +
  • Endian fixes to the USB code. +
  • Better command line parsing in encrypt(1). +
  • Numbering fixups in pfkeyv2 to match IANA assignments. +
  • Crank maximum mbuf size in ppp(8) in order to handle full-sized HDLC frames. +
  • Improve handling of IPv6 Node Information Query packets for better specification conformance. +
  • Fix a panic induced by assigning lo0 an IPv6 alias.
  • IMPLEMENTATION FIX: In sshd(8), fix skey support in SSH1 protocol.
    A patch is available    .
    [Applied to stable] -
  • Fix ifconfig(8) -induced panic when given a specific IPv6 option combination. -
  • RELIABILITY FIX: The ThunderLAN driver, tl(4), should not claim all interrupts.
    - A patch is available    .
    - [Applied to stable] +
  • Deprecate pltime=0 in ifconfig(8). +
  • Modifications to the ktrace(2) interface to reduce redundancy. +
  • Do not advertise dynamic/cloned routes in route6d(8). +
  • Allow ping6(8) to send ICMP6 packets smaller than 8 bytes. +
  • Correct free-before-reference bugs in rshd(8) and rlogind(8).
  • Improve queue handling in gdt(4).
  • New Adaptec FSA RAID driver called aac(4). @@ -341,7 +387,7 @@
    OpenBSD www@openbsd.org -
    $OpenBSD: plus.html,v 1.720 2001/02/01 02:56:09 jason Exp $ +
    $OpenBSD: plus.html,v 1.721 2001/02/10 09:09:05 aaron Exp $