===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.831
retrieving revision 1.832
diff -u -r1.831 -r1.832
--- www/plus.html 2002/07/05 23:32:44 1.831
+++ www/plus.html 2002/07/10 06:46:40 1.832
@@ -48,9 +48,22 @@
We are working on OpenBSD-current.
-The following list sums up (almost) all the changes made up to July 5.
+The following list sums up (almost) all the changes made up to July 9.
+- Make httpd(8)
chroot() and drop root privileges by default.
+ - pf(4) now accepts an interface in most of the places it can take an IP address, and picks up all the IPv4 and IPv6 addresses on that interface.
+
- Some updates to cron(8).
+
- Remove ab(1) from the Apache installation.
+
- Remove NTP support from the kernel.
+
- Don't attempt to resubmit a structure we just freed in ipsec(4) / ipcomp(4).
+
- Small fixes to IP-in-IP encapsulation code.
+
- Add Security Mode options to atactl(8).
+
- Support a few more HPT pciide(4) cards.
+
- Make
NEED_VERSION obsolete in bsd.port.mk(5).
+ - Fill IPv6 null pointer dereference in cvs(1)
pserver.
+ - Remove some old upgrade hacks from the installer script.
+
- pf(4) chokes on invalid '
! <interface>' syntax, instead of just ignoring the '!'.
- Fix pf(4) interface stats, and allow the
loginterface feature to be disabled.
- Make signal handler flags in isakmpd(8) of type
volatile sig_atomic_t.
- Fix a few GCC 3.1 moans in isakmpd(8).
@@ -58,19 +71,19 @@
- Cleanup of rpcgen(1).
- RELIABILITY FIX: Don't assume we have an active exchange during payload validation, otherwise isakmpd(8) can be made to crash.
A source code patch exists to remedy the problem.
-
+ [Applied to stable]
- ep(4) on isapnp(4) now works on alpha.
- Improve the way the installer's fileset selection UI works.
-
- Fix a potential buffer overflow in xsystrace(1).
+
- Fix a potential buffer overflow in
xsystrace.
- Add a note to the unwary in
distrib/notes about the danger of skipping several versions when upgrading.
- Don't have ssh(1) allocate memory for stuff we don't need, just to discard it straight away.
-
- Set
IP_PORTTANGE_HIGH for active mode data channel of ftp(1).
+ - Set
IP_PORTRANGE_HIGH for active mode data channel of ftp(1).
- Add some more usb(4) product IDs.
- Fix an off-by-one error in rmt(8) and improve string handling in general.
- Normalise nc(1)'s EOF handling.
- Plug a few ssh(1) memory leaks.
- Tweak the tga(4/ALPHA) driver.
-
- Fix several missing or broken malloc(3) failure checks.
+
- Fix several missing or broken malloc(3) and realloc(3) failure checks.
- In rcs(1), actually exit(3) after spotting that
LocalId is too long.
- Lots of ANSIfication of function declarations and prototypes.
- Fix bug causing '
SPL NOT LOWERED' errors from the ami(4) RAID controller.
@@ -98,10 +111,10 @@
- Add AlphaServer 800 and 1000 support.
- Enable lc(4) devices in alpha GENERIC kernel.
- Fix isapnp(4) panics on alpha.
-
- Make xf86config(1) give the option of configuring a mouse wheel.
+
- Make
xf86config give the option of configuring a mouse wheel.
- Gracefully handle i386_iopl(2) failure in the X server when trying to give up privileges.
- Add wscons(4) files to fbtab(5) on i386.
-
- Add to use kqueue(2) support to syslog(3).
+
- Add kqueue(2) support to syslog(3).
- Evolve
strtou?q() into strtou?ll(). Use weak aliases if available (wrappers otherwise) to fake strtou?q().
- Run rpc.rstatd(8) and rpc.rusersd(8) as
root from inetd(8) again, but go to nobody's jail at startup.
- Lots more bounds-checking all over the place.
@@ -133,7 +146,7 @@
- Skip routing table lookup when {broad,multi}casting and the outgoing interface is set using setsockopt(2). Removes the need for a
224/4 route.
- Make X use
/dev/wsmouse instead of /dev/wsmouse0 by default.
- Add some m68k opcode aliases for GNU as(1) from recent binutils.
-
- Pull the
bzero() fix in sys/netinet/tcp_input.c from -current into 3.0-stable.
+ - Pull the
bzero() fix in sys/netinet/tcp_input.c from -current into 3.0-stable.
- Fix the FTP relay in faithd(8).
- Fix wi(4) reassociation after an AP reboot.
- SECURITY FIX: A buffer overflow can
@@ -143,7 +156,7 @@
- Lots of
uid_t and gid_t signedness fixes.
- sshd(8) no longer calls
setsid() when run from inetd(8).
- Make cvs(1)
pserver talk IPv6.
- - Increment boot(8) version to help debug the new memory probe and other fixes.
+
- Increment boot(8) version to help debug the new memory probe and other fixes.
- Make wi(4) less twitchy on quick inserts/ejects.
- String handling and bounds checking fixes to login_fbtab(3).
- Bump OpenSSH to version 3.3.
@@ -152,7 +165,7 @@
- System call argument rewriting framework for systrace(4).
- Enable wi(4) on sparc64, after a lot of groundwork.
- Fix some endianness nits in wi(4).
-
- Remove ifmcstat(8), the same information is available from netstat(8).
+
- Remove ifmcstat(8), the same information is available from netstat(1).
- More improvements to 4GB memory probing on i386.
- ssh(1) and sshd(8) options are now documented in their own
sshd?_config(5) manpage.
- Add option for smooth scrolling to talk(1).
@@ -196,13 +209,13 @@
- Add some inlined hash functions for the kernel, in
<sys/hash.h>.
- Cleanup work on conditional evaluation in make(1).
- isakmpd(8) accepts IPComp flows.
-
- Drop pf(4)
scrub(fragcache) syntax in favour of the fragment ... option in scrub rules.
+ - Drop pf(4)
scrub(fragcache) syntax in favour of the fragment ... option in scrub rules.
- Teach tcpdump(8) about ipcomp(4).
- Show sparc64's X server which device it wants to
mmap().
- Add ioctl to wscons(4) allowing sparc64 (other architectures later) to find out which PCI device it's using.
- Enable userland crypto(4) support for DSA. Maybe logging in using ssh2 on a 486 needn't take 20 seconds after all.
- Kernel changes and sysctl(3) switch for hardware asymmetric crypto(4) in userland.
-
- Add initial Ultra Port Architecture (upa(4/SPARC64)) support. Attach creator(4) and schizo(4) using it.
+
- Add initial Ultra Port Architecture (upa(4/SPARC64)) support. Attach creator(4) and schizo(4) using it.
- Import new vax boot code from NetBSD.
- Add umct(4) USB serial driver and .umidi(4) USB MIDI driver. Not tested, not in GENERIC.
- Add IPL_STATCLOCK and add lots of
splassert()s.
@@ -210,7 +223,7 @@
- Much cleanup in
distrib/miniroot.
- Make pfctl(8)
-s state print UDP and 'other' states nicely.
- New
scrub(fragcache) ... syntax for pf(4).
- - Add mbuf_tag(9)
PACKET_TAG_PF_FRAGCACHE to stop pf(4) misdetecting duplicate fragments.
+ - Add mbuf_tags(9)
PACKET_TAG_PF_FRAGCACHE to stop pf(4) misdetecting duplicate fragments.
- pf(4) NAT proxy port ranges can be specified per-rule.
- Don't panic(9) if pf(4) tries to insert a duplicate key.
- pf(4) NAT and filter rules now all go in the one file (normally pf.conf(5).) New pfctl(8) file syntax. Oh yes.
@@ -228,7 +241,7 @@
- Define
__weak_alias() for mvme88k.
- Merge GNU TeXinfo 4.2.
- Prevent mbuf(9) leakage from bridge(4).
-
- New bad144(8).
+
- New bad144(8).
- user(8) now checks the username length against MaxUserNameLen.
- Add bio(4) device, so userland can talk to devices that don't have nodes in
/dev.
- Remove KerberosIV startup code from rc(8) files.
@@ -245,7 +258,7 @@
- Fix PR2704 resuming eso(4) after standby.
- Change a lot of index(3) calls to strchr(3).
- Change "'cuz" to "because." Strewth!
-
- Add another mbuf(9) flag M_AUTH_AH, changing the meaning of M_AUTH.
+
- Add another mbuf(9) flag M_AUTH_AH, changing the meaning of M_AUTH.
- Remove a bunch of '
\n's from syslog(3) and err(3) calls.
- Make isakmpd(8) IKECFG support work for both SET/ACK and REQ/REPLY modes.
- Fixes for OpenSSL when talking to hardware crypto(4).
@@ -287,11 +300,11 @@
- Rule label length increased from 32 to 64 characters.
- Allow modification of TTL with pf(4)
return-rst.
- Timeout handling improvements to ohci(4).
-
- Make netstat(6) print RIP6 statistics.
+
- Make netstat(1) print RIP6 statistics.
- Allow a per-rule limit to the number of state table entries a pf.conf(5) rule can create.
- Switch pf(4) from AVL to red-black trees.
- Add Gemplus GPR400 PCMCIA smartcard reader.
-
- If sending on another interface, resubmit pf(4) routed packets for filtering and NAT by
pf. Add an mbuf_tag(9) to stop loops forming.
+ - If sending on another interface, resubmit pf(4) routed packets for filtering and NAT by
pf. Add an mbuf_tags(9) to stop loops forming.
- Don't propose IDEA when negotiating SSL connections.
$srcaddr, $srcport, $dstaddr, $dstport, $proto and $nr (rule number) can now be used in pfctl(8) rule labels.
- Make a kernel TCP RST and a pf(4)
return-rst look the same, to frustrate the nmap crowd.
@@ -313,8 +326,8 @@
- Disable XF86_SVGA drivers in old XFree that are as good or better in XFree86 4.2.0, as defined in their status page.
- bpf(4) support for kqueue(2)
- In isakmpd(8), add netmask, subnet and DHCP server request support to IKECFG.
-
- Fix bktr(4) stereo.
-
- Support the RNG of AMD-768 southbridge (device amdpm(4).)
+
- Fix bktr(4) stereo.
+
- Support the RNG of AMD-768 southbridge (device amdpm(4).)
- Fix DMA handing of hme(4) (SPARC and SPARC64.)
- Pull in
libcsu change from NetBSD to allow dlopen(3) to be used much earlier.
- Add
-t key lifetime option to ssh-add(1).
@@ -322,7 +335,7 @@
- Add predicate suffixes to systrace(1).
- Add
-x and -X options to respectively lock and unlock ssh-agent(1).
- Compatibility tweaks to
getpid(), getuid() and getgid() under Linux emulation.
- - Start work on new debugger, pmdb.
+
- Start work on new debugger, pmdb.
- Additional check (#ifdef DIAGNOSTIC) for duplicate uvm(9) map entries.
- If syslog(3) fails with ENOBUFS when sending to
/dev/log, it now waits a millisecond and retries.
- syslogd(8) doubles the socket receive buffer size.
@@ -351,7 +364,7 @@
- '
pfctl -s all' now prints labels as well.
- Add
volatile to sig_atomic_t. Stand well back.
- Use rasops instead of rcons in cgthree(4/SPARC) and cgsix(4/SPARC).
-
- Simplify IPv6 link MTU code.
+
- Simplify IPv6 link MTU code.
- Stop maintaining 2.9-stable.
- Bump 2.9-stable to OpenSSH version 3.2.3.
- Bump 3.0-stable to OpenSSH version 3.2.3.
@@ -367,9 +380,9 @@
- Fix
/etc/ptmp deletion bug that occurred if rmuser(8) was aborted.
- IBSS mode for Symbol cards (firmware >= 2.5) using the wi(4) driver.
- Add leading-zero padding to RSA signatures in ssh.
-
- Tweak altq(4) options(4) so the kernel compiles on i[34]86.
+
- Tweak altq(9) options(4) so the kernel compiles on i[34]86.
- Add support in the fxp(4) driver for more Intel PRO/100 VM cards.
-
- For those that do metric but refuse to work in meters and kilograms, kayser conversion has been added to units(1).
+
- For those that do metric but refuse to work in meters and kilograms, kayser conversion has been added to units(1). Wow.
- Fix signal races in ping(8).
- Now that the Dungeon Master dm(1) has gone into well-earned retirement, make those games that need to save high scores, etc. run setgid
games.
- Per-socket ipsec(4) policies and options!
@@ -386,8 +399,8 @@
- Add
-[46] options to ftp(1).
- Warn to syslog if IPv6 neighbor discovery tries to set the link MTU too small.
- Make tip(1) query the driver with the user's baud rate setting rather than only accepting a compiled-in list.
-
- Support Sun type 5 keyboards, as some keycodes are rather helpfully switched around from type 4.
-
- Cleanup and small fixes to skeyaudit(8).
+
- Better wscons(4) support for Sun type 5 keyboards.
+
- Cleanup and small fixes to skeyaudit(1).
- Fixes to fms(4).
- Various fixes and enhancements to mg(1).
- sshd(8) no longer starts in privilege-separated mode unless the PrivSep user
sshd and chroot(2) dir /var/empty are both present.
@@ -401,7 +414,7 @@
- Use the correct string buffer size for printing port numbers in pfctl(8).
- Remove
arc4random_8().
struct ifnet now has an array of pointers to data for each address family. Move per-interface IPv6 state and neighbor discovery stuff here.
-- netstat(8) cleanup.
+
- netstat(1) cleanup.
- ping6(8) and traceroute6(8) updates from KAME.
unsigned -> unsigned int cleanup.
pid_t type cleanup.
@@ -412,7 +425,7 @@
- vax: Add board type for VXT2000+.
- More IANA interface type values, including IFT_BRIDGE.
- Split XFree86
bsd_video.c into architecture-specific files.
- - Add sysctl(8) toggle
net.inet.icmp.tstamprepl (default: 1) for ICMP timestamp replies.
+ - Add sysctl(8) toggle
net.inet.icmp.tstamprepl (default: 1) for ICMP timestamp replies.
- Yet more safe string function fixes.
- In XFree86 build, honour COPTS variable when building third-party apps.
- Add
LIBS option for crunchgen so custom libraries can be added to boot images.
@@ -591,7 +604,7 @@
www@openbsd.org
-
$OpenBSD: plus.html,v 1.831 2002/07/05 23:32:44 deraadt Exp $
+
$OpenBSD: plus.html,v 1.832 2002/07/10 06:46:40 deraadt Exp $