===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.833
retrieving revision 1.834
diff -u -r1.833 -r1.834
--- www/plus.html 2002/07/10 06:48:01 1.833
+++ www/plus.html 2002/07/17 02:37:44 1.834
@@ -48,10 +48,24 @@
We are working on OpenBSD-current.
-The following list sums up (almost) all the changes made up to July 9.
+The following list sums up (almost) all the changes made up to July 16.
-- Make httpd(8) chroot() and drop root privileges by default.
+
- Small additions to as(1) to make gnupg compile.
+
- Fix csh(1) directory completion SIGSEGV with large directories.
+
- Make atrun(8) part of cron(8), removing the need for the atrun cronjob.
+
- More pf(4): accept !<interface> syntax. Oh yes.
+
- top(1) now has a BSD license.
+
- pf(4) parser spots more silly combinations (return-rst on non-TCP rules, keep-state on block rules.)
+
- Make ftpd(8) always use high port numbers for passive data connections (no more -h option.)
+
- The XFree86 3.3.x servers that are left now revoke their root privileges after getting I/O access.
+
- Teach MMX (not SSE) to as(1).
+
- Add support for AGP GART on i386 (see vga(4) and options(4),) and enable by default.
+
- Make xterm revoke its root privileges, and install it setgid(utmp).
+
- Fix at least one tcpdump(8) buffer overflow.
+ [Applied to stable]
+ - Create a skeleton UserDir tree under /var/www/users.
+
- Make httpd(8) chroot() and drop root privileges by default.
- pf(4) now accepts an interface in most of the places it can take an IP address, and picks up all the IPv4 and IPv6 addresses on that interface.
- Some updates to cron(8).
- Remove ab(1) from the Apache installation.
@@ -60,12 +74,12 @@
- Small fixes to IP-in-IP encapsulation code.
- Add Security Mode options to atactl(8).
- Support a few more HPT pciide(4) cards.
-
- Make NEED_VERSION obsolete in bsd.port.mk(5).
-
- Fill IPv6 null pointer dereference in cvs(1) pserver.
+
- Make NEED_VERSION obsolete in bsd.port.mk(5).
+
- Fill IPv6 null pointer dereference in cvs(1) pserver.
- Remove some old upgrade hacks from the installer script.
-
- pf(4) chokes on invalid '! <interface>' syntax, instead of just ignoring the '!'.
-
- Fix pf(4) interface stats, and allow the loginterface feature to be disabled.
-
- Make signal handler flags in isakmpd(8) of type volatile sig_atomic_t.
+
- pf(4) chokes on invalid '! <interface>' syntax, instead of just ignoring the '!'.
+
- Fix pf(4) interface stats, and allow the loginterface feature to be disabled.
+
- Make signal handler flags in isakmpd(8) of type volatile sig_atomic_t.
- Fix a few GCC 3.1 moans in isakmpd(8).
- Un-bloating of ahc(4).
- Cleanup of rpcgen(1).
@@ -74,23 +88,23 @@
[Applied to stable]
- ep(4) on isapnp(4) now works on alpha.
- Improve the way the installer's fileset selection UI works.
-
- Fix a potential buffer overflow in xsystrace.
-
- Add a note to the unwary in distrib/notes about the danger of skipping several versions when upgrading.
+
- Fix a potential buffer overflow in xsystrace.
+
- Add a note to the unwary in distrib/notes about the danger of skipping several versions when upgrading.
- Don't have ssh(1) allocate memory for stuff we don't need, just to discard it straight away.
-
- Set IP_PORTRANGE_HIGH for active mode data channel of ftp(1).
+
- Set IP_PORTRANGE_HIGH for active mode data channel of ftp(1).
- Add some more usb(4) product IDs.
- Fix an off-by-one error in rmt(8) and improve string handling in general.
- Normalise nc(1)'s EOF handling.
- Plug a few ssh(1) memory leaks.
- Tweak the tga(4/ALPHA) driver.
- Fix several missing or broken malloc(3) and realloc(3) failure checks.
-
- In rcs(1), actually exit(3) after spotting that LocalId is too long.
+
- In rcs(1), actually exit(3) after spotting that LocalId is too long.
- Lots of ANSIfication of function declarations and prototypes.
-
- Fix bug causing 'SPL NOT LOWERED' errors from the ami(4) RAID controller.
-
- Give ssh-keysign(8) its setuid(root) toys back, but only work at all if HostbasedAuthentication is globally disabled.
+
- Fix bug causing 'SPL NOT LOWERED' errors from the ami(4) RAID controller.
+
- Give ssh-keysign(8) its setuid(root) toys back, but only work at all if HostbasedAuthentication is globally disabled.
- Use RSA_blinding_on(3) to ward off a Kocher timing attack on ssh-keysign(8).
- Fix signal(3) race in ping(8).
-
- Remove adv(4) from the i386 RAMDISK kernel until new ahc(4) un-bloats itself.
+
- Remove adv(4) from the i386 RAMDISK kernel until new ahc(4) un-bloats itself.
- Catch a null pointer dereference when fetching the routing table via sysctl(3).
- Make sis(4) compile and work on alpha.
- Return correct result sizes from ubsec(4).
@@ -98,28 +112,28 @@
- Cleanup of ftpd(8).
- Fix PIO writes code in wdc(4), broken since OpenBSD 2.5!
- Remove unnecessary longjmp(3) from login(1).
-
- Pages allocated with debug_malloc() aren't ever executed, so don't use VM_PROT_ALL.
+
- Pages allocated with debug_malloc() aren't ever executed, so don't use VM_PROT_ALL.
- Finally fix bridge(4) address cache bug.
-
- Properly handle endpoint differences of opinion on ssh(1) Compression options
+
- Properly handle endpoint differences of opinion on ssh(1) Compression options
- Fix the wsdisplay(4) blanker after the X server has been running.
-
- Make the installer deal correctly with passwords starting with '-X ' for some X, instead of misinterpreting them as options to encrypt(1).
+
- Make the installer deal correctly with passwords starting with '-X ' for some X, instead of misinterpreting them as options to encrypt(1).
- Fix some compatibility quirks in ppp(8).
- Add a pushback buffer to pfctl(8)'s parser.
-
- Remove setuid(root) from ssh-keysign(8), disabling it for now.
-
- Have named(8) call tzset(3) so /etc/localtime isn't needed after the chroot(2).
+
- Remove setuid(root) from ssh-keysign(8), disabling it for now.
+
- Have named(8) call tzset(3) so /etc/localtime isn't needed after the chroot(2).
- More fixes to the new ahc(4) driver.
- Add AlphaServer 800 and 1000 support.
- Enable lc(4) devices in alpha GENERIC kernel.
- Fix isapnp(4) panics on alpha.
-
- Make xf86config give the option of configuring a mouse wheel.
+
- Make xf86config give the option of configuring a mouse wheel.
- Gracefully handle i386_iopl(2) failure in the X server when trying to give up privileges.
- Add wscons(4) files to fbtab(5) on i386.
- Add kqueue(2) support to syslog(3).
-
- Evolve strtou?q() into strtou?ll(). Use weak aliases if available (wrappers otherwise) to fake strtou?q().
-
- Run rpc.rstatd(8) and rpc.rusersd(8) as root from inetd(8) again, but go to nobody's jail at startup.
+
- Evolve strtou?q() into strtou?ll(). Use weak aliases if available (wrappers otherwise) to fake strtou?q().
+
- Run rpc.rstatd(8) and rpc.rusersd(8) as root from inetd(8) again, but go to nobody's jail at startup.
- Lots more bounds-checking all over the place.
- Recognise a few more fxp(4) devices.
-
- Correct misleading cgetclose() entry in getcap(3) manpage.
+
- Correct misleading cgetclose() entry in getcap(3) manpage.
- Try again with the new ahc(4) driver.
- Cleanups of chpass(1) and passwd(1).
- SECURITY FIX: The kernel would let any user ktrace(2) set[ug]id processes.
@@ -143,87 +157,86 @@
- Start work on IP-over-FireWire and IP-over-SCSI.
- Move a bunch of pfctl(8) options into pf.conf(5).
- c2k2-inspired changes to the installer.
-
- Skip routing table lookup when {broad,multi}casting and the outgoing interface is set using setsockopt(2). Removes the need for a 224/4 route.
-
- Make X use /dev/wsmouse instead of /dev/wsmouse0 by default.
+
- Skip routing table lookup when {broad,multi}casting and the outgoing interface is set using setsockopt(2). Removes the need for a 224/4 route.
+
- Make X use /dev/wsmouse instead of /dev/wsmouse0 by default.
- Add some m68k opcode aliases for GNU as(1) from recent binutils.
-
- Pull the bzero() fix in sys/netinet/tcp_input.c from -current into 3.0-stable.
+
- Pull the bzero() fix in sys/netinet/tcp_input.c from -current into 3.0-stable.
- Fix the FTP relay in faithd(8).
- Fix wi(4) reassociation after an AP reboot.
- SECURITY FIX: A buffer overflow can
occur in the .htaccess parsing code in the mod_ssl httpd(8) module, leading to possible remote crash or exploit (PR2767.)
A source code patch is available.
[Applied to stable]
- - Lots of uid_t and gid_t signedness fixes.
-
- sshd(8) no longer calls setsid() when run from inetd(8).
-
- Make cvs(1) pserver talk IPv6.
+
- Lots of uid_t and gid_t signedness fixes.
+
- sshd(8) no longer calls setsid() when run from inetd(8).
+
- Make cvs(1) pserver talk IPv6.
- Increment boot(8) version to help debug the new memory probe and other fixes.
- Make wi(4) less twitchy on quick inserts/ejects.
- String handling and bounds checking fixes to login_fbtab(3).
- Bump OpenSSH to version 3.3.
[Applied to stable]
- Start adding kqueue(2) support to noct(4).
-
- System call argument rewriting framework for systrace(4).
+
- System call argument rewriting framework for systrace(4).
- Enable wi(4) on sparc64, after a lot of groundwork.
- Fix some endianness nits in wi(4).
- Remove ifmcstat(8), the same information is available from netstat(1).
- More improvements to 4GB memory probing on i386.
-
- ssh(1) and sshd(8) options are now documented in their own sshd?_config(5) manpage.
+
- ssh(1) and sshd(8) options are now documented in their own sshd?_config(5) manpage.
- Add option for smooth scrolling to talk(1).
- Support a few more wireless cards in wi(4).
- Build wicontrol(8) on sparc64 as well.
- String handling cleanups in comsat(8).
- Support magma(4/SPARC), magma(4/SPARC64) serial/parallel boards.
-
- Support stp(4) sbus-PCMCIA bridge based on STP4020 chipset. (The nell driver on Solaris.)
+
- Support stp(4) sbus-PCMCIA bridge based on STP4020 chipset. (The nell driver on Solaris.)
- Cleanup of timed(8).
-
- Removing its setgid(kmem) was not enough, remove trsp(8) altogether.
+
- Removing its setgid(kmem) was not enough, remove trsp(8) altogether.
- Make yacc(1) errors look like C compiler errors, so parser utilities such as error(1) can deal with it.
- Add kqueue(2) support to random(9).
- Kill file descriptor leak in dhcpd(8).
- Fix lots of format strings in the dhcp(8) programs.
-
- ps(1) shows flag 'x' for systrace(4)'d processes.
+
- ps(1) shows flag 'x' for systrace(4)'d processes.
- Lots of work on the gpr(4) driver.
- Fix uftdi(4).
-
- Make systat(1) revoke its setgid(kmem) privileges.
-
- Remove old pccons driver from i386, also the associated XSERVER option from the kernel.
+
- Make systat(1) revoke its setgid(kmem) privileges.
+
- Remove old pccons driver from i386, also the associated XSERVER option from the kernel.
- Fix ftpd(8)'s SIGALRM handler.
- SECURITY FIX: A buffer overflow can
occur during the interpretation of chunked encoding in httpd(8), leading to possible remote crash.
A source code patch is available.
[Applied to stable]
- Add the punctuation-challenged Nike psa[play^120 USB widget.
-
- Remove setgid(kmem) from the enormously useful trsp(8).
-
- Add UK keyboard map to macppc (with '#' on Option-3) and also option CAPS_IS_CONTROL.
-
- Increase xl(4) timeout to squash 'command never completed!' warnings.
-
- Add kqueue(2) support to audio(4).
+
- Remove setgid(kmem) from the enormously useful trsp(8).
+
- Add UK keyboard map to macppc (with '#' on Option-3) and also option CAPS_IS_CONTROL.
+
- Increase xl(4) timeout to squash 'command never completed!' warnings.
+
- Add kqueue(2) support to audio(4).
- Import event(3), an API on top of select(2) or kqueue(2).
- Enable DMA on xl(4).
- Allow transparent (statically keyed) ipsec(4) processing on a bridge(4).
- Help ppp(8) to cope with yet more Microsoft PPP attributes.
- Extend ssh-agent(1) key lifetime constraints more flexible (i.e. more than just key lifetime.)
- Teach ECN attributes to isakmpd(8).
-
- Add eui64 option to ifconfig(8) for configuring the IPv6 interface index.
+
- Add eui64 option to ifconfig(8) for configuring the IPv6 interface index.
- Add a sysctl(3) to get the CPU type on sparc and sparc64.
- Throw away the first 256 words of arc4 output in random(9).
-
- Gratuitous pid_t cleanup in /usr/bin.
+
- Gratuitous pid_t cleanup in /usr/bin.
- Grab multicast vlan(4) code from NetBSD.
-
- Add some inlined hash functions for the kernel, in <sys/hash.h>.
+
- Add some inlined hash functions for the kernel, in <sys/hash.h>.
- Cleanup work on conditional evaluation in make(1).
- isakmpd(8) accepts IPComp flows.
-
- Drop pf(4) scrub(fragcache) syntax in favour of the fragment ... option in scrub rules.
+
- Drop pf(4) scrub(fragcache) syntax in favour of the fragment ... option in scrub rules.
- Teach tcpdump(8) about ipcomp(4).
-
- Show sparc64's X server which device it wants to mmap().
+
- Show sparc64's X server which device it wants to mmap().
- Add ioctl to wscons(4) allowing sparc64 (other architectures later) to find out which PCI device it's using.
- Enable userland crypto(4) support for DSA. Maybe logging in using ssh2 on a 486 needn't take 20 seconds after all.
- Kernel changes and sysctl(3) switch for hardware asymmetric crypto(4) in userland.
- Add initial Ultra Port Architecture (upa(4/SPARC64)) support. Attach creator(4) and schizo(4) using it.
- Import new vax boot code from NetBSD.
- Add umct(4) USB serial driver and .umidi(4) USB MIDI driver. Not tested, not in GENERIC.
-
- Add IPL_STATCLOCK and add lots of splassert()s.
-
- ssh(1) spends less time with euid==0 even if it is installed setuid(root).
-
- Much cleanup in distrib/miniroot.
-
- Make pfctl(8) -s state print UDP and 'other' states nicely.
-
- New scrub(fragcache) ... syntax for pf(4).
-
- Add mbuf_tags(9) PACKET_TAG_PF_FRAGCACHE to stop pf(4) misdetecting duplicate fragments.
+
- Add IPL_STATCLOCK and add lots of splassert()s.
+
- ssh(1) spends less time with euid==0 even if it is installed setuid(root).
+
- Much cleanup in distrib/miniroot.
+
- Make pfctl(8) -s state print UDP and 'other' states nicely.
+
- New scrub(fragcache) ... syntax for pf(4).
- pf(4) NAT proxy port ranges can be specified per-rule.
- Don't panic(9) if pf(4) tries to insert a duplicate key.
- pf(4) NAT and filter rules now all go in the one file (normally pf.conf(5).) New pfctl(8) file syntax. Oh yes.
@@ -236,14 +249,14 @@
- Add ioctl systrace(4) to retrieve the current emulation of a process.
- Remove dlopen(3) stuff from isakmpd(8).
- Fix BPF code for a gif(4) tunnel, and add some more sanity checks.
-
- Default RhostsAuthentication and RhostsRSAAuthentication to 'no' now that ssh(1) is now longer setuid(root) by default.
-
- ssh-add(1) key lifetimes can now be specified in nice readable form, e.g. '-t 1h'.
-
- Define __weak_alias() for mvme88k.
+
- Default RhostsAuthentication and RhostsRSAAuthentication to 'no' now that ssh(1) is now longer setuid(root) by default.
+
- ssh-add(1) key lifetimes can now be specified in nice readable form, e.g. '-t 1h'.
+
- Define __weak_alias() for mvme88k.
- Merge GNU TeXinfo 4.2.
- Prevent mbuf(9) leakage from bridge(4).
- New bad144(8).
- user(8) now checks the username length against MaxUserNameLen.
-
- Add bio(4) device, so userland can talk to devices that don't have nodes in /dev.
+
- Add bio(4) device, so userland can talk to devices that don't have nodes in /dev.
- Remove KerberosIV startup code from rc(8) files.
- Make pf(4) NAT rules work more like normal filter rules.
- Add SIO*PHYADDR to gif(4) so ifconfig(8) can set the outer address.
@@ -253,75 +266,74 @@
- Set FDDI link MTU the same as IPv4 MTU, fixes PR2714.
- Allow numeric group IDs in systrace(1).
- Changes to initialisation and media config of ep(4).
-
- Add list support for pf(4) rdr rules.
+
- Add list support for pf(4) rdr rules.
- Fix a number of bad strlcpy(3) calls.
- Fix PR2704 resuming eso(4) after standby.
- Change a lot of index(3) calls to strchr(3).
- Change "'cuz" to "because." Strewth!
- Add another mbuf(9) flag M_AUTH_AH, changing the meaning of M_AUTH.
-
- Remove a bunch of '\n's from syslog(3) and err(3) calls.
+
- Remove a bunch of '\n's from syslog(3) and err(3) calls.
- Make isakmpd(8) IKECFG support work for both SET/ACK and REQ/REPLY modes.
- Fixes for OpenSSL when talking to hardware crypto(4).
- Stop ftp(1) and ftpd(8) spilling the IPv6 scope ID onto the wire.
- The hardware is willing, and now xl(4) is able to offload TCP, UDP and IP checksumming to it.
- Support setting MTU on sk(4).
-
- Add KERN_{NFILES,TTYCOUNT,NUMVNODES,MBSTAT} sysctl(3) entries.
+
- Add KERN_{NFILES,TTYCOUNT,NUMVNODES,MBSTAT} sysctl(3) entries.
- For a bridge(4), handle IPv4 frag-needed-but-DF-set just like on a regular interface.
- Pull in some pciide(4) fixes from NetBSD.
-
- Remove (arguably) unnecessary setgid(operator) from df(1).
-
- Remove setuid(kmem) from ps(1) and w(1) now kvm can use sysctl for some stuff. We don't need no proc filesystem...
-
- Make the kvm(3) library try to use the shiny new sysctls to fetch process arguments and environment.
+
- Remove (arguably) unnecessary setgid(operator) from df(1).
+
- Remove setuid(kmem) from ps(1) and w(1) now kvm can use sysctl for some stuff. We don't need no proc filesystem...
+
- Make the kvm(3) library try to use the shiny new sysctls to fetch process arguments and environment.
- Add flag to stop kwm_open(3) opening any files, though limiting kvm functionality.
- Add sysctl(3) to retrieve process arguments and environment.
- Tweak kernel memory allocation on i386 to work better on 4GB machines.
- Work started on schizo(4/SPARC64) PCI controller. Who said that?
-
- Install script now puts FQDN in /etc/myname.
-
- Make more use of splsoftnet() (instead of splnet()) in IPv6 code.
-
- lo0 now only gets ::1 when it's brought up.
+
- Install script now puts FQDN in /etc/myname.
+
- Make more use of splsoftnet() (instead of splnet()) in IPv6 code.
+
- lo0 now only gets ::1 when it's brought up.
- Merge kth-krb 1.1.1.
-
- Enable weak aliases in libc for powerpc, sparc and alpha (already enabled on i386.)
-
- Add new splusb() to prevent USB initialisation lossage.
+
- Enable weak aliases in libc for powerpc, sparc and alpha (already enabled on i386.)
+
- Add new splusb() to prevent USB initialisation lossage.
- Improve SMART support in atactl(8).
-
- Silently ignore deprecated options to ssh(1) since they may be passed in for a remote scp command.
-
- Remove FallbackToRsh from scp(1) as well.
+
- Silently ignore deprecated options to ssh(1) since they may be passed in for a remote scp command.
+
- Remove FallbackToRsh from scp(1) as well.
- pf(4) NAT rules now do macro expansion as well.
-
- Add Makefile-like (var += ...) macro concatenation to pfctl(8), then remove it again.
+
- Add Makefile-like (var += ...) macro concatenation to pfctl(8), then remove it again.
- Add per-rule state timeouts to pf(4).
- Fix well-hidden little bug in crypto(3) to unbork sparc64 SSL/TLS negotiation.
- On alpha, don't allow kernel symbols to be paged out.
-
- Deprecate FallbackToRsh and UseRsh options in ssh(1).
+
- Deprecate FallbackToRsh and UseRsh options in ssh(1).
- ssh-keysign(8) now insists on 20-byte session IDs.
-
- Remove suspect DIAGNOSTIC block from softdep kernel code.
+
- Remove suspect DIAGNOSTIC block from softdep kernel code.
- Make wsdisplay(4) screen blanker play nice with the X server.
-
- lpr(1) and friends go from setuid(root) to setgid(daemon). Connections can come from unprivileged ports for now.
+
- lpr(1) and friends go from setuid(root) to setgid(daemon). Connections can come from unprivileged ports for now.
- Add Realtek 8129/8139 cardbus device support to rl(4).
-
- Switch macppc to use gem instead of gm.
+
- Switch macppc to use gem instead of gm.
- Multicast fixes and Gigabit Ethernet support for gem(4).
- Rule label length increased from 32 to 64 characters.
-
- Allow modification of TTL with pf(4) return-rst.
+
- Allow modification of TTL with pf(4) return-rst.
- Timeout handling improvements to ohci(4).
- Make netstat(1) print RIP6 statistics.
- Allow a per-rule limit to the number of state table entries a pf.conf(5) rule can create.
- Switch pf(4) from AVL to red-black trees.
- Add Gemplus GPR400 PCMCIA smartcard reader.
-
- If sending on another interface, resubmit pf(4) routed packets for filtering and NAT by pf. Add an mbuf_tags(9) to stop loops forming.
- Don't propose IDEA when negotiating SSL connections.
-
- $srcaddr, $srcport, $dstaddr, $dstport, $proto and $nr (rule number) can now be used in pfctl(8) rule labels.
-
- Make a kernel TCP RST and a pf(4) return-rst look the same, to frustrate the nmap crowd.
+
- $srcaddr, $srcport, $dstaddr, $dstport, $proto and $nr (rule number) can now be used in pfctl(8) rule labels.
+
- Make a kernel TCP RST and a pf(4) return-rst look the same, to frustrate the nmap crowd.
- Some systrace(4) filter list optimizations.
-
- Remove IPv4 mapped address support from TCP input code, and remove is_ipv6().
-
- Add net.inet6.ip6.v6only sysctl(8) flag.
-
- Add ikecfg as a valid flag in isakmpd.conf(5). Start coding SET/ACK mode support.
+
- Remove IPv4 mapped address support from TCP input code, and remove is_ipv6().
+
- Add net.inet6.ip6.v6only sysctl(8) flag.
+
- Add ikecfg as a valid flag in isakmpd.conf(5). Start coding SET/ACK mode support.
- inetd(8) no longer accepts UDP packets if the source is a broadcast address.
- Start work on KDrive (TinyX) low-footprint X server support.
-
- Add a missing bzero() in sys/netinet/tcp_input.c to fix link-local TCP.
+
- Add a missing bzero() in sys/netinet/tcp_input.c to fix link-local TCP.
- Add flow type to ipsec(4) and isakmpd(8).
- Fix isakmpd(8) crasher PR2729.
- Deprecate SIO.*IFPREFIX_IN6 ioctls.
- Merge arla release 0.35.7.
- Merge OpenSSL 0.9.7-stable-20020605.
-
- TCP wrappers and pfctl(8) accept scoped IPv6 addresses.
-
- Remove [gs]etprogname() from KerberosIV
+
- TCP wrappers and pfctl(8) accept scoped IPv6 addresses.
+
- Remove [gs]etprogname() from KerberosIV
- Fix ipsec(4) crash described in PR2721.
- Disable XF86_SVGA drivers in old XFree that are as good or better in XFree86 4.2.0, as defined in their status page.
- bpf(4) support for kqueue(2)
@@ -329,20 +341,20 @@
- Fix bktr(4) stereo.
- Support the RNG of AMD-768 southbridge (device amdpm(4).)
- Fix DMA handing of hme(4) (SPARC and SPARC64.)
-
- Pull in libcsu change from NetBSD to allow dlopen(3) to be used much earlier.
-
- Add -t key lifetime option to ssh-add(1).
-
- Use IPv4/IPv6 addresses in /etc/inetd.conf instead of 'localhost' to avoid DNS lookups.
+
- Pull in libcsu change from NetBSD to allow dlopen(3) to be used much earlier.
+
- Add -t key lifetime option to ssh-add(1).
+
- Use IPv4/IPv6 addresses in /etc/inetd.conf instead of 'localhost' to avoid DNS lookups.
- Add predicate suffixes to systrace(1).
-
- Add -x and -X options to respectively lock and unlock ssh-agent(1).
-
- Compatibility tweaks to getpid(), getuid() and getgid() under Linux emulation.
+
- Add -x and -X options to respectively lock and unlock ssh-agent(1).
+
- Compatibility tweaks to getpid(), getuid() and getgid() under Linux emulation.
- Start work on new debugger, pmdb.
- Additional check (#ifdef DIAGNOSTIC) for duplicate uvm(9) map entries.
-
- If syslog(3) fails with ENOBUFS when sending to /dev/log, it now waits a millisecond and retries.
+
- If syslog(3) fails with ENOBUFS when sending to /dev/log, it now waits a millisecond and retries.
- syslogd(8) doubles the socket receive buffer size.
- Automatic policy generation for systrace(4).
- lynx(1) now defaults to passive FTP.
-
- Remove [gs]etprogname() from KerberosV.
-
- New -a <bind_address> option to ssh-agent(1) so user can specify the agent's UNIX domain socket.
+
- Remove [gs]etprogname() from KerberosV.
+
- New -a <bind_address> option to ssh-agent(1) so user can specify the agent's UNIX domain socket.
- Make tbrconfig(8) statically linked.
- Remove assumptions about MTU values for certain media types.
- Use the same byte-order kung fu as the kernel in atactl(8).
@@ -361,75 +373,75 @@
- Detect stereo radio reception in fms(4).
- Compatibility tweaks to creator(4/SPARC64).
- Replace mr(4) radio driver with new gtp(4) driver, which is better tested.
-
- 'pfctl -s all' now prints labels as well.
-
- Add volatile to sig_atomic_t. Stand well back.
+
- 'pfctl -s all' now prints labels as well.
+
- Add volatile to sig_atomic_t. Stand well back.
- Use rasops instead of rcons in cgthree(4/SPARC) and cgsix(4/SPARC).
- Simplify IPv6 link MTU code.
- Stop maintaining 2.9-stable.
- Bump 2.9-stable to OpenSSH version 3.2.3.
- Bump 3.0-stable to OpenSSH version 3.2.3.
-
- Implement PMAP_CANFAIL flag for m68k pmap.
+
- Implement PMAP_CANFAIL flag for m68k pmap.
- Enable console blanking on cgthree(4/SPARC).
-
- Make sure some struct sockaddr are cleared before use.
+
- Make sure some struct sockaddr are cleared before use.
- Start work on NetOctave NSP2000 (hardware crypto) driver noct(4). Just the RNG for now.
- Apply BSD Airtools 0.2 patches.
- Teach ECN flags to pf(4).
- Dump mkisofs(8) in favor of mkhybrid(8).
-
- Avoid fd_set overruns in rtsold(8), route6d(8) and rtadvd(8).
+
- Avoid fd_set overruns in rtsold(8), route6d(8) and rtadvd(8).
- Clue in inetd(8) to IPv6 FTP bounce attacks.
-
- Fix /etc/ptmp deletion bug that occurred if rmuser(8) was aborted.
+
- Fix /etc/ptmp deletion bug that occurred if rmuser(8) was aborted.
- IBSS mode for Symbol cards (firmware >= 2.5) using the wi(4) driver.
- Add leading-zero padding to RSA signatures in ssh.
- Tweak altq(9) options(4) so the kernel compiles on i[34]86.
- Add support in the fxp(4) driver for more Intel PRO/100 VM cards.
- For those that do metric but refuse to work in meters and kilograms, kayser conversion has been added to units(1). Wow.
- Fix signal races in ping(8).
-
- Now that the Dungeon Master dm(1) has gone into well-earned retirement, make those games that need to save high scores, etc. run setgid games.
+
- Now that the Dungeon Master dm(1) has gone into well-earned retirement, make those games that need to save high scores, etc. run setgid games.
- Per-socket ipsec(4) policies and options!
- Stop a potential ipsec(4) DoS where an attacker could falsely advance the replay counter and so force valid traffic to be discarded.
- Add German keyboard map for Apple iBook.
- On ELF platforms, allow gcc(1) to link Fortran code with other languages.
-
- Pull ldconfig(8) strlcpy() fix into -stable.
+
- Pull ldconfig(8) strlcpy() fix into -stable.
- Make sure every PCI interrupt is recorded, so ISA doesn't step on one of them later.
- Attach radio(4) devices properly.
- Fix VIA8233 support in auvia(4).
-
- Make nc(1) timeouts behave more like netcat.
-
- Make sure user's shell is /usr/sbin/authpf before running authpf(8) to prevent $SSH_CLIENT shenanigans.
+
- Make nc(1) timeouts behave more like netcat.
+
- Make sure user's shell is /usr/sbin/authpf before running authpf(8) to prevent $SSH_CLIENT shenanigans.
- In ssh, use OpenSSL's AES implementation instead of our own.
-
- Add -[46] options to ftp(1).
+
- Add -[46] options to ftp(1).
- Warn to syslog if IPv6 neighbor discovery tries to set the link MTU too small.
- Make tip(1) query the driver with the user's baud rate setting rather than only accepting a compiled-in list.
- Better wscons(4) support for Sun type 5 keyboards.
- Cleanup and small fixes to skeyaudit(1).
- Fixes to fms(4).
- Various fixes and enhancements to mg(1).
-
- sshd(8) no longer starts in privilege-separated mode unless the PrivSep user sshd and chroot(2) dir /var/empty are both present.
+
- sshd(8) no longer starts in privilege-separated mode unless the PrivSep user sshd and chroot(2) dir /var/empty are both present.
- Recognise Intel 830 (laptop Celery support) and 312 southbridge.
- Fix potential time overflow in dd(1).
- Make bridge(4) refragment IP packets that are too large for the outgoing interface.
-
- Remove libdl, support is now in libc.
+
- Remove libdl, support is now in libc.
- Recognise Nokia C110 and C111 PC cards as wi(4) devices.
- Really sanitize ld.so(1)'s environment as promised in the manpage when running set[ug]id, and test for set[ug]id earlier.
- Don't allow mktemp(3) to back up past the beginning of its input buffer.
- Use the correct string buffer size for printing port numbers in pfctl(8).
-
- Remove arc4random_8().
-
- struct ifnet now has an array of pointers to data for each address family. Move per-interface IPv6 state and neighbor discovery stuff here.
+
- Remove arc4random_8().
+
- struct ifnet now has an array of pointers to data for each address family. Move per-interface IPv6 state and neighbor discovery stuff here.
- netstat(1) cleanup.
- ping6(8) and traceroute6(8) updates from KAME.
-
- unsigned -> unsigned int cleanup.
-
- pid_t type cleanup.
+
- unsigned -> unsigned int cleanup.
+
- pid_t type cleanup.
- Fix big snprintf(3)
parameter typo in strftime(3).
- Don't use execlp(3) when invoking ssh-keysign(8).
- Fix kill(2) parameter brainfade in amd(8) and KerberosIV's rlogin.
- vax: Add board type for VXT2000+.
- More IANA interface type values, including IFT_BRIDGE.
-
- Split XFree86 bsd_video.c into architecture-specific files.
-
- Add sysctl(8) toggle net.inet.icmp.tstamprepl (default: 1) for ICMP timestamp replies.
+
- Split XFree86 bsd_video.c into architecture-specific files.
+
- Add sysctl(8) toggle net.inet.icmp.tstamprepl (default: 1) for ICMP timestamp replies.
- Yet more safe string function fixes.
- In XFree86 build, honour COPTS variable when building third-party apps.
-
- Add LIBS option for crunchgen so custom libraries can be added to boot images.
-
- Run rpc.rstatd(8) and rpc.rusersd(8) as user nobody (boo!) from inetd(8).
+
- Add LIBS option for crunchgen so custom libraries can be added to boot images.
+
- Run rpc.rstatd(8) and rpc.rusersd(8) as user nobody (boo!) from inetd(8).
- From ld.so(1), remove tests that have no license, and for the same reason replace parts of ld(1) and ldconfig(8).
- Remove unnecessary instruction cache flushes on sparc64.
- Many cleanups in ld.so(1).
@@ -552,7 +564,7 @@
- Allow explicit filtering of non-reassembled fragments in pf(4).
- Support more hardware and fix stability issues in the mac68k sn(4) network driver.
- Improved Lithuanian keyboard map for wscons(4).
-
- SECURITY FIX: fix a buffer overflow in AFS/Kerberos token handling in sshd(8), and send a complete ticket.
+ - SECURITY FIX: fix a buffer overflow in AFS/Kerberos token handling in sshd(8), and send a complete ticket.
A source code patch is available.
[Applied to stable]
- Fix a memory leak in mg(1).
@@ -604,7 +616,7 @@
www@openbsd.org
-
$OpenBSD: plus.html,v 1.833 2002/07/10 06:48:01 deraadt Exp $
+
$OpenBSD: plus.html,v 1.834 2002/07/17 02:37:44 deraadt Exp $