===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.837
retrieving revision 1.838
diff -u -r1.837 -r1.838
--- www/plus.html 2002/07/31 22:56:49 1.837
+++ www/plus.html 2002/08/02 23:22:24 1.838
@@ -48,9 +48,36 @@
We are working on OpenBSD-current.
-The following list sums up (almost) all the changes made up to July 29.
+The following list sums up (almost) all the changes made up to August 1.
+- Add some overflow checks similar to the calloc(3) patch to ssh(1).
+
- isakmpd(8) support for certificate revocation lists.
+
+
- Prevent integer overflow in i386 USER_LDT code.
+
- Fix NFS's handling of zero-length RPC fragments.
+
- systrace(1) handles unlinking of a symlink correctly.
+
- Limit file size to 2^31 * PAGE_SIZE in FFS code.
+
- u_short -> u_int16_t in mtrouted(8).
+
+
- REVISED SECURITY FIX for the xdr_array(3) buffer overflow, see the erratum.
+ [Applied to stable]
+ - Spot zero-length keys or values in ypmatch_add(), and exit early.
+
- Broken by the removal of atexit(3), chpass(1) now cleans up after itself properly again.
+
- Use fork(2) instead of vfork(2) in make(1). Fixes hppa breakage.
+
- Back out the new atexit(3) handler changes which appear to break Perl somehow. Bugger.
+
- Get calloc(3) semantics right, while still not allowing the size_t overflow.
+ [Applied to stable]
+ - Fix httpd(8) compilation without mod_ssl.
+
+
- On i386, allow mprotect(2) to alter the execution protection of the stack.
+
- Fix some more potential null pointer dereferences, this time in pfkey and netiso.
+
- Plug a kqueue(2) file descriptor leak in the X server.
+
- Have libc opendir(3) and scandir(3) check for size_t overflows like the new calloc().
+
- Like in libc, fix the calloc() implementation in named(8) (only used by a feature disabled in OpenBSD.)
+
- Lots of work on the sparc and sparc64 console drivers.
+
- Kernel IPsec was only doing ESP integrity checks on NICs that had already done so in hardware...
+
- Fix a typo that caused a potential null pointer dereference in kernel NFS.
- New 'PermitUserEnvironment' option for SSH. Off by default.
- Add 'with or without modification' clause to gprof(1) licensing.
- Sync with OpenSSL 0.9.6e-0.9.7 CHANGES file.
@@ -60,7 +87,8 @@
- In pf(4), allow TCP flags to be specified in all rules that include TCP (before the rules had to be exclusively TCP.)
- Fix a buffer overflow in backgammon(6), and replace its gameplay algorithm.
-
- Kill a kernel tty memory leak.
+
- Kill a kernel tty memory leak.
+ [Applied to stable]
- Super-cautious strcpy()->strlcpy() in exec*(3).
- Return failure if the parameters given to calloc(3) would cause an overflow of size_t.
[Applied to stable]
@@ -207,8 +235,8 @@
- Add a timeout value to USB I/O calls, rather than having a systemwide timeout.
- Make httpd(8) chroot() and drop root privileges by default. A lot module chroot fixes to come.
- Add syscall aliasing to systrace(1) (e.g. stat/fstat/readlink/access/... become 'fsread'.)
-
- Some fixes to
- In umidi(4) and uscanner(4).
-
- Add SMC 2206 support to
- In aue(4).
+
- Some fixes to umidi(4) and uscanner(4).
+
- Add SMC 2206 support to aue(4).
- Fix a potential off-by-five error in systrace(1).
- pf(4) now accepts an interface in most of the places it can take an IP address, and picks up all the IPv4 and IPv6 addresses on that interface.
@@ -764,7 +792,7 @@
www@openbsd.org
-
$OpenBSD: plus.html,v 1.837 2002/07/31 22:56:49 deraadt Exp $
+
$OpenBSD: plus.html,v 1.838 2002/08/02 23:22:24 deraadt Exp $