===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.838
retrieving revision 1.839
diff -u -r1.838 -r1.839
--- www/plus.html	2002/08/02 23:22:24	1.838
+++ www/plus.html	2002/08/16 00:16:44	1.839
@@ -48,9 +48,64 @@
 
 <p>
 <h3><font color=#0000e0>We are working on OpenBSD-current.</font></h3><p>
-The following list sums up (almost) all the changes made up to August 1.
+The following list sums up (almost) all the changes made up to August 10.
 <ul>
 
+<!-- ^^^ 20020811 -->
+<li><font color="#e00000"><strong>SECURITY FIX: An insufficient boundary check in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=select&sektion=2">select(2)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=poll&sektion=2">poll(2)</a> system calls allows an attacker to overwrite kernel memory and execute arbitrary code in kernel context.</strong></font><br>
+    <a href="errata.html#scarg">A source code patch is available</a>.<br>
+    <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
+<!-- ^^^ 20020810 -->
+<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=raid&sektion=4">raid(4)</a> no longer gets loud at boot time unless option RAIDDEBUG is used.
+<li>Sink a few bugs in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bs&sektion=6">bs(6)</a>.
+<!-- ^^^ 20020809 -->
+<li>Fix raw socket translation for Linux compatibility mode.
+<li>Properly clear the argument list in pmdb.
+<li>Die on fd_set overrun in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mtrace&sektion=8">mtrace(8)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=map-mbone&sektion=8">map-mbone(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mrouted&sektion=8">mrouted(8)</a> (not built by default.)
+<li>When emulating Linux, don't have accept()ed sockets inherit flags from the listen socket.
+<li>Fix snprintf length in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslogd&sektion=8">syslogd(8)</a>.
+<li>Correct a sizeof bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=photurisd&sektion=8">photurisd(8)</a>.
+<li>Tweak IFF_PROMISC handling in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> to avoid some unnecessary initialisations.
+<li>Fix a potential off-by-one in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a> that could cause mmap breakage on some architectures.
+<li>Make insertion of data into socket buffers run in constant time, a huge win especially with large buffers.
+<li>Relax slightly the conditions under which a TCP SYN packet will trigger the sequence number modulator. Handy for systems with ECN stacks.
+<li>Fix a number of && -> & bit-test typos in OpenSSH (v1 RSA key use,) <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=routed&sektion=8">routed(8)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pic&sektion=1">pic(1)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fvwm&sektion=1">fvwm(1)</a> and a few in the kernel.
+<li>Add a couple of missing <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=open&sektion=2">open(2)</a> mode args in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=afsd&sektion=8">afsd(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=msgs&sektion=1">msgs(1)</a>.
+<!-- ^^^ 20020808 -->
+<li>Improve TX interrupt handing in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=be&sektion=4&arch=sparc">be(4/SPARC,4/SPARC64)</a>.
+<li>Fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mrinfo&sektion=8">mrinfo(8)</a> (this isn't built by default.)
+<li>Improve <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>'s handling of interrupted system calls.
+<li>Fix a free-in-caught-alloc-failure-block (!) in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ohci&sektion=4">ohci(4)</a>.
+<li>Rewrite the CRL support in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>. Check for OpenSSL >= 0.9.7, the earliest supported version for now.
+<!-- ^^^ 20020807 -->
+<li>Retrofit the new early privilege revocation code to the old X servers.
+<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xlock&sektion=1">xlock(1)</a> defaults to blank mode (rather than random mode.) Also remove bomb mode altogether, to the annoyance of noone.
+<li>Several fixes to the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hme&sektion=4&arch=sparc">hme(4/SPARC, 4/SPARC64)</a> driver.
+<li>Restore struct link_map ABI compatibility between ld.so and gdb, broken by the split of link.h into separate MI, ELF and a.out files.
+<!-- ^^^ 20020806 -->
+<li>Move AGP chipset support out of machine-independent section (AGP support is per-arch.)
+<li><strong><font color="#e00000">REVISED SECURITY FIX</font></strong> for the OpenSSL ASN.1 buffer overflows, see the <a href="errata.html#ssl">erratum</a>.<br>
+    <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
+<!-- ^^^ 20020805 -->
+<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=auth_call&sektion=3">auth_call(3)</a>'s error logging.
+<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cron&sektion=8">cron(8)</a> cross-checks the crontab filename against the system username.
+<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a> drops its privileges earlier.
+<!-- ^^^ 20020804 -->
+<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> can log matching rules to syslog.
+<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=write&sektion=1">write(1)</a> drops privileges after opening the tty.
+<li>Refactor <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vmstat&sektion=8">vmstat(8)</a> slightly so <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kvm&sektion=3">kvm(3)</a> is only ever opened once (it could be opened a second time by dkstats.c before.)
+<li>Open the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kvm&sektion=3">kvm(3)</a> library earlier in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fstat&sektion=1">fstat(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systat&sektion=1">systat(1)</a>, and so drop privs earlier.
+<li>Test for a previously unchecked malloc() return value in the RPC library, and die unceremoniously on failure.
+<li>Catch file read errors in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rdate&sektion=8">rdate(8)</a>'s leapsecond handler.
+<li>Cleanup of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=amd&sektion=8">amd(8)</a>.
+<!-- ^^^ 20020803 -->
+<li>Remove Kerberos support from the default <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login.conf&sektion=5">login.conf</a> (and its hardwired defaults for when login.conf is absent.) See <a href="http://www.openbsd.org/cgi-bin/cvsweb/src/etc/login.conf?rev=1.12&content-type=text/x-cvsweb-markup">the log</a> for why.
+<li>No more RPC by default. Expect a lot of 'NFS is broken' email to misc@ when 3.2 is released.
+<li>Rework some aspects of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crontab&sektion=1">crontab(1)</a>'s file checks.
+<li>Provide our own <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=RSA_verify&sektion=3">RSA_verify(3)</a> implementation for OpenSSH.
+<li>Add the _sshagnt group for use by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a>.
+<li>Correct a pointer comparison typo in libssl's ASN.1 parser library.
+<li>Check for correct return value of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inet_aton&sektion=3">inet_aton(3)</a> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>.
 <li>Add some overflow checks similar to the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=calloc&sektion=3">calloc(3)</a> patch to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>.
 <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> support for certificate revocation lists.
 <!-- ^^^ 20020802 -->
@@ -792,7 +847,7 @@
 <hr>
 <a href="index.html"><img height=24 width=24 src="back.gif" border=0 alt="OpenBSD"></a> 
 <a href="mailto:www@openbsd.org">www@openbsd.org</a>
-<br><small>$OpenBSD: plus.html,v 1.838 2002/08/02 23:22:24 deraadt Exp $</small>
+<br><small>$OpenBSD: plus.html,v 1.839 2002/08/16 00:16:44 deraadt Exp $</small>
 
 </body>
 </html>