===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.838
retrieving revision 1.839
diff -u -r1.838 -r1.839
--- www/plus.html 2002/08/02 23:22:24 1.838
+++ www/plus.html 2002/08/16 00:16:44 1.839
@@ -48,9 +48,64 @@
We are working on OpenBSD-current.
-The following list sums up (almost) all the changes made up to August 1.
+The following list sums up (almost) all the changes made up to August 10.
+
+- SECURITY FIX: An insufficient boundary check in the select(2) and poll(2) system calls allows an attacker to overwrite kernel memory and execute arbitrary code in kernel context.
+ A source code patch is available.
+ [Applied to stable]
+
+ - raid(4) no longer gets loud at boot time unless option RAIDDEBUG is used.
+
- Sink a few bugs in bs(6).
+
+
- Fix raw socket translation for Linux compatibility mode.
+
- Properly clear the argument list in pmdb.
+
- Die on fd_set overrun in mtrace(8), map-mbone(8) and mrouted(8) (not built by default.)
+
- When emulating Linux, don't have accept()ed sockets inherit flags from the listen socket.
+
- Fix snprintf length in syslogd(8).
+
- Correct a sizeof bug in photurisd(8).
+
- Tweak IFF_PROMISC handling in wi(4) to avoid some unnecessary initialisations.
+
- Fix a potential off-by-one in ld.so(1) that could cause mmap breakage on some architectures.
+
- Make insertion of data into socket buffers run in constant time, a huge win especially with large buffers.
+
- Relax slightly the conditions under which a TCP SYN packet will trigger the sequence number modulator. Handy for systems with ECN stacks.
+
- Fix a number of && -> & bit-test typos in OpenSSH (v1 RSA key use,) routed(8), pic(1), fvwm(1) and a few in the kernel.
+
- Add a couple of missing open(2) mode args in afsd(8) and msgs(1).
+
+
- Improve TX interrupt handing in be(4/SPARC,4/SPARC64).
+
- Fixes to mrinfo(8) (this isn't built by default.)
+
- Improve systrace(1)'s handling of interrupted system calls.
+
- Fix a free-in-caught-alloc-failure-block (!) in ohci(4).
+
- Rewrite the CRL support in isakmpd(8). Check for OpenSSL >= 0.9.7, the earliest supported version for now.
+
+
- Retrofit the new early privilege revocation code to the old X servers.
+
- xlock(1) defaults to blank mode (rather than random mode.) Also remove bomb mode altogether, to the annoyance of noone.
+
- Several fixes to the hme(4/SPARC, 4/SPARC64) driver.
+
- Restore struct link_map ABI compatibility between ld.so and gdb, broken by the split of link.h into separate MI, ELF and a.out files.
+
+
- Move AGP chipset support out of machine-independent section (AGP support is per-arch.)
+
- REVISED SECURITY FIX for the OpenSSL ASN.1 buffer overflows, see the erratum.
+ [Applied to stable]
+
+ - Fix auth_call(3)'s error logging.
+
- cron(8) cross-checks the crontab filename against the system username.
+
- netstat(1) drops its privileges earlier.
+
+
- systrace(1) can log matching rules to syslog.
+
- write(1) drops privileges after opening the tty.
+
- Refactor vmstat(8) slightly so kvm(3) is only ever opened once (it could be opened a second time by dkstats.c before.)
+
- Open the kvm(3) library earlier in fstat(1) and systat(1), and so drop privs earlier.
+
- Test for a previously unchecked malloc() return value in the RPC library, and die unceremoniously on failure.
+
- Catch file read errors in rdate(8)'s leapsecond handler.
+
- Cleanup of amd(8).
+
+
- Remove Kerberos support from the default login.conf (and its hardwired defaults for when login.conf is absent.) See the log for why.
+
- No more RPC by default. Expect a lot of 'NFS is broken' email to misc@ when 3.2 is released.
+
- Rework some aspects of crontab(1)'s file checks.
+
- Provide our own RSA_verify(3) implementation for OpenSSH.
+
- Add the _sshagnt group for use by ssh-agent(1).
+
- Correct a pointer comparison typo in libssl's ASN.1 parser library.
+
- Check for correct return value of inet_aton(3) in isakmpd(8).
- Add some overflow checks similar to the calloc(3) patch to ssh(1).
- isakmpd(8) support for certificate revocation lists.
@@ -792,7 +847,7 @@
www@openbsd.org
-
$OpenBSD: plus.html,v 1.838 2002/08/02 23:22:24 deraadt Exp $
+
$OpenBSD: plus.html,v 1.839 2002/08/16 00:16:44 deraadt Exp $