===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.839
retrieving revision 1.840
diff -u -r1.839 -r1.840
--- www/plus.html 2002/08/16 00:16:44 1.839
+++ www/plus.html 2002/08/23 23:44:48 1.840
@@ -48,9 +48,53 @@
We are working on OpenBSD-current.
-The following list sums up (almost) all the changes made up to August 10.
+The following list sums up (almost) all the changes made up to August 23.
+- Map the heap non-executable.
+
+
- Change the way FREF() and FRELE() are called w.r.t. getvnode() (see file(9).)
+
- Fix a locking problem that can occur when an executable tries to exec(3) itself.
+
- Avoid a potential int overflow in comsat(8)
+
- Make the resolver ignore DNS AAAA replies containing IPv4-mapped addresses.
+
+
- Bump the listen() backlog from 5 to 128 (!) in sshd(8).
+
- sshd(8)'s default LoginGraceTime reduced from 600 to 60 seconds.
+
- wscons(4) now attaches to each wsdisplay device by default.
+
- Fixes to strip(1). -x now works.
+
+
- net.inet6.ip6_use_deprecated is on by default again...
+
- Fix some (but not all) signal races in fsck_ffs(8).
+
- New -n option to ftpd(8) that disallows anonymous access even if the ftp user exists.
+
- Perform /tmp/.{X11,ICE}-unix fixups before the system goes multiuser.
+
+
- Fix sysctl copyout(9)s in IPv6 neigbour discovery.
+
+
- Audit and cleanup of inet_net_ntop(3), inet_neta() and inet_ntop(3).
+
- TCP now tries to act appropriately w.r.t. net.inet6.ip6_use_deprecated.
+
+
- Use of IPv6 deprecated addresses switched off by default. (See RFC2462 and sysctl(8) variable net.inet6.ip6_use_deprecated.)
+
- Fixes to the isp(4) SCSI driver.
+
+
- Correct two sizeof bugs in crypto(9).
+
- Allow a raw IP socket to see a gre(4) packets for tunnels we haven't configured.
+
+
- Add some more cross-compilation targets in /usr/src/Makefile.
+
- Backfit Perl 5.80's File::Glob implementation (based on OpenBSD's code) to our perl(1).
+
- Fix a null pointer dereference in pfctl(8).
+
+
+
+
+
- Using the state table instead of a special-purpose list, allow pf(4) NAT to use the same proxy port for multiple external peers.
+
- Make ssh-agent(1) setgid(_sshagnt). setuid/setgid processes can't be ptrace(2)ed.
+
- SPARC consoles now use wscons(4).
+
+
- traceroute(8) now displays '!X' when packets come back as ICMP administratively prohibited by filter.
+
- Have rsh(1) die on fd_set overruns.
+
- In a number of places, switch the calloc(3) round the right way.
+
- Switch SPARC to ELF.
+
- Fix an XFree runtime loader problem seen on Alpha, PowerPC, SPARC and SPARC64.
- SECURITY FIX: An insufficient boundary check in the select(2) and poll(2) system calls allows an attacker to overwrite kernel memory and execute arbitrary code in kernel context.
A source code patch is available.
@@ -210,6 +254,7 @@
- Add a sequence number to kernel messages for systrace(1).
- Teach pmdb about corefiles.
+
- Map stack pages non-executable.
- noct(4) now works around NSP2000 PCI bridge brokenness. Fix a similar problem in hifn(4).
- Drop the requirement for commas in many pf(4) lists, useful when used in conjunction with the new variable concat feature.
@@ -847,7 +892,7 @@
www@openbsd.org
-
$OpenBSD: plus.html,v 1.839 2002/08/16 00:16:44 deraadt Exp $
+
$OpenBSD: plus.html,v 1.840 2002/08/23 23:44:48 deraadt Exp $