===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.857
retrieving revision 1.858
diff -u -r1.857 -r1.858
--- www/plus.html 2003/02/03 23:59:32 1.857
+++ www/plus.html 2003/02/20 22:47:50 1.858
@@ -50,10 +50,120 @@
We are working on OpenBSD-current.
-The following list sums up (almost) all the changes made up to February 1.
+The following list sums up (almost) all the changes made up to February 19.
+- Fix a null deref triggered by ipcomp(4).
+
+
- pfctl(8) rejects non-existent interfaces in rules using dynamic interface syntax.
+
- Move /var/at files into /var/cron since at(1) is now a part of cron(8).
+
- Fix support for pf(4) syntax (if)/24 (dynamic interface name translation with a network prefix.)
+
- Pull in from OpenSSL 0.9.7a a fix for a timing-based attack against CBC (assigned CAN-2003-0078.)
+
- Add a counter for netstat(1) showing how often ipcomp(4) was skipped because the packet size was below the compression threshold.
+
- Fix a buffer overflow in pfctl(8) on 64-bit platforms.
+
- Stability updates to vr(4).
+
- LFS is not supported, so remove support for it from df(1).
+
+
- More niggly fixes to newly-added LZS support.
+
- Don't load pf.conf(5) options when one of pfctl(8)'s load switches (-A, -N, -R) is in force.
+
- Write the stack to core files properly for upward-growing stack architectures.
+
- Enable LZS support in ipcomp(4), missed when LZS was added earlier.
+
- Turn of BIND 9's logging of lame servers; some people never learn, and we don't want to know about them.
+
- Make min-ttl and random-id operate on inbound as well as outbound pf(4) scrub rules.
+
- Many missing copyright notices added to manpages.
+
+
- Add privilege separation support to the X server. Fixes a lot of problems.
+
- Fix a double-free in ftp(1).
+
- Add -n 'no daemon' option to cron(8).
+
- Enqueue the copy and not the original mbuf that's free four lines later, and so stop bridge(4) crashing the kernel.
+
+
- Improve default route setup in the installer.
+
- Fix ssh(1) forced commands with 'PermitRootLogin forced-commands-only' set.
+
- Similar to the recent pid leak fix, stop httpd(8) leaking inode numbers. More details in the checkin comment.
+
- Some RFC-compliance fixes to the httpd(8) multipart MIME pid leak fix.
+
- Clean up pf(4) macro parsing.
+
+
- Fix format string bugs in grep(1) and nohup(1).
+
- strcpy -> strlcpy in rpc.pcnfsd(8).
+
- Add support framework for LZS compression to crypto(9) and ipsec(4).
+
- More write protection paranoia in ld.so(1).
+
- Make bsd.rd an install/upgrade target.
+
- Stop httpd(8) leaking child process IDs in multipart MIME boundary separators. (See the checkin comment for an example.)
+
- Increase the size of the rates buffer in wi(4) hostap so 802.11g stations can associate.
+
- When outputting raw IP and generating the header manually, make sure the packet is large enough for a full IP header.
+
+
- Fix an mbuf leak in IPv6 TCP.
+
- Now that pf(4) tables spring into existence on demand, remove the unnecessary '-T create' option.
+
- Have arc4random(3) stir the pool when the caller's pid changes.
+
- Add 'scrub in all no-df' to the initial pf.conf(5) installed by /etc/rc. This helps diskless booters using Linux NFS servers.
+
- Allow pf(4) redirect to loopback interfaces again, now that looping can't occur.
+
+
- Fix an fd locking bug in libpthread.
+
- Have spamd(8) use tables instead of regular rules on an anchor.
+
- Improvements to ATAPI PIO mode selection.
+
- Fix an mbuf leak in wi(4).
+
- Really fix an lprm(1) buffer overflow.
+
- Finish nForce support in pciide(4).
+
- When pfctl(8) complains about an illegal netmask, have it show the offending article.
+
+
- Fix busted ypxfr(8), the key and values are no longer swapped around. Which is nice.
+
- Add libedit line editing support to cdio(1).
+
- Teach disklabel(8) to use units other than sectors on the command line.
+
- 3.2-current -> 3.3-beta.
+
- Replace ssh(1)'s and wi(4)'s crc32 code with BSD-licensed versions.
+
- Change pf(4) scrub option 'no-df' to better handle fragments with DF set, such as those sent by Linux NFS.
+
- When in async mode, signal the process group instead of the process from WSEVENT_WAKEUP in wscons(4).
+
- In newsyslog.conf(5), users can separated from groups now with ':' as well as '.'.
+
- newsyslog(8) can now rotate files at a specific time.
+
- Better bind(2) error checking in isakmpd(8).
+
- Be consistent with ntohs() in pf(4) translation code.
+
- Some consolidation and tidyup in pfctl(8)'s rule parsing code.
+
+
- More fixes to pf(4) routing.
+
- Don't ever send ICMP redirects for pf(4)-redirected packets .
+
- Allow definition of pf(4) macros on the command line. Oh yes.
+
- Remove sinful abbreviation of the unit of frequency as 'hz' (it's 'Hz', don't you know.)
+
- tcpdump(8) now displays the DF flag for IP fragments.
+
+
- Have spamd(8) pass sensible parameters to memset().
+
- Allow IPv6 addresses in yp(8) host maps.
+
+
- More pf(4) rule compression: 'from' and 'to' keywords are optional if 'any' is one of the addresses, and 'any' itself is optional when a port is specified.
+
+
- Change chroot(8)'s -u and -g options' semantics (-u is now what -U used to be, unless -g overrides it,) and remove -U and -G.
+
- Sync up the spell(1) dictionaries with FreeBSD and NetBSD changes.
+
- Add new 'random-id' option for pf(4) scrub rules. This randomises outbound IP IDs and defeats NAT detection and OS fingerprinting.
+
- Stop a number of scripts that use mktemp(1) from leaving dead tempfiles around in failure cases.
+
+
- A little extra paranoia in chpass(1), check that the temp file is owned by our real uid.
+
- Don't burp syslog(3) output to the console unless syslogd(8) was not contactable.
+
+
- Stop sshd(8) leaking information when PermitRootLogin is set to 'no'.
+
- Install pf.conf(5) mode 0600 by default.
+
- Fix races in the rename and symlink commands of sftp-server(8).
+
- Allow 'ProxyCommand none' in ssh(1).
+
+
- Hack around a tools bug in disklabel(8).
+
- Improve handling of invalid pf(4) redirections.
+
- Tidy up ssh(1) ProxyCommand option parsing.
+
+
- Last part of the threaded fd improvements, fixing some bugs from stage one on the way.
+
- Set an all-ones mask when doing pf(4) routing, since round-robin on the whole address space is unlikely to be the desired result.
+
- First installment of improvements to threaded file descriptor handling (see the checkin comment for details.)
+
- isakmpd(8) now sets the Default-Phase-1-Configuration transform to 3DES-SHA-RSA_SIG, the same as OpenBSD 3.2.
+
- Don't load a signed int into the ssh(1) buffer when doing BSD auth; the buffer type only supports unsigned ints.
+
+
- Note in the documentation that snprintf(3) and syslog_r(3) are safe (with caveats) for use in signal handlers.
+
- Stop pf(4) {dup,reply,route}-to rules using a loopback interface as the target - currently this can create loops.
+
- Don't have pfctl(8) expand altq rules (and so check for parent queues etc.) unless altq rules are actually being loaded.
+
- More gcc(1) stack protector fixes and tweaks.
+
+
- Stop pfctl(8) closing a file it hasn't opened.
+
- Make chpass(1) more paranoid when opening its temp file.
+
- Make iostat(8)'s disk throughput bar smarter.
+
- Implement key exchange guesses as per the secsh standard in ssh(1).
+
- Relax parsing of usernames in scp(1).
- Make pf(4) build without IPv6.
- Fix an mbuf leak in the ESP code.
@@ -795,7 +905,7 @@
www@openbsd.org
-
$OpenBSD: plus.html,v 1.857 2003/02/03 23:59:32 deraadt Exp $
+
$OpenBSD: plus.html,v 1.858 2003/02/20 22:47:50 deraadt Exp $