===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.879
retrieving revision 1.880
diff -u -r1.879 -r1.880
--- www/plus.html 2003/05/28 03:04:33 1.879
+++ www/plus.html 2003/06/12 20:54:58 1.880
@@ -52,10 +52,84 @@
We are working on OpenBSD-current.
-The following list sums up (almost) all the changes made up to May 25.
+The following list sums up (almost) all the changes made up to June 7.
+
+- Stop pfctl(8) (with the -ss option) printing IPv4 address/netmask pairs as a.b.c.d/128.
+
- Have identd(8) run by default as user _identd if possible, and fall back to user nobody if that fails.
+
- Replace setjmp/longjmp in less(1) with interruptible system calls.
+
+
- Avoid a null deref in fontconfig(3) when $HOME is not set.
+
- Fix the addition of /usr/local/lib/X11/fonts to /etc/fonts.conf.
+
- Don't use M_WAIT in atalk(4).
+
- Don't forward IPv6 multicasts to an interface that's no longer around to receive them.
+
+
- Add large file support to distrib/special/more.
+
+
- Teach distrib/special/more how to handle arbitrarily long lines and \r\n line endings.
+
- Set rusers(1)' column width to 80 if stdout isn't a tty.
+
+
- Add generic '-fno-builtin-<function>' option to gcc(1) (see gcc-local(1).)
+
- Kill the parent ssh(1) process when scp(1) or sftp(1) receive a signal (OpenSSH bug 241.)
+
- Only drop setgid privileges the once in sshd(8).
+
- Disable ssh(1) challenge/response and keyboard-interactive authentication methods if there's a host key mismatch, to reduce the likelihood of MiTM attacks catching out ignorant users (OpenSSH bug 580.)
+
- Make less(1)'s --More-- prompt more --less--, less More, and more POSIX.
+
- Fix distrib/special/more on machines with unsigned chars.
+
- Simply and fix tty handing in /distrib/special/more.
+
+
- Stop event(3) honouring EVENT_NOKQUEUE when running set[ug]id.
+
- Disable the ld.so(1) library load order randomiser, it seems to be exposing bugs elsewhere.
+
- Provide a fast path for userland crypto(9) requests, bypassing the kernel queues where possible.
+
- Add some tag-related utility functions in kernel pf(4).
+
+
- In pfctl(8) process 'show' options before options that change the rulebase.
+
- Huge license cleanup all over the tree.
+
- Fix random lockups of cac(4) devices.
+
- Deprecate the dangerous VerifyReverseMapping sshd(8) option, and replace with new UseDNS option (enabled by default.)
+
- Install OpenSSL include files in /usr/include/openssl instead of ../ssl.
+
- Remove the advertising clause from many license statements.
+
- Use getopt_long(3) for getopt(3), instead of the old implementation.
+
- Remove a potential double-free from systrace(1).
+
+
- Fix a bad string bounds check in libedit.
+
- String cleaning bootblocks for all architectures. Now only bind and src/gnu use unsafe string functions.
+
- Fix a few long-missing initialisations, so we don't end up using random stack noise as a hint to uvm_map(9) via uvm_km_suballoc().
+
- Improve ddb(4)'s symbol table lookup algorithm.
+
+
- Properly mask off all but the last 8 bits of status in WSTOPSIG and WEXITSTATUS.
+
- Add preliminary LBA support to the i386 bootloader.
+
+
- Build a dynamic com_err(3) library.
+
- Add pmdb(1) to the default build.
+
- Fix timeout signedness bugs in brconfig(8) and bridge(4).
+
- Some deeper string cleaning in bind9.
+
- Stop pmdb(1) dumping core when the program to be run doesn't exist.
+
- Add LD_NORANDOM to the list of environment variables that get zapped when running setuid/setgid.
+
- Load dynamic libraries in random order, to reduce the probability of an attacker guessing the address of the loaded code. Define LD_NORANDOM to disable.
+
+
- Make dhclient(8) more robust by accept non-DHCPNAK messages with yiaddr=0.0.0.0, as sent by some common DHCP servers that ignore the RFC.
+
- Reorder the sections in many manpages.
+
- Use sete[ug]id(2) as well as set[ug]id() in ssh(1) when doing privsep and when permanently setting the [ug]id.
+
- When setting the tcp6 mss, fetch the link mtu using IN6_LINKMTU() (which takes neighbour discovery mtu settings into account) instead of always using the interface mtu.
+
- Allow numeric uid and gid in systrace, and '<' and '>' operators for ids.
+
- Add support for IPv6 jumbograms.
+
- Fix some bugs IPv6-related bugs in tcp_trace().
+
+
- Incorporate distrib/special/more's helpfile into the program itself.
+
- Fix the endianness of fxp(4)'s statistics for netstat -i.
+
- Fix tab expansion, handle EDITOR not being a full pathname, and much cleanup in distrib/special/more,
+
+
- Add pthread support for vax.
+
- Don't risk an M_WAIT deadlock when processing raw IP output.
+
- Make libwrap check for bogus PTR records containing numeric IP address in string form.
+
+
- Make df(1) use the new fmt_scaled(3) stuff in libutil.
+
+
- Fix a few bad *printf format strings in ssh(1).
+
- Install the mod_ssl headers under /usr/lib/apache/include/
+
- Add IPv6 support to trpt(8).
- Fix xdm(1)'s XDMCP queries (XFree86 bug #277.)
- Unbreak pf(4) binat rules after recent netmask check changes.
@@ -68,7 +142,7 @@
- Remove unsafe sprintf(9) and vsprintf() functions from the kernel.
-
- Ignore media changes for the first command issued to an sd(4) device.
+
- Ignore media changes for the first command issued to an sd(4) device. See the checkin comment for details.
- Match kernel vprintf(9) prototype to that of userland.
- Have getconf(1) return _POSIX_PATH_MAX instead of _POSIX_PIPE_MAX when asked for the former.
@@ -109,7 +183,7 @@
- Fix media handling for Intel dc(4) devices.
- Use the right buffer in spamd(8)'s connection handler.
-
- Use mmap(2) instead of malloc(3) in vfprintf(3) when more memory is needed to store arguments.
+
- Use mmap(2) instead of malloc(3) in vfprintf(3) when more memory is needed to store arguments. See the checkin comment for why.
- New Renegotiate-on-HUP option for the [general] section of isakmpd.conf(5) will cause all Phase 2 SAs to be renegotiated.
- Fix a couple of signedness nits in ksh(1).
- Improvements to USB SCSI support.
@@ -260,7 +334,8 @@
- Update sudo(8) to 1.6.7p5.
- Add support for the userland portions of XFree86 DRI. Not yet enabled by default.
- In csh(1), null-terminate the string returned by readlink(2) before passing it on.
-
- Fix mmap(2)'ing of the dynamic linker hints file when the file size exceeds one page.
+
- Fix mmap(2)'ing of the dynamic linker hints file when the file size exceeds one page.
+ [Applied to stable]
- Stop gcc(1) from inlining strcpy(3) so it can be more easily spotted in object files.
- Add missing device name parameter when printing a nofn(4) RNG underflow error.
@@ -275,7 +350,8 @@
- Have rdist(1) use POSIX regex(3).
- Update rdist(1) to cope with rcmdsh(3)'s new ability to handle command line options.
-
- Make pf(4) rdr and binat rules work again on protocols other than TCP, UDP and ICMP.
+
- Make pf(4) rdr and binat rules work again on protocols other than TCP, UDP and ICMP.
+ [Applied to stable]
- After a forced unmount, try to change process back into real directories now that namei() won't do lookups under the old mountpoint.
- Stop namei() doing lookups on unmounted volumes, prevents crashes with forced unmounts. From NetBSD.
- Don't use M_WAITOK to sleep on failures when allocating hashtables for IP protocols (in_pcbinit()). Fail and panic.
@@ -357,7 +433,8 @@
- Be more portable and check the asprintf(3) return value against -1 in pfctl(8).
- Add size bounds to sscanf(3) strings in edquota(8) and tn3270(1).
- Match mquery(2)'s function signature to that of mmap(2).
-
- Fix pf(4) nat proxy port allocation for manually specified ranges.
+
- Fix pf(4) nat proxy port allocation for manually specified ranges.
+ [Applied to stable]
- If one is given, properly copy the second port of a nat proxy spec in pfctl(8).
- Fix a bad strlcpy(3) bound in the AFS library (PR#3228.)
@@ -573,7 +650,7 @@
www@openbsd.org
-
$OpenBSD: plus.html,v 1.879 2003/05/28 03:04:33 deraadt Exp $
+
$OpenBSD: plus.html,v 1.880 2003/06/12 20:54:58 deraadt Exp $