===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.892
retrieving revision 1.893
diff -u -r1.892 -r1.893
--- www/plus.html 2003/11/02 17:42:52 1.892
+++ www/plus.html 2003/11/21 03:30:49 1.893
@@ -53,10 +53,75 @@
We are working on OpenBSD-current.
-The following list sums up (almost) all the changes made up to November 1.
+The following list sums up (almost) all the changes made up to November 10.
+- Merge in OpenSSL 0.9.7c.
+
- Some nonportable syntactic sugar for dc(1) and bc(1).
+
- free(9)ing stack variables is a bad idea, don't do it in ubsa(4).
+
- Don't leak memory from ld.so(1) if the library name is invalid.
+
- Better parsing of library version numbers in ld.so(1), so 'libpython2.1.so.0.0' and 'libpython2.2.so.0.0' can coexist in peace.
+
- New 'print' statement for bc(1), a non-portable extension.
+
+
- Fix ksh(1)'s handling of redirection of a file to the same file, e.g. '2>&2'.
+
- Add more privacy flags to sendmail(8) cf/openbsd-proto.mc, requiring HELO/EHLO and disabling EXPN/VRFY.
+
- Add a classic paper on password security in /usr/share/doc/smm/17.password.
+
- Send diff(1) output 'no newline at end of file' to stderr instead of stdout, for compatibility.
+
- Stop pkg_add(1) considering as errors attempts to add an already-added package.
+
+
- Keep track of errors when adding multiple packages with pkg_add(1), and set a useful error code on return.
+
- Remove the automatic setting of packing-list prefix from the first @cwd.
+
- Restore printing of vlan(4) information in ifconfig(8), accidentally broken when carp(4) was added.
+
- Really fix mg(1) insert-file.
+
- Safer region handling in mg(1).
+
- Restore the terminal correctly when aborting out of mg(1).
+
- Undo the mg(1) insert-file operation properly.
+
+
- Unbreak the anchor rule number returned by pfsync(4).
+
- Avoid a race condition when swapping in a process.
+
- On i386, fix a crash that occurred with a large number (>1500) of processes (PR#3528.)
+
- New 'no sync' state option to prevent state transitions for a particular rule appearing on the pfsync(4) interface.
+
+
- Check that carp(4) packets are received on a carp-enabled interface.
+
- Fix setting of the interface index for IPv6 link-local multicast joins.
+
- Stop carp(4) responding to ARPs when the interface is down.
+
- Fix a buffer overflow in sed(1) when doing regex substitutions. From FreeBSD.
+
+
- Add non-portable extensions to dc(1): '#' (comment), 'n' (print without newline) and 'a' (byte to char).
+
- Better pkg_add(1) dependency resolution.
+
- Don't call the post-install script of packages that didn't fully install, and allow such packages to be fully removed.
+
- Let pkg_add(1) install packages coming from stdin.
+
- pkg_delete(1) allows the path to an installed package on the command line, so e.g. 'pkg_delete /var/db/pkg/zsh-*' now works.
+
- The package tools now automatically use the target of the first @cwd in the packing list as the prefix.
+
- Temporarily back out the recent reordering of interface capability tests and pf_test(). pf(4) rdr rules are now generating some bogus checksums.
+
- In isakmpd(8), require encrypted messages are soon as we have the keystate for it, require DELETE payloads to be accompanied by HASHes, and add validation for HASH payloads without active exchanges.
+
- Allow pf(4) tags to use the same macros as labels (see pf.conf(5).)
+
- Teach gdb(1) about SIGINFO (PR#3173.)
+
- Add commented-out LoadModule config lines, along with a short description, for each httpd(8) module in the standard build.
+
- In newfs(8) don't write the magic to the superblock until filesystem creation is completed.
+
- Fix netstat(1)'s display of IPv6 link-local multicast addresses.
+
+
- Redo the wdc(4) drive reset changes, more cautious this time.
+
- Make tcpdump(8)'s -x flag work for pfsync(4) devices.
+
+
- Use hash tables where possible for listen socket lookup as well.
+
- Add a route when we're the carp(4) master host, so the local machine can use the common address.
+
- Have pkg_create(1) spot duplicate packaging list entries and die noisily when it does so.
+
- Stop carp(4) pretending that everything it sends to bpf(4) comes from AF_INET6.
+
- Add GNU-compatible 'r' operator (swaps the top two stack items) to dc(1).
+
- Kill an IPv4 pasto in carp(4) IPv6 support when setting the interface address.
+
+
- RELIABILITY FIX: It is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header.
+ A source code patch is available.
+ [Applied to stable]
+ - Make pkg_delete(1) handle dependencies properly when using package name stems.
+
- Don't try to free a static string when checking ssh(1) host keys.
+
- In regular (non-pf(4)) IP output code, defer the interface tests for hardware IPsec and checksum capability until after pf_test(), since pf might drop the packet, or send it to a different interface.
+
- Make pf(4)-routed packets check the target interface for hardware IPsec and checksum capability.
+
- Fix a memory leak when carp(4) fails to put the interface into promiscuous mode.
+
- Add a missing check in IPv6 carp(4) for an interface on its way down.
+
- Preserve the debug flag when enabling pf(4).
- In top(1), check for signals at the right time and handle stdin failures better.
@@ -203,7 +268,8 @@
- Fix potential signedness bug in fgets(3) (PR#1709.)
- Correct __bounded__ attributes for {MD4,MD5,RMD160,SHA1}DATA functions (PR#3505.)
-
- Allow newfs(8) to build small filesystems again by making sure ncyls >= 2.
+
- Allow newfs(8) to build small filesystems again by making sure ncyls >= 2.
+ [Applied to stable]
- Plug a memory leak in netstat(1).
- Add nfs attribute cache tuning parameters to mount_nfs(8) (Inspired by PR#2567.)
- Kill a null deref in make(1).
@@ -415,7 +481,7 @@
www@openbsd.org
-
$OpenBSD: plus.html,v 1.892 2003/11/02 17:42:52 deraadt Exp $
+
$OpenBSD: plus.html,v 1.893 2003/11/21 03:30:49 deraadt Exp $