===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.922
retrieving revision 1.923
diff -u -r1.922 -r1.923
--- www/plus.html 2004/04/29 14:37:08 1.922
+++ www/plus.html 2004/05/17 00:35:53 1.923
@@ -1,4 +1,3 @@
-
@@ -55,10 +54,205 @@
We are working on OpenBSD-current.
-The following list sums up (almost) all the changes made up to April 25.
+The following list sums up (almost) all the changes made up to May 15.
+- When carp(4) backs off because of physical interface problems, advertise this fact immediately instead of waiting for the next scheduled announcement.
+
+
- Add a workaround in ppp(8) for the recent multipath routing changes.
+
- Fix a two-byte buffer overflow when printing sockaddr structs of unknown type in route(8).
+
- Correct error output for bad limit modifiers in csh(1).
+
+
- Fix a reference-counting bug in fifofs that could cause certain non-blocking FIFO users (e.g. qmail) to consume 100% cpu.
+
- Interpret ipsecadm(8) cpi and spi parameters as hex even if not preceded by '0x'.
+
- Unbreak pppoe(8) server mode by not doing the chroot(8).
+
- Use a nointr pool(9) instead of generic malloc(9) for pathname storage when doing name-to-inode lookups.
+
+
- Have newfs(8) dump status information to stderr on receipt of SIGINFO if running in quiet (-q) mode.
+
- Don't allow the authpf(8) shell to be overloaded by login.conf(5).
+
- Make the cron(8) socket close-on-exec.
+
- Arrange for cron(8) to check both cron and at(1) databases for jobs if the newly-non-blocking cron socket returns EAGAIN.
+
- Display the right fields in tcpdump(8)'s carp(4) parser.
+
- Make carp(4) backoff work properly by heeding the raised advskew on received as well as sent packets.
+
- Make dhclient(8)'s lease file handling work under the chroot.
+
- Add some new configuration functionality to isakmpd(8)'s FIFO interface.
+
- Allow carp(4) interfaces to be destroyed by ifconfig(8).
+
- Fix systrace(1) examples in /etc/systrace (PR#3748).
+
- Better scsi(4) sense display.
+
+
- Replace the hand-crafted expr() parser in m4(1) with a standard lex(1)-and-yacc(1) combo. Easier to work on, and more standards compliant too.
+
- Fix msdosfs on 64-bit systems.
+
- Fix bgpd(8) and ppp(8) breakage caused by the new multipath routing code.
+
- Make login_passwd(8) setuid root again, it's needed for 'secure' YP maps.
+
- Call tzset(3) in dhcpd(8), dhcrelay(8) and mopd(8).
+
+
- Don't print the sendmail(8) version if the helpfile is missing.
+
- Build sendmail(8) with -D_FFR_QUEUERETURN_DSN, allowing faster expiration of spam bounces.
+
- Unbreak checksum generation when using pf(4) scrub random-id.
+
- Change pf(4) routing loop detection so that visiting a packet more than four times is an error, instead of more than once.
+
- Don't abort lint(1) because a child process fails, just move onto the next file.
+
+
- When doing user mounts, inherit the MNT_NOEXEC flag from the mount point. This stops users bypassing noexec by null-mounting the filesystem on top of itself.
+
- Filter and lock rbootd(8)'s bpf(4) descriptor before dropping privileges.
+
- Unbreak chsh(1) after the recent pw_copy(3) changes.
+
- Import and merge GNU readline 4.3p5.
+
- Double ksh(1)'s command line buffer size to 2K.
+
- Allow the banner page to be turned off by lpr(1).
+
- Add /usr/local/sbin to root's .cshrc, and move /usr/X11R6/bin before /usr/local/{bin,sbin} for both csh(1) and ksh(1).
+
- Remove a bunch of #ifdef ISO and #ifdef notyet crud from nfsd(8).
+
- Make lint(1) understand the 'long long' type.
+
- Make cron(8)'s accept socket non-blocking.
+
- Clobber the 'clobber' command in mail(1).
+
- When user(8) adds a new group, place it before the first '+' entry if one exists (part of a fix for PR#3727).
+
- strtonum(3)-ify ipsecadm(8) and add some more integer value checks.
+
+
- Properly initialise carp(4) advskew for values greater than 240.
+
- Remove unused variables in several programs on lint(1)'s say-so.
+
- Use the freshly-generated MD5 digest for the SSH1 session ID instead of random stack garbage.
+
- Fix a null deref panic in the pf(4) TCP normaliser.
+
+
- Swap arc4random(3) for rand(3) in awk(1) unless the user sets the seed, in which case swap random(3) for rand(3).
+
- Add a reference count for bpf(4) descriptors, and don't free resources until processes sleeping on a descriptor have been woken up.
+
- Use a locked, filtered bpf(4) descriptor in mopd(8).
+
- Replace rand(3) with arc4random(3) in ksh(1), unless the user sets the random seed manually in which case rand() is still used.
+
- Allow manually-keyed ipsec(4) AH in bgpd(8).
+
- Initialise ed(1)'s crypto using arc4random(3) instead of rand(3).
+
- Fix a few memory leaks in regex(3).
+
- Resolve hostnames in dhcpd.conf(5) at parse time (PR#3771).
+
- Make carp(4) back off on other interfaces on IP output errors until reliable delivery is restored.
+
- Use the right packet length in tcpdump(8)'s pfsync(4) parser.
+
+
- Enable 802.1q long packets for vlan(4) support in fxp(4) on cardbus.
+
- Don't allow command substitution characters in the environment variables passed through to dhclient-script(8) by dhclient(8).
+
- Have afsd(8) drop privileges and chroot(2) to the cache directory.
+
- Make the -w option work the same for grep(1)'s regex and fast paths.
+
- Implement sysconf(3) values _SC_SEM_NSEMS_MAX and _SC_SEM_VALUE_MAX.
+
- Fix sizeof(pointer) bugs in amd(8) and netstat(1).
+
- Add a fast path for fgrep(1) and fix the -w option.
+
- Replace the kernel's RSA-derived MD5 implementation with code derived from Colin Plumb's PD version.
+
- Add a filter option to bgpd(8) to dump prefixes learned via UPDATEs into a pf(4) table.
+
- Big FFS softdep merge with FreeBSD, fixing a number of bugs.
+
+
- Some snprintf(3) and strlcpy(3) cleaning in the X server.
+
- Stop grep(1) doing fseek(3) on stdin if it's a terminal.
+
- Have grep(1) treat a '^H' character as non-binary.
+
- Make dhclient-script(8) work with half-bridge ADSL routers that don't provide a real default gateway (PR#3747).
+
- Apply The Process to pppoe(8): Create a filtered and locked bpf(4) descriptor, drop privileges and chroot(2) to /var/empty.
+
- New _afs and _ppp users for privilege separation.
+
- Fix bgpd(8) capability negotiation bugs and speed it up when working with picky peers.
+
- Increase bgpd(8)'s socket buffer size to 64KB iff IPsec or md5sig is in use.
+
- Fix a race condition in bgpd(8) when a session is closed but there are updates in the buffer.
+
- Add strchr() and strrchr() to libkern.
+
+
- SECURITY FIX: Check for integer overflow in procfs. Use of procfs is not recommended.
+ A source code patch is available.
+ [Applied to stable]
+ - When a pf(4) scrub rule with the 'reassemble tcp' option is in effect, use RFC1913 PAWS as a means of extending the TCP sequence space by 10 to 18 bits. This makes blind insertion attacks much more difficult, because the timestamp needs to be guessed as well as the TCP sequence number.
+
- Sprinkle strtonum(3) liberally all over ifconfig(8).
+
- Match the sha2(3) functions up with the other hash types.
+
- Add a bpf(4) write filter to dhclient(8) and lock the descriptor.
+
- Use tzset(3) before chrooting dhclient(8).
+
- Create the dhclient(8) privsep child before opening bpf(4), creating the routing socket and opening the lease file.
+
- In make(1), keep statistics for suffix transformations.
+
+
- Remove bootpd(8), bootpef(8) and bootpgw(8) from the tree, their functionality is present in dhcpd(8) and friends nowadays.
+
- Teach nm(1) about ELF .plt*, .got*, .init and .fini sections.
+
- The TCP-specific route metrics are rarely used, so use a trimmed down version in the kernel (struct rt_kmetrics) and fake up a full-fat struct rt_metrics on demand for userland compatility.
+
- Apply bridge filter rules to frames destined for the local machine, so a single-interface bridge can do filtering and tagging.
+
- Add privilege separation to dhclient(8).
+
- Create /var/empty on the installer miniroot so some futuristic pie-in-the-sky privilege-separated dhclient(8) can work.
+
+
- Convert ping(8) to use strtonum(3).
+
- Add COMPAT_35 config(8) option for kernel binary compatibility with OpenBSD 3.5
+
- Add *Pad (do padding like *Final without finishing) and *FileChunk (digest a portion of a file) functions for each of the hash types in libc.
+
- Tweak ndbm(3), semop(2) and shmget(2) to match POSIX. Since this is an API change, crank libc's and libpthread's major version.
+
- Define bsd_signal(3) as required by XPG. Of course, it's just an alias for signal(3) here.
+
- New stdlib function strtonum(3), a safe replacement for atoi(3) and strtol(3) etc.
+
- Clean up properly if wi(4) PCMCIA attachment fails.
+
- Remove OpenBSD/pegasos. See the mailing list archives for some very good reasons why.
+
- Make cron(8)'s crontab socket non-blocking.
+
- When setting PROT_NONE with mprotect(2) on a wired entry, decrement the wired count and stop ntpd causing a panic (PR#3758).
+ [Applied to stable]
+ - Some more fixes to strerror(3). Everything now goes via strerror_r(3).
+
- Make cksum(1) a link (in /bin) to md5(1) and remove the old program.
+
- Add support for cksum (three flavours), md4, sha256, sha384 and sha512 to md5(1).
+
+
- Fix a call to disk_unbusy(9) that lacked the third argument.
+
- Implement pthread_suspend_all_np(3) and pthread_resume_all_np(3), needed by the Java HotSpot compiler. From FreeBSD.
+
- Fix the fixes to strerror(3).
+
- Do privilege revocation in rbootd(8).
+
- Fix a bug that could cause fxp(4) to lock up for 15 seconds under heavy load.
+ [Applied to stable]
+
+ - Add _rbootd privilege separation/revocation user for rbootd(8).
+
- Allow pfsync(4) to be built in a kernel without carp(4).
+
- Start the 3.5-stable branch.
+
- Fix non-reentrancy and other bad stuff in strerror(3).
+
+
- Check isakmpd(8) payload lengths more carefully.
+
- Speedups and cleanups in md4(3) and md5(3).
+
- Fix alignment problems when copying sha2(3)'s data pointer around.
+
- Have nm(1) report empty a.out objects as having "no name list" instead of accusing them of having "bad format".
+
+
- Replace the old RSA Data Security Inc. implementations of md4(3) and md5(3) with code derived from Colin Plumb's public domain MD5 implementation.
+
- Wire tcpdrop(8) into the build.
+
- Fix a null-dereference crasher in bgpd(8).
+
- Fix file descriptor leaks in pflogd(8), rpc.rusersd(8), spamd-setup(8), tcpdump(8) and tftpd(8).
+
- Remove the old ISC DHCP code from the tree, much to Henning's delight.
+
- In pkg_add(1), allow the PAGER environment variable to contain spaces.
+
- Update libevent to 0.8 + local changes.
+
+
- Add some Zebra bug compatibility into bgpd(8)'s capabilities announcements.
+
- Put the IP addresses of users authenticated by authpf(8) into the <authpf-users> table.
+
- Support AH as well as ESP flows for bgpd(8) IPsec.
+
- Fix a bogus return statement in pf(4) tables code when dealing with non-IP packets.
+
- Allow bgpd(8) peers to request route refreshes.
+
- Keep track of SAs inserted by bgpd(8), making it easier to remove them later.
+
- Make pf(4) return-rst work on pure bridges.
+
- Remove the assumption, found in a number of places in pf(4), that af !=INET6 implies af==AF_INET.
+
- Have tcpdump(8) print carp(4) packets as carp, and not VRRP.
+
- Some fixes to carp(4) and pfsync(4) statistics counters.
+
- Make carp(4) sensitive to its physical interface: If the physical interface drops, so does the carp interface; and have all other carp interfaces back off (i.e. don't preempt, and set high advskew) so this host is unlikely to stay as master.
+
- Add IPv6 support to authpf(8).
+
+
- Generate an isakmpd(8) host key in /etc/rc(8), just like the ssh(1) host keys.
+
- Add IKE to bgpd(8)'s IPsec support.
+
- Exit gracefully from pfctl(8) with the -vvsq option if no queues are in use.
+
- Make spamd(8) pass a valid pointer as the fourth argument to getaddrinfo(3).
+
- Add back a couple of missing break statements in bgpd(8), unbreaking tcpmd5.
+
- Have pf(4)'s normaliser check that a TCP RST has exactly the right sequence number. The check only works when we're doing full fragment reassembly.
+
- Stop ipsecadm(8) looping forever when displaying zero-sized extensions.
+
- Allow only BGP traffic over the IPsec flows set up by bgpd(8).
+
- A number of quad fixes in libc.
+
- Allow ssh(1) to pass specified environment variables from client to server (OpenSSH bugzilla #815).
+
- Support RFC2918 "Route Refresh Capability for BGP-4" in bgpd(8).
+
- Fix incomplete removal of altq when loading a new rulebase that doesn't contain altq rules.
+
+
- New program tcpdrop(8) that uses the sysctl interface to drop TCP connections. Not built by default yet.
+
- Add a -n (no name lookup) flag to systat(1).
+
- Fix select(2)'s readability detection for NFS filehandles (PR#3757). Broken in the change to poll(2) backends, fix from UFS code.
+
- In spamd(8), clear the getaddrinfo(3) hints structure before use.
+
- Break an infinite recursion between tcp_output() and tcp_mtudisc() when the TCP MSS gets to be larger then the interface MTU. Connections will still stall, however.
+
- Allow TCP MSS below the failsafe 216 iff the interface MTU is less than 256.
+
- Back out (for now) the em(4) buffer allocation increase (though not the deferred allocation) as it breaks older cards.
+
- Allow cron(8) to send mail to logins containing an underscore character.
+
- Add direct support in bgpd(8) for ipsec(4) between peers. Manual keying only for now.
+
- Much stricter checking of bpf(4) code, preventing arbitrary reads and writes of kernel memory.
+ [Applied to stable]
+ - Allocate more buffers for em(4) cards, but defer that allocation until ifconfig(8) up and remove it on interface shutdown.
+
- Fix route(8)'s display of the gateway when set using an explicit -gateway modifier.
+
- When IF_INPUT_ENQUEUE() queues an mbuf(9) with a cluster, check to see if the data in the cluster will fit into the mbuf and if so, copy the data and deallocate the cluster.
+
- For fxp(4) and sis(4), permanently allocate only the minimum number of buffers. Allocate and deallocate receive buffers when ifconfig(8) brings the interface up and down respectively.
+
- Bandwidth checking fixes in altq(9). Now a bandwidth of zero is allowed, producing a blackhole queue for CBQ and a realtime-only queue for HFSC.
+
- Add some htonl(3) paranoia around arc4random(9) calls in pf(4), so that biases in the PRNG won't leak the firewall's byte order.
+
- Fix corruption of pf(4)'s address pools when using more than 256 rules.
+ [Applied to stable]
+ - In /etc/rc(8), check that carp(4) interfaces really exist before attempting to bring them down at shutdown time.
+
- Start work on peer-to-peer IPsec support for bgpd(8).
+
- Have bgpd(8) announce RFC2858 multiprotocol capabilities. Only IPv4 multicast is supported for now.
+
- Make bgpd(8) prefer older (more stable) routes before resorting to comparison of BGP IDs and peer IP addresses.
+
- Add a reference count for pf(4) anchor rules.
- Since isprint(3) doesn't consider all whitespace printable, also use isspace(3) for the binary file test in less(1).
- Fix float -> quad conversion in libc.
@@ -68,7 +262,8 @@
- Respect access rights on a union filesystem (PR#745).
- Add a few pieces missed in the merge of OpenSSL 0.9.7d.
- Add input queue congestion flag support to a few interfaces that can't use the new IF_INPUT_ENQUEUE macro.
-
- Prevent an endless loop in pf(4) with 'route-to lo0' rules (PR#3736).
+
- Prevent an endless loop in pf(4) with 'route-to lo0' rules (PR#3736).
+ [Applied to stable]
- Have authpf(8) run pfctl(8) to change the rulebase instead of sucking in code from pfctl and doing it itself.
- Set MINCLSIZE back to its smaller pre-KAME IPv6 value, so now clusters will be used more often.
- In pfsync(4), purge only a specific expired state instead of doing an expensive purge all expired states while running at a high spl(9).
@@ -79,7 +274,7 @@
- Give routed(8) a local copy of the radix tree code, so it doesn't get (re)broken by net/radix.c changes.
- Make ssl(3) S/MIME work again.
- Add 'neighbor cloning' to bgpd(8), allowing a configuration to be specified for a network/prefixlength pair as well as the peer IP address. The configuration is cloned for each new peer in the given address range.
-
+
- Add tcpdrop sysctl(3), allowing a userland program terminate a TCP connection.
- Some string cleaning in ddb(4).
- Fix a missing return statement in in bgpd(8)'s control connection error path.
- Add multipath support to the radix tree, allowing multiple routes to a single destination (though it won't actually get you anywhere just yet). From KAME.
@@ -137,7 +332,9 @@
- If kernel ipsec(4) and/or ipcomp(4) processing is disabled by sysctl(3), pass any packets through as raw IP to give userland a chance to handle them.
- Sync the em(4) driver with FreeBSD.
- Tidy up usb(4) kernel configs in line with recent i386 changes.
-
- Restore siop(4)'s ability to detect SCSI options after the recent probe changes.
+
- RELIABILITY FIX: Restore the ability to negotiate tags/wide/sync with some SCSI controllers (siop(4), trm(4) and iha(4)).
+ A source code patch is available.
+ [Applied to stable]
- Since dhcpd(8) can now be invoked legitimately without an interface, don't abort when the user doesn't give any options.
- New _tftpd user and group.
@@ -146,9 +343,14 @@
- If an interface input queue becomes full, set a new congestion flag in the queue structure. Since a full queue usually indicates processing overload, this flag can be used to allow other subsystems to cooperate in easing the situation.
- Make netstat(1) show the number of mbuf clusters in use rather than the number of pages.
-
- Fix a ufs directory-related panic (PR#3672). Fix from FreeBSD.
+
- Fix a ufs directory-related panic (PR#3672). Fix from FreeBSD.
+ [Applied to stable]
- Have the cvs(1) server check for attempts by a client to walk up the directory tree illegally.
-
- Perform some additional checks on the paths fed to the cvs(1) client by the remote server.
+
- Undo a non-fix in shared memory sysctl(3) kern.shminfo.shmmni.
+ [Applied to stable]
+SECURITY FIX: Pathname validation problems have been found in cvs(1), allowing malicious clients to create files outside the repository, allowing malicious servers to overwrite files outside the local CVS tree on the client and allowing clients to check out files outside the CVS repository.
+ A source code patch is available.
+ [Applied to stable]
- Some address family agnosticism in bgpd(8).
- Let bgpctl(8) show IPv6 peer addresses in neighbour view.
@@ -169,7 +371,8 @@
- In crypto(9), add cases for sha2 algorithms in swcr_authcompute().
- Fix systat(1) screen updates after resuming from a ^Z.
- Make pf(4) antispoof rules work with dynamic interfaces.
-
- Match on all characters of the interface name in the pfctl(8) parser.
+
- Match on all characters of the interface name in the pfctl(8) parser.
+ [Applied to stable]
- Make sure privsep tcpdump(8) transitions into STATE_RUN even when writing to stdout with '-w -'.
- Implement AI_NUMERICSERV (from RFC3493) in getaddrinfo(3).
- Since the UDP checksum in mandatory in IPv6, drop any input packets where it's absent and make sure it's set even for error output.
@@ -190,7 +393,8 @@
- New _PATH_DEVFD and _PATH_VAREMPTY constants in <paths.h>.
- Fix a null deref in syslogd(8).
- Have new dhcrelay(8) do a chroot(2) to /var/empty and drop privileges.
-
- In libpthread, update curthread immediately after a thread switch.
+
- In libpthread, update curthread immediately after a thread switch.
+ [Applied to stable]
- New _dhcp user and group for, funnily enough, the DHCP programs.
- Refactor the installer's network initialisation code into IPv4-specific sections in preparation for IPv6.
@@ -203,7 +407,9 @@
- Huge cleanup of mopd(8).
- Implement a rate limit for TCP ACKs of 100pps, and use this more general mechanism for in-window SYN handling too.
- Safely handle aborts in malloc(3) etc. without tripping the recursive call handler by mistake.
-
- Fix reliability problems with bge(4) and gdt(4).
+
- RELIABILITY FIX: Under load "recent model" gdt(4) controllers will lock up.
+ A source code patch is available.
+ [Applied to stable]
- Fix an accidental busy-wait in sensorsd(8).
- Increase the maximum number of pty(4) devices to 992. See the Upgrading Mini-FAQ item 3.5.1 for upgrade instructions.
@@ -266,7 +472,9 @@
- Never allow pf(4) states propogated via pfsync(4) to overwrite newer states held locally. If an overwrite is attempted, broadcast the newer version to the network to speed resynchronisation.
- Under Linux emulation, pass madvise(2) straight through to the native syscall.
-
- On receipt of an in-window TCP SYN (Stevens vol.II p.964), return a 100pps rate-limited ACK instead of blindly RST'ing the connection.
+
- RELIABILITY FIX: Reply to in-window SYN with a rate-limited ACK.
+ A source code patch is available.
+ [Applied to stable]
- Don't try to recreate the xfs(1) logfile after dropping privileges.
- Don't abort xfs(1) gracelessly when handling an unimplemented protocol request.
@@ -351,7 +559,7 @@
www@openbsd.org
-
$OpenBSD: plus.html,v 1.922 2004/04/29 14:37:08 henning Exp $
+
$OpenBSD: plus.html,v 1.923 2004/05/17 00:35:53 deraadt Exp $