===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.926
retrieving revision 1.927
diff -u -r1.926 -r1.927
--- www/plus.html 2004/06/03 23:38:49 1.926
+++ www/plus.html 2004/06/25 11:09:05 1.927
@@ -54,10 +54,323 @@
We are working on OpenBSD-current.
-The following list sums up (almost) all the changes made up to May 29.
+The following list sums up (almost) all the changes made up to June 24.
+- Enable propolice on XFree86 modules.
+
- In sshd(8), only do TCP wrappers checks when the incoming connection is on a socket.
+
- Narrow down isakmpd(8)'s privsep interface a bit.
+
- Ditch autoconf stuff in libkeynote, it's not used here.
+
- Set stricter modes on shared memory segments used by the X server.
+
- Do IPv6 fragment reassembly with the pf(4) scrub directive. Work in progress.
+
- String cleaning in the X server, fvwm(1) and xtrans.
+
- Convert libXt to ANSI C. From XFree86 HEAD.
+
+
- Some work on bgpd(8) multiprotocol support.
+
- Reprint the boot(8) identity string after changing the console line.
+
- Disable the boot(8) timeout once the user hits a key.
+
- Big tidyup of sys/net/rtsock.c.
+
- Some alignment fixups in bgpd(8).
+
- In systrace(4), quit early if detached after an exec*(3), and avoid a double-free.
+
- Remove the 8-page size limit on the sysctl(3)-returned argv array.
+
- Strip netiso code from ifconfig(8) and route(8).
+
- Make all kernel time access via functions so that locking is possible.
+
- Re-exec(3) sshd(8) after accept(2). Can be turned off with the -r command line option.
+
- Add C++ inclusion guards into <pcap.h> and <keynote.h>.
+
- Add genericstable to the list of sendmail(8) databases that /etc/mail/Makefile can create automatically.
+
- Don't realloc(3) so often when fetching process args in libkvm. Will be needed soon.
+
- If one of pkill(1)'s targets can't be killed, carry on and kill the rest instead of stopping.
+
- Fix SIGCHLD handling in isakmpd(8) so SIGSTOP and SIGCONT now work as expected.
+
- Gracefully handle line buffer overruns when reading boot.conf.
+
- Do ehci(4) on macppc as well.
+
- Crank libc and libpthread majors again after hsearch(3) addition.
+
- Allow isakmpd(8) to handle keys from X.509 certs embededed in keynote credentials.
+
- Implement hsearch(3) and friends, for XPG4.2 reasons. From NetBSD.
+
- Update sendmail(8) to 8.13.0.
+
+
- Correct a missing dereference and unbreak logging of IPV4_ADDR_SUBNET IDs in isakmpd(8).
+
- Fix the for loop that counts passed environment variables in multiplex ssh(1).
+
- As with sysctl(8), make the -w option for writes with wsconsctl(8) optional.
+
- Have tcpdump(8) show the time between packets when prodded with -tttt.
+
- Some setuid(2)/setgid(2) fixes for systrace(1).
+
- Shrink the dhclient(8) die-on-RTM_DELADDR window to one second.
+
+
- Remove another stat(2)-then-open(2) from isakmpd(8).
+
- Enable ahd(4) by default for i386.
+
- Unbreak phase 1 IPV[46]_ADDR_SUBNET IDs in isakmpd.conf(5)
+
- New config option 'Acquire-Only' (-a on the command line) for isakmpd(8), to stop the daemon playing with existing flows.
+
- Add cdboot(8), a CD-specific second-stage bootstrap for i386.
+
- In bgpd(8), support the NOPEER community from RFC 3706.
+
+
- Import atw(4) ADMtek ADM8211 wireless driver from NetBSD.
+
- Some strncpy(3) -> strlcpy(3) in sys/compat/*.
+
- Add a no-emulation CD boot sector, based on a FreeBSD implementation.
+
- Only ignore dhclient(8)-generated RTM_DELADDR messages for a five-second window after process startup, so that new instances of dhclient (started outside this window) cause the older instance to die like before.
+
- Teach mkhybrid(8) how to create an El Torito no-emulation boot CD (for i386), with a 2048-byte boot sector.
+
- Import the generic IEEE 802.11 framework from FreeBSD and NetBSD.
+
- Fix probe hangs on some ahd(4) cards.
+
- In the X server, fix malloc corruption when sending multiple glyphs to RenderAddGlyphs() (XFree86 bugzilla #1276, freedesktop.org bugzilla #349).
+
- Rewrite mount(8)'s mount options parser, making it more robust and removing the need for duplicate code in mount_nfs(8) (PR#3642).
+
- Fix some logic errors introduced in recent string changes to cron(8).
+
- Don't exit wicontrol(8) if SIOCGWAVELAN fails, just print a warning and get whatever information is available without it.
+
- Change bgpd(8)'s internal prefix lookup from a hash table to a per-address family red-black tree(3).
+
- Don't assume in make(1) that '.' and '..' are the first two entries in a directory.
+
- Handle division-by-zero in m4(1) with an error message instead of a core dump.
+
- Fix a segfault in xdm(1) if a LISTEN keyword without hosts is found in the Xaccess file.
+
- When decoding fragmented IPv6 packets in tcpdump(8), only try to interpret the contents of the first fragment.
+
- Back out source-based routing code while some problems are fixed.
+
- Start work on support for IPv6 routes (not just IPv6 sockets) in bgpd(8).
+
- Wire ntpd(8) into the build.
+
- Fix libXi XSelectExtensionEvent(3) on 64-bit machines (freedesktop.org bugzilla #285).
+
- Remove pointless 5-second sleep(3)s in xtrans (freedesktop.org bugzilla #297).
+
- Sync lynx(1) to 2.8.5.rel2.
+
- Fix some endianness problems in X-Resource (freedesktop.org bugzilla #267).
+
- Add a new 'filter drop' flag to bpf(4), so that an interface may be notified that a packet matches a filter and should be dropped.
+
- Update to lynx 2.8.5rel1.
+
- Have isakmpd(8) drop IKE messages arriving on port 500 after the NAT-T exchange has switched to port 4500.
+
- Allow a bgpd(8) template peer with unknown AS to be an IBGP peer, instead of always being an EBGP peer.
+
- Allow the IKE parser in tcpdump(8) to recognise a NAT-T payload.
+
- Teach tcpdump(8)'s IKE parser about NAT-T keepalive packets.
+
- In bgpd(8), don't reallocate the pollfd array every time the size changes because there's a risk that realloc(3) can fail. Reallocate only when there's a large potential saving.
+
- String cleaning in cron(8).
+
- time -> arc4random(9) in sppp(4).
+
- Fix bogus 'panic: cylinder group too big' message from newfs(8).
+
- Don't exit dhclient(8) on receipt of an RTM_DELADDR routing message, as this sometimes be generated by the dhclient itself. Instead, exit on RTM_NEWADDR iff an IP address is set that doesn't correspond to our lease. Not a perfect solution.
+
- More sftp(1) ls(1) emulation: Don't show .dotfiles unless -a is specified.
+
- Handle interface resets gracefully in dhclient(8).
+
- Do more retries on st(4) devices to allow the tape drive to recover after a reset.
+
- New xetc installation fileset, for all X configuration files installed under /etc.
+
+
- Keep separate, 1-second resolution counters for walltime and uptime, and have code that only needs 1-second resolution use those instead of the microsecond counters.
+
- Clean up properly on in_ifinit() failure.
+
- Turn isakmpd(8) NAT-T support on. The crowd goes wild.
+
- Implement NAT-T keepalive messages in isakmpd(8).
+
- Check that UDP encapsulation is enabled (sysctl(8) net.inet.esp.udpencap) before allowing encapsulated SAs to be created in the kernel.
+
- Add bounds-check gcc(1) attributes to libkern strl*() functions, and to strncpy().
+
- Implement ls(1)-compatible sorting for sftp(1)'s ls command.
+
- Allow ipsec(4) on IPv6 link-local addresses.
+
- Have isakmpd(8) save the destination port if it is NATed, as one might reasonably expect it to be when using NAT-Traversal.
+
- Don't leak a cloned PMTU route in netinet/ip_output.c.
+
- arc4random(9)ise a previously time-based ID in atalk(4).
+
- Fix an fd leak in ssh(1) when multiple subsytems are present.
+
- Use arc4random(9) instead of the time for the ARCnet sequence ID.
+
- Use getaddrinfo(3) and getnameinfo(3) instead of old-style conversion functions in spamd(8), but restrict resolution to AF_INET for now.
+
- Allow - with a warning - the old package keyword @src, in pkg_add(1) etc.
+
- Import and merge fontconfig 2.2.2.
+
- Set the ESP marker on isakmpd(8) captured packets for NAT-T SAs.
+
- If the pkg_add(1) 'don't run scripts' (-I) option is present, don't run scripts.
+
- Have isakmpd(8) turn on kernel ESP-in-UDP encapsulation for NAT-T SAs.
+
- Switch to port 4500 when required for isakmpd(8) NAT-T exchanges.
+
- Use a red-black tree(3) instead of a hash table to track multiply-linked inodes in du(1).
+
+
- Time is as dumb a 'random' value for IPX and ISO CLNP as it is for IP, so use arc4random(9) instead.
+
- Add IPv6 support for standalone popa3d(8) as well as when run from inetd(8).
+
- In crypto(9), always store the value returned by splimp(9) so we have something meaningful to give to splx(9).
+
- Fix broken process runtimes in i386 MP.
+
- Use the RTF_MPATH routing flag to skip over multipath routes in bgpd(8), since mpath make no sense for BGP.
+
- For sftp(1)'s 'ls' command, make -l show user and group names, and -n show uid and gid just like real ls(1).
+
- New -I option for diff(1), which ignores changes matching the supplied regex.
+
- Have vnconfig(8) (with the -l option) use the new VNDIOCGET ioctl to fetch vnd(4) device status.
+
- New VNDIOCGET ioctl for vnd(4) devices.
+
- Fix a bad format string in tcpdump(8)'s IKE parser.
+
- In bgpd(8), use descriptor passing to allow the creation of new listen sockets on privileged ports.
+
- For multiplexed ssh(1) connections, filter passed environment variables in the slave.
+
- Add bounds-check compiler attributes for memcpy(3) etc.
+
- Remove support for TUBA (TCP/UDP over CLNP-Addresses Networks, as if you didn't know).
+
- Change isakmpd(8) payload handling to deal with pre-RFC NAT-T messages.
+
- Don't try to carry on in pax(1) if the chdir(2) needed by the -C option fails.
+
- Start work on both RFC 3706 Dead Peer Detection, and full-on NAT-Traversal support for isakmpd(8).
+
- Have isakmpd(8) accept an unencrypted final IKE message (Aggressive Mode only) for compatibility reasons.
+
- New -dd switch for isakmpd(8) to make debugging the privsep child easier.
+
- Let popa3d(8) work with IPv6 sockets, no daemon mode support yet.
+
- Fix a rather serious SMP merge error affecting scheduler timeouts.
+
- Correct some logic errors in kernel malloc_debug().
+
- Fix congestion-sensitive IF_INPUT_ENQUEUE() so that freed mbuf(9)s no longer show up on interface input queues under certain circumstances.
+
+
- Require the setting of new route flag RTF_MPATH (corresponding switch -mpath for route(8)) to add a multipath route.
+
- Add defines in <net/if_media.h> for various telecoms carrier circuit types, i.e. E1, T1 etc.
+
- Save curproc in svnd(4) so that lockmgr(9) doesn't get passed a null process. Stops svnd(4) blocking indefinitely (PR#3214).
+
- Fix a null deref in make(1) if the .DEFAULT target has no commands.
+
+
- Fix sending of jumbo frames on em(4) and ti(4).
+
- Unbreak patch(1) when using standard diffs (i.e. no context).
+
- Allow the user to interrupt the setup of a multiplexed ssh(1) connection (if, for example, the master gets wedged) by deferring signal setup until the connection is established.
+
- Merge adjacent hunks in diff(1), making the output more like that from GNU diff.
+
- Use execvp(3) instead of execv(3) in sftp(1) so -S ssh will work.
+
- Use dynamically allocated pollfd struct for ntpd(8), just like bgpd.
+
+
- Fix a bunch more memory leaks in isakmpd(8).
+
- Be more careful in isakmpd(8) when evaluating the return code from X509_verify_cert(3).
+
- Add much of the NTP client functionality to ntpd(8).
+
- Abort rdate(8) on calloc(3) failure, warnx(3)ing and carrying on is just postponing the inevitable.
+
- Add an option (ControlMaster=ask) to require confimation via ssh-askpass(1) before allowing a multiplexed ssh(1) connection.
+
- Support environment variable passing over multiplexed ssh(1) connections.
+
- Back out the recent IPv6 multicast change so that mandatory groups get joined, but achieve the same result by testing for a new host address before adding the multicast entries.
+
+
- Add '-n' option to last(1) to do the same job as -number in a less ugly way.
+
- Make <netinet/if_ether.h> safe for inclusion in C++ code.
+
- Fix a bad dereference leading to a memory leak in isakmpd(8).
+
- Fix a pasto in isakmpd(8)'s message decoder when printing IPv6 address/mask pairs.
+
- Unbreak the IN6_LOOKUP_MULTI() macro definition.
+
+
- Add support for new crypto functions on upcoming VIA C3 processors.
+
- Build X on cats systems.
+
- Fix a null deref crash in route(8)'s show command.
+
- Don't add multiple multicast filter entries for a single IPv6 multicast address.
+
+
- Remove the old pf(4) BEGIN*, COMMIT* and ROLLBACK* ioctls.
+
- Use the newer pf(4) BEGIN and COMMIT ioctls in authpf(8).
+
- Set the relay session id properly for outgoing pppoe(8) packets.
+
- Teach patch(1) to detect already-applied diffs when the diff creates a file, or adds to an empty file.
+
- In du(1), use a hash table instead of a linear list to keep track of multiply-linked files.
+
- Use fmt_scaled(3) instead of do-it-yourself in du(1).
+
- In ld.so(1), allow _dl_malloc() to allocate more than 4KB.
+
- Fix a few stat(2)-then-open(2) races in isakmpd(8).
+
- After going to the trouble of pulling the tcp6 options into a contiguous region with IP6_EXTHDR_GET, use the returned pointer instead of doing mtod() again.
+
- Unbreak vmstat(8) on older kernels.
+
+
- Build an SMP kernel (bsd.mp) in make release(8) for i386, and allow the user to install it.
+
- Merge the SMP branch onto the trunk. Let the party begin.
+
- Just quit rather than panic in cy(4) if interrupts can't be established for PCI.
+
- Fix an off-by-one buffer size in sed(1).
+
- Implement client-side session multiplexing (see ssh_config(5) options ControlMaster and ControlPath) for ssh(1), scp(1) and sftp(1). The server has supported this for some time.
+
- Add diffie-hellman-group14-sha1 KEX method support to ssh(1).
+
+
- Fix pf(4) table add/replace commands at securelevel 2.
+
- Have mg(1)'s M-x gid command use the current word to try and guess which symbol to look up.
+
- Make route(8) 'show' command output more like netstat -r.
+
- Support the IPV6_USE_MIN_MTU option, mainly because BIND 9 wants it.
+
+
- Disable apm(4) on i386 MP machines.
+
- Show systat(1) and vmstat(8) where to find interrupt stats on MP i386 machines.
+
- Only print 'status/cpu#' in top(1) if there's more than one CPU.
+
- Fix a dereference-after-free (actually after pool_put(9)) in pf(4) tables.
+
- In pax(1), fix backreference substitution in -s mode and unbreak bad regex detection.
+
- Add a cpuid field to struct kproc2, and teach ps(1) and top(1) how to make use of it.
+
+
- Only install the Intel F00F bug workaround once on MP machines, avoiding a panic.
+
- Zero the restart counter before use, to fix a problem with uhub(4) port restarts giving up before starting. From FreeBSD.
+
- Fix a sizeof(pointer) bug in carp(4).
+
- Don't leak a softc when detaching a carp(4) cloned interface.
+
- SECURITY FIX: Multiple vulnerabilities have been found in httpd(8) / mod_ssl. This is the second of two sets of fixes.
+
+ - CAN-2004-0488: Stack-based buffer overflow ... in mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow attackers to execute arbitrary code via a client certificate with a long subject DN.
+
- CAN-2004-0492: [mod_proxy] Reject responses from a remote server if sent an invalid (negative) Content-Length: header.
+
+ A source code patch is available.
+ [Applied to stable]
+ - SECURITY FIX: As disclosed by Thomas Walpuski, isakmpd(8) is still vulnerable to unauthorized SA deletion. An attacker can delete IPsec tunnels at will.
+ A source code patch is available.
+ [Applied to stable]
+ - Add src/lib/libintl and libc i18n directories to the repository.
+
+
- First merge of SMP code into the trunk, mainly structures to allow gradual introduction of the new APIs.
+
- Fix IPv4 name-to-address translation, so invalid octet values won't be accepted and CIDR address/mask pairs finally work the way one expects.
+
- In tcpdump(8)'s privsep localtime(3) replacement, deal better with timezones with granularity of less than one hour.
+
- SECURITY FIX: Multiple remote vulnerabilities have been found in the cvs(1) server that will allow an attacker to crash the server or possibly execute arbitrary code with the same privileges as the CVS server program.
+ A source code patch is available.
+ - On i386 (ppro and above), use the calibrated value for the CPU speed over the value returned by the CPU itself, fixing PR#3814.
+
- Use a dynamically allocated array of pollfds in bgpd(8).
+
- Try to prevent isakmpd(8) deleting SAs on receipt of malicious IKE messages.
+
- rdate(8) improvements:
+
+ - RFC 2030 compliance for NTP mode.
+
- Much more robust error handling, with better messages.
+
- Better detection of stale or spoofed NTP responses.
+
- Support for multiple addresses if returned by the DNS, trying each listed server until one works.
+
+
+ - Remove NMBCLUSTERS settings from config(8).
+
- Factor out TCP md5sig code into tcp_subr.c:tcp_signature().
+
- Fix buffer usage in umass(4) CBI transfers (NetBSD PR#25676).
+
+
- Allow arc4random(3) code in ksh(1) to actually work.
+
- Break the dependency of libc on <pthread.h>. Bump the major version of libc and libpthread.
+
- Teach kdump(1) about gpio(4) ioctls.
+
- Allow an authtype (-a option) in skeyinit(1) even when secure mode (-s) in in effect.
+
- Add an alternative algorithm to make pf(4) table deletions faster for a small number of deleted items.
+
- SECURITY FIX: Multiple vulnerabilities have been found in httpd(8) / mod_ssl. This is the first of two sets of fixes.
+
+ - CAN-2003-0020: Apache does not filter terminal escape sequences from its error logs.
+
- CAN-2003-0987: Apache mod_digest does not properly verify the nonce of a client response by using an AuthNonce secret.
+
+ A source code patch is available.
+ [Applied to stable]
+
+ - Out-of-line spl(9) functions in SMP on i386, mirroring the UP change to fix VFS corruption.
+
- Add SMP-related devices for i386 on the SMP branch.
+
- Many fixups on the SMP branch for non-MP kernels.
+
- Rework bgpd(8)'s listen socket handling to better support multiple listen addresses.
+
- New -src and -srcmask options for route(8) supporting the new source-address routing functinoality.
+
- New -S flag for netstat(1) and route(8), to show the new source selector part of a route entry.
+
- Extend the routing table to allow routing based on source as well as destination. IPv4 only for now, more to come.
+
- Set the skey(1) first sequence number to 100 as promised by the manpage.
+
- spl(9) and alignment fixes in portalfs.
+
+
- Much merging and fixup as SMP is readied for prime-time.
+
- Resurrect the 'fork1(9)-can-take-null-retval' change, this time leaving the setup of struct proc setup well alone.
+
- Fix a bug with X and wsmouse(4) where an event of unknown type could cause a whole batch of other events to be discarded.
+
- Set the length field in the TCP packet header earlier in tcp_output().
+
- New re(4) driver supporting RealTek Gigabit Ethernet devices.
+
+
- Clean up multicast addresses when unconfiguring carp(4) interfaces.
+
- Clarify user(8) docs and error messages (PR#3792).
+
- Add startup code for hotplugd(8) to rc(8) and rc.conf(8).
+
- New usbhid(3) API hid_start(3), a non-noisy version of hid_init(3).
+
+
- Don't send mail at all from cron(8) if MAILTO is set but empty.
+
- Cleanup in at(1)/cron(8):
+
+ - Check argc before using argv[0] in at(1).
+
- Print the right filename for a job in the email.
+
- Reset the sockaddr length value every time before accept(2).
+
+ - New gpioctl(8) program to go with new gpio(4).
+
- Have dhclient(8) fall back to user nobody if user _dhcp doesn't exist. Helps with upgrades.
+
- In getopt(3)/getopt_long(3), don't allow an optional argument if it begins with a '-'.
+
- Allow cron(8) to accept crontabs with more strict permissions than is the default.
+
- New General Purpose I/O device gpio(4). Only enabled on i386 for now.
+
- New '!!<prog>' syntax for syslogd(8), used to force messages from the named program to only go to certain files regardless of the rest of syslog.conf.
+
- Update file()'s magic to that from file version 4.09, with a few local changes and additions.
+
+
- Use the old _nointr pool(9) allocator for pf(4) tables.
+
- Rearrange the pool(9) allocator code so the old allocation method can be used agai.
+
- Use the quirks mechanism to fix wdc(4) hangs on Geode SC1100 devices (PR#3729).
+
- Implement SCSI-style quirks for wdc(4).
+
- Use errx(3) instead of err(3) in find(1) when errno isn't set by the error.
+
- When calling err(3) after a malloc(3) failure, don't specify a message.
+
- Cleanup in rm(1).
+
- Support multicast on kue(4).
+
- Add IPv6 support to uucpd(8).
+
- Trivial changes (sockaddr_in -> sockaddr_storage) to add IPv6 support to rpc.rquotad(8), rpc.rstatd(8), rpc.rusersd(8), rpc.rwalld(8) and rpc.sprayd(8).
+
+
- Mark nullfs memory as M_MISCFSMNT instead of M_UFSMNT.
+
- Swing hppa to gcc3, and enable shared library support.
+
- Unbreak xterm(1) jump-scrolling on big-endian 64-bit systems.
+
- Remove a somewhat useless current-process privilege check in the IPv6 input path. Based on KAME.
+
- Compatibility fixes for some sk(4) devices (PR#3061). Workaround from FreeBSD.
+
+
- Initialise the carp(4) interface structure before use.
+
- Don't advertise an absurd TCP receive window on 64-bit architectures. From NetBSD.
+
- Some Single UNIX Specification updates in <limits.h>.
+
- Better error handling for rm(1)'s -P option. From FreeBSD.
+
- First cut at a home-grown NTP daemon. Not built by default yet.
+
- Remove ugly string code in bpf(4), used when no unit number was given to BIOCSETIF.
+
- Fix a long-standing KAME pasto that was breaking SIOC[DG]LIFADDR.
+
- Remove a bunch of redundant errno declarations.
+
- Use generic crc32 code instead of local efforts in many Ethernet devices.
+
+
- Sync xl(4) with FreeBSD, bringing in a lot of bug fixes and improvements.
+
- Check the NTP server clock status returned to rdate(8) and don't use the response if the server thinks its clock is unsynchronised.
+
- In uvm_map_clean() (called by msync(2) and madvise(2)), only free writable pages, and don't free copy-on-write pages because the permissions aren't known.
+ [Applied to stable]
+ - Only call getprotobynumber(3) from ppp(8) when the logging level is high enough to need the result. From FreeBSD.
+
- Some Emacs compatibility tweaks to binutils. Use the classic executable start addresses if ld(1) option -Z (disable W^X) is active.
+
- New privsep user and group _ntp.
+
- New monitoring daemon hotplugd(8) to go with hotplug(4).
+
- New hotplug(4) device to pass device attach and detach events up to userland. Available for alpha, amd64, i386, macppc and sparc64, only enabled on i386 for now.
+
- Use generic CRC code, remove bogus LLADDR use and handle multicast ranges better in nge(4) and sf(4).
- Fix bge(4) multicast reception.
- Add a description field for network interfaces, accessible via ifconfig(8) command 'description' and ioctl(2)s SIOC[GS]IFDESCR.
@@ -80,7 +393,7 @@
- Make accounting optional, with the new config(8) option (wait for it) ACCOUNTING.
- Allow login names longer than eight characters in uucpd(8).
- Fix a memory leak in a pfctl(8) error path.
-
- When shutting the system down, finalise accounting before the VFS to avoid panic(9)s.
+
- When shutting the system down, finalise accounting before the VFS to avoid panics.
- Fix TCP corruption on rl(4) cards.
- Much better rulefile parsing for brconfig(8).
- Pool efficiency improvements:
@@ -99,7 +412,7 @@
- Use _exit(2) instead of exit(3) in the sftp(1) child process.
- Include the hostname in syslogd(8) memory-buffered entries.
-
- Since the per-arch _dl_bcopy() in ld.so(1) is in all cases a simple for loop and painstakingly optimised assembler, just use a single machine-independent version.
+
- Since the per-arch _dl_bcopy() in ld.so(1) is in all cases a simple for loop and not painstakingly optimised assembler, just use a single machine-independent version.
- Allow ld.so(1) _dl_find_symbol() to return a pointer to the container object.
- Handle interface removals gracefully in dhcpd(8), now that poll(2) wakes it up on interface detach.
- Wake up any poll(2)ing process when a bpf(4) descriptor is closed.
@@ -110,14 +423,14 @@
- bktr(4) fixes from NetBSD and FreeBSD.
- Move the addition of atexit destructors right to the end of ld.so(1) setup (after the gdb(1) helper code) so they can be debugged.
- If ld.so(1) is running under ldd(1), exit earlier before a whole bunch of unnecessary setup gets done.
-
- Check ifp is valid before using it in carp_setroute(), avoiding a panic(9).
+
- Check ifp is valid before using it in carp_setroute(), avoiding a panic.
- Helpfully, use the right function names in isakmpd(8) error messages.
- Fix multicast problems with sk(4).
- Don't leak a socket in ndp(8).
- Back out the recent fork1(9) change due to compatibility problems.
- New MaxAuthTries option for sshd_config(5).
-
- Allow the retval parameter to fork1(9) to be NULL (as the manpage says) without causing a panic(9).
+
- Allow the retval parameter to fork1(9) to be NULL (as the manpage says) without causing a panic.
- strtonum(3)ify pflogd(8).
- Add gscsio(4) and lmtemp(4) I2C drivers.
- Add I2C framework (iic(4), iic(9)) based on that in NetBSD and enable on i386.
@@ -154,7 +467,7 @@
- Enable the fancy new i386 pagezero code by not resetting it to its old value after setting it up.
- Allow anchors within anchors in pf(4). More work to come.
- Don't recursively call nd6_output() when route allocation fails, just return a host unreachable error.
-
- SECURITY FIX: A heap overflow in the cvs(1) server has been discovered that can be exploted by clients sending malformed requests. These clients can then run arbitrary code with the same privileges as the CVS server program.
+ - SECURITY FIX: A heap overflow in the cvs(1) server has been discovered that can be exploited by clients sending malformed requests. These clients can then run arbitrary code with the same privileges as the CVS server program.
A source code patch is available.
[Applied to stable]
- Allow symbolic service- and protocol names in isakmpd(8), so e.g. "Protocol=tcp" now works.
@@ -185,7 +498,8 @@
- Add basic COMMUNITIES attribute support in bgpd(8)'s filter language.
- Update libiberty's floatformat.[ch] to those from gdb(1) 6.1.
-
- Use arc4random(3) instead of rand(3) in httpd(8) mod_rewrite and mod_ssl, cleaning up surrounding code in the latter on the way.
+
- Use arc4random(3) instead of rand(3) in httpd(8) mod_rewrite and mod_ssl, cleaning up surrounding code in the latter on the way.
+ [Applied to stable]
- Remove the now-unused dhclient(8) pidfile stuff from /etc/rc(8).
- Add a separate link type, DLT_PPP_ETHER, for pppoe(8) frames. From NetBSD.
- Don't skip the graceful shutdown of carp(4) just because the system is being powered down.
@@ -694,7 +1008,7 @@
www@openbsd.org
-
$OpenBSD: plus.html,v 1.926 2004/06/03 23:38:49 deraadt Exp $
+
$OpenBSD: plus.html,v 1.927 2004/06/25 11:09:05 deraadt Exp $