===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.931
retrieving revision 1.932
diff -u -r1.931 -r1.932
--- www/plus.html 2004/09/06 06:19:36 1.931
+++ www/plus.html 2004/09/28 02:00:11 1.932
@@ -54,19 +54,221 @@
We are working on OpenBSD-current.
-The following list sums up (almost) all the changes made up to July 31.
+The following list sums up (almost) all the changes made up to September 12.
+- Fix tcpdump(8)'s bpf(4) attachment on atw(4) devices.
+
+
- SECURITY FIX: Eilko Bos reported that radius authentication, as implemented by login_radius(8), was not checking the shared secret used for replies sent by the radius server. This could allow an attacker to spoof a reply granting access to the attacker. Note that OpenBSD does not ship with radius authentication enabled.
+ A source code patch is available.
+ [Applied to stable]
+
+ - Bail out of newfs(8) on errors when making very small filesystems.
+
+
- Move MIPS to 64-bit.
+
- Fix copyout(9) of pf(4) anchors with relative paths and wildcards.
+
- Track the peer count correctly in bgpd(8) and ntpd(8), fixing memory corruption in both.
+
- Fix a null dereference in dhcpd(8).
+
- Just print the raw IP protocol number in netstat(1) instead of fetching the protocol name.
+
+
- Stop routed(8) fiddling with routes controlled by bgpd(8).
+
- SECURITY FIX: httpd(8)'s mod_rewrite module can be made to write one zero byte in an arbitrary memory position outside of a char array, causing a DoS or possibly buffer overflows. This would require enabling dbm for mod_rewrite and making use of a malicious dbm file.
+ A source code patch is available.
+ [Applied to stable]
+ - Stop telnetd(8) closing the slave fd from openpty(3) and then reopening it.
+
+
- Set a cleanup handler for HUP as well as INT, TERM and WINCH on the ssh(1) multiplex control socket.
+
- Stop ntpd(8) dying on sendmsg(2) failures.
+
- Unbreak route(8)'s -netmask option.
+
- Fix a bad cast from mode_t to short in ar(1).
+
+
- Check for interrupted waits in inetd(8), fixing late reaping of zombie processes and other ignored signals.
+
+
+
+
- Don't busy-wait on ENOBUFS in pppoe(8).
+
+
- Stop the mixer resetting emu(4)'s volume to very very loud.
+
+
- Make sure kernfs_xread() isn't called with a negative offset.
+
- SECURITY FIX: Chris Evans reported several flaws (stack and integer overflows) in the Xpm library code that parses image files (CAN-2004-0687, CAN-2004-0688). Some of these would be exploitable when parsing malicious image files in an application that handles XPM images, if they could escape ProPolice.
+ A source code patch is available.
+ [Applied to stable]
+ - Stop non-MASTER carp(4) hosts replying to ARP requests, as this upsets some layer 3 switches.
+
+
- Stop login(1) treating the 'bar' in username foo.bar as a Kerberos instance, that's a krb4 syntax we no longer use.
+
- Fix fd passing problems with S/Key on sparc*.
+
- Don't do DNS lookups when reading ntpd(8)'s config, save them for later.
+
- In ntpd(8), don't log transient network errors from sendto(2).
+
- Fix pfsync(4)'s handling of adaptive timeouts.
+
- Enforce minimum lease time of 60 seconds in dhclient(8), to stop bogus 0s leases from the server causing the client to spin.
+
- Fix oversized copies that were causing memory faults in usb(4).
+
+
+
- Don't close stdin in sshd(8) unless we're reexec'ing.
+
+
- Make sure pkg_create(1) keeps track of the current working directory.
+
+
- RELIABILITY FIX: Due to incorrect error handling in zlib an attacker could potentially cause a denial of service attack (CAN-2004-0797).
+ A source code patch is available.
+ [Applied to stable]
+
+ - Have /etc/security(8) store a copy of the disklabel and report any changes.
+
+
- Only allow SIOCGET{VIF,SG}CNT from the multicast router socket (PR#3825).
+
- Document the fact that collisions have been found for MD4, MD5 and ripemd.
+
- Don't make ntpd(8) explode when getaddrinfo(3) returns EAI_NONAME.
+
- Base the value of uvm_km_pages_lowat on the amount of physical memory.
+
- Back out the IPv6 prefix len 'fix', the old code was right.
+
+
- Make xargs(1)' behaviour match the manpage when the utility can't be executed.
+
- Fix fgetln(3) and realloc(3) handling in libedit.
+
- Do the '%s' replacement for less(1)'s LESSOPEN and LESSCLOSE environment variables ourselves instead of using snprintf(3).
+
- Don't send a SIGINT or SIGTERM to the entire process group when received by the shell unless the shell is the process group leader (PR#3820).
+
- In isakmpd(8), fix the test for whether a newly-created SA replaces an old one.
+
- Enable Dead Peer Detection in isakmpd(8) by default.
+
- Don't overwrite the raw IPv6 checksum field in a shared mbuf.
+
+
- Fix high interrupt load in ste(4).
+
+
- Remove the need for isakmpd.policy(5) file when starting isakmpd(8) from rc(8).
+
- Fix the IPv6 prefix length sanity checks in in6_are_prefix_equal().
+
+
- 3.6-beta -> 3.6.
+
- Add a new control message to bgpd(8) that allows a session to be downed and restarted, accessible with the bgpctl(8) command 'clear'.
+
- Unbreak parsing of multiple -o options to mount_nfs(8).
+
+
- Stop bge(4), sk(4) and ti(4) complaining about a lack of jumbo frame buffers for inbound frames, unless debugging is on.
+
- On nexthop reachability status changes, only notify the bgpd(8) RDE if the nexthop was previously unavailable.
+
+
- Don't send bad IP packets via bpf(4) when monitoring a gre(4) interface (PR#3852).
+
+
- Fix descriptor passing in bgpd(8).
+
- Stop networks disappearing on bgpd(8) reload by always updating the prefix timestamp.
+
- Remove a null deref in isakmpd(8).
+
- Implement the SMTP 'QUIT' command in spamd(8).
+
- Fix an out-of-bounds read in makeinfo(1).
+
+
- Remove ip6.int from the named(8) example config files.
+
- Bump OpenSSH to version 3.9.
+
- Put in a temporary fix for wi(4) cards with station firmware < 1.8. Real fix after the 3.6 release.
+
+
- Remove spamd(8) greylist entries the second they expire.
+
- Back out the recent pf(4)-skips-downed-interfaces change, it breaks IPv6.
+
+
- Add an example sendmail(8) /etc/mail/genericstable.
+
- When isakmpd(8)'s -K switch is active, check the peer's proposal against isakmpd.conf(5).
+
- Map the whole ld.so hints file for a.out in one mmap(2), as was done for ELF.
+
+
- Fix auto request sense handling in ahc(4) and ahd(4).
+
- Stop a coredump in libregex(3).
+
- Fix a busy-wait on transmit failure in ntpd(8).
+
- Add an extra check for a NULL message in the privsep code for isakmpd(8), named(8), pflogd(8), sshd(8), syslogd(8), tcpdump(8) and the X server.
+
+
- Finally fix ntpd(8) problems with DNS non-availability at startup.
+
- Fix a bad dereference in gcc(1).
+
- In bgpd(8), ignore RFC2545 and don't allow IPv6 link-local addresses to be a next hop.
+
- Stop a core dump in newfs(8) by checking the block size against MAXBSIZE.
+
- Validate the superblock size recorded in the superblock, to prevent a panic.
+
+
- Use atomicio instead of a few pieces of homegrown code in ssh(1).
+
- Some signedness cleanups in ssh(1).
+
- Add dladdr(3) support to the dynamic loader, and extend dlsym(3) to match 'standards'.
+
- Plug a memory leak in kvm_close(3).
+
- Fix bgpd(8) MRT dumps from cloned sessions.
+
- With -q in effect, stop grep(1) searching as soon as a match is found.
+
- Skip over non-UP interfaces in pf(4), fixing some problems with pppd(8).
+
- Fix a missing lseek(2) error check in sshd(8).
+
- Only close a pipe if it's open in sshd(8).
+
- Fix a minor memory leak in sshd(8).
+
- Surround pkg_delete(1)'s main loop with an eval{} block, so that ldconfig(8), directory removal, manpage and font directory processing always occur.
+
- Back out the mmap(2)-based malloc(3) for now, some architectures aren't working right yet.
+
- A stack of ohci(4) fixes from NetBSD.
+
+
- RELIABILITY FIX: Improved verification of ICMP errors in order to minimize the impact of ICMP attacks against TCP.
+ A source code patch is available.
+ [Applied to stable]
+ - Show the difference between the expected and received IP checksum in tcpdump(8).
+
- Now that tcpdump(8) decodes the IP fragment returned in an ICMP error message, allow the TCP parser to print the source and destination ports from incomplete TCP headers.
+
- When tcpdump(8) receives an ICMP error and -vv is in effect, also dump the IP packet embedded in the error message. Based on tcpdump.org.
+
- Fix a bad sizeof in ntpd(8).
+
- Implement better RFC 3706 Dead Peer Detection in isakmpd(8).
+
- Fix the MED setting in outgoing bgpd(8) updates.
+
- In ntpd(8), handle DNS lookup failures properly in the case of server pools.
+
- Have pkg_add(1)'s @mandir and @fontdir keywords do the right thing on package delete, and have @fontdir do the necessary font processing.
+
- Fix a dynamic group-related panic in pf(4).
+
+
- Support the setenv capability in login.conf(5) like in NetBSD, including '~' and '$' macro expansion for the homedir and username respectively.
+
- Import and merge Perl 5.8.5 from CPAN. Crank libperl's major number.
+
- 3.5-current -> 3.6-beta.
+
- Stability and performance fixes to ste(4) from FreeBSD.
+
- Fix an out-of-bounds write in libafs, caught by the mmap(2)-based malloc(3).
+
+
- Fix a missing initialisation of the route info structure in the kernel and stop a panic.
+
- Stop doing unnecessary PHY resets on hme(4).
+
- Remove the need for -w when setting values in radioctl(1).
+
- Fix iostat(8)'s average KB per transfer calculation.
+
+
- Do a chroot(2) before running ldconfig(8) when DESTDIR is set in pkg_add(1).
+
- Add IPv6 router solicitation and router advertisement ICMP messages to the default pf(4) filter loaded in rc(8).
+
+
- Initial work on SGI MIPS64 support.
+
- Only close the stream passed to pclose(3) if it was opened by popen(3).
+
- In pkg_add(1), invoke the OpenBSD::Makewhatis module directly insteading of forking makewhatis(8).
+
- Reorganise makewhatis(8) to avoid using unnecessary code, and allow invocation as a perl(1) module.
+
- Big update to bgpd(8), moving towards IPv6 support.
+
- New @lib marker in pkg_add(1) packing lists, that lets the tools know when to run ldconfig(8).
+
- Many more pkg_add(1) fixes and improvements.
+
+
- Refactor pkg_add(1) etc. packing list code.
+
- Now that malloc(3) uses mmap(2) instead of sbrk(2), remove the rlimit check from the userland code and let the kernel do it.
+
- Use the new fd-passing functionality in BSD_AUTH(3) to implement record locking for S/Key logins.
+
- Stop trying to change the cwd of processes after a forced unmount.
+
+
- Don't send signals from hardclock to prevent SMP problems in the near future.
+
- Add interrupt coalescing support to fxp(4)
+
- Fix jumbo frames support in sk(4).
+
- In ssh(1), return DH group 14 when /etc/moduli is empty, fixing a hang.
+
+
- Allow a file descriptor to be passed on the BSD_AUTH(3) back channel, to be used for stateful login scripts.
+
- Do a check for minval>maxval in strtonum(3)
+
- Change the minval and maxval parameters to strtonum(3) from unsigned to signed long long, simplifying the code.
+
- Allow an autonegotiation to be forced at mii(4) attach time.
+
- Don't crash the kernel in autoconf when matching an indirect device with verbose mode switched on.
+
- Allow NFS commits to be coalesced instead of always sending a commit for each block.
+
- MRT dump compatibility fixes for bgpd(8).
+
- Add route label support to ifconfig(8) via the -label keyword.
+
- Introduce 'route labels', allowing up to 32 bytes of information to be attached to a route.
+
- Fix reference counting bugs in isakmpd(8), avoiding leaks.
+
- Make disk geometry parameters in fdisk(8/i386) unsigned values to avoid some signedness problems.
+
- Don't trim device major and minor numbers to 8 bits when accessing device nodes over NFS.
+
- Allow pfsync(4) to use a unicast sync peer, via the new 'syncpeer' keyword to ifconfig(8). This lets pfsync operate over IPsec.
+
- Show if locking is present in pstat(8) -f output.
+
- Add fxp(4) microcode for interrupt coalescing. From Intel via FreeBSD.
+
- Have lint(1) allow more integer types in bitfields.
+
+
- Set initial latency and cacheline size for cardbus(4) devices.
+
- Out-of-line some functions in isp(4) to shrink the kernel a bit.
+
- In isakmpd(8) don't expire phase 2 SAs that are not yet established on receipt of a SIGHUP.
+
- Fix pcmcia(4) crashes (PR#3732, PR#3881). More work required.
+
- New @man element for packing lists.
+
- If LK_NOWAIT is passed to vget(9), return EBUSY if the vnode is lock(9)ed.
+
+
- Rewind the tape less often when repositioning an st(4) device.
+
- New malloc(3) implementation using mmap(2) instead of sbrk(2). This means that malloc now gets all the benefits of mmap's randomisation feature.
+
- Deal with upward-growing stacks when checking for the end of the stackgap in sys/compat/common.
+
- Major updates to ahc(4). From FreeBSD.
+
- Kill GATEWAY and IPFORWARDING config(8) options, since their functionality has long been available from sysctl(8).
- Have httpd(8) correctly use port information supplied by the client (if available) when UseCanonicalName is off.
-
+
- New bgpd.conf(5) announce type "default-route", which will only announce the default route to a specified neighbour.
- Drain hotplug(4)'s event queue on close, fixing a hang on shutdown (PR#3874).
- Fix siop(4) probe problems on hppa.
- Call /bin/ksh instead of /bin/sh in the installer scripts, since the ksh(1) mannerisms will be disabled when invoked as sh(1) soon.
-
+
- Fix a missing initialisation when processing an RDE update in bgpd(8).
- Helpfully, don't truncate the lease file to zero length on dhcpd(8) startup.
- Keep a unique ID for each server ntpd(8) talks to.
@@ -75,7 +277,7 @@
- Fix NAT-T Aggressive Mode by putting NAT-D checks in the right place.
- Don't set the output filename in compress(1) when in -t mode, avoiding an error which the input filename doesn't end in '.gz'.
- Drop ip6.int query support for IPv6 reverse lookups with gethostbyaddr(3).
-
+
- Use SHA1Pad(3) in libskey, instead of relying on undocumented behaviour from SHA1Final(3).
- Add new timekeeping code, MI-only for now and not yet enabled anywhere.
- In bgpd(8), prefer the path with the lowest MED value, not the highest.
@@ -1297,7 +1499,7 @@
www@openbsd.org
-
$OpenBSD: plus.html,v 1.931 2004/09/06 06:19:36 deraadt Exp $
+
$OpenBSD: plus.html,v 1.932 2004/09/28 02:00:11 deraadt Exp $