===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus24.html,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- www/plus24.html	2002/10/17 08:47:58	1.15
+++ www/plus24.html	2003/03/06 16:27:10	1.16
@@ -1,8 +1,8 @@
-<!DOCTYPE HTML PUBLIC  "-//IETF//DTD HTML Strict//EN">
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 <html>
 <head>
 <title>OpenBSD 2.4 changes</title>
-<link rev=made href=mailto:www@openbsd.org>
+<link rev=made href="mailto:www@openbsd.org">
 <meta name="resource-type" content="document">
 <meta name="description" content="the main OpenBSD page">
 <meta name="keywords" content="openbsd,main">
@@ -14,7 +14,8 @@
 
 <a href="index.html"><img alt="[OpenBSD]" height="30" width="141" src="images/smalltitle.gif" border="0"></a>
 <p>
-<h2><font color=#e00000>Changes made between OpenBSD 2.3 and OpenBSD 2.4</font><hr></h2>
+<h2><font color="#e00000">Changes made between OpenBSD 2.3 and OpenBSD 2.4</font></h2>
+<hr>
 
 <p>
 This is a partial list of the major machine independent changes
@@ -27,7 +28,7 @@
 changes, starting with those listed below..
 
 <p>
-Note: <font color=#e00000>Problems for which patches exist are marked in red</font>.
+Note: <font color="#e00000">Problems for which patches exist are marked in red</font>.
 
 <p>
 <h3>
@@ -50,7 +51,7 @@
 
 <hr>
 
-<h3><font color=#0000e0>OpenBSD 2.4 released (Dec 1, 1998).</font></h3><p>
+<h3><font color="#0000e0">OpenBSD 2.4 released (Dec 1, 1998).</font></h3><p>
 <ul>
 
 <li>Fix a bug in the midway ATM driver.
@@ -83,7 +84,7 @@
 <li>In i386 wd(4) driver, set d_type properly in spoofed labels.
 <li>Import learn(1) -- but still disabled.
 <li>Add <strong>file://</strong> support to ftp(1).
-<li><font color=#e00000><strong>The sparc hme(4) and le(4) drivers had bugs in the 2.4 release. <a href=errata24.html#hme>Patches are available</a></strong></font>.
+<li><font color="#e00000"><strong>The sparc hme(4) and le(4) drivers had bugs in the 2.4 release. <a href="errata24.html#hme">Patches are available</a></strong></font>.
 <li>Fix media negotiation in the SS5/10 le(4) driver.
 <li>Fix mail(1) to deal with the changed lockspool(1) protocol.
 <li>In lockspool(1), permit root to lock other spools.
@@ -176,7 +177,7 @@
 <li>if_media support in OpenBSD.  Some drivers support it, others do not yet.
 <li>Buffer mishandling fixes in nslookup(1) and dig(1).
 <li>Make a few programs (time, mkdep, lorder) kill themselves with the signal they trapped, rather than provide an exit code.
-<li>Continuing work at integrating the <a href=http://www.stacken.kth.se/projekt/arla>ARLA free-AFS</a> source code directly into OpenBSD.
+<li>Continuing work at integrating the <a href="http://www.stacken.kth.se/projekt/arla">ARLA free-AFS</a> source code directly into OpenBSD.
 <li>More games fixes.
 <li>Teach libpcap that DLT_LOOP devices have a network byte order header.
 <li>Return ENXIO for /dev/mem minor devices which do not exist.
@@ -285,7 +286,7 @@
 <li>Update to ncurses-4.2-980801.
 <li>Use SO_REUSEADDR in lpd(8) in case it is restarted by hand.
 <li>Crank tun(4) MTU to 16K.
-<li><font color=#e00000><strong>Set the close-on-exec flag in two descriptors owned by chpass(8).  This fixes a security problem. <a href=errata23.html#chpass>A patch which solves the problem is available</a></strong></font>.
+<li><font color="#e00000"><strong>Set the close-on-exec flag in two descriptors owned by chpass(8).  This fixes a security problem. <a href="errata23.html#chpass">A patch which solves the problem is available</a></strong></font>.
 <li>Improve ipsecadm(8).
 <li>Fix some ipsec bugs related to IP-in-IP.
 <li>Fix some disklabel(8) bugs.
@@ -293,7 +294,7 @@
 <li>Make dump(8) work against filesystems not listed in fstab(5).
 <li>Rename libtelnet functions getent and getstr to avoid curses conflicts.
 <li>Disable all ISA PNP devices before doing the ISA scan.  This works around BIOS's which pre-map ISA PNP devices into known locations.
-<li>Correct panics and EINVAL returning cases in iovec using code. <a href=errata23.html#resid>A patch for this problem exists.</a>
+<li>Correct panics and EINVAL returning cases in iovec using code. <a href="errata23.html#resid">A patch for this problem exists.</a>
 <li>Fix battery remaining support in i386 apm.
 <li>Add i386 apm(4) manpage.
 <li>Fix mkstemp() calling code in libc/db/hash.
@@ -334,14 +335,14 @@
 <li>Update to Lite2 getenv(), which returns NULL for getenv(NULL).
 <li>Fix a problem with the PCI ncr(4) driver if many scsi devices were in use.
 <li>Improve db cache sizing heuristic in pwd_mkdb(8).
-<li><font color=#e00000><strong>Close a file descriptor leak in inetd(8).  <a href=errata23.html#inetd>A patch which solves the problem is available</a></strong></font>.
+<li><font color="#e00000"><strong>Close a file descriptor leak in inetd(8).  <a href="errata23.html#inetd">A patch which solves the problem is available</a></strong></font>.
 <li>Fix dump(8) to return exit code 1 for startup failures, as documented.
 <li>Improve performance of getpwent(3) in a YP environment.
 <li>Improve performance of pwd_mkdb(8).
 <li>More buffer overflow fixes in libpcap and such.
 <li>Fix "mount /mnt /mnt" so that it does not panic the machine.
 <li>cvs 1.9.28.
-<li>Fix locking code in unionfs.  This fixes a serious problem in unionfs. <a href=errata23.html#unionfs>A patch is available</a>.
+<li>Fix locking code in unionfs.  This fixes a serious problem in unionfs. <a href="errata23.html#unionfs">A patch is available</a>.
 <li>In ftpd, handle non-existant users as login now does -- sleep a while.
 <li>In the S3 audio driver, map additional registers at open() time instead of attach() time.
 <li>Use SEEK_SET and friends instead of L_SET and such, throughout the tree.
@@ -408,11 +409,11 @@
 <li>Fix <strong>fxp</strong> driver so that it works on buggy cards.
 <li>In make(1), fix bug for targets that began with "." and underwent suffix conversion.
 <li>Fix "mv b/ a" for the case when "a" is a directory.
-<li><font color=#e00000><strong>Ensure setuid and setgid processes are not started with fd slots 0, 1, or 2 empty.  The previous behaviour has security consequences. <a href=errata23.html#fdalloc>A patch which solves the problem is available</a></strong></font>.
+<li><font color="#e00000"><strong>Ensure setuid and setgid processes are not started with fd slots 0, 1, or 2 empty.  The previous behaviour has security consequences. <a href="errata23.html#fdalloc">A patch which solves the problem is available</a></strong></font>.
 <li>In man(1), when a man page cannot be found in a specified section, indicate which section the failure happened in.
 <li>Add new strlcpy(3) and strlcat(3) interfaces for simple bounded string copies.
 <li>Add new mkstemps(3) interface which is basically mkstemp(3) but with suffix support.
-<li><font color=#e00000><strong>Fix LED update lockup bugs in the i386 console driver (pcvt).  <a href=errata23.html#pcvt>A patch is available which fixes this problem</a></strong></font>.
+<li><font color="#e00000"><strong>Fix LED update lockup bugs in the i386 console driver (pcvt).  <a href="errata23.html#pcvt">A patch is available which fixes this problem</a></strong></font>.
 <li>Further improvements to photurisd(8).
 <li>Fix kvm_read(3) return values.
 <li>Overflow fix in ksh(1).
@@ -427,7 +428,7 @@
 <li>update to rdist 6.1.4 (plus our many patches).
 <li>In pcap(3), permit single-character hostnames.
 <li>Convert all DLT_LOOP interfaces to have a network byte order u_int32_t header containing the protocol.
-<li><font color=#e00000><strong>Fix a buffer overflow bug in the resolver.  The previous behaviour has security consequences. <a href=errata23.html#resolver>A patch which solves the problem is available</a></strong></font>.
+<li><font color="#e00000"><strong>Fix a buffer overflow bug in the resolver.  The previous behaviour has security consequences. <a href="errata23.html#resolver">A patch which solves the problem is available</a></strong></font>.
 <li>Fix select() on bpf descriptors.
 <li>Update the rc(8) manpage, and companion pages.
 <li>Fix at(1) to handle "now" as a valid time.
@@ -461,8 +462,8 @@
 <li>Various fixes to ftp(1).
 <li>Make getty(8) default to 8 bit mode.
 <li>Autodetect ATAPI cdrom drives that do not support ATAPI_READ_CD_CAPACITY.
-<li>The following patch was deleted later, ignore it: <font color=#e00000><strong>If a process is being ptraced, do not permit execution of an immutable binary, also, if a process is running an immutable binary, do not permit ptrace.  This can be a security issue. <a href=errata23.html#ptrace>A patch is available which fixes this problem</a></strong></font>.
-<li><font color=#e00000><strong>Various fixes to the i386 pctr(4) driver -- previously any user could crash most non-Intel processors. <a href=errata23.html#pctr>Fixes for 2.2 and 2.3 are detailed here</a></strong></font>.
+<li>The following patch was deleted later, ignore it: <font color="#e00000"><strong>If a process is being ptraced, do not permit execution of an immutable binary, also, if a process is running an immutable binary, do not permit ptrace.  This can be a security issue. <a href="errata23.html#ptrace">A patch is available which fixes this problem</a></strong></font>.
+<li><font color="#e00000"><strong>Various fixes to the i386 pctr(4) driver -- previously any user could crash most non-Intel processors. <a href="errata23.html#pctr">Fixes for 2.2 and 2.3 are detailed here</a></strong></font>.
 <li>Various new smtpd(8) fixes.
 <li>Change all modifications of struct sigaction's sa_mask field to use sigsetops(3).
 <li>Teach adduser(8) about the /sbin/nologin shell.
@@ -506,7 +507,7 @@
 <li>Install gdb(1) info pages.
 <li>New distribution install notes that use m4 instead of cpp for formatting.
 <li>In gdb, do not use 4.3 compatibility tty ioctl() calls.
-<li><font color=#e00000><strong>Constrain how kill(2) operates against target processes that are running setuid.  The previous unrestricted behaviour may have had security consequences. <a href=errata23.html#kill>The 4th revision of a patch which solves the problem is available</a></strong></font>.
+<li><font color="#e00000"><strong>Constrain how kill(2) operates against target processes that are running setuid.  The previous unrestricted behaviour may have had security consequences. <a href="errata23.html#kill">The 4th revision of a patch which solves the problem is available</a></strong></font>.
 <li>Fix a free() related bug in csh(1).
 <li>Fix a memory trashing bug in the IPSEC SPI chain delete function.
 <li>Fix acct(2) to work with append-only files.
@@ -528,7 +529,7 @@
 <li>Make perl(1) support calls to lockf(3) now that we have it.
 <li>Disable dynamic loading in the mips version of perl(1).
 <li>Make size(1) work on files created via <strong>ld -Z</strong>.
-<li><font color=#e00000><strong>A possible new security problem exists if you rely on securelevels and immutable or append-only files or character devices.  The fix does not permit mmap'ing of immutable or append-only files which are otherwise writeable, as the VM system will bypass the meaning of the file flags when writes happen to the file. <a href=errata23.html#immutable>A patch exists which solves the problem</a></strong></font>.
+<li><font color="#e00000"><strong>A possible new security problem exists if you rely on securelevels and immutable or append-only files or character devices.  The fix does not permit mmap'ing of immutable or append-only files which are otherwise writeable, as the VM system will bypass the meaning of the file flags when writes happen to the file. <a href="errata23.html#immutable">A patch exists which solves the problem</a></strong></font>.
 <li>Niklas is taking a shot at making our cross compiler toolset sufficient for a full cross compile of the vax port. 
 <li>Fix a file parsing overflow in kdb_util(8).
 <li>Make config(8) store the first free unit number in its tables so that pcmcia device re-insertion can come back to the same unit number.
@@ -546,12 +547,12 @@
 <li>Enable <strong>#pragma pack</strong> and <strong>#pragma weak</strong> support in gcc.
 <li>Fix at least one remotely activated buffer overflow in lynx(1).
 <li>Add information about more deviant scsi devices.
-<li><font color=#e00000><strong>A security issue exists in 2.2 and 2.3.  A lacking test for invalid padding length in IPSEC packets can cause a remote attack possibility if IPSEC is in use.  <a href=errata23.html#ipsec>A patch exists which solves the problem</a>. <a href=errata22.html#ipsec>(A similar patch exists for OpenBSD 2.2)</a></strong></font>.
+<li><font color="#e00000"><strong>A security issue exists in 2.2 and 2.3.  A lacking test for invalid padding length in IPSEC packets can cause a remote attack possibility if IPSEC is in use.  <a href="errata23.html#ipsec">A patch exists which solves the problem</a>. <a href="errata22.html#ipsec">(A similar patch exists for OpenBSD 2.2)</a></strong></font>.
 <li>Fix a select(3) bug in syslogd(8).
 <li>In the hp300 port, use actual code to determine how fast the 68040 cpu is running.
 <li>Add libossaudio(3) to the source tree.
 <li>In mail(1), do not attempt to remove a mail spool since directory write permission may not exist. Instead, simply truncate it.
-<li><font color=#e00000><strong>xterm(1) and libXaw contain security issues due to buffer mismanagement. <a href=errata23.html#xterm-xaw>A patch exists which solves the problem</a>. <a href=errata22.html#xterm-xaw>(A similar patch which solves the problem for OpenBSD 2.2 also exists)</a></strong></font>.
+<li><font color="#e00000"><strong>xterm(1) and libXaw contain security issues due to buffer mismanagement. <a href="errata23.html#xterm-xaw">A patch exists which solves the problem</a>. <a href="errata22.html#xterm-xaw">(A similar patch which solves the problem for OpenBSD 2.2 also exists)</a></strong></font>.
 <li>Permit relative adjustments in mixerctl(1) using +/- prefixes.
 <li>msdosfs in FAT32 mode would hang during a write.
 <li>Fix ZIP drive use on the hp300.
@@ -625,8 +626,8 @@
 
 <hr>
 <a href="index.html"><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a> 
-<a href=mailto:www@openbsd.org>www@openbsd.org</a>
-<br><small>$OpenBSD: plus24.html,v 1.15 2002/10/17 08:47:58 deraadt Exp $</small>
+<a href="mailto:www@openbsd.org">www@openbsd.org</a>
+<br><small>$OpenBSD: plus24.html,v 1.16 2003/03/06 16:27:10 naddy Exp $</small>
 
 </body>
 </html>