===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus33.html,v
retrieving revision 1.52
retrieving revision 1.53
diff -u -r1.52 -r1.53
--- www/plus33.html 2016/08/15 02:22:08 1.52
+++ www/plus33.html 2017/03/25 18:03:36 1.53
@@ -436,7 +436,7 @@
Last part of the threaded fd improvements, fixing some bugs from stage one on the way.
Set an all-ones mask when doing pf(4) routing, since round-robin on the whole address space is unlikely to be the desired result.
-First installment of improvements to threaded file descriptor handling (see the checkin comment for details).
+First installment of improvements to threaded file descriptor handling (see the checkin comment for details).
isakmpd(8) now sets the Default-Phase-1-Configuration transform to 3DES-SHA-RSA_SIG, the same as OpenBSD 3.2.
Don't load a signed int into the ssh(1) buffer when doing BSD auth; the buffer type only supports unsigned ints.
@@ -460,7 +460,7 @@
Check TCP, UDP, ICMP and ICMP6 checksums in pf(4), and make the sum isn't recalculated when the packet hits layer 4 in the kernel. Packets with invalid checksums are silently dropped, to avoid firewall detection by use of filter responses to bad packets.
Make pf(4)'s TCP state inspection RFC 763 compliant, and send a reset when presented with SYN-cookie schemes that send out-of-window ACKs during the TCP handshake.
Now that route(8) is no longer setuid root, check the effective uid instead of the real uid.
-Fix a number of filesystem locking issues, for details see the checkin comment.
+Fix a number of filesystem locking issues, for details see the checkin comment.
Fix an ICMP mbuf leak.
[Applied to stable]
@@ -478,7 +478,7 @@
Make the resolver code in libc more thread-safe.
Fix an fd_set overflow in telnetd(8).
-Improvements to pthreads signal handling. See the checkin comment for details.
+Improvements to pthreads signal handling. See the checkin comment for details.
For eg(4), el(4), ie(4/HPPA) and url(4) zero-pad frames smaller than the minimum frame length.
Update the termcap entry colours for wsvt25 to match reality.
If the -a option is given to pfctl(8) to specify an anchor, don't allow operations that have a global effect.
@@ -532,7 +532,7 @@
Have /etc/rc generate the BIND 9 rndc(8) shared secret if it doesn't exist.
Add BIND 9 configuration files.
Skip DNSSEC programs in BIND 9.
-Begin import of BIND 9.2.2rc1. (Local changes documented in README.OpenBSD.)
+Begin import of BIND 9.2.2rc1. (Local changes documented in README.OpenBSD.)
Fix some silly pastos in pfctl(8) table code.
Create /var/empty/dev/log for programs that chroot(2) to /var/empty.
Fix a typo in pf(4) DIOCRSETTFLAGS implmentation, so it doesn't look like changing a table flag created a table when in fact it deleted one.
@@ -559,13 +559,13 @@
Unbreak pf(4) nat random source port assignment. Now a rule has to actually ask for static-port in order to get it.
Enable the pfctl(8) 'static-port' keyword.
-Extensive ld(1) changes to better protect ELF executables from tampering (see the checkin comment for details).
+Extensive ld(1) changes to better protect ELF executables from tampering (see the checkin comment for details).
Add new output format option '-f' to ncheck_ffs(8).
ncheck_ffs(8) no longer reports when the set[ug]id bits are set on directories, since these are meaningless in OpenBSD.
Fix a missing YYERROR in the pfctl(8) parser.
Deal with cd(4) drives that are picky about being asked to play the leadout track.
-Note with regret and sadness that the freely available PCI vendor and device list is no longer available.
+Note with regret and sadness that the freely available PCI vendor and device list is no longer available.
Bring protocols(5) more into line with current reality.
More improvements and device additions to pciide(4).