===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus35.html,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- www/plus35.html 2004/03/30 05:41:56 1.2
+++ www/plus35.html 2004/04/04 19:12:57 1.3
@@ -57,6 +57,28 @@
+
+- Don't use FD_ZERO(2) in isakmpd(8)'s privsep monitor.
+
- When binding UDP server sockets in isakmpd(8), check the sockaddr buffer is large enough before copying.
+
+
- Add some extra sanity checks for incoming pfsync(4) packets.
+
- Fix a kernel memory leak when deleting interface addresses (SIOCDIFADDR).
+
+
- Add a missing spl(9) around if_down() in vlan(4).
+
+
- In pf(4), properly m_copyback(9) the modified TCP sequence number after demodulation.
+
- Fix a use-after-free in carp(4).
+
- Raise carp(4) advskew to 240 while waiting for the pfsync(4) bulk update. This makes sure that other hosts can preempt a host that's booting up but hasn't got its network bearings yet.
+
+
- Fix a check-for-null-then-deref-anyway bug in icmp6.
+
- Fix a cut-and-pasto in pf(4)'s stateful ICMP code.
+
- Unbreak the ICMP checksum when pf(4) sequence number modulation is used.
+
+
- Disable carp error logging (sysctl(3) net.inet.carp.log) by default.
+
+
- Remove an unnecessary null termination in the isakmpd(8) privsep monitor.
+
- Teach file(1) about OpenBSD-amd64 binaries and coredumps.
+
- Add a small delay before the bulk update to stop pfsync(4) looping unnecessarily.
- Fix ssl(3) rmd160 breakage on sparc64.
- Teach tcpdump(8) how to display the new pfsync(4) bulk updates.
@@ -79,7 +101,7 @@
- Have privsep named(8) pass SIGINT to the child process.
- Upgrade Puffy to 3.5 and lock XF4 for release.
- Add final pieces of privilege separation for isakmpd(8) and switch it on.
-
- Add pxeboot(8) for i386, derived from NetBSD.
+
- Add pxeboot(8) for i386 and amd64, derived from NetBSD.
- Fix another stray semicolon, in tcpdump(8)'s ASN.1 printer this time.
- More mpt(4) fixes, more to come.
@@ -1437,6 +1459,8 @@
- Further realloc(3) cleanup.
+
- Re-engineer the pf(4) ioctl interface to allow near-100% atomicity for 'pfctl -f /etc/pf.conf' commands.
+ [Applied to stable]
- Fix bogus getutmp() error check in battlestar(6).
- Change the xfs backend from select to poll.
- Introduce 64-bit byteorder(3) macros.
@@ -1572,7 +1596,7 @@
www@openbsd.org
-
$OpenBSD: plus35.html,v 1.2 2004/03/30 05:41:56 david Exp $
+
$OpenBSD: plus35.html,v 1.3 2004/04/04 19:12:57 deraadt Exp $