www/plus.html - diff

Return to plus.html CVS log

Up to [local] / www

Diff for /www/plus.html between version 1.856 and 1.857

version 1.856, 2003/01/18 20:05:08

version 1.857, 2003/02/03 23:59:32

Line 50

<h3>We are working on OpenBSD-current.</h3>

The following list sums up (almost) all the changes made up to January 17.

The following list sums up (almost) all the changes made up to February 1.

<ul>

<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> build without IPv6.

<li>Fix an mbuf leak in the ESP code.

<li>Correct a bad array index in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a>.

<li>Fix multicast problems with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vlan&sektion=4">vlan(4)</a>, and also remove some unnecessary Ethernet-specificity from the driver.

<li>Really fix combination of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> translation and route-to/reply-to.

<li>Check TCP, UDP, ICMP and ICMP6 checksums in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>, and make the sum isn't recalculated when the packet hits layer 4 in the kernel. Packets with invalid checksums are silently dropped, to avoid <a href="http://www.phrack.org/phrack/60/p60-0x0c.txt">firewall detection</a> by use of filter responses to bad packets.

<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>'s TCP state inspection RFC 763 compliant, and send a reset when presented with SYN-cookie schemes that send out-of-window ACKs during the TCP handshake.

<li>Now that <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=route&sektion=8">route(8)</a> is no longer setuid root, check the effective uid instead of the real uid.

<li>Fix a number of filesystem locking issues, for details see the <a href="http://www.openbsd.org/cgi-bin/cvsweb/src/sys/kern/vfs_cache.c?rev=1.9&content-type=text/x-cvsweb-markup">checkin comment</a>.

<li>Fix an ICMP mbuf leak.

<a href="stable.html">[Applied to stable]</a>

<li>Create a fake siginfo_t for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pthread_kill&sektion=3">pthread_kill(3)</a>.

<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&sektion=8">dhcpd(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcrelay&sektion=8">dhcrelay(8)</a> trying to use dead interfaces.

<li>For ELF images, put .rodata in a separate section to the program text, so the read-only data is no longer executable.

<li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a> interface modifiers: <if>:network for the interface's connected network(s) and <if>:broadcast for the interface's broadcast address(es).

<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&sektion=8">spamd(8)</a> revoke privileges earlier so it can bind to a priviliged port if desired.

<li>Mirror the a.out initialise-dependent-libraries-first change for ELF.

<li>For POSIX reasons, make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=setreuid&sektion=2">setre[ug]id(2)</a> real system calls again (albeit still implemented using setres[ug]id()) instead of 4.3BSD compatibility library calls.

<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=authpf&sektion=8">authpf(8)</a> sets the process title to '<user>@<ip>'.

<li>Add a missing ntohs in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a> so that <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> actions get printed correctly.

<li>Make the resolver code in libc more thread-safe.

<li>Fix an fd_set overflow in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=telnetd&sektion=8">telnetd(8)</a>.

<li>Improvements to pthreads signal handling. See the <a href="http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libpthread/uthread/uthread_sig.c?rev=1.18&content-type=text/x-cvsweb-markup">checkin comment</a> for details.

<li>For <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=eg&sektion=4">eg(4)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=el&sektion=4">el(4)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ie&sektion=4&arch=hppa">ie(4/HPPA)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=url&sektion=4">url(4)</a> zero-pad frames smaller than the minimum frame length.

<li>Update the termcap entry colours for wsvt25 to match reality.

<li>If the -a option is given to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> to specify an anchor, don't allow operations that have a global effect.

<li>Make sure <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a> correctly exits from the loop that prints IPv6 option headers.

<li>Use record instead of play parameters to calculate the record high watermark in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=audio&sektion=4">audio(4)</a>.

<li>Don't have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp-proxy&sektion=8">ftp-proxy(8)</a> remove leading spaces, this can break multiline commands.

<li>Further cleanups and shrinkage of the installer scripts.

<li>Correct operation of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> rdr rules involving port ranges. Now the from- and to-range sizes can differ.

<li>Stop bogus packet drops during <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> normalisation when an offset went negative.

<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> -n option operation with table statements.

<li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> tables to be initialised from a file listed in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a>.

<li>Better checking and error reporting for illegal table-related constructs in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> rules.

<li>Improve TCP performance by sending segments of no more than half the send buffer space limit. This means that (if enough data is available to be sent) there will always be at least two segments sent. A BSD receiver-TCP will turn off delayed ACKs with more than one un-ACK'd packet on a socket.

<li>Improvements to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newsyslog&sektion=8">newsyslog(8)</a> monitor mode.

<li>Plug a potential memory leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&sektion=8">spamd(8)</a>.

<li>Make sure <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xinit&sektion=1">xinit(1)</a> never leaks the MIT_MAGIC_COOKIE via the command line.

<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vipw&sektion=8">vipw(8)</a>'s use of timestamps to detect changes to the temp file.

<li>Make sure a thread's signal handlers aren't run until the thread is made current.

<li>Save the fpu state when switching threads on i386 and sparc64, floating-point preemption regression tests now pass on these architectures.

<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ndc&sektion=8">ndc(8)</a>'s reading of the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rc.conf&sektion=8">rc.conf(8)</a> variable NAMED_FLAGS.

<li>Fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>'s TCP window scaling support.

<li>pfctl -vvsq display (altq stats) gets more useful, showing bandwidth and packet rate stats for CBQ and PRIQ.

<li>Install <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nslookup&sektion=8">nslookup(8)</a> along with BIND 9, and don't print the irritating deprecation warning.

<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp-proxy&sektion=8">ftp-proxy(8)</a> now honours the TCP_WRAPPERS setting in mk.conf.

<li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1">cvs(1)</a> Checkin-Prog and Update-prog to be disabled with the new CVSROOT/config option "DisableXProg"

<li>Always use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=splimp&sektion=9">splimp(9)</a> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a>, fixing some transmission failures.

<li>Add -1 and -2 options to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&sektion=1">scp(1)</a> to force SSH protocol 1 or 2 respectively.

<li>New -l bandwidth-limiter option for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&sektion=1">scp(1)</a>.

<li>New -c option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-add&sektion=1">ssh-add(1)</a>, that forces <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a> to pop up a dialog requesting confirmation of the use of a stored key.

<li>Don't have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> crash the kernel when translating icmp6 packets.

<li>More updates to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=unifdef&sektion=1">unifdef(1)</a>.

<li>strcpy -> strlcpy in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&sektion=1">ftp(1)</a> macro expansion.

<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> tables automatically spring into existence when referred to by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> add or replace commands.

<li>Add <a href="http://www.ietf.org/rfc/rfc1323.txt">RFC 1323</a> TCP window scaling support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.

<li>Improvements to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> hostap timeouts.

<li>Add new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a> -t option to set the default key lifetime.

<li>Add a generic watchdog interface and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(8)</a> kern.watchdog.

<li>Shrink <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> and save some space on the install floppies by removing hostap code when compiled with -DSMALL_KERNEL.

<li>Use the right variable type when <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=traceroute6&sektion=8">traceroute6(8)</a> fetches the default hop limit via <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a>.

<li>Tweak <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=compat_linux&sektion=8">compat_linux(8)</a> socket syscall emulation. Improves emulation of programs using UDP.

<li>Fix an incorrect argument length passed to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=setsockopt&sektion=2">setsockopt(2)</a> by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=traceroute6&sektion=8">traceroute6(8)</a>.

<li>bzero() after <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=malloc&sektion=9">malloc(9)</a> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=siop&sektion=4">siop(4)</a>.

<a href="stable.html">[Applied to stable]</a>

<li>Have /etc/rc generate the BIND 9 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rndc&sektion=8">rndc(8)</a> shared secret if it doesn't exist.

<li>Add BIND 9 configuration files.

<li>Skip DNSSEC programs in BIND 9.

<li>Begin import of BIND 9.2.2rc1. (Local changes documented in <a href="http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/bind/README.OpenBSD?rev=1.1&content-type=text/x-cvsweb-markup">README.OpenBSD</a>.)

<li>Fix some silly pastos in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> table code.

<li>Create /var/empty/dev/log for programs that <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chroot&sektion=2">chroot(2)</a> to /var/empty.

<li>Fix a typo in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> DIOCRSETTFLAGS implmentation, so it doesn't look like changing a table flag created a table when in fact it deleted one.

<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslog&sektion=3">syslog(3)</a> from reconnecting to /dev/log on an ENOBUFS as this doesn't help, and it hurts <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chroot&sektion=2">chroot(2)</a>'ed processes.

<li>Change <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chroot&sektion=2">chroot(2)</a>'ed daemons <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=portmap&sektion=8">portmap(8)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rstatd&sektion=8">rstatd(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rusersd&sektion=8">rusersd(8)</a> to use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=openlog&sektion=3">openlog(3)</a> with LOG_NDELAY.

<li>Implement <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sigaltstack&sektion=2">sigaltstack(2)</a> under pthreads.

<li>Copy the thread sources (including CVS history) from lib/libc_r to lib/pthread, and move libc_r into the Attic.

<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> show more information with -vvs[rn] for rules containing tables.

<li>SECURITY FIX: January 20, 2003: A double free in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1">cvs(1)</a> could allow an attacker to execute code with the privileges of the user running cvs. This is only an issue when the cvs command is being run on a user's behalf as a different user. This means that, in most cases, the issue only exists for cvs configurations that use the pserver client/server connection method.

<a href="errata.html#cvs">A source code patch is available</a>.

<a href="stable.html">[Applied to stable]</a>

<li>Add an invalid ioctl sanity check to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gif&sektion=4">gif(4)</a>.

<li>Bring <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=perl&sektion=1">perl(1)</a>'s build into line with the libc_r -> pthread move.

<li>Big improvements to a.out library dependency handling.

<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=select&sektion=2">select(2)</a> a thread cancellation point as per the standard.

<li>Fix some locking-related <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=raidctl&sektion=8">raidctl(8)</a> panics.

<li>Updates to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=unifdef&sektion=1">unifdef(1)</a>.

<li>Fix a null deref in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> when processing the -k option.

<li>Big cleanup of host() in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> parser.

<li>When running <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> with insufficient privileges to open /dev/pf, make the -n option work as a syntax checker for table commands.

<li>Unbreak <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> nat random source port assignment. Now a rule has to actually ask for static-port in order to get it.

<li>Enable the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> 'static-port' keyword.

<li>Extensive <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld&sektion=1">ld(1)</a> changes to better protect ELF executables from tampering (see the <a href="http://www.openbsd.org/cgi-bin/cvsweb/src/gnu/usr.bin/binutils/bfd/elf.c?rev=1.13&content-type=text/x-cvsweb-markup">checkin comment</a> for details.)

Line 71

Line 177

<li>Create PIC archives for a number of X libs, useful for ports that create shared libraries.

<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nfsstat&sektion=1">nfsstat(1)</a> displaying info for the no-longer-supported <a href="http://docs.freebsd.org/44doc/papers/nqnfs.html">NQNFS</a> protocol.

<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nfsstat&sektion=1">nfsstat(1)</a>'s filesystem id lookup, and a minor buffer overrun.

<li>Fix some minor bugs in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> radix table creation.

<li>Fix some minor bugs in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> table creation.

<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> recognise the '-T load' option like it used to.

<li>Plug a memory leak in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> radix table code when using PFR_FLAG_DUMMY.

<li>Plug a memory leak in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> table code when using PFR_FLAG_DUMMY.

<li>For the benefit of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient&sektion=8">dhclient(8)</a>, allow outbound pings from the initial <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> rulebase installed by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rc&sektion=8">rc(8)</a>.

<li>Pull all the IP address parsing code of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> into one place.

Line 83

Line 189

<li>/etc/weekly is now built (by default) in /var/tmp rather than /tmp.

<li>Add an extra sanity check in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=malloc&sektion=3">malloc(3)</a> to prevent size_t overflows.

<li>Better input checking and error handling in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> radix tables code.

<li>Better input checking and error handling in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> table code.

<li>Begin converting <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vmstat&sektion=8">vmstat(8)</a> with the -i option to use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> instead of kvm.

<li>Start work on NVIDIA nForce support.

<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> radix tables now understand CIDR-notation IPv4 addresses.

<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> now supports CIDR-notation IPv4 addresses when manipulating tables.

<li>Some command-line fixes and tweaks to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rusers&sektion=1">rusers(1)</a>.

<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rm&sektion=1">rm(1)</a> with the -P option from overwriting files with multiple links.

<li>Fix handling of addition and subtraction of negated addresses to radix tables in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.

<li>Fix handling of addition and subtraction of negated addresses to tables in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.

<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> only show the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=socket&sektion=2">socket(2)</a> error for the last address to which one tries to connect.

<li>Don't fill files full of holes with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftruncate&sektion=2">ftruncate(2)</a> after a write error in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rcp&sektion=1">rcp(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&sektion=1">scp(1)</a>.

<li>Add a progress meter to the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a> client.

Line 101

Line 207

<li>Various strl* return value checks in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.

<li>Initial support for queue statistics display for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> (-vsq option.)

<li>'Default-Phase-1-Configuration' -> 'Default-phase-1-configuration', 'Default-Phase-2-Suites' -> 'Default-phase-2-suites' in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>.

<li>New radix table manipulation syntax for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a>, and a corresponding new -Tl option for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.

<li>New table manipulation syntax for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a>, and a corresponding new -Tl option for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.

<li>Add support for active/inactive <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> radix tablesets in the kernel

<li>Add support for active/inactive <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> tablesets in the kernel

<li>Enable SET/ACK in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> when acting as an ike-mode-cfg responder.

<li>Improvements and fixes to batch mode <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a>.

Line 117

Line 223

<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>'s string parser can handle strings beginning with an underscore, useful for all those new daemon usernames.

<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=authpf&sektion=8">authpf(8)</a> clean up after failed previous incarnations of itself.

<li>Don't allow s[eh]mmni to be set (via the newish <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=8">sysctl(8)</a> interface) greater than 0xffff, to prevent id collisions due to wraparound.

<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> radix tables now spring into and out of existence on demand.

<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> tables now spring into and out of existence on demand.

<li>Fix the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sudoers&sektion=5">sudoers(5)</a> parser's handling of EOF not preceded by newline.

<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a> from always adding u+w permissions to files pulled by get -p.

<li>Values set in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl.conf&sektion=5">sysctl.conf(5)</a> can contain spaces when quoted as for sh.

Line 139

Line 245

<li>Remove code in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld&sektion=1">ld(1)</a> to force linking against a specific library version.

<li>Add console support for Polish and Turkish keyboard layouts.

<li>Add the userland support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> radix tables to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=authpf&sektion=8">authpf(8)</a>.

<li>Add the userland support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> tables to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=authpf&sektion=8">authpf(8)</a>.

<li>Remove reference to the now obsolete <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=screenblank&sektion=0&manpath=OpenBSD+3.2&arch=sparc">screenblank</a> from /etc/rc.

<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dig&sektion=1">dig(1)</a> time display on 64-bit big-endian targets.

<li>Do a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a> routing update if the source interface is in the LEARNING state, not the destination interface.

Line 148

Line 254

<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslog&sektion=3">syslog(3)</a> parse '%%m' correctly.

<li>Fix a null deref in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=at&sektion=1">at(1)</a>.

<li>Require a direction for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> rules that do routing.

<li>When combining (route|reply)-to and translation in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> rules, make sure a state table insertion is only attempted once.

<li>Note (in the system copyright message) that it's now 2003.

<li>Update to sendmail 8.12.7.

<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a> display all <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> rule types instead of just pass/block rules.

<li>Make the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> radix table code handle duplicate table names and/or duplicate addresses in a single <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ioctl&sektion=2">ioctl(2)</a> call.

<li>Make the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> table code handle duplicate table names and/or duplicate addresses in a single <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ioctl&sektion=2">ioctl(2)</a> call.

<li>Remove the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> skip-step for rule action (scrub or no-scrub.)

<li>Properly update <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> scrub rule statistics.

Line 182

Line 288

<li>Make 'pfctl -a name -s[rn]' show all rules or nats in all rulesets on anchor 'name'.

<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=authpf&sektion=8">authpf(8)</a>, set the macro '$user_id' to the username.

<li>Fix a couple of missed semaphore counter updates.

<li>Add kernel portion of radix table support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> rule source and destination addresses.

<li>Add kernel portion of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> support for efficient tables of addresses (currently implemented as radix tables similar to the kernel routing table).

<li>Remove an extraneous semicolon in <sys/cdefs.h> that broke some C++ compilers.

<li>Fix an amusingly incorrect <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=calloc&sektion=3">calloc(3)</a> size in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nc&sektion=1">nc(1)</a>.

Line 207

Line 313

<li>Avoid a null deref in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pppd&sektion=8">pppd(8)</a>.

<li>Remove a couple of extra <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ntohs&sektion=3">ntohs(3)</a> calls in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfsync&sektion=4">pfsync(4)</a>.

<li>Cleanup of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atactl&sektion=8">atactl(8)</a>.

<li>Fix device attachment bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=siop&sektion=4">siop(4)</a>.

<a href="stable.html">[Applied to stable]</a>

<li>Update Perl's <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=Safe&sektion=0">Safe(3p)</a> module to 2.09, fixing a <a href="http://archive.develooper.com/perl5-porters@perl.org/msg87643.html">security hole</a>.

<a href="stable.html">[Applied to stable]</a>

<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newsyslog&sektion=8">newsyslog(8)</a> error messages now contain the line number.

<li>Have 'chroot -U' do a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=setlogin&sektion=2">setlogin(2)</a> if the caller is, or can be made into, the session leader.

<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chroot&sektion=8">chroot(8)</a> check for $SHELL defined as null as well as for undef.

Line 389

Line 498

<li>Tweak <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>'s handling of address families in rules.

<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> fetch the address properly for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lo&sektion=4">lo(4)</a> with LINK1 set.

<li>Use 1KB = 1000B instead of 1024B when dealing with bandwidth in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.

<li>Fix URL CRLF injection bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lynx&sektion=1">lynx(1)</a>.

<li>Fix URL CRLF injection bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lynx&sektion=1">lynx(1)</a>.

<a href="stable.html">[Applied to stable]</a>

<li>Add a missing check for snprintf errors in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=identd&sektion=8">identd(8)</a>.

<li>Protect arc4_getbyte() with an splhigh().

<li>Some cleanup in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=talkd&sektion=8">talkd(8)</a>.

Line 477

Line 586

<li>Allow '$' as the last character of a username, to appease Samba.

<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>'s -e option (log to stderr) work.

<li>Make the minimum file rotation size 512 bytes instead of 512Kbytes...

<li>Rearrange payload length check for ESP packets so packets with NULL encryption are tested also.

<li>Rearrange payload length check for ESP packets so packets with NULL encryption are tested also.

<a href="stable.html">[Applied to stable]</a>

<li>Don't allow a simple non-existent server to crash <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=altqstat&sektion=1">altqstat(1)</a>.

<li>Solve problems static linking with -lpthread. (-static -pthread still broken.)

Line 487

Line 596

<li>Keep a correct reference count to the file referenced by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ioctl&sektion=2">ioctl(2)</a> under SVR4 emulation.

<li>Gracefully handle broken firewalls that block ECN-enabled TCP sessions by falling back to non-ECN.

<li>Gracefully handle broken firewalls that block ECN-enabled TCP sessions by falling back to non-ECN.

<a href="stable.html">[Applied to stable]</a>

<li>Some thread-safety fixes to libc.

<li>Add a cast to handle properly size_t larger than u_int in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>.

<li>Fix some problems <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gzip&sektion=1">gzip(1)</a> had displaying information on files > 2GB.

Line 516

Line 626

<li>To a chorus of approval, add the 'set require-order [yes|no]' option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a>.

<li>Remove a bogus test in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dd&sektion=1">dd(1)</a> that stopped a perfectly legal seek on a character device.

<li>Merge mod_ssl 2.8.12, fixing a cross-site scripting bug and two off-by-ones.

<li>Merge mod_ssl 2.8.12, fixing a cross-site scripting bug and two off-by-ones.

<a href="stable.html">[Applied to stable]</a>

<li>Add a missing break statement in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>'s arguments parsing code.

<li>Add getdents64() support under Linux emulation.

Line 599

Line 709

<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> can now binat a whole netblock with one rule.

<li>Remove a potential null pointer deref in BSD authentication code.

<li>Fix a bad printf format string in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftpd&sektion=8">ftpd(8)</a>. Non-critical because it's only ever fed by parts of the authentication system which sanitise the input first.

<a href="stable.html">[Applied to stable]</a>

<li>Do some more unsigned checks to system call parameters, as with the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=setitimer&sektion=2">setitimer(2)</a> <a href="http://www.openbsd.org/errata31.html#kerntime">erratum</a>.

<a href="stable.html">[Applied to stable]</a>