version 1.877, 2003/05/11 18:24:58 |
version 1.878, 2003/05/28 02:50:24 |
|
|
|
|
<p> |
<p> |
<h3><font color="#0000e0">We are working on OpenBSD-current.</font></h3><p> |
<h3><font color="#0000e0">We are working on OpenBSD-current.</font></h3><p> |
The following list sums up (almost) all the changes made up to May 10. |
The following list sums up (almost) all the changes made up to May 25. |
<p> |
<p> |
|
|
<ul> |
<ul> |
<li>Merge in <a href="http://www.pdc.kth.se/heimdal/">Heimdal</a> Kerberos V 0.6rc1. |
<!-- ^ 20030526 --> |
|
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xdm&sektion=1">xdm(1)</a>'s XDMCP queries (XFree86 bug <a href="http://bugs.xfree86.org/cgi-bin/bugzilla/show_bug.cgi?id=277">#277</a>.) |
|
<li>Unbreak <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> binat rules after recent netmask check changes. |
|
<!-- ^ 20030525 --> |
|
<li>Improve <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>'s netmask validity check. |
|
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> properly free buffers and initialise pointers when working on tables. |
|
<li>Push <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> syslog output through <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strnvis&sektion=3">strnvis(3)</a> first. |
|
<!-- ^ 20030524 --> |
|
<li>Fix an fdset leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>. |
|
<!-- ^ 20030523 --> |
|
<li>Remove unsafe <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sprintf&sektion=9&manpath=OpenBSD+3.3">sprintf(9)</a> and vsprintf() functions from the kernel. |
|
<!-- ^ 20030522 --> |
|
<li>Ignore media changes for the first command issued to an <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sd&sektion=4">sd(4)</a> device. See the <a href="http://helicon/cgi-bin/cvsweb/src/sys/scsi/sd.c#rev1.61">checkin comment</a> for details. |
|
<li>Match kernel <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vprintf&sektion=9">vprintf(9)</a> prototype to that of userland. |
|
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getconf&sektion=1">getconf(1)</a> return _POSIX_PATH_MAX instead of _POSIX_PIPE_MAX when asked for the former. |
|
<!-- ^ 20030521 --> |
|
<li>Now that kernels are built with propolice, build modules with it too. |
|
<li>New hardware monitoring sensors driver <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=it&sektion=4">it(4)</a>. |
|
<li>Fix endianness problems in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dc&sektion=4">dc(4)</a> that caused multicast reception to fail when using Centaur chips. |
|
<li>Add a missing initialisation in altq HFSC. |
|
<li>Add read-only NTFS support, ported from NetBSD. Not enabled in GENERIC. |
|
<li>Add a flag to reverse the stereo on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=auich&sektion=4">auich(4)</a>. |
|
<!-- ^ 20030520 --> |
|
<li>Limit the return value of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nice&sektion=3">nice(3)</a> to -NZERO ≤ nice ≤ NZERO, where NZERO=20. |
|
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> fail hard when fed invalid hostnames and netmasks. |
|
<li>Many games fixes from NetBSD. |
|
<li>Allow the i386 and hppa bootloaders to skip the interactive portion altogether. |
|
<li>Fix a badly broken switch statement affecting SO_DEBUG in tcp_input.c. |
|
<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lpr&sektion=1">lpr(1)</a> from checking if the printed file is an executable. Leave this to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lpd&sektion=8">lpd(8)</a> filters. |
|
<li>Use a decay filter to get better altq throughput statistics out of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>. |
|
<!-- ^ 20030519 --> |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>'s do_log(), use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslog_r&sektion=3">syslog_r(3)</a> in code that can be called from a signal handler. |
|
<li>Severely restrict the paths that privsep <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> can read from and write to. |
|
<li>Use sockaddr_storage instead of sockaddr in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> to fix interface rescanning. |
|
<li>Keep X.509 private keys only in the privileged part of privsep <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>. |
|
<li>When using the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> SYN proxy, make sure ACKs are sent with the correct window size. |
|
<li>Wait longer for slow USB devices to be ready for attachment. |
|
<!-- ^ 20030518 --> |
|
<li>Don't build libperl in the libraries pass of 'make build', as we want Perl's configure to pick up details of the libraries that the build may be changing. Another leapfrog-in-waiting. |
|
<li>Add regen target in libkrb5 to remove (again) the dependency on an up-to-date asn1_compile. |
|
<li>Complain more consistently about a missing 80-wire IDE cable (for UDMA mode > 2.) |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslogd&sektion=8">syslogd(8)</a> don't use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strlcpy&sektion=3">strlcpy(3)</a> when printing strings out of struct utmp, since those strings aren't null terminated. |
|
<li>Don't ARP for our IP address aliases, treat them as local. |
|
<li>Merge in a number of USB SCSI device updates from NetBSD. |
|
<li>Add experimental support for aes-ctr <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> ciphers. |
|
<li>Apply some of the USB SCSI improvements to the FireWire code as well. |
|
<li>Add string length bounds to an <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sscanf&sektion=3">sscanf(3)</a> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>'s rhosts auth code. |
|
<li>Pull in a fix for directory creation under <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>. |
|
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> rdr rules with address pools using bitmask and source-hash address selection. |
|
<li>Allow inverse matching of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> tags. |
|
<li>Fix media handling for Intel <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dc&sektion=4">dc(4)</a> devices. |
|
<!-- ^ 20030517 --> |
|
<li>Use the right buffer in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&sektion=8">spamd(8)</a>'s connection handler. |
|
<li>Use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mmap&sektion=2">mmap(2)</a> instead of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=malloc&sektion=3">malloc(3)</a> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vfprintf&sektion=3">vfprintf(3)</a> when more memory is needed to store arguments. See the <a href="http://helicon/cgi-bin/cvsweb/src/lib/libc/stdio/vfprintf.c#rev1.19">checkin comment</a> for why. |
|
<li>New Renegotiate-on-HUP option for the [general] section of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd.conf&sektion=5">isakmpd.conf(5)</a> will cause all Phase 2 SAs to be renegotiated. |
|
<li>Fix a couple of signedness nits in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ksh&sektion=1">ksh(1)</a>. |
|
<li>Improvements to USB SCSI support. |
|
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a>'s up and down cursor movement. |
|
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ksh&sektion=1">ksh(1)</a> use the libc <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dup2&sektion=2">dup2(2)</a> instead of its own. |
|
<li>Fare thee well, Kerberos IV. |
|
<li>Another big-bucks firewall feature performed by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>: TCP SYN proxy, enabled with 'synproxy state' (this implies modulate state.) |
|
<li>New AddressFamily option for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> that works like the -4 and -6 command line options (portable OpenSSH <a href="http://bugzilla.mindrot.org/show_bug.cgi?id=534">bug 534</a>.) |
|
<li>Allow address comparison in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> to work on sparc64. |
|
<li>Prevent a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamd-setup&sektion=8">spamd-setup(8)</a> crash with a config file consisting of only invalid input. |
|
<!-- ^ 20030516 --> |
|
<li>Don't assume that rt->rt_ifp is valid in IPv6 neighbour discovery. |
|
<li>Add new ConnectTimeout option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>. |
|
<li>Disable Kerberos options to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> programs if Kerberos isn't compiled in, and warn if they're used. |
|
<li>Have 'ssh -V' print the OpenSSL version properly, instead of trying to %s on a long. |
|
<li>Repair IPsec forwarding for IPv6, fixing PR#3231. |
|
<li>Fix a hang in libwrap when the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hosts_access&sektion=5">hosts_access(5)</a> file has a line containing > 2048 characters. (NetBSD pr#15025.) |
|
<li>Add multi-column output to the ls command of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a>. |
|
<li>Wash untrusted input to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mail&sektion=1">mail(1)</a> through <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vis&sektion=3">vis(3)</a> before display. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>, don't store the private key in data structures we pass around a lot. |
|
<li>Fix a missing <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=freerrset&sektion=3">freerrset(3)</a> in new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> dnsfp code. |
|
<li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fmt_scaled&sektion=3">fmt_scaled(3)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scan_scaled&sektion=3">scan_scaled(3)</a> functions in libutil, for writing and reading numbers with human-readable scales. |
|
<li>Like for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=8">sysctl(8)</a>, add a -q option to shut <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mixerctl&sektion=1">mixerctl(1)</a>'s -w option up. |
|
<li>Preliminary privilege separation support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>, not enabled by default for now. |
|
<li>Fix deregistration of per-authentication method handlers in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=faithd&sektion=8">faithd(8)</a> specify IPPROTO_TCP explicitly in anticipation of a day when <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getaddrinfo&sektion=3">getaddrinfo(3)</a> supports sctp. |
|
<!-- ^ 20030515 --> |
|
<li>Prepare to move all KerberosV libraries to /usr/lib. |
|
<li>More TCP scrubbing: Modulate TCP timestamps to frustrate NAT detection and prevent remote uptime guesses. New scrub option 'reassemble tcp'. |
|
<li>Kill more unwanted <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=le&sektion=4&arch=i386">le(4)</a> 'lost carrier' moans. |
|
<li>Remove the rather short-lived kernel option LONGRUN, it's now standard except SMALL_KERNEL is defined. |
|
<li>Enable <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> tagging support for rdr and binat rules. |
|
<li>Add _isakmpd user and group for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> privsep. |
|
<li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> clients to send a BREAK to the remote server if it supports it (SSHv2 only.) |
|
<li>Add _kdc and _kadmin users and groups for the respective KerberosV <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kdc&sektion=8">kdc(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kadmind&sektion=8">kadmind(8)</a> daemons. |
|
<li>On i386, support Transmeta LongRun power management (kernel option LONGRUN, enabled by default.) |
|
<li>Add a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> tag for each rule that matches, not just the last one. |
|
<li>Remove gated stuff from /etc/rc and /etc/rc.conf. |
|
<li>Add experimental support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> host key fingerprint verification using DNS records (dnsfp.) Not built by default. See src/usr.bin/ssh/README.dns for details and build instructions. |
|
<li>Unbreak <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=malloc&sektion=3">malloc(3)</a> map_pages() failure test on 64-bit architectures. |
|
<li>Back out many recent <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> changes until they're working right. |
|
<li>Disable KerberosIV support in XFree. |
|
<li>Make sure <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> privsep children die when the monitor parent goes away (OpenSSH <a href="http://bugzilla.mindrot.org/show_bug.cgi?id=560">bug 560</a>.) |
|
<li>Upgrade <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pflogd&sektion=8">pflogd(8)</a> to use the new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bpf&sektion=4">bpf(4)</a> link type too. |
|
<li>Teach <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a> and libpcap about the new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pflog&sektion=4">pflog(4)</a> link type in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bpf&sektion=4">bpf(4)</a>. |
|
<li>Upgrade <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bpf&sektion=4">bpf(4)</a> support for the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pflog&sektion=4">pflog(4)</a> link type to the 'official' and more extensible version from the <a href="http://www.tcpdump.org/">libpcap</a> people. |
|
<li>Start stripping out KerberosIV support from programs. |
|
<li>When handling a numeric nodename in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getaddrinfo&sektion=3">getaddrinfo(3)</a>, set the canonical hostname to the numeric address as per <a href="http://www.ietf.org/rfc/rfc3493.txt">RFC3493</a>. |
|
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vis&sektion=3">vis(3)</a>'s VIS_SAFE behaviour match the manpage w.r.t <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isgraph&sektion=3">isgraph(3)</a>. |
|
<li>Allow tags to be specified for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> block rules (which aren't allowed to keep state.) |
|
<li>Allow the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a> scrub keyword to take a protocol specifier again. |
|
<li>Remove KerberosIV support from KerberosV code. |
|
<li>Add packet tag support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> nat rules. |
|
<li>Correct a string length problem and a missing null init in libreadline. |
|
<li>Add kerberos-over-ssh2 support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>. |
|
<li>Reapply the move of Ethernet definitions to <net/ethertypes.h>, but this time have <netinet/if_ether.h> read them in for compatibility reasons. |
|
<li>New -q flag for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=8">sysctl(8)</a> to suppress output from the -w option. |
|
<li>Fix a circular dependency by removing libtelnet, instead compile the code directly into <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=telnet&sektion=1">telnet(1)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=telnetd&sektion=8">telnetd(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tn3270&sektion=1">tn3270(1)</a> from files in libexec/telnetd. |
|
<li>Move contents of libkafs into libkrb5, leave libkafs as an empty dummy library. |
|
<li>Fix a use-after-free in the new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> tagging code in the kernel. |
|
<li>Enable the increasingly popular <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=em&sektion=4">em(4)</a> driver by default on i386 RAMDISK* kernels. |
|
<li>Sync <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rdist&sektion=1">rdist(1)</a> with freerdist version 0.92, minus the compress option. |
|
<li>Don't build KerberosIV programs. Libraries still built for the moment. |
|
<li>Move blktochr() and chrtoblk() into kernel MI code. |
|
<li>Add [bc]devsw_lookup() kernel convenience functions. |
|
<!-- ^ 20030514 --> |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> make sure packet tagging is only used on stateful filter rules. |
|
<li>Add NO_PROPOLICE kernel <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=config&sektion=8">config(8)</a> option to build the kernel without the stack protector. Handy for install media. |
|
<li>Fix a string length off-by-one in libreadline. |
|
<li>Add userland portion of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> packet tagging support. |
|
<li>Disable afs until it can be made to work sans KerberosIV. |
|
<li>Force global 'time' structure to be quad_t aligned, unbreaking sparc <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=microtime&sektion=9">microtime(9)</a> and possibly other things too. |
|
<li>Add support in kernel <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> for tagging packets, and filtering based on those tags. |
|
<li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mbuf&sektion=9">mbuf(9)</a> tag PACKET_TAG_PF_TAG. |
|
<li>Make sure <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lndir&sektion=1">lndir(1)</a> doesn't try to use -1 as an array index when reading a directory. |
|
<li>On ELF architectures, support the blocking of thread switches during non-thread-safe dynamic loader operations. |
|
<li>Sync ELF identification indexes with the <a href="http://www.caldera.com/developers/gabi/2000-07-17/ch4.eheader.html">System V ABI</a> specs. |
|
<li>Stop AM7990 (<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=le&sektion=4&arch=i386">le(4)</a>) devices emitting 'lost carrier' messages. |
|
<li>Back out <netinet/if_ether.h> changes after they caused userland meltdown. |
|
<li>Add propolice stack-smash protector support to the kernel, and build the kernel using it on architectures that support propolice. |
|
<li>Re-enable NULLFS, UMAPFS and UNION in the GENERIC kernel. |
|
<li>Move Ethernet definitions from <netinet/if_ether.h> to new <net/ethertypes.h>, like NetBSD. |
|
<li>Disable Kerberos V-to-IV conversion in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login_krb5&sektion=8">login_krb5(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login_krb5-or-pwd&sektion=8">login_krb5-or-pwd(8)</a> |
|
<li>Stop building <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login_krb4&sektion=8">login_krb4(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login_krb4-or-pwd&sektion=8">login_krb4-or-pwd(8)</a>. |
|
<li>Remove references to krb4 from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login.conf&sektion=5">login.conf(5)</a>. |
|
<li>Changes to the way protection fault traps are handled on i386, see the <a href="http://www.openbsd.org/cgi-bin/cvsweb/src/sys/arch/i386/i386/machdep.c#rev1.229">checkin comment</a> for details and Intel abuse. |
|
<li>Merge in <a href="http://www.pdc.kth.se/heimdal/">Heimdal</a> KerberosV 0.6. |
|
<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=user&sektion=8">user(8)</a> from accepting usernames beginning with a slash. |
|
<li>Don't report unsupported <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scsi&sektion=4">scsi(4)</a> devices as offline. |
|
<!-- ^ 20030513 --> |
|
<li>When testing TCP window sizes in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>, don't apply the window scaling factor for SYN packets. Do, however, apply the scaling factor when testing ACKs. |
|
<li>Fix a bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pkg_add&sektion=1">pkg_add(1)</a> that was causing recursive dependency searches to fail. |
|
<li>More <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> definitions for NAT-T, IKEv2 and EAP. |
|
<li>Locking and other fixes to unionfs. |
|
<li>Add BLOCK_SIZE attribute to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>, and rename AES ESP transform to AES_128_CBC. |
|
<li>Add UDP encapsulation type definitions (not code) to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> with an eye to future NAT-T support. |
|
<li>Adapt nullfs and umapfs to use common code from genfs. |
|
<li>New genfs code for layered filesystem support. |
|
<li>Wash print queue names through <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vis&sektion=3">vis(3)</a> before output. |
|
<li>Teach <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ctags&sektion=1">ctags(1)</a> to understand '//' comments, ignore declarations of function types, and accept __attribute__. From NetBSD. |
|
<li>Correctly check for empty output from an <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=at&sektion=1">at(1)</a> command (PR#3252.) |
|
<li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ddb&sektion=4">ddb(4)</a> command 'show proc' which, er, shows process information. |
|
<li>Sync <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=popa3d&sektion=8">popa3d(8)</a> to version 0.6.2. |
|
<li>Improvements and bugfixes to the installer's handing of ftp and http downloads. |
|
<li>Reorder <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> IPv6 address comparison to check the least-significant bits first, since these are more likely to differ. |
|
<li>Make sure the state search trees are properly in initialised when attaching <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>. |
|
<li>Remove a number of KerberosV files that are not used by OpenBSD. |
|
<li>When doing pubkey authentication in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>, prefer agent-stored keys that are referred to in the config file. This can reduce the likelihood of the server disconnecting before it gets to a valid key when the agent is storing many keys. |
|
<li>Start preparations to remove KerberosIV. |
|
<li>Remove a number of redundant declarations in games/. From NetBSD. |
|
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=file&sektion=1">file(1)</a> now recognises Ogg Vorbis audio files. |
|
<li>Use the asn1_compile in src/usr.bin instead of that in src/kerberosV. |
|
<li>More string fixes to libreadline, this time with no ABI changes. |
|
<li>Fix a sign overflow in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=csh&sektion=1">csh(1)</a>. |
|
<li>Merge in OpenSSL 0.9.7b (without IDEA, MDC2 and RC5.) |
|
<li>Implement adaptive state table timeouts in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>, reducing the state timeout value inversely with the number of states present. |
|
<!-- ^ 20030512 --> |
|
<li>Break asn1_compile out from KerberosV into src/usr.bin. |
|
<li>First phase of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> stateful TCP scrubbing: Frustrate TTL-based NIDS evasion by determining on the fly the highest TTL, and enforcing it as the minimim TTL for all subsequent packets. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>, Do the xstrdup() of the remote_name inside channel_new() instead of making the caller do it. |
|
<li>Start to fix the annoying asn1_compile leapfrog problem when upgrading KerberosV by putting the generated files into the tree. |
|
<li>Make sure a hole at the end of a sparse file created by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=install&sektion=1">install(1)</a> actually gets written on all filesystems. |
|
<li>The installer now accepts absolutely absolute paths (relative to the installer's root directory, not the virtual mountpoint) for local sets. |
|
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>'s -e option fail gracefully if the user specifies an SSH1 key. (NetBSD pr#20550.) |
|
<li>Avoid offence to Klingons by spelling 'Kang' correctly. <!-- No, really. --> |
|
<li>Merge in <a href="http://www.pdc.kth.se/heimdal/">Heimdal</a> KerberosV 0.6rc1. |
<li>Since mfs doesn't try to force an unmount on receipt of a signal, there's no need to try to fix up processes' working dirs - the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=unmount&sektion=2">unmount(2)</a> will fail. |
<li>Since mfs doesn't try to force an unmount on receipt of a signal, there's no need to try to fix up processes' working dirs - the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=unmount&sektion=2">unmount(2)</a> will fail. |
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>'s handling of the IPV6_ADDR ID-type. |
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>'s handling of the IPV6_ADDR ID-type. |
<li>Remove an unnecessary <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ntohs&sektion=3">ntohs(3)</a> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>, unbreaking 'nat ... -> $if port n' rules. |
<li>Remove an unnecessary <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ntohs&sektion=3">ntohs(3)</a> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>, unbreaking 'nat ... -> $if port n' rules. |
<!-- ^ 20030511 --> |
<!-- ^ 20030511 --> |
<li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> return keyword now generates an ICMP unreachable message for all protocols other than TCP (rather than just UDP and ICMP.) |
<li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> return keyword now generates an ICMP unreachable message for all protocols other than TCP (rather than just UDP and ICMP.) |
<li>Have the compiler generate warnings if unsafe string functions are used in the kernel. |
<li>Have the compiler generate warnings if unsafe string functions are used in the kernel. |
|
|
<!-- ^ 20030505 --> |
<!-- ^ 20030505 --> |
<li>Use the right buffer size for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getcwd&sektion=3">getcwd(3)</a> to avoid unnecessary truncation in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=at&sektion=1">at(1)</a>. |
<li>Use the right buffer size for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getcwd&sektion=3">getcwd(3)</a> to avoid unnecessary truncation in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=at&sektion=1">at(1)</a>. |
<li>Replace local (and wrong) basename logic in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ln&sektion=1">ln(1)</a> with a call to the real <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=basename&sektion=3">basename(3)</a>. |
<li>Replace local (and wrong) basename logic in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ln&sektion=1">ln(1)</a> with a call to the real <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=basename&sektion=3">basename(3)</a>. |
<li>Don't leak an mbuf when dropping non-ARPHRD_ETHER arp packets. |
<li>Don't leak an mbuf when dropping non-ARPHRD_ETHER arp packets.<br> |
|
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> <!-- XXX 3.3-stable --> |
<!-- ^ 20030504 --> |
<!-- ^ 20030504 --> |
<li>Compatibility improvements to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ossaudio&sektion=3">ossaudio(3)</a>, mostly from NetBSD. |
<li>Compatibility improvements to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ossaudio&sektion=3">ossaudio(3)</a>, mostly from NetBSD. |
<li>Ditch <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newfs&sektion=8">newfs(8)</a>/<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mount_mfs&sektion=8">mount_mfs(8)</a>'s homespun malloc() in favour of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mmap&sektion=2">mmap(2)</a>. |
<li>Ditch <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newfs&sektion=8">newfs(8)</a>/<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mount_mfs&sektion=8">mount_mfs(8)</a>'s homespun malloc() in favour of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mmap&sektion=2">mmap(2)</a>. |
|
|
<li>Keep trying to unbreak <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=apachectl&sektion=8">apachectl(8)</a> restarts for shared modules when running under the chroot. |
<li>Keep trying to unbreak <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=apachectl&sektion=8">apachectl(8)</a> restarts for shared modules when running under the chroot. |
<li>Improve forward compatiblity of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fsck_ffs&sektion=8">fsck_ffs(8)</a> by comparing only what we understand instead of trying to ignore what we don't. |
<li>Improve forward compatiblity of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fsck_ffs&sektion=8">fsck_ffs(8)</a> by comparing only what we understand instead of trying to ignore what we don't. |
<li>Make the newly deprecated omsync() work under NetBSD emulation. |
<li>Make the newly deprecated omsync() work under NetBSD emulation. |
<li>Several <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strvis&sektion=3">strvis(3)</a> -> <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strnvis&sektion=3">strnvis(3)</a> changes, all part of the continuing Battle for Safe String Functions. |
<li>Several <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strvis&sektion=3">strvis(3)</a> -> <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strnvis&sektion=3">strnvis(3)</a> changes, all part of the continuing Battle for Safe String Functions. |
<li>Fix some pthreads signal bugs that were causing MySQL to crash (PR#3178, PR#3238.) |
<li>Fix some pthreads signal bugs that were causing MySQL to crash (PR#3179, PR#3238.)<br> |
|
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> <!-- XXX 3.3-stable --> |
<li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> tables to be loaded into anchors. <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> table options except show and flush now honour -a. |
<li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> tables to be loaded into anchors. <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> table options except show and flush now honour -a. |
<!-- ^ 20030430 --> |
<!-- ^ 20030430 --> |
<li>Have the dynamic linker stub functions in libc return -1 if called from a statically linked program. |
<li>Have the dynamic linker stub functions in libc return -1 if called from a statically linked program. |
|
|
<li>Actually look for the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lpr&sektion=1">lpr(1)</a> -q option when calling <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getopt&sektion=3">getopt(3)</a>. |
<li>Actually look for the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lpr&sektion=1">lpr(1)</a> -q option when calling <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getopt&sektion=3">getopt(3)</a>. |
<li>Fix handling of -f and -h options to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lpr&sektion=1">lpr(1)</a>. |
<li>Fix handling of -f and -h options to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lpr&sektion=1">lpr(1)</a>. |
<li>Improve error handling for invalid <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> cbq and priq flags. |
<li>Improve error handling for invalid <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> cbq and priq flags. |
<li>3.3 -> 3.3-current. |
<li>3.3 -> 3.3-current. |
<!-- ^ 20030327 --> |
<!-- ^ 20030327 --> |
</ul> |
</ul> |
<p> |
<p> |