=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v retrieving revision 1.757 retrieving revision 1.758 diff -c -r1.757 -r1.758 *** www/plus.html 2001/04/23 23:05:53 1.757 --- www/plus.html 2001/04/24 06:59:17 1.758 *************** *** 14,20 ****

Changes made between OpenBSD 2.8 and OpenBSD-current

This is a partial list of the major machine independent changes --- 14,20 ----

Changes made between OpenBSD 2.9 and OpenBSD-current

This is a partial list of the major machine independent changes *************** *** 40,45 **** --- 40,46 ---- For changes leading up to OpenBSD 2.6, click here.
For changes leading up to OpenBSD 2.7, click here.
For changes leading up to OpenBSD 2.8, click here.
+ For changes leading up to OpenBSD 2.9, click here.

*************** *** 48,723 ****

We are working on OpenBSD-current.

SECURITY FIX: Avoid DoS attack in ftpd using glob patch.
! A patch is available.
! [Applied to stable] !
SECURITY FIX: Fix ipf fragment caching bug.
! A patch is available.
! [Applied to stable] !
SECURITY FIX: Fix buffer overflows contained in glob(3) function.
! A patch is available.
! [Applied to stable] !
Check for short packets and bad types sent to timed(8).
! [Applied to stable] !
OpenSSH 2.5.2 released.
! [Applied to stable] !
SECURITY FIX: Be careful with file permissions in readline library
! A patch is available.
! [Applied to stable] !
Make buffer size 8k on NE1000, and 16k otherwise for ! ne.
! [Applied to stable] !
Move bogus packet length test in udp packets to avoid being stuck at splsoftnet.
! [Applied to stable] !
SECURITY FIX: for ipsec(4), handle AH packets with IP options more strictly.
! A patch is available.
! [Applied to stable] !
SECURITY FIX: on i386, check arguments to USER_LDT (not enabled by default) mappings.
! A patch is available.
! [Applied to stable] !
SECURITY FIX: update to sudo-1.6.3p6 which fixes a buffer overflow on very long argv components.
! A patch is available.
! [Applied to stable] !
OpenSSH 2.5.1 released.
! [Applied to stable] !
IMPLEMENTATION FIX: fix port number computation in libwrap client side ident implementation.
! A patch is available.
! [Applied to stable] !
Disable bogus file check in cvs(1).
! [Applied to stable] !
OpenSSH 2.5.0 released.
! [Applied to stable] !
OpenSSH 2.3.2 released.
! [Applied to stable] !
In tcpdump(8), deobfuscate some IP protocols and improve IPSEC tunnelmode printing. !
Set the offset for SCSI chain B properly in the VAX ncr(4) driver. !
Import XFree86 4.0.2. !
Long username fixes to lpd(8) and lprm(1). !
Convert the powerpc port to UVM(9). !
Import siop(4), a replacement for the ncr(4) SCSI driver. !
Support more NE2000 PCMCIA devices. !
Avoid passing shared mbufs around the kernel to prevent accidental overwrites. !
Add pcscp(4), a driver which supports AMD Am53c974 SCSI controllers. !
Modify sliplogin(8) to handle long usernames. !
Add portsplus.html which tracks changes to the ports collection. !
Allow X to work without pcvt(4). !
Fix an authorizer removal problem in keynote(3). !
Deactivate function pointers upon interface detach to avoid crashes. !
Deal with the real time clock losing interrupts on i386. !
Bump maxusers to 32 in the alpha port. !
Avoid a theoretical buffer overflow in getpwent(3). !
Fix an uninitialized variable in bsd.port.mk(5). !
Disregard ospeed in tetris(6). !
Modify wall(1) to handle long usernames. !
Many isp(4) SCSI driver improvements and updates. !
Fix goto-line 0 case in mg(1). !
Fix PermitRootLogin option in ssh(1). !
In brconfig(8), skip empty lines in the rulefile. !
Fix HTTP installs, which were broken for quite awhile. !
Repair statclock on mvme88k. !
Ensure softupdates is enabled before performing softupdates-specific operations. !
Define a sendmail(8) variable to workaround broken name servers. !
Allow up to 12 virtual terminals in wscons(4). !
Correct VAX signal handling. !
Cleanup MAC support in SSH2. !
Support attachment of Cheetah devices to vsbus as well as ibus in the VAX port. !
Disable a bogus file check in cvs(1) to ease the pain of having replicated repositories. !
Ensure $RSH is set in the rcmd(3) functions. !
String table fixes to ddb(4) and modload(8). !
Update wscons(4) code. !
Pull in fixes for potential buffer overflows in xdm(1). !
Compatibility fixes to tar(1). !
Many OpenSSH cleanups and improvements. !
New ELF symbol handling in ddb(4). !
Enable wscons support in XFree86. !
Modify PCI power state for clct(4) devices so they work after warm reboots. !
Repair BPF support in gre(4). !
Fix an uninitialized variable in wsdisplay(4). !
Fix file attribute passing in sftp-server(8). !
Correct a memory usage error in ssh-keyscan(1). !
Add support to the powerpc for loading the bootloader and kernel from an HFS filesystem. !
Better failure handling in vr(4). !
Add support to dc(4) for parsing media blocks from Intel 21143 SROMs. !
Strengthen SSH1 to make traffic analysis more difficult. !
Updates to /etc/services from IANA. !
In ssh(1), enforce non-batch_mode if StrictHostKeyChecking is set to "ask". !
Backport a buffer overflow fix from XFree86 4.0.2 to in-tree XFree 3.3.6. !
Stricter prototypes, type fixes, and other cleanups in OpenSSH. !
Switch IPv6 raw socket code from NRL to KAME. !
Stricter checking in SSH2. !
Implement an upper limit for icmp6(4) redirects. !
Fix rwhod(8) to work, and make debug code a flag option. !
Mark our tree such that we use wscons(4) as if it is vt220, instead of vt100. !
In wscons(4), when scrolled back, if a new key is pressed, reset us to our previous location, as pcvt(4) used to do. !
Permit sftp(1) over SSH1 protocol. !
In sftp(1), do not forward agent or X11 traffic. !
In tar(1), fix -T option and add support for -C option !
Honor TMPDIR variable in tar(1), cpio(1), and pax(1). !
perl(1) patch CHANGE6214. !
New route6d(8). !
Numerous more changes to sftp-server(8) and sftp(1). !
Changes to accept(2) to permit return of ECONNABORTED. !
Quieten IPv6 DN message reporting by default. !
Improve xmalloc() and friends in ssh(1) code.. !
Remove dead architecture support from the tree. !
Remove support for #! from syslogd(8). !
cac(4) driver to support Compaq Smart ARRAY RAID controllers. !
Ignore blank lines in hostname.if(5) files. !
In ssh(1), add -1 option to force protocol 1. !
Enable sftp-server(8) by default. !
Numerous bug fixes to sftp-server(8) and sftp(1). !
Make scsi work on the vaxstation 4000/90. !
Same for tun(4), gif(4), and others.. !
Change lo(4) initialization code so that boot -c pseudo-device editing code can affect it in the expected fashion. !
If kernel has ddb(4) support, add a ddb sub-command inside boot -c. !
Teach the bridge to deal with ARP alignment in the presence of numerous previous layers... !
EtherIP support in tcpdump(8). !
Fix a bug introduced a few weeks ago in yppush(8). !
A bit of a trawl through the source tree to please the alpha, since various problems occur in the absence of perfect weak symbols. !
libc_r works on the alpha now. !
Many new fixes to sort(1). !
Teach config -e and boot -c about pseudo-devices. !
Fix perl(1) h2ph scripts. !
More bridge(4) fixes for unicast learning. !
Add sftp(1) client. !
Fix an off-by-{1,2,4} error in i386_space_copy(). wscons(4) now works perfectly. !
More fixes to rtadvd(8). !
Fix bugs in atc(6), snake(6), battlestar(6), phantasia(6), and adventure(6). !
Enable scrollback from USB keyboards. !
Numerous improvements in ppp(8). !
At ELF execve(2) time, check for the OpenBSD note first, so that native binaries run best. !
Attempt to share crtbegin/crtend in ELF csu, including an OS note. !
Change powerpc ld.so(1) so all architectures use DT_INIT for ctors/init. !
Fix overlapping bus space copy operations on i386. !
Move EtherIP to version 3 (2 byte padded header). !
Art does battle with ksyms(4), gets wounded, but eventually wins. !
In sshd(8), S/Key is now called ChallengeResponse. !
Make ReverseMappingCheck optional in sshd_config. !
Mickey the madman goes on a new timeout crawl through pci and isa drivers. !
Fix nlist(3) emulation for cases where the ELF header does not exist; permits /dev/ksyms to work on ELF machines. !
Emulate some new freebsd signal(2) related things in compat_freebsd(8). !
In IPv6, avoid panic when packet to nonexistent link-local address is issued. !
xl(4) no longer needs to whine about tx underruns. !
Fix ELF support for compat_freebsd(8). !
Catch the alpha up to wscons(4) changes. !
Fix wscons(4) wsmux(4) attachment. !
Support mvme188 card in mvme88k port. !
If a pccbb(4) bridge does not have the right voltages, assume it is dead. Permits single connector adapters to work. !
Fix some bugs in the bridge(4), especially regarding gif(4). !
IMPLEMENTATION FIX: fix memory allocation in the PCI LANCE ethernet driver, le(4).
! A patch is available.
! [Applied to stable] !
In config(8) -e and -u, do not write out a new kernel if nothing changed. !
Numerous fat utmp(5) changes to utilities. !
Move utmp(5) to large format. !
Fix some incorrect return values for mmap(2) functions.
! [Applied to stable] !
Make top(1) not setgid. !
Update X11 to support the new i386 changes. !
Configure wscons(4) defaults to be what our users expect. !
moused(8) is dead for now. !
Enable uhci(4) and ohci(4) devices by default in GENERIC. !
Range-check invalid .max fields in inetd(8). !
Various post-merge ipf fixes. Some previous fixes got removed and had to be put back in. !
In ATAPI code, ignore PIOMODE errors. !
On many architectures, change console name to ttyC? instead of ttyE?. !
Add -U option to ELF ldconfig(8). !
Move i386 to wscons(4). !
Re-org the alpha boot floppies. !
More improvements against the Bleichenbacher pkcs#1 attack. !
Fix more select overflow issues in ssh(1). !
gcc 2.95.3, test 2. !
ises(4), start of a driver for the Pijnenburg PCC-ISES crypto chip. Does random entropy insertion. !
Permit many compat system calls to match to the same native call (was not permitted before). !
A bunch of people are doing a kernel trawl to update drivers to new timeouts. !
Support boot -c on the sparc. !
Fix an early timeout bug in wdc/ata support, which caused problems with atapi tape drives. !
Niklas runs through the tree doing commits in an attempt to keep up with Todd's much higher commit count. !
Receive random numbers from ubsec(4) cards. !
Make wdc mode printing more portable, so that the powerpc can use it too. !
adb(4) drivers in powerpc port. !
New upl(4) driver for Prolific PL2301/PL2302 USB host-to-host driver. This acts like a network device. !
Remove -Q flag from sshd(8). !
Change audio-driver interface so drivers can supply a minimum delta for mixer value changes. !
USB sync. !
SECURITY FIX: fix some buffer overflows in named(8).
! A patch is available.
! [Applied to stable] !
Support Cheetah vaxes. !
Improve MAKEDEV(8) manual pages on many architectures. !
Cause pcibios(4) to route interrupts via the pci router at the time interrupts are established for each driver, not before. !
Optimize pcidevs, usbdevs(8), and other tables in the kernel. !
Both wi(4) and awi(4) now support more models of cards. !
skey(1) SHA1 is supposed to be little endian. !
Improve ping6(8) signal handling further. !
Merge isakmpd(8) in. It is no longer separate. !
Many ppp(8) improvements. !
Handle binary data in install floppy dmesg. !
Improve ELF handling of nlist(3). !
Print CPU speed in GHz if it is that fast. !
Detect Transmeta cpus. !
On powerpc, ensure that signal delivery fills in rval[1]; at least pthread was affected. !
Move powerpc to MACHINE_NEW_NONCONTIG. !
In mg(1), do not use rename(2) on the ~ file; make a new copy so that vipw(8) and crontab(1) do the right thing. !
Tweak alpha so it sends SIGBUS for unaligned access, and does NOT do a fixup. This encourages people to fix their code. !
KGDB support for the i386. !
Pack alpha definition of infinity properly, other architectures too. !
Recognize Intel P4 cpu. !
Various space optimizations for alpha boot floppies. !
Fix CF wdc, which was broken for a while. !
Add "enable" keyword in config(8) files. !
Merge and simplify emulation directory handling code. !
Support Initio INI-91xx cards via new iha(4) driver. !
In accept(2), when peer disconnects before accept is issued, do not return junk in mbuf by setting length to 0. !
Support Hardware RNG on i850 and i860 hubs. !
Fix sysctl(3) so that you can clear a string with it. !
In sshd(8), rename "skey" to "challenge response", since this mechanism is now more flexible. !
Reduce how long we wait for scsi devices to come ready; 50 seconds is enough. !
pcvt keyboard LED update lockup patch. !
ncurses-5.2-20010114 !
Fix many more sshd(8) memory leaks. !
Fix memory leak in isakmpd(8). !
In timed(8), do not accept packets with an unterminated hostname.
! [Applied to stable] !
Alias map bios rom at both real address and it's own zero-relative address, because bios roms contain bugs. !
In rtadvd(8), sync router renumbering flag bit to conform to 2292bis-02 and RR RFC. !
Get rid of -R flag in ssh-keygen(1). !
Avoid memory leak in ndp(8). !
Establish pccbb(4), ohci(4), and uhci(4) interrupt handler much earlier, because of coming pcibios(4) changes. !
Numerous small fixes to sshd(8) and friends. !
In ssh(1), fix SIGSEGV for -o "". !
On i386, validate gate targets. !
The easy delete key always returns ^?, while the more difficult one returns ^H. !
Incorporate a set of post-4.4BSD changes to the kernel routing code. !
Support more than 256MB of ram on powerpc. !
Be more careful with assuming with VIA chips can handle U66. !
Document better how code using sigblock(3) and sigsetmask(3) would be converted to use sigprocmask(2). !
Get sshd(8) ready for auth-login. !
In ifconfig(8), permit prefixlen to work against ipv4 addresses. !
Change savecore(8) to deal with machines dumping 1GB or more.. !
Attempt to deal with inverted signal races in terminal handlers better, throughout the source tree -- ie. main code is deep inside stdio, signal handler calls exit(). !
Document rules that apply to signal handlers in signal(3) and sigaction(2). !
ipf 3.4.15 !
Fix a vi(1) crash. !
SECURITY FIX: The rnd(4) device does not use all of its input when data is written to it.
! A patch is available.
! [Applied to stable] !
Fix C sequence point issues in dd(1), monop(6), tail(1), and rbootd(8). !
Fix previous inetd(8) fix. !
Fix signal handler race in apmd(8), bootpd(8), syslogd(8). !
Constrain isp(4) openings to 128, since the vendor code lies, cheats, steals, and makes us cry. !
Fully support SSH2 RSA keys in sshd(8). !
Change alpha bootblocks to ELF. !
Fix fd_set overflows and signal races in pppoe(1). !
Important pthread fix. !
Large block of documentation and functionality changes to mail(1). !
fd_set overflow fix to routed(8). !
Signal handler fix to newfs(1). !
Cleanup various signal races and buffer overflows in ed(1). !
Fix signal race in mountd(8) by writing our own svc_run() routine. !
Fix uninitialized variable bug in config(8) UKC code that ignored first command sometimes. !
Various changes ensure that all known le(4) cards now work on sun4, sun4c, and sun4m machines. !
Tweak subr_extent code with respect to boundary cases. !
sftp-server(8) draft came out; convert our sftp-server(8) to be compliant. !
sendmail 8.11.2 !
Signal race fixes to fsck_ffs(8), rcp(1), slattach(8), shutdown(8). !
Change asm and volatile to __asm__ and __volatile__ in any file which might be compiled using -ansi -pedantic or similar. !
Some signal handler cleanup in rcp(1). !
Cleanup timeout code in adw(4). !
Numerous alpha catchups. !
New rtadvd(8) code. !
Compute UDP checksum in dhcpd(8). !
Move mvme88k to UVM(9). !
clct(4) driver for Cirrus Logic CS4281 sound chips. !
Support {Allow,Deny}Groups in sshd(8). !
sshd(8) SSH2 protocol support for keepalives, IPTOS_LOWDELAY, TCP_NODELAY, and IPTOS_THROUGHPUT. !
Add kerberos(1) password handling in sshd(8) for kerberosIV. !
More memory leak fixes to sshd(8) and ssh(1). !
Tweak strlcat(3) to not crash for a certain "illegal pointers, length 0" situation. !
Clarify setjmp(3) variants in the manual pages. !
Correct fd_set and signals in ping6(8). !
Un-race three signal handlers, and fix select overflows in inetd(8). !
Fix signal race in route6d(8). !
Move mvme88k to MACHINE_NEW_NONCONTIG. !
Fix signal races in rwhod(8). !
Fix fd_set overflow in yppush(8). !
Fix closedown stub generated and hand-whacked by rpcgen(1) in ypserv(8). !
Audio driver for most ESS maestro(8) models. !
Signal race repairs in talkd(8) and comsat(8). !
Fix select overflow in ssh-agent(1). !
Fix rpcgen(1) to deal with large fd_set. !
Document various signal races in the source tree which are very difficult to fix, or which turn out to be safe even if they look flawed. !
Rename ich(4) to auich(4). !
Cleanup the sftp-server(8) implementation. !
Support !command feature in bridename.if(5) files as well. !
Numerous other small changes to isakmpd(8). !
Handle memory failures in passwd(1). !
In finger(1), fail nicely if memory allocation fails. !
Handle DELETE payloads in isakmpd(8). !
Remove signal races from sshd(8). !
Ease support for road-warrior scenarious in isakmpd(8), by intuiting the Local-ID when possible. !
Change 802.11 DS drivers to operate in BSS mode by default. !
Create links for FD_SET(3) and such to point to the select(2) page. !
Support TCP_NDELAY on ipv6(4) in ssh(1). !
Numerous spelling error corrections in the system. !
Various other calendar updates. !
Ensure replydirname in ftpd(8) does not ever truncate names. !
Ensure ftpd(8) does not sometimes return a stray " at the end of a string. !
Various large updates to isp(4). !
In restore(8), do not skip TS_BITS or TS_CLRI are set. !
Change our own custom EtherIP protocol to the standard one (which is very badly designed, but we are trying to get them to fix that). !
Fix KerberosIV code to build better if src and obj are in strange places. !
Support Banner option in sshd(8). !
Make the openssh-p effort a bit easier by merging some simpler portability hacks. !
Various missing free(3) calls repaired in ssh(1). !
Attempt to support cardbus 3CXFEM656C 56k Global modem. !
In pciide(4), support U100 on ICH2, U66 on Via Apollo, and other repairs to Promise. !
Spelling changes to calendar files. !
Be more careful with stat(2) handling in mv(1). !
Fix %p handling in strptime(3). !
Fix various buffer overflows and other fixes in indent(1). !
Do not spit out icmp6 checksum messages if not a debug kernel. ! !
Permit stripped VAX kernels to load despite unexpected values from libsa. !
Simplify locking and a few more fixes to twe(4). !
Plug some memory leaks in OpenSSH. !
Fix -P in ftpd(8). !
Emulation fixes to the VAX code. !
Protect bits of dhclient(8) with a locking mechanism to prevent multiple instances from using the leases file simultaneously. !
Fix 3 cases in mv(1) relating to the moving of symlinks across filesystems. !
In ftpd(8), expand the tilde character in ftp-dir login.conf variable. !
Prohibit binding to an anycast, notready, or detached IPv6 address. !
Rename fsinfo(8) to xfsinfo in X11 to avoid naming conflict. !
Set the correct pfkeyv2 direction for KAME SPD entries in isakmpd(8). !
Save and restore errno properly in flex(1) since it may be whacked by isatty(3). !
Fix sending/receiving passwords in routed(8). !
Add an i386-specific sysctl(3) that modifies halt -p processing in APM to deal with some quirky machines. !
More sun3 fixes, mostly to conform better to other m68k architecture code. !
Handle login banners better in SSH2 instances of ssh(1). !
Various spelling and grammar fixes across the tree. !
Use new sysctl(3) interface for kernel memory bucket statistics and clock information. !
Correctly check for empty mailq(1) in /etc/daily. !
Y2K fix in the mvme68k NVRAM code. !
Extend sysctl(3) to support quad values. !
Improve SMB packet printing in tcpdump(8). !
Add common pidfile-writing code to DHCP so each program doesn't need to roll its own. !
To please cap_mkdb(1), make it an error to open a zero-length file for read-only access in hash(3). !
Some sun3 architecture fixes. !
Ignore environment variables in libssl if we're running setugid. !
In ssh(1), log the remote IP address on disconnect. !
Check for memory allocation failure in vmstat(8). !
Fix a buffer overflow in fsinfo(8). !
Handle another special case in apm(4). !
Fix a panic in the RAIDframe locking management code. !
Add setpid command to fdisk(8) for setting the partition ID. !
Change bridge(4) to use gif* instead of enc*. !
Set SO_REUSEPORT socket option in DHCP code, so multiple dhclients work. !
Allow printing of 8-bit ASCII characters in talk(1) through an option. !
Do not perform getnetbyname() in mountd(8) if the address is already in dot-notation. !
In ftpd(8), log the actual number of bytes transferred instead of the original file size. !
Fix ^C in termtype prompt. !
Prevent fsck_ffs(8) from marking a filesystem clean if fsck(8) needs to be rerun. !
Resolve scheduling conflict in newsyslog(8). !
In dhclient(8), set a reasonable default lease time if the server does not provide one. !
Suppress uninteresting PCI bus error messages in ahc(4). !
Add m88k support to gprof(1). !
Add HostKeyAlias option to ssh(1). !
Behave nicely with fixed-rate codecs in auvia(4). !
Fix a minor off-by-one error in gprof(1). !
In the ports infrastructure, take the old non-fake code out-of-line. !
Repair a disgusting rwhod(8) crash. !
Fix buffer overflow in csh(1) builtin printf(1) implementation. !
Convert atoi(3) to strtoul(3) in top(1). !
Emulate Linux truncate64, stat64, lstat64, and fstat64 syscalls. !
Revoke root privileges earlier in ping6(8) and traceroute6(8).
! [Applied to stable] !
Many man page fixes. !
Use arc4random(3) in jot(1). !
Handle quotas over 4GB in edquota(8) and repquota(8). !
Fix IPv6 Path MTU Discovery. !
Give up euid more carefully in mrinfo(8) and mtrace(8). !
Various OpenSSH fixes. !
Add support for ActivCard, CRYPTOCard, and SNK-004 authentication for the BSD authentication framework. !
In ksh(1), remain in non-blocking mode if the shell is not interactive. !
SECURITY FIX: xlock now authenticates via a pipe.
! A patch is available.
! [Applied to stable] !
IMPLEMENTATION FIX: PS/2 mouse driver, pms, lockup fix.
! A patch is available.
! [Applied to stable] !
Implement a workaround in atapiscsi(4) for buggy Toshiba drivers. !
SECURITY FIX: Fix holes in procfs(8).
! A patch is available.
! [Applied to stable] !
Put strlcat(3) and strlcpy(3) into libkern for kernel use. !
Fix setting of nwid for wi(4).
! [Applied to stable] !
Change /etc/security to spit out unified diffs. !
Add driver for Compaq SMART Array RAID controllers, cac(4). !
Extend the i386 allowaperature sysctl(3) to allow access to the whole 1st MB of memory. !
Add some more sanity checking to the PCMCIA code to fix some obscure panics. !
Import Apache 1.3.14 + mod_ssl 2.7.1. !
Support multiple pfkeyv2 keying daemons. !
Compute diffie-hellman in parallel between server and client in OpenSSH. !
Support Amigas with more than 64MB of RAM. !
Ensure /etc/sudoers is created with a proper secure mode. !
Import OpenSSL 0.9.6. !
More photurisd(8) improvements. !
Update kernel pfkeyv2 code for better conformance to the RFC. !
Enable loading of ELF kernels for alpha. !
Add extraction support for shell archives to the bsd.port.mk infrastructure. !
In ipsec(9), look for TDB if gateway is unspecified.
! [Applied to stable] !
Fixes to patch(1) -f and -b. !
Convert some more drivers to the new timeout(9) interface. !
Add bytecounter statistics reporting to netstat(1). !
Instrument more random TCP sequence numbers. !
IMPLEMENTATION FIX: Compute crypto(9) session IDs correctly for kernel.
! A patch is available.
! [Applied to stable] !
In sshd(8), permit logins with read-only root filesystems if the tty already has sane modes set. !
Source port < 1024 is no longer required for rhosts-rsa in sshd(8). !
Remove dead code in hifn(4) driver. !
Proper getopt(3) usage in compress(1). !
Fix a time specification in last(1). !
Do not disable PMTU for established TCP connections unless there is data to send. !
Add support for the 802.1D spanning tree protocol to bridge(4). !
New BSD authentication login scripts. !
Listen to pfkeyv2 acquire messages in photurisd(8), and setup SAs accordingly. !
isakmpd(8) update. !
apm(4) bug fix that helps a few laptops. !
Remove unnecessary code from photurisd(8) in preparation of new SPD framework. !
Repair a memory leak in ICMPv6 code. !
Turn off PMTU when ICMP needfrag messages get blocked. !
Finnish updates for inter.phone. !
Display number of successful IPv6 PMTU changes in netstat(1) -s output. !
Do not re-print ETA on completion in scp(1) when copying 0-sized files. !
Validate ICMPv6 "too big" messages based on PCB. !
Do not use already-freed memory in route(8). !
Avoid repeated host controller halted messages in uhci(4). !
Remove unused libgmp. !
Import KerberosIV v1.0.4. !
Always request a new challenge for skey/tis-auth in ssh(1). !
Support newer cy(4) communication cards. !
Provide new international keymaps for pcvt(4). !
Ignore filesystems marked "xx" in the install scripts. !
Document that pipe(2) is bidirectional, although this behavior is unportable. !
Move the default cvs(1) connection protocol from rsh(1) to ssh(1). !
Remove a bogus memory free in getnetgrent(3). !
Fix a buffer overflow in bad144(8). !
Revert back to the old rijndael implementation and solve byte ordering bugs there instead. !
Drop unneeded support for RTF_TUNNEL in route(8). !
Maintain count of routing table timer entries in route(8). !
In makewhatis(8), strip weird characters first, then sequences of spaces. !
Big improvements to adw(4). !
Teach tcpdump(8) about VRRP, SMB, and timed. !
Force calendar(1) to only accept real calendar files as input. !
Fix various perror(3) overflows in pcvt(4). !
Repair a tftp(1) argv parsing overflow. !
Conditionalize some BPF code in wx(4). !
Finally remove remaining references to extra RSA libs, since the patent has expired. !
New rijndael implementation which solves endian issues. !
Support Intel 82801BA pciide(4) controllers. !
Exercise more paranoia with passed KRB environment settings in telnetd(8). !
Convert some more drivers to the new timeout(9) interface. !
Many improvements and modernizations to isp(4). !
Update wx(4) with LIVENGOOD support. !
Recognize and support the IODATA USB-ET/T Ethernet adapter in kue(4). !
Implement asynchronous connections for ssh(1) -R and -L. !
Simplify atrun(8) tasks by using asprintf(3). !
Kill unused libtermlib. !
Import new pool(9) code. !
Fix RIPv0 packet printing and NFS port number parsing in tcpdump(8). !
Make pcap(3)-generated BPF filters work on the tun(4) interface. !
Import David Maziere's ssh-keyscan(1). !
SECURITY FIX: Fix buffer overflow in ftpd(8).
! A patch is available.
! [Applied to stable] !
IMPLEMENTATION FIX: Fix fastroute related panic.
! A patch is available.
! [Applied to stable] !
Teach OpenSSH about more version strings to improve interoperability. !
SECURITY FIX: Fix another security problem in the KerberosIV code.
! A patch is available.
! [Applied to stable] !
SECURITY FIX: Fix two security problems in the KerberosIV code.
! A patch is available.
! [Applied to stable] !
Permit ftpd(8) umask setting via both the command line and through a login class in login.conf(5). !
Prevent vlan(4) devices from emitting packets if the parent interface is not up and running. !
Better error checking in ping6(8).
! [Applied to stable] !
Some stability fixes to isakmpd(8). !
In ssh(1), disable agent/X11 port forwarding if the hostkey has changed. !
Fix a coredump in ssh-agent(1). !
Reset 16-bit PCMCIA during chip initialization in pccbb(4). !
Correct PCI interrupt setup for TI PCI113X CardBus bridges. !
Properly powerdown PC cards in pccbb(4) at shutdown time. !
Add -D option to sshd(8) to cause startup without a daemon. !
Show both the IP address and hostname when a new key is encountered in ssh(1). !
Fix a bug in MSChapv2 challenge hashing in ppp(8). !
More make(1) tweaks. !
Use -n to test for non-zero variables in /etc/netstart. !
Be more careful with ARP packets. !
Fix deletion of flows in pf_key_v2 handling of isakmpd(8)
! [Applied to stable] !
Prevent setusercontext(3) in ftpd(8) from setting the umask as this conflicts with any command-line umask specification. !
clock(3) fixes for the alpha architecture. !
Print select collisions in vmstat(8) -s output. !
Implement login_check_expire(3) for libutil. !
Add -u username support to pwd_mkdb(8). !
Properly implement errno handling for the threaded libc (libc_r) on powerpc. !
In adduser(8), get rid of a race condition and use /etc/ptmp as a lock file. !
Set reasonable defaults for RSA1, RSA, and DSA keys in ssh-keygen(1). !
Reorder check for illegal ciphers in ssh(1) protocol 1 connection code. !
Fix pciide(4) support on Alpha 164SX models. !
Support 16 slices per device on VAX machines. !
Considerable cleanups to make(1). !
Improve key repeat logic in wskbd(4). !
Changes from KAME to make ifm_data available in getifaddrs(3). !
Fix absolute path handling in crunchgen(1). !
Shorten /dev/ttyC* device names. !
Complain about invalid ciphers in ssh(1), falling back to reasonable defaults when necessary. !
Avoid tty races in wsdisplay(4) when switching virtual terminals. !
Update isakmpd(8). !
Repair lun support in umass(4). !
Zero pw_passwd before freeing its memory in the libc BSD authentication routines. !
Train makewhatis(8) to handle more special cases. !
Avoid double fclose(3) in getcap(3). !
Increase delay in RAM probe for hifn(4). !
Suffix list fix in make(1). !
Various bug fixes in ksh(1). !
When using the tail(1) -f flag on stdin, don't reopen a local file named stdin. !
Extend kqueue(2) to support kernel events on vnodes. !
Bring in BSD authentication support for sudo(8). !
Zap MULOG in inetd(8) to improve code readability. !
Avoid whacking errno in top(1) signal handlers. !
Do not include MFS partitions in quot(8) statistics output. !
Add support for the Acenic Copper and Netgear GA620T Gigabit Ethernet cards. !
Prevent a type overflow in recno(3). !
IMPLEMENTATION FIX: Imac DV reports the VGA device improperly.
! A patch is available.
! [Applied to stable] !
Import BSD authentication mechanisms from BSDI BSD/OS. !
Implement pw_dup(3), a function which copies struct passwd. !
Replace getpass(3) with a more flexible readpassphrase(3) interface. !
Add strnvis(3), a length-bounded version of the strvis(3) libc function. !
Better prompting logic in libskey. !
Resurrect binutils on alpha. !
Recognize newer Intel audio devices in auich(4). !
Stop amphy(4) from attaching to network devices it doesn't belong to. !
Enable support for pciide(4) found in newer Intel chipsets. !
Correct URL handling in the install scripts. !
Limit the number of SCSI luns in umass(4). !
Page size fixes to the alpha port. !
Import ssh-ask-pass support for X11. !
Fix a signal race in ypserv(8) SIGHUP handling. !
Enable uaudio(4) by default in GENERIC/i386. !
Reserve all-1s addresses in the IPSec code for future policy discovery features. !
Resolve HMAC nomenclautre issues. !
Be sure to clear passwords out of memory after use in ppp(8). !
Support kernel event queues. !
Add support for USB scanners through the uscanner(4) driver. !
More fixes to qec(4). !
Recognize newer AMD CPUs. !
Repair incorrect buffer size logic in telnetd(8). !
Add a slew of devices to usbdevs(8). !
Do not use perror(3) in sshd(8) after forking a child. !
RELIABILITY FIX: The qec+qe ethernet cards should not generate NMIs.
! A patch is available.
! [Applied to stable] !
Add ifmedia(4) support to qec(4), among other improvements. !
Extra sanity checking in skeyinit(1). !
Repair timeout computations in atapiscsi(4). !
Add initial support for DEC Alpha 21264 systems. !
Bring the alpha port a bit closer to a fully operational console. !
Support Accton EN2242 MiniPCI Ethernet adapters. !
Permit O_RDWR on FIFOs to handle legacy applications that depend on it. !
Add scrollback support to wscons(4) through the vga(4) driver. !
Color change in wscons(4) vt100 emulation to more closely imitate PCVT. !
Repair overriding of pseudo devices in config(8)
! [Applied to stable] !
Accept -inet and -inet6 as options for the show command in route(8). !
Don't reorder keys in ssh-agent(1) upon key removal. !
Avoid parsing options in ssh(1) if there is an RSA key mismatch. !
Various cleanups to ftpd(8). !
In many programs, sync usage() output with their respective man page SYNOPSIS. !
RELIABILITY FIX: The ThunderLAN driver, tl(4), should not claim all interrupts.
! A patch is available.
! [Applied to stable] !
In pciide(4), do not map unsafe registers from controllers that require 16-bit I/O space. !
Import new pckbc(4), pckbd(4), vga(4), pcdisplay(4), and ega(4) drivers for wscons(4). !
In ftpd(8), assert check_login upon receipt of EPSV/LPSV. !
Make the aha(4) driver compile without UVM. !
Enforce non-cacheable device space on real 80386 machines. !
Add RSA authentication support for SSH2 to OpenSSH. !
Allow serial mice to work with moused(8) and XFree86 simultaneously. !
Repair an off-by-one error in ssh-agent(1). !
Convert some old drivers to the new timeout(9) interface. !
RELIABILITY FIX: repair AES (rijndael) kernel support.
! A patch is available.
! [Applied to stable] !
Import PCI support for Alpha EB164 machines. !
Add bus_space_barrier macros for the powerpc. !
Endian fixes to the USB code. !
Better command line parsing in encrypt(1). !
Numbering fixups in pfkeyv2 to match IANA assignments. !
Crank maximum mbuf size in ppp(8) in order to handle full-sized HDLC frames. !
Improve handling of IPv6 Node Information Query packets for better specification conformance. !
Fix a panic induced by assigning lo0 an IPv6 alias. !
IMPLEMENTATION FIX: In sshd(8), fix skey support in SSH1 protocol.
! A patch is available.
! [Applied to stable] !
Deprecate pltime=0 in ifconfig(8). !
Modifications to the ktrace(2) interface to reduce redundancy. !
Do not advertise dynamic/cloned routes in route6d(8). !
Allow ping6(8) to send ICMP6 packets smaller than 8 bytes.
! [Applied to stable] !
Correct free-before-reference bugs in rshd(8) and rlogind(8). !
Improve queue handling in gdt(4). !
New Adaptec FSA RAID driver called aac(4). !
Fix DMA error problems in adw(4).
! [Applied to stable] !
If MANPS environment variable is set, the system will also build and install postscript manual pages into /usr/share/man/ps[1-9]/. !
In date(1), fix an off-by-one error which would happen when changing time over DST. !
Permit -Tps in nroff(1). !
Make some pfkeyv2 interfaces conform to RFC 2367 numbering. !
New timeouts in a couple of network drivers. !
Prevent nfsd(8) from swapping out. !
Use PHOLD/PRELE in various kernel components. !
Buffer overflow fix to telnet(1). !
Many man page improvements. !
Permit handling more than 6 arguments in a hostname.if(5) file. !
kcore handling in kvm(3) for alpha. !
Update usb code. !
Update alpha architecture support. A snapshot will come out soon. !
In pchb(4), for Intel random devices, do not busy wait for data. !
Switch amiga to uvm(9). !
Fix amiga pmap module submap allocations. !
Centralized netisr dispatching. !
ppp(8) updated. !
In aue(4), fix multicast filter programming. !
Repair an uninitialized variable bug in ipsec(4) output.
! [Applied to stable] !
Add pcibios(4) interrupt setup support for AMD750 chipset. !
RELIABILITY FIX: In sparc zs(4), when using serial console, the interrupt routine was unable to distinguish it's own interrupts.
! A patch is available.
! [Applied to stable] !
Generate new hashkey every time a bridge(4) is brought up. !
Change bridge(4) code to use lower spl. !
Passive FTP support in lynx(1). !
In ssh(1), downgrade to SSH1.3 if server is SSH1.4. !
In sshd(8), do not disable rhosts(rsa) if server port greater 1024. !
In sshd(8) Agent forwarding and -R support for SSH2 protocol. !
ipsecadm(8) man page repairs.
! [Applied to stable] !
In pfkeyv2, send the message to registered promiscuous listeners.
! [Applied to stable] !
Some minor bridge(4) fixes. !
ld.so(1) support for the pmax. !
On powerpc, print out the size of the L2 cache size on G3 and G4 machines. !
2.8 release builds are running, but some of us are already working on post-release hacking.

--- 49,55 ----

We are working on OpenBSD-current.

2.9 release builds are running, but some of us are already working on post-release hacking.

*************** *** 738,750 **** For changes leading up to OpenBSD 2.6, click here.
For changes leading up to OpenBSD 2.7, click here.
For changes leading up to OpenBSD 2.8, click here.

www@openbsd.org !
$OpenBSD: plus.html,v 1.757 2001/04/23 23:05:53 jason Exp $ --- 70,83 ---- For changes leading up to OpenBSD 2.6, click here.
For changes leading up to OpenBSD 2.7, click here.
For changes leading up to OpenBSD 2.8, click here.
+ For changes leading up to OpenBSD 2.9, click here.

www@openbsd.org !
$OpenBSD: plus.html,v 1.758 2001/04/24 06:59:17 deraadt Exp $