A source code patch is available.
[Applied to stable] !
-t key lifetime option to ssh-add(1).
/etc/inetd.conf instead of 'localhost' to avoid DNS lookups.
-x and -X options to respectively lock and unlock ssh-agent(1).
getpid(), getuid() and getgid() under Linux emulation.
! /dev/log, it now waits a millisecond and retries.
[gs]etprogname() from KerberosV.
-a <bind_address> option to ssh-agent(1) so user can specify the agent's UNIX domain socket.
We are working on OpenBSD-current.
! The following list sums up (almost) all the changes made up to July 5.
-
+
+
- Fix pf(4) interface stats, and allow the
loginterfacefeature to be disabled. + - Make signal handler flags in isakmpd(8) of type
volatile sig_atomic_t. + - Fix a few GCC 3.1 moans in isakmpd(8). +
- Un-bloating of ahc(4). +
- Cleanup of rpcgen(1). +
- RELIABILITY FIX: Don't assume we have an active exchange during payload validation, otherwise isakmpd(8) can be made to crash.
+ A source code patch exists to remedy the problem.
+ + - ep(4) on isapnp(4) now works on alpha. +
- Improve the way the installer's fileset selection UI works. +
- Fix a potential buffer overflow in xsystrace(1). +
- Add a note to the unwary in
distrib/notesabout the danger of skipping several versions when upgrading. + - Don't have ssh(1) allocate memory for stuff we don't need, just to discard it straight away. +
- Set
IP_PORTTANGE_HIGHfor active mode data channel of ftp(1). + - Add some more usb(4) product IDs. +
- Fix an off-by-one error in rmt(8) and improve string handling in general. +
- Normalise nc(1)'s EOF handling. +
- Plug a few ssh(1) memory leaks. +
- Tweak the tga(4/ALPHA) driver. +
- Fix several missing or broken malloc(3) failure checks. +
- In rcs(1), actually exit(3) after spotting that
LocalIdis too long. + - Lots of ANSIfication of function declarations and prototypes. +
- Fix bug causing '
SPL NOT LOWERED' errors from the ami(4) RAID controller. + - Give ssh-keysign(8) its
setuid(root)toys back, but only work at all ifHostbasedAuthenticationis globally disabled. + - Use RSA_blinding_on(3) to ward off a Kocher timing attack on ssh-keysign(8). +
- Fix signal(3) race in ping(8). +
- Remove adv(4) from the i386
RAMDISKkernel until new ahc(4) un-bloats itself. + - Catch a null pointer dereference when fetching the routing table via sysctl(3). +
- Make sis(4) compile and work on alpha. +
- Return correct result sizes from ubsec(4). +
- bridge(4) will now compile with ipsec(4) but no pf(4). +
- Cleanup of ftpd(8). +
- Fix PIO writes code in wdc(4), broken since OpenBSD 2.5! +
- Remove unnecessary longjmp(3) from login(1). +
- Pages allocated with
debug_malloc()aren't ever executed, so don't useVM_PROT_ALL. + - Finally fix bridge(4) address cache bug. +
- Properly handle endpoint differences of opinion on ssh(1)
Compressionoptions + - Fix the wsdisplay(4) blanker after the X server has been running. +
- Make the installer deal correctly with passwords starting with '
-X' for someX, instead of misinterpreting them as options to encrypt(1). + - Fix some compatibility quirks in ppp(8). +
- Add a pushback buffer to pfctl(8)'s parser. +
- Remove
setuid(root)from ssh-keysign(8), disabling it for now. + - Have named(8) call tzset(3) so
/etc/localtimeisn't needed after the chroot(2). + - More fixes to the new ahc(4) driver. +
- Add AlphaServer 800 and 1000 support. +
- Enable lc(4) devices in alpha GENERIC kernel. +
- Fix isapnp(4) panics on alpha. +
- Make xf86config(1) give the option of configuring a mouse wheel. +
- Gracefully handle i386_iopl(2) failure in the X server when trying to give up privileges. +
- Add wscons(4) files to fbtab(5) on i386. +
- Add to use kqueue(2) support to syslog(3). +
- Evolve
strtou?q()intostrtou?ll(). Use weak aliases if available (wrappers otherwise) to fakestrtou?q(). + - Run rpc.rstatd(8) and rpc.rusersd(8) as
rootfrom inetd(8) again, but go tonobody's jail at startup. + - Lots more bounds-checking all over the place. +
- Recognise a few more fxp(4) devices. +
- Correct misleading
cgetclose()entry in getcap(3) manpage. + - Try again with the new ahc(4) driver. +
- Cleanups of chpass(1) and passwd(1). +
- SECURITY FIX: The kernel would let any user ktrace(2) set[ug]id processes.
+ A source code patch is available.
+ [Applied to stable] + - newsyslog(8) now doesn't follow symbolic links by default, fixing PR1913. +
- Change web site banner to "One remote hole in the default install, in nearly 6 years!" That's still an awesome record. +
- More audit of OpenSSH. +
- OpenSSH 3.4 was released, and there was much rejoicing. +
- SECURITY FIX: All versions of OpenSSH's sshd(8) between 2.3.1 and 3.3 contain an input validation error that can result in an integer overflow and privilege escalation. The problem is fixed in OpenSSH 3.4.
+ A source code patch is available.
+ [Applied to stable] + - Add a number of resource limits to ssh(1). +
- Increase i386 kvm size to 768M. +
- The list of great Theo quotes for mg(1) continues to grow. +
- Note: Resolver fix applied to 2.9-STABLE, 3.0-STABLE and 3.1-STABLE. +
- SECURITY FIX: A potential buffer overflow in the DNS resolver has been found.
+ A source code patch is available.
+ [Applied to stable] + - Merge in Sendmail 8.12.5. +
- Start work on IP-over-FireWire and IP-over-SCSI. +
- Move a bunch of pfctl(8) options into pf.conf(5). +
- c2k2-inspired changes to the installer. +
- Skip routing table lookup when {broad,multi}casting and the outgoing interface is set using setsockopt(2). Removes the need for a
224/4route. + - Make X use
/dev/wsmouseinstead of/dev/wsmouse0by default. + - Add some m68k opcode aliases for GNU as(1) from recent binutils. +
- Pull the
bzero()fix insys/netinet/tcp_input.cfrom -current into 3.0-stable. + - Fix the FTP relay in faithd(8). +
- Fix wi(4) reassociation after an AP reboot.
- SECURITY FIX: A buffer overflow can
+ occur in the .htaccess parsing code in the mod_ssl httpd(8) module, leading to possible remote crash or exploit (PR2767.)
+ A source code patch is available.
+ [Applied to stable] + - Lots of
uid_tandgid_tsignedness fixes. + - sshd(8) no longer calls
setsid()when run from inetd(8). + - Make cvs(1)
pservertalk IPv6. + - Increment boot(8) version to help debug the new memory probe and other fixes. +
- Make wi(4) less twitchy on quick inserts/ejects. +
- String handling and bounds checking fixes to login_fbtab(3). +
- Bump OpenSSH to version 3.3.
+ [Applied to stable] + - Start adding kqueue(2) support to noct(4). +
- System call argument rewriting framework for systrace(4). +
- Enable wi(4) on sparc64, after a lot of groundwork. +
- Fix some endianness nits in wi(4). +
- Remove ifmcstat(8), the same information is available from netstat(8). +
- More improvements to 4GB memory probing on i386. +
- ssh(1) and sshd(8) options are now documented in their own
sshd?_config(5)manpage. + - Add option for smooth scrolling to talk(1). +
- Support a few more wireless cards in wi(4). +
- Build wicontrol(8) on sparc64 as well. +
- String handling cleanups in comsat(8). +
- Support magma(4/SPARC), magma(4/SPARC64) serial/parallel boards. +
- Support stp(4) sbus-PCMCIA bridge based on STP4020 chipset. (The
nelldriver on Solaris.) + - Cleanup of timed(8). +
- Removing its
setgid(kmem)was not enough, remove trsp(8) altogether. + - Make yacc(1) errors look like C compiler errors, so parser utilities such as error(1) can deal with it. +
- Add kqueue(2) support to random(9). +
- Kill file descriptor leak in dhcpd(8). +
- Fix lots of format strings in the dhcp(8) programs. +
- ps(1) shows flag '
x' for systrace(4)'d processes. + - Lots of work on the gpr(4) driver. +
- Fix uftdi(4). +
- Make systat(1) revoke its
setgid(kmem)privileges. + - Remove old
pcconsdriver from i386, also the associatedXSERVERoption from the kernel. + - Fix ftpd(8)'s SIGALRM handler. +
- SECURITY FIX: A buffer overflow can
occur during the interpretation of chunked encoding in httpd(8), leading to possible remote crash.
A source code patch is available.
[Applied to stable] ! - Add the punctuation-challenged Nike psa[play^120 USB widget. !
- Remove
setgid(kmem)from the enormously useful trsp(8). ! - Add UK keyboard map to macppc (with '#' on Option-3) and also
option CAPS_IS_CONTROL. ! - Increase xl(4) timeout to squash '
command never completed!' warnings. ! - Add kqueue(2) support to audio(4). !
- Import event(3), an API on top of select(2) or kqueue(2). !
- Enable DMA on xl(4). !
- Allow transparent (statically keyed) ipsec(4) processing on a bridge(4). !
- Help ppp(8) to cope with yet more Microsoft PPP attributes. !
- Extend ssh-agent(1) key lifetime constraints more flexible (i.e. more than just key lifetime.) !
- Teach ECN attributes to isakmpd(8). !
- Add
eui64option to ifconfig(8) for configuring the IPv6 interface index. ! - Add a sysctl(3) to get the CPU type on sparc and sparc64. !
- Throw away the first 256 words of arc4 output in random(9). !
- Gratuitous
pid_tcleanup in/usr/bin. ! - Grab multicast vlan(4) code from NetBSD. !
- Add some inlined hash functions for the kernel, in
<sys/hash.h>. ! - Cleanup work on conditional evaluation in make(1). !
- isakmpd(8) accepts IPComp flows. !
- Drop pf(4)
scrub(fragcache)syntax in favour of thefragment ...option inscrubrules. ! - Teach tcpdump(8) about ipcomp(4). !
- Show sparc64's X server which device it wants to
mmap(). ! - Add ioctl to wscons(4) allowing sparc64 (other architectures later) to find out which PCI device it's using. !
- Enable userland crypto(4) support for DSA. Maybe logging in using ssh2 on a 486 needn't take 20 seconds after all. !
- Kernel changes and sysctl(3) switch for hardware asymmetric crypto(4) in userland. !
- Add initial Ultra Port Architecture (upa(4/SPARC64)) support. Attach creator(4) and schizo(4) using it. !
- Import new vax boot code from NetBSD. !
- Add umct(4) USB serial driver and .umidi(4) USB MIDI driver. Not tested, not in GENERIC. !
- Add IPL_STATCLOCK and add lots of
splassert()s. ! - ssh(1) spends less time with
euid==0even if it is installedsetuid(root). ! - Much cleanup in
distrib/miniroot. ! - Make pfctl(8)
-s stateprint UDP and 'other' states nicely. ! - New
scrub(fragcache) ...syntax for pf(4). ! - Add mbuf_tag(9)
PACKET_TAG_PF_FRAGCACHEto stop pf(4) misdetecting duplicate fragments. ! - pf(4) NAT proxy port ranges can be specified per-rule. !
- Don't panic(9) if pf(4) tries to insert a duplicate key. !
- pf(4) NAT and filter rules now all go in the one file (normally pf.conf(5).) New pfctl(8) file syntax. Oh yes. !
- Clean up semantics of gre(4) a bit. !
- ifconfig(8) prints the Ethernet address. Yippee! !
- route(8) now accepts DNS names (and naturally enough treats them as host routes.) !
- Stop isakmpd(8) using the same range for SPIs and CPIs. !
- Ports can now be specified in pf(4) NAT rules. !
- Allow systrace(4) to attach to a running process. !
- Add ioctl systrace(4) to retrieve the current emulation of a process. !
- Remove dlopen(3) stuff from isakmpd(8). !
- Fix BPF code for a gif(4) tunnel, and add some more sanity checks. !
- Default
RhostsAuthenticationandRhostsRSAAuthenticationto 'no' now that ssh(1) is now longersetuid(root)by default. ! - ssh-add(1) key lifetimes can now be specified in nice readable form, e.g. '
-t 1h'. ! - Define
__weak_alias()for mvme88k. ! - Merge GNU TeXinfo 4.2. !
- Prevent mbuf(9) leakage from bridge(4). !
- New bad144(8). !
- user(8) now checks the username length against MaxUserNameLen. !
- Add bio(4) device, so userland can talk to devices that don't have nodes in
/dev. ! - Remove KerberosIV startup code from rc(8) files. !
- Make pf(4) NAT rules work more like normal filter rules. !
- Add SIO*PHYADDR to gif(4) so ifconfig(8) can set the outer address. !
- Make published arp(8) entries work again (PR2635.) !
- Make dhcp(8) build faster (PR2715.) !
- Start converting netstat(1) and systat(1) to sysctl(3) instead of kvm. !
- Set FDDI link MTU the same as IPv4 MTU, fixes PR2714. !
- Allow numeric group IDs in systrace(1). !
- Changes to initialisation and media config of ep(4). !
- Add list support for pf(4)
rdrrules. ! - Fix a number of bad strlcpy(3) calls. !
- Fix PR2704 resuming eso(4) after standby. !
- Change a lot of index(3) calls to strchr(3). !
- Change "'cuz" to "because." Strewth! !
- Add another mbuf(9) flag M_AUTH_AH, changing the meaning of M_AUTH. !
- Remove a bunch of '
\n's from syslog(3) and err(3) calls. ! - Make isakmpd(8) IKECFG support work for both SET/ACK and REQ/REPLY modes. !
- Fixes for OpenSSL when talking to hardware crypto(4). !
- Stop ftp(1) and ftpd(8) spilling the IPv6 scope ID onto the wire. !
- The hardware is willing, and now xl(4) is able to offload TCP, UDP and IP checksumming to it. !
- Support setting MTU on sk(4). !
- Add
KERN_{NFILES,TTYCOUNT,NUMVNODES,MBSTAT}sysctl(3) entries. ! - For a bridge(4), handle IPv4 frag-needed-but-DF-set just like on a regular interface. !
- Pull in some pciide(4) fixes from NetBSD. !
- Remove (arguably) unnecessary
setgid(operator)from df(1). ! - Remove
setuid(kmem)from ps(1) and w(1) now kvm can use sysctl for some stuff. We don't need noprocfilesystem... ! - Make the kvm(3) library try to use the shiny new sysctls to fetch process arguments and environment. !
- Add flag to stop kwm_open(3) opening any files, though limiting kvm functionality. !
- Add sysctl(3) to retrieve process arguments and environment. !
- Tweak kernel memory allocation on i386 to work better on 4GB machines. !
- Work started on schizo(4/SPARC64) PCI controller. Who said that? !
- Install script now puts FQDN in
/etc/myname. ! - Make more use of
splsoftnet()(instead ofsplnet()) in IPv6 code. ! lo0now only gets::1when it's brought up. !- Merge kth-krb 1.1.1. !
- Enable weak aliases in
libcfor powerpc, sparc and alpha (already enabled on i386.) ! - Add new
splusb()to prevent USB initialisation lossage. ! - Improve SMART support in atactl(8). !
- Silently ignore deprecated options to ssh(1) since they may be passed in for a remote
scpcommand. ! - Remove
FallbackToRshfrom scp(1) as well. ! - pf(4) NAT rules now do macro expansion as well. !
- Add Makefile-like (
var += ...) macro concatenation to pfctl(8), then remove it again. ! - Add per-rule state timeouts to pf(4). !
- Fix well-hidden little bug in crypto(3) to unbork sparc64 SSL/TLS negotiation. !
- On alpha, don't allow kernel symbols to be paged out. !
- Deprecate
FallbackToRshandUseRshoptions in ssh(1). ! - ssh-keysign(8) now insists on 20-byte session IDs. !
- Remove suspect
DIAGNOSTICblock from softdep kernel code. ! - Make wsdisplay(4) screen blanker play nice with the X server. !
- lpr(1) and friends go from
setuid(root)tosetgid(daemon). Connections can come from unprivileged ports for now. ! - Add Realtek 8129/8139 cardbus device support to rl(4). !
- Switch macppc to use
geminstead ofgm. ! - Multicast fixes and Gigabit Ethernet support for gem(4). !
- Rule label length increased from 32 to 64 characters. !
- Allow modification of TTL with pf(4)
return-rst. ! - Timeout handling improvements to ohci(4). !
- Make netstat(6) print RIP6 statistics. !
- Allow a per-rule limit to the number of state table entries a pf.conf(5) rule can create. !
- Switch pf(4) from AVL to red-black trees. !
- Add Gemplus GPR400 PCMCIA smartcard reader. !
- If sending on another interface, resubmit pf(4) routed packets for filtering and NAT by
pf. Add an mbuf_tag(9) to stop loops forming. ! - Don't propose IDEA when negotiating SSL connections. !
$srcaddr,$srcport,$dstaddr,$dstport,$protoand$nr(rule number) can now be used in pfctl(8) rule labels. !- Make a kernel TCP RST and a pf(4)
return-rstlook the same, to frustrate the nmap crowd. ! - Some systrace(4) filter list optimizations. !
- Remove IPv4 mapped address support from TCP input code, and remove
is_ipv6(). ! - Add
net.inet6.ip6.v6onlysysctl(8) flag. ! - Add
ikecfgas a valid flag in isakmpd.conf(5). Start coding SET/ACK mode support. ! - inetd(8) no longer accepts UDP packets if the source is a broadcast address. !
- Start work on KDrive (TinyX) low-footprint X server support. !
- Add a missing
bzero()insys/netinet/tcp_input.cto fix link-local TCP. ! - Add flow type to ipsec(4) and isakmpd(8). !
- Fix isakmpd(8) crasher PR2729. !
- Deprecate SIO.*IFPREFIX_IN6 ioctls. !
- Merge arla release 0.35.7. !
- Merge OpenSSL 0.9.7-stable-20020605. !
- TCP wrappers and pfctl(8) accept scoped IPv6 addresses. !
- Remove
[gs]etprogname()from KerberosIV ! - Fix ipsec(4) crash described in PR2721. !
- Disable XF86_SVGA drivers in old XFree that are as good or better in XFree86 4.2.0, as defined in their status page. !
- bpf(4) support for kqueue(2) !
- In isakmpd(8), add netmask, subnet and DHCP server request support to IKECFG. !
- Fix bktr(4) stereo. !
- Support the RNG of AMD-768 southbridge (device amdpm(4).) !
- Fix DMA handing of hme(4) (SPARC and SPARC64.) !
- Pull in
libcsuchange from NetBSD to allow dlopen(3) to be used much earlier. - Add
-tkey lifetime option to ssh-add(1). - Use IPv4/IPv6 addresses in
/etc/inetd.confinstead of 'localhost' to avoid DNS lookups. - Add predicate suffixes to systrace(1).
- Add
-xand-Xoptions to respectively lock and unlock ssh-agent(1). - Compatibility tweaks to
getpid(),getuid()andgetgid()under Linux emulation. ! - Start work on new debugger, pmdb.
- Additional check (#ifdef DIAGNOSTIC) for duplicate uvm(9) map entries.
- If syslog(3) fails with ENOBUFS when sending to
/dev/log, it now waits a millisecond and retries. - syslogd(8) doubles the socket receive buffer size. !
- Automatic policy generation for systrace(4).
- lynx(1) now defaults to passive FTP.
- Remove
[gs]etprogname()from KerberosV. - New
-a <bind_address>option to ssh-agent(1) so user can specify the agent's UNIX domain socket. - Make tbrconfig(8) statically linked. !
- Remove assumptions about MTU values for certain media types.
- Use the same byte-order kung fu as the kernel in atactl(8).
- Don't automagically set -prefixlen 128 on IPv6 host route.
- rasops instead of rcons for vgafb(4/SPARC64). !
- Add xsystrace(1) [no manpage yet] UI for systrace(4). !
- Add sbus bwtwo(4) mono framebuffer support (untested.)
- PrivSep'd ssh monitor processes check each authentication method is enabled before use.
- systrace(1) userland import.
- Use arc4random(3) for rtadvd(8). *************** *** 94,117 ****
- '
pfctl -s all' now prints labels as well. - Add
volatiletosig_atomic_t. Stand well back. - Use rasops instead of rcons in cgthree(4/SPARC) and cgsix(4/SPARC). !
- Stop IPv6 making assumptions about interface MTU, use the actual interface values.
- Stop maintaining 2.9-stable.
- Bump 2.9-stable to OpenSSH version 3.2.3.
- Bump 3.0-stable to OpenSSH version 3.2.3. !
- Implement PMAP_CANFAIL flag for m68k pmap.
- Enable console blanking on cgthree(4/SPARC).
- Make sure some
struct sockaddrare cleared before use. ! - Start work on NetOctave NSP2000 driver.
- Apply BSD Airtools 0.2 patches.
- Teach ECN flags to pf(4). !
- Dump mkisofs in favor of mkhybrid. !
- Fix
fd_setoverrun in rtsold(8). - Clue in inetd(8) to IPv6 FTP bounce attacks. !
- Fix
/etc/ptmpdeletion bug that occurred if rmuser(8) was aborted. - IBSS mode for Symbol cards (firmware >= 2.5) using the wi(4) driver.
- Add leading-zero padding to RSA signatures in ssh.
- Tweak altq(4) options(4) so the kernel compiles on i[34]86. !
- Add support in the fxp(4) driver for more Intel PRO/100 VM cards.
- For those that do metric but refuse to work in meters and kilograms, kayser conversion has been added to units(1).
- Fix signal races in ping(8).
- Now that the Dungeon Master dm(1) has gone into well-earned retirement, make those games that need to save high scores, etc. run setgid
games. --- 351,374 ---- - '
pfctl -s all' now prints labels as well. - Add
volatiletosig_atomic_t. Stand well back. - Use rasops instead of rcons in cgthree(4/SPARC) and cgsix(4/SPARC). !
- Simplify IPv6 link MTU code.
- Stop maintaining 2.9-stable.
- Bump 2.9-stable to OpenSSH version 3.2.3.
- Bump 3.0-stable to OpenSSH version 3.2.3. !
- Implement
PMAP_CANFAILflag for m68k pmap. - Enable console blanking on cgthree(4/SPARC).
- Make sure some
struct sockaddrare cleared before use. ! - Start work on NetOctave NSP2000 (hardware crypto) driver noct(4). Just the RNG for now.
- Apply BSD Airtools 0.2 patches.
- Teach ECN flags to pf(4). !
- Dump mkisofs(8) in favor of mkhybrid(8). !
- Avoid
fd_setoverruns in rtsold(8), route6d(8) and rtadvd(8). - Clue in inetd(8) to IPv6 FTP bounce attacks. !
- Fix
/etc/ptmpdeletion bug that occurred if rmuser(8) was aborted. - IBSS mode for Symbol cards (firmware >= 2.5) using the wi(4) driver.
- Add leading-zero padding to RSA signatures in ssh.
- Tweak altq(4) options(4) so the kernel compiles on i[34]86. !
- Add support in the fxp(4) driver for more Intel PRO/100 VM cards.
- For those that do metric but refuse to work in meters and kilograms, kayser conversion has been added to units(1).
- Fix signal races in ping(8).
- Now that the Dungeon Master dm(1) has gone into well-earned retirement, make those games that need to save high scores, etc. run setgid
games. *************** *** 124,135 **** - Attach radio(4) devices properly.
- Fix VIA8233 support in auvia(4).
- Make nc(1) timeouts behave more like
netcat. ! - Make sure user's shell is
/usr/sbin/authpfbefore running authpf(8) to prevent $SSH_CLIENT shenanigans. - In ssh, use OpenSSL's AES implementation instead of our own.
- Add
-[46]options to ftp(1). ! - Warn if IPv6 neighbor discovery tries to set the link MTU too small.
- Make tip(1) query the driver with the user's baud rate setting rather than only accepting a compiled-in list. !
- Support Sun type 5 keyboards, as helpfully some key mappings are switched around from type 4.
- Cleanup and small fixes to skeyaudit(8).
- Fixes to fms(4).
- Various fixes and enhancements to mg(1). --- 381,392 ----
- Attach radio(4) devices properly.
- Fix VIA8233 support in auvia(4).
- Make nc(1) timeouts behave more like
netcat. ! - Make sure user's shell is
/usr/sbin/authpfbefore running authpf(8) to prevent$SSH_CLIENTshenanigans. - In ssh, use OpenSSL's AES implementation instead of our own.
- Add
-[46]options to ftp(1). ! - Warn to syslog if IPv6 neighbor discovery tries to set the link MTU too small.
- Make tip(1) query the driver with the user's baud rate setting rather than only accepting a compiled-in list. !
- Support Sun type 5 keyboards, as some keycodes are rather helpfully switched around from type 4.
- Cleanup and small fixes to skeyaudit(8).
- Fixes to fms(4).
- Various fixes and enhancements to mg(1). *************** *** 145,156 ****
- Remove
arc4random_8(). struct ifnetnow has an array of pointers to data for each address family. Move per-interface IPv6 state and neighbor discovery stuff here.- netstat(8) cleanup. !
- ping6(8) and traceroute6(8) updates from KAME.
unsigned->unsigned intcleanup.pid_ttype cleanup.- Fix big snprintf(3) parameter typo in strftime(3). !
- Don't use execlp(3) when invoking ssh-keysign(8).
- Fix kill(2) parameter brainfade in amd(8) and KerberosIV's rlogin.
- vax: Add board type for VXT2000+.
- More IANA interface type values, including IFT_BRIDGE. --- 402,413 ----
- Remove
arc4random_8(). struct ifnetnow has an array of pointers to data for each address family. Move per-interface IPv6 state and neighbor discovery stuff here.- netstat(8) cleanup. !
- ping6(8) and traceroute6(8) updates from KAME.
unsigned->unsigned intcleanup.pid_ttype cleanup.- Fix big snprintf(3) parameter typo in strftime(3). !
- Don't use execlp(3) when invoking ssh-keysign(8).
- Fix kill(2) parameter brainfade in amd(8) and KerberosIV's rlogin.
- vax: Add board type for VXT2000+.
- More IANA interface type values, including IFT_BRIDGE. *************** *** 166,174 ****
- Fix disklabel(8) warnings on a SCSI cd(4) with no data track.
- Allow incoming ssh(1) connections in the temporary pf(4) ruleset installed by /etc/rc, just in case the real rulebase fails to load later on. -
- Support mixed IPv4/IPv6 address lists in pfctl(8). !
- Add ssh-keysign(8).
- Remove obsolete dm(8).
- Hunt for biodone() calls not made at splbio() spl(9), and fix them.
- Improve cd9660(8) filesystem read-ahead performance. --- 423,430 ----
- Fix disklabel(8) warnings on a SCSI cd(4) with no data track.
- Allow incoming ssh(1) connections in the temporary pf(4) ruleset installed by /etc/rc, just in case the real rulebase fails to load later on.
- Support mixed IPv4/IPv6 address lists in pfctl(8). !
- Add ssh-keysign(8).
- Remove obsolete dm(8).
- Hunt for biodone() calls not made at splbio() spl(9), and fix them.
- Improve cd9660(8) filesystem read-ahead performance. *************** *** 247,253 **** [Applied to stable]
- Extended Attributes code updates.
- Improve PS/2 mouse port detection in pckbc(4). !
- Better hifn(4) initialization and memory usage.
- Extensive cleaning of the installation scripts, adding functionality yet reducing size. No, you're not having a deja vu.
- Fix ethernet interrupt level on sparc, and rework the sparc interrupt framework.
- Better color depth detection in Xwsfb. --- 503,509 ---- [Applied to stable]
- Extended Attributes code updates.
- Improve PS/2 mouse port detection in pckbc(4). !
- Better hifn(4) initialisation and memory usage.
- Extensive cleaning of the installation scripts, adding functionality yet reducing size. No, you're not having a deja vu.
- Fix ethernet interrupt level on sparc, and rework the sparc interrupt framework.
- Better color depth detection in Xwsfb.
***************
*** 335,341 ****
www@openbsd.org
!
$OpenBSD: plus.html,v 1.830 2002/07/02 01:20:25 deraadt Exp $