[BACK]Return to plus.html CVS log [TXT][DIR] Up to [local] / www

Diff for /www/plus.html between version 1.279 and 1.280

version 1.279, 1998/06/02 05:19:24 version 1.280, 1998/06/02 06:07:20
Line 48 
Line 48 
   
 <p>  <p>
 <h3>  <h3>
 <a href=#21>To go straight to the changes since OpenBSD 2.1, click here</a>.  <a href=#20>To go straight to the changes up to OpenBSD 2.0, click here</a>.
 <br>  <br>
 <a href=#22>To go straight to the changes since OpenBSD 2.2, click here</a>.  <a href=#21>To go straight to the changes up to OpenBSD 2.1, click here</a>.
 <br>  <br>
 <a href=#23>To go straight to the changes since OpenBSD 2.3, click here</a>.  <a href=#22>To go straight to the changes up to OpenBSD 2.2, click here</a>.
 <br>  <br>
 <a href=#end>To go straight to the end of the list, click here</a>.  <a href=#23>To go straight to the changes up to OpenBSD 2.3, click here</a>.
   <br>
 </h3>  </h3>
   
 <hr>  <hr>
   
 <p>  <p>
 <h3><font color=#0000e0>Life for the OpenBSD project begins...</font></h3>  <h3><font color=#0000e0>Work begins on what will become 2.4 or 3.0....</font></h3><p>
 <p>  
 <ul>  <ul>
 <li>Many many NetBSD PR's fixed (which NetBSD has not yet fixed)  <li>Fix root password setting code in install script.
 <li>New curses library, including libform, libpanel and libmenu.  <li>terminfo/termcap 10.2.3
 <li>a termlib library which understands termcap.db, needed for new curses.  <li>Fix xdm(8) to close an excess file descriptor it left around.
 <li>The FreeBSD ports subsystem was integrated and is usable by you!  <li>Permit kill(2) to send signal 0 to processes that are setuid, as long as the existing uid check succeeds.
 <li>ipfilter for filtering dangerous packets and Network Address Translation  <li>Change uudecode(1) to accept spaces in the filename.
         for IP masquerading.  <li>Move temporary file used by chfn(1) to /var/tmp.
 <li>better ELF support  <li>Add support for pcvt to kbd(1).
 <li>nlist() that understands ELF, ECOFF, and a.out, allowing non-a.out ports  <li>in chfn(1), unlink the temp file after finished using it.
         to use kvm utilies  <li>Fix /tmp use in yacc.
 <li>Verbatim integration of the GNU tools (using a wrapper Makefile)  <li>On the i386, grow i386 kernel malloc area by 2MB.
 <li>All the pieces needed for cross compilation are in the source tree.  <li>In chfn(1), permit gecos sub-fields to be empty.
 <li>Some LKM support in the tree.  <li>Fix sysctl net.inet.icmp.bmcastecho.
 <li>ATAPI support (should work on all ISA busses)  <li>Fix an nfs crash.
 <li>new scsi, md5, pkg_* commands  <li>Tweak IPSEC so that it supports VPNs trivially.  A new vpn(8) manpage describes how to use this.
 <li>Numerous security related fixes  <li>Integrate rt(8) and rtdelete(8) directly into ipsecadm(8).
 <li>Kerberos and other crypto in the source tree that is exportable  <li>Make named(8) run in a chroot space.
 <li>Solid YP master, server, and client capabilities.  <li>Integrate XFree86 3.3.2 patch 2.
 <li>/dev/*random -- a device driver providing some kinds of random data  <li>Fix multi-address support in telnet(1).
 <li>In-kernel update(8) with an adaptive algorithm  <li>Made i386 pctr driver compatible with all cpu vendors.
 <li>Some ddb improvements and extensions  <li>Added "feature bits" display to i386 cpu detection, and added more AMD and Cyrix processor models.
 <li>Numerous scsi fixes  <li>Modified named to stash its argument vector in pid file like sendmail does and modified ndc to use it.  This means "ndc restart" will now restart named with the correct arguments.
 <li>ncheck utility for ffs  <li>bind 4.9.7, with the <strong>-u</strong>, <strong>-g</strong> and <strong>-t</strong> options from 8.1.2.
 <li>/sbin/init now deals with non-existant ttys, no longer spins gettys madly.  <li>Handle constant numeric U and LL extensions.
 <li>new system calls: rfork(), minherit(), poll().  <li>Stop info gathering in uucpd(8).
 <li>select() that can handle any amount of file descriptors.  <li>Various TCP RPC fixes to deal with data streams that could cause lockups inside the library.
 <li>kernfs extensions  <li>Add sparc magma serial device driver.
 <li>ATM support (support for one company's sparc & i386 cards available)  <li>Install sendmail configuration goo in /usr/share/sendmail.
 <li>Boot kernels with "-c" to edit/enable/disable device configuration tables  <li>Fix two cases of incorrect timeout handling in the RPC library.
 <li>pax as tar, gnutar is toast  <li>Add the required setsockopt(2) interface for IPSEC, update photurisd(8) to accept notify messages from the kernel.
 <li>using AT&T awk, gawk is toast  <li>Fix numerous uses of MAXHOSTNAMELEN+1 instead of MAXHOSTNAMELEN, and also do the same for other similar cpp variables.
 <li>Even more security fixes.  <li>Fix numerous source tree uses of readlink() with an incorrect length parameter.
 <li>Accepts FreeBSD MD5 passwords in password maps, soon will be able to  <li>Install gdb(1) info pages.
         generate them too  <li>New distribution install notes that use m4 instead of cpp for formatting.
 <li>Linux ext2fs and BSD4.4 LFS support being worked on.  <li>In gdb, do not use 4.3 compatibility tty ioctl() calls.
 <li>Working ATAPI audio support for multiple architectures.  <li><font color=#e00000><strong>Constrain how kill(2) operates against target processes that are running setuid.  The previous unrestricted behaviour may have had security consequences. <a href=errata.html#kill>The 3rd revision of a patch which solves the problem is available</a></strong></font>.
 <li>terminfo database support.  <li>Fix a free() related bug in csh(1).
 <li>Fortran in the tree.  <li>Fix a memory trashing bug in the IPSEC SPI chain delete function.
 <li>The most secure rdist support anywhere.  <li>Fix acct(2) to work with append-only files.
 <li>randomized port allocation in bind(), bindresvport(), and rresvport() --  <li>Fix buffer overflows in getNAME(1).
         security via unpredictability.  <li>In mount_nfs(8), contact the portmapper about the correct protocol (tcp or udp).
 <li>Protection from the udp spamming and ftp bounce attacks.  <li>Correct 64 bit timeval storage in ping(8) packets; also put the time in network byte order.
 <li>Significantly improved ftp daemon.  <li>Start cron at the end of /etc/rc to avoid some security issues.
 <li>Numerous more security policy and implementation improvements (OpenBSD  <li>Compile the system with <strong>-O2</strong> instead of <strong>-O</strong>.
         defaults to installing in a very secure mode)  <li>Fix a bunch of scanf related buffer overflows.
 <li>zlib (non-GPL'd gzip-compatible library)  <li>Improve XR16C850 support.
 <li>Newest version of pppd.  <li>Fix less <strong>-d</strong> option.
 <li>_POSIX_SAVED_IDS behaviour with permitted BSD extensions.  <li>Fix i386 divide overflows traps which were possible in the NTP code.
 <li>Fixed long-standing vm swap-leak.  <li>Remove some more incorrect uses of long in kerberos code.
 <li>FreeBSD malloc() that uses mmap() and is able to free unused memory.  <li>Add a man page for ndbm(3).
 <li>Numerous FreeBSD userland fixes and improvements incorporated.  <li>As described a few lines above, support even more commands in make(1).
 <li>new rdisc Router Discovery daemon  <li>Make the csh(1) command <strong>kill</strong> more standards compliant.
 <li>generic protection against the bind() takeover problem.  <li>Improve documentation about how to properly enable YP client databases.
 <li>at -f security fix.  <li>Emulate <strong>umask</strong> and <strong>exit</strong> script commands inside make(1) directly, to get closer to the expected behaviour. Later on we may want to emulate more commands, like gnumake does...
 <li>20 or so more security fixes  <li>Make perl(1) support calls to lockf(3) now that we have it.
 <li>install now supports -C, -p, and -S flags.  <li>Disable dynamic loading in the mips version of perl(1).
 <li>a real adduser program, which can even be used uninteractively.  <li>Make size(1) work on files created via <strong>ld -Z</strong>.
 <li>POSIX & C2 requirement; lose setuid/setgid bits if owner/group changed  <li><font color=#e00000><strong>A possible new security problem exists if you rely on securelevels and immutable or append-only files or character devices.  The fix does not permit mmap'ing of immutable or append-only files which are otherwise writeable, as the VM system will bypass the meaning of the file flags when writes happen to the file. <a href=errata.html#immutable>A patch exists which solves the problem</a></strong></font>.
         by chown(). This can be turned off with sysctl.  <li>Niklas is taking a shot at making our cross compiler toolset sufficient for a full cross compile of the vax port.
 <li>partial protection against tcp SYN attacks.  <li>Fix a file parsing overflow in kdb_util(8).
 <li>added /etc/fbtab support to login & init.  <li>Make config(8) store the first free unit number in its tables so that pcmcia device re-insertion can come back to the same unit number.
 <li>RCS version 5.7  <li><strong>const</strong> the parameters to a few more system calls.
 <li>much newer join command (4.4lite2 with other fixes)  <li>Fix 'z' command in mail(1).
 <li>scsi subsystem security fix  <li>Fix short read() and write() operation in the RFC1413 handling code in httpd(1).
 <li>Kerberos is much more silent if not configured  <li>Fix some bad uses of sscanf problems in the source tree.
 <li>arc4-based random support in kernel  <li>Fix i386 copyoutstr().
 <li>ncr53cXXX scsi scripts assembler  <li>Support 16 partitions in the pmax port.
 <li>Numerous ftpd improvements and fixes, including multihomed and skey support.  <li>Correct handling of escaped % correctly in crontab lines.
 <li>`lsof'-style features in fstat.  <li>Make the AD1848 and Yamaha OPL3-SA3 sound drivers work.
 <li>rudimentary support for ISA Plug-and-Play cards  <li>pppd 2.3.5
 <li>Fixed timeout support in RPC library, and also fixed it to support more  <li>Fix localtime(3) support inside perl(1).
         than FD_SETSIZE file descriptors.  <li>Fix a number of disklabel issues in the hp300 and pmax ports.
 <li>improved locate command  <li>Enable <strong>#pragma pack</strong> and <strong>#pragma weak</strong> support in gcc.
 <li>a good start at NETIPX support  <li>Fix at least one remotely activated buffer overflow in lynx(1).
 <li>vim version 4.5  <li>Add information about more deviant scsi devices.
 <li>gcc 2.7.2.1 (to get closer to native alpha support ar gcc  <li><font color=#e00000><strong>A security issue exists in 2.2 and 2.3.  A lacking test for invalid padding length in IPSEC packets can cause a remote attack possibility if IPSEC is in use.  <a href=errata.html#ipsec>A patch exists which solves the problem</a>. <a href=errata22.html#ipsec>(A similar patch exists for OpenBSD 2.2)</a></strong></font>.
         bugs).  <li>Fix a select(3) bug in syslogd(8).
 <li>latest version of perl, and a lndir command.  <li>In the hp300 port, use actual code to determine how fast the 68040 cpu is running.
 <li>Even more security fixes.  <li>Add libossaudio(3) to the source tree.
 <li>cdio command for using CD audio.  <li>In mail(1), do not attempt to remove a mail spool since directory write permission may not exist. Instead, simply truncate it.
 <li>Kernel warns if /dev/console does not exist; nice warning for booting with  <li><font color=#e00000><strong>xterm(1) and libXaw contain security issues due to buffer mismanagement. <a href=errata.html#xterm-xaw>A patch exists which solves the problem</a>. <a href=errata22.html#xterm-xaw>(A similar patch which solves the problem for OpenBSD 2.2 also exists)</a></strong></font>.
         an unpopulated /dev directory.  <li>Permit relative adjustments in mixerctl(1) using +/- prefixes.
 <li>libgnumalloc is gone; our malloc() is better.  <li>msdosfs in FAT32 mode would hang during a write.
 <li>FreeBSD pipe() system call; quite a bit faster.  <li>Fix ZIP drive use on the hp300.
 <li>Some serial driver support for /dev/cuaXX devices to support transparent  <li>Fix a timeout bug in ping(8).  (What a troublesome program it is...)
       out+dial  <li>Use inet_ntoa() in a diagnostic in rwhod(8).
 <li>DDB can now access symbol tables from LKM modules  <li>Our c++ compiler is called c++, not g++.
 <li>Say goodbye to dump, restore, and mt security holes: They are no longer  <li>Fix iommu flushing on the sparc Microsparc-1 based machines.
         setuid.  <li>Make 'y' command in sed(1) 8-bit clean.
 <li>*Hobbit*'s netcat utility. The crackers use it, so should you.  <li>Make ctype macros dealing with unsigned characters properly index into their respective tables.
 <li>New routed from SGI.  <li>For 3c9xx drivers, fix a bug where bpf attach caused a change to 10Mb mode.
 <li>Complete in-tree development for MIPS/Alpha systems (ie. binutils).  <li>Fix a bug in h2ph(1).
 <li>ftp command modified for easily scripted ftp & http downloads.  <li>talk(1) cannot distinguish the host a reply comes from. If it is suspicious, it now prints that hostname in the connection banner.
 <li>And of course... more security related bugfixes... (ie. dump,  <li>In oldrdist(8), avoid attempting to create hardlinks between devices.
         restore, mt).  <li>Permit socketpair(2) to accept <strong>PF_LOCAL</strong>.
 <li>vim is replacing nvi, since nvi does not have a pure BSD license, and vim  <li>Add audioctl(1) and mixerctl(1).
         also works better.  <li>Merge OSS-like audio code into i386, sparc, amiga, and other architectures.
 <li>16 partitions working on sparc and i386 (yipee!)  <li>Teach dump(8) that ENOSPC on remote or local media means end of tape.
 <li>Nice sample files in /etc  <li>Change ld(1) to accept the first matching shared library it finds.
 <li>sendmail gecos hole fixed (in a number of ways; other programs in the  <li>Fix a coredumping problem in oldrdist(1).
         source tree were also vulnerable.)  <li>Delete old gdb; we use modern binutils everywhere now.
 <li>secure multicast tools against possible security problems.  <li>Make ps(1) look at the kernel physmem variable instead of the far uglier thing it did before this change.
 <li>latest GNU groff, incorporated in a clean wrapperized form.  <li>Correct utimes(2) emulation in Linux compat.
 <li>mopd for networking booting Digital machines  <li>64 bit cleanups to the uucp subsystem.
 <li>less version 2.90  <li>Fix a very strange bug in backgammon by using -ltermlib instead of -ltermcap.
 <li>deal with the SYN bomb problem (denial of service attack) as well known.  <li>Make hp300 use new m68k kcore format.
 <li>Another kerberos security fix.  <li>Completely rewritten fmt(1) with more features.
 <li>Almost a hundred more security fixes, including /tmp races because of strncpy.  <li>Run rc.shutdown even if -h or -r was not specified.
 <li>Compile time option to compile the source tree almost completely dynamic.  <li>Fix the i386 versions of libm's scalb*() functions.
 <li>A 7% reduction in size of static binaries.  <li>Make strptime(3) handling of month and weekday names case insensitive.
 <li>FreeBSD's adduser(8) command. Also an rmuser(8) command.  <li>Change 3rd parameter to be size_t as required by XPG.
 <li>We have completed security reviews of almost all userland programs and  <li>Let fdisk(8) and disklabel(8) compile if NOMAN= is defined.
         libraries except for the gnu stuff (where, based on preliminary  <li>Handle truncated reads in dumpfs(8).
         inspection there is poor handling of temp files).  <li>Add <strong>/var/run/rarpd.pid</strong> and syslogging support to rarpd(8).
 <li>Working Linux ext2fs.  <li>Fix gcc on the m68k to correctly invalidate cached condition codes when only a-registers are involved.
 <li>Added sudo (which is maintained by one of our developers)  <li>Fix relative tags in vi(1).
 <li>CTM is now a supported way of obtaining OpenBSD source code.  <li>Use mkdtemp(3) in pkg_add(8) and friends.
 </ul>  <li>Add <strong>dev</strong> command to cdio(1) so that user can change device.
 <p>  <li>Change tset(1) and /root/.cshrc behaviour so that ^C at the prompt does not result in noglob remaining set.
 <h3><font color=#0000e0>OpenBSD 2.0 released.</font></h3>  <li>Improve numerous manpages.
 <p>  <li>Make last(1) report on the year.
   <li>Set <strong>d_bbsize</strong> and <strong>d_sbsize</strong> to defaults in the disk drivers.
   <li>Do not do gethostbyname(3) on "*" in pppd(8).
   <li>Ignore SIGPIPE in reboot(8).
   </ul><p>
   
   <a name=23></a>
   <h3><font color=#0000e0>OpenBSD 2.3 released (May 19, 1998).</font></h3><p>
 <ul>  <ul>
 <li>The NIST Posix test suite became free. As a result we have been correcting  <li><font color=#e00000><strong>A security problem due to buffer mismanagement exists in lprm(1). <a href=errata22.html#rmjob>A patch exists</a></strong></font>.
         numerous problems in the source tree, and expect to be completely  <li><font color=#e00000><strong>A security problem due to a buffer overflow exists in uucpd(8) (which is not enabled by default in our releases). <a href=errata22.html#uucpd>A patch exists</a></strong></font>.
         POSIX compliant very soon.  <li>On the i386, fix installboot(8) so it works reliably on various filesystem layouts that did not work before.
 <li>upgrade to CVS version 1.9.  <li>Support lots of file descriptors in named(8), for when many virtual interfaces exist.
 <li>A number of security fixes to the way coredumping works.  <li>Fix installboot(8) on the sparc Sun4 models.
 <li>The /dev/*random devices are now default on all architectures.  <li>In disklabel(8)'s <strong>-E</strong> mode, set the bootblock sizes so that the hp300 install does not freak out.
 <li>Add stack tracebacks to Arc port's kernel debugger.  <li>In mktemp(3), repair a bug in the filename incrementing loop.
 <li>Skey revamped into full OTP (RFC1938) support, including sha1 and  <li>Various other install script fixes.
         md5 support.  <li>Fix /etc/fbtab handling in init(8).
 <li>GPL i387 emulator added.  <li>Make disklabel(8) mentions IDE (which is an alias for ESDI).
 <li>Crank kvm space on the i386 port, also limit buffer cache useage  <li>For the i386, have the install procedure ask if the xf86 driver should be enabled by default.
         so that 512MB machines may work (untested :-)  <li>Make install procedure prompt & set the initial root password.
 <li>Numerous fixes to the lpr suite, including security.  <li>When root logs in for the first time, let him find that he has an interesting piece of mail about how the system works.
 <li>More ftpd raging paranoia security fixes.  <li>Fix ipsec encap notifies.
 <li>The NIST suite showed numerous errors in libraries and the kernel.  <li>Configure xdm(8) and the fwvm window manager sensibly enough for default users to not feel utterly lost.
         Only a few small errors remain now, mostly regarding serial  <li>Fix 'u'ndo support in disklabel(8)'s <strong>-E</strong> mode, and also add a new 'r' command.
         ports.  <li>Repair the pkg_add(1) sufficiently for the 2.3 release...
 <li>In numerous utilities: prefer $LOGNAME, but also accept $USER.  <li>Fix a race condition in unmount(2).
 <li>OLF binary type added.  This is like ELF, but includes an OS-dependent  <li>Add support for the XR16850 serial chip (128 byte fifos).
         tag. elf2olf(1) converts an elf binary to a tagged OLF binary which  <li>mkisofs 1.11.2
         the kernel can recognize correctly.  <li>Disable console ddb by default.  sysctl can re-enable it.
 <li>Beware $HOME overflows throughout the source tree.  <li>Fix backtraces in gdb on m68k platforms.
 <li>Integration of the pmax port.  <li>Support 3c905B (well, actually, our support falls over. We need a card to do further work).
 <li>Import of ctm.  <li>Modify i386 PS/2 driver to be read/write; this permits new XFree86 source to put mice into advanced modes of operation.
 <li>Various repairs to the scsi scanner support.  <li>Remove KTH Kerberos "eavesdropping" message from telnet(1) and telnetd(8).
 <li>Numerous more difficult-to-exploit-but-possible-if-someone-really-wanted-to  <li>Fix bug oflow in ping(8) <strong>-R</strong> option.
         buffer overflows found in system utilities..  <li>In tar(1), only preserve the uid/gid if the <strong>-p</strong> flag is given.
 <li>Memory leak paranoia in cron.  <li>sudo version 1.5.5
 <li>Make login get more consistantly upset about failed logins, and tell user  <li>Do not prepend /usr/local/bin to the PATH in zdiff(1), zforce(1), zgrep(1), zmore(1), znew(1), or rcsfreeze(1).
         about these failures at the next successful login.  <li>Fix DNS fake-iquery bug.
 <li>pdksh version is now 5.2.11  <li>In the <strong>le</strong> ethernet driver, if the detected ethernet address is ff:ff:ff:ff:ff ... fail.
 <li>New bsd.*.mk feature: DEBUG=-g.  Try it, you'll like it.  <li>Fixes for various (minor) Y2K problems.
 <li>The Arc port family has a new member: The rPC44 works!  <li>Switch a.out ports in the tree (sparc, m68k, i386) to use the newer version of gdb that is part of the binutils tree.
 <li>lpt driver is now bus-independent.  <li>Significantly improve the system install scripts.
 <li>com driver is now bus-independent.  <li>Add disklabel spoofing to the hp300 port.
 <li>Numerous small security fixes again...  <li>Add xlockmore(1) to the X11 tree.
 <li>Use pdksh as our /bin/sh.  This provides excellent POSIX compliance.  <li>Fix <strong>ru_majflt</strong> counting in the VM system.
 <li>Prevent generic users from mounting filesystems by default.  <li>Add AFS token fetching capability to various parts of the source tree.
 <li>Added -C option to pax/tar. Also made -z support compressed files too.  <li>In login(1), handle cleanup of environment variables correctly.
 <li>Increased compatibility in the pccons driver with BSDi features.  <li>In ftp(1), for HTTP requests pass the hostname so that virtual hosts work.
 <li>Imported FreeBSD's calendar.  <li>In utimes(2) and futimes(2), handle <strong>tv_sec</strong> values of -1 more carefully, as they are really illegal cases.
 <li>GNU gdb works on the mips-based platforms.  <li>Import <strong>kx</strong> into our X11 source tree.
 <li>Add FreeBSD md5 diffs to mtree(8).  This can be used to implement a  <li>Add a <strong>SIOCGIFDATA</strong> ifreq-style ioctl which will get the ifdata informational structure attached to each interface.
         tripwire-like system.  <li>Add httpd(8) to the OpenBSD tree.  It is apache 1.2.6.
 <li>Some YP and bootparamd security changes.  <li>Import <strong>xpm</strong> into our X11 source tree.
 <li>Hundreds of little fixes all over the place.  <li>Support QLogic PCI scsi controllers (at least on the i386).
 <li>Multiple updates for GNU software  <li>Fix rmd160(3) (and also the IPSEC algorithm) to properly handle data beyond it's block boundary.
 <li>Add disklabels to the floppy device drivers.  <li>Emulate SunOS <strong>otimes(2)</strong> system call so that Netscape doesn't explode.
 <li>At boottime, have (*mountroot)() look at the root device's disklabel  <li>Fix rarpd(8) interaction with routed(8); too much routing information would pile up un-read on the AF_ROUTE socket and rarpd(8) would get too grumpy.
         to determine which filesystem type is to be mounted.  <li>Remove libtelnet.so.* from the distribution.  People compiling kerberos into their system were generating significantly different shared libraries; thus it is wrong to make this a shared library.
 <li>If disklabel reading code discovers an ISOFS filesystem underlying,  <li>Make edquota(8) handle numeric names as uid's only after checking that an account named so does not exist.
         spoof a nice disklabel (enough to fool mountroot).  <li>Add UID_MAX and GID_MAX to <machine/limits.h> on each architecture.
 <li>tcpdump 3.3  <li>Fix ch(4) operation on ncr(4) scsi controllers.
 <li>Fix information gathering attack in ping(8).  <li>On the sparc, switch to an alternate font if the console is < 800*600 resolution.
 <li>Add NetBSD's "route show" implementation, and at the same time fix  <li>Add ISAPNP driver for the 3c509 cards.
         the new buffer overflows that this provided.  <li>Change <strong>SIOCGIFNETMASK</strong>, <strong>SIOCGIFDSTADDR</strong>, and <strong>SIOCGIFBRDADDR</strong> to return information for named/addressed mappings rather than simply named mappings, so that these calls can work on interface aliases.
 <li>Fix a few setgroups() related security holes.  <li>Add (complete?) support for KerberosIV to our X11R6.
 <li>sendmail 8.8.4  <li>In mktemp(1), document why this should be used for temporary filename generation.
 <li>texinfo 3.9  <li>In telnet(1), fix connecting to IP addresses; this was recently broken by the new KTH kerberos telnet integration.
 <li>f77 0.5.19  <li>Make <strong>-R path</strong> work a well as <strong>-Rpath</strong> in cc(1).
 <li>Repair some more KerberosIV buffer overflows.  Hard to believe this is  <li>In the ksh(1) manpage, clarify the behaviour of the <strong>CDPATH</strong> variable.
         supposed to be security software.  <li>Add support for more PCI NE2000 cards.
 <li>Add XCASE/IUCLC/OLCUC/OCRNL/ONOCR/ONLRET tty subsystem flags for  <li>Make <strong>%Y</strong> override an earlier <strong>%y</strong> in strptime(3).
         backwards compatibility.  <li>Add support for <strong>atalk</strong> to ifconfig(8).
 <li>Permit NFS attribute cache to be configured on a per-mount basis.  <li>Make the functions described in ethers(3) more careful.
 <li>Properly split fsck, mount, and newfs into multiple pieces.  Use  <li>Fix support for VFS loadable kernel modules.
         disklabel information if it is available.  <li>In get*ent() family of routines in libc, use fgetln(3) instead of fgets(3) so that parsing of overly long lines is more correct.
 <li>Add disklabels to the vnd device driver.  <li>Add options(4).  This manpage describes what all the kernel options do.  If you spot an error in it, notify us immediately.
 <li>Change the games to be run setgid games, not setuid games.  This closes  <li>In strptime(3), make <strong>%C</strong> influence <strong>%y</strong> regardless of ordering.
         a whole slew of fascinating security holes.  <li>Fix a NULL deference bug in make(1) when using the <strong>-j</strong> flag.
 <li>Import of the powerpc port.  <li>Fix <strong>%m</strong>, <strong>%I</strong>, <strong>%S</strong>, <strong>%y</strong>, <strong>%C</strong>, and <strong>%j</strong>  conversions in strptime(3).
 <li>Properly use _POSIX_SAVED_IDS throughout the source tree.  <li>Merge Kirk McKusick's <a href=softupdate.html>soft update</a> code. This code is still experimental and under a non-commercial license.  It will be included in the next release as an optional compile flag; we cannot ship it enabled by default.
 <li>Permit building of kernels without a.out support.  <li>Flesh out the man pages and explain the security problems behind mktemp(3) and other similar functions, plus explain how to handle these problems better.
 <li>ppp 2.3b3  <li>Fully working KerberosIV encryption in telnet(1) and telnetd(8).
 <li>libcrypt goes away. We do not need this stub library anymore. Do not link  <li>Fixes to a few more games.
         against it on OpenBSD, all the pieces you need are in libc.  <li>CVS version 1.9.26
 <li>new aucat command.  <li>Fix mktemp(3) problems in two more YP tools.
 <li>Fix a fairly nasty security hole in all of the games.  <li>Fix an interaction bug in inetd(8) due to SIGPIPE blocking; caused a bad effect in rlogind(8) or other inetd(8) children.
 <li>Support for the <a href="hp300.html">hp300</a> added.  <li>Configure cc(1) to pass the <strong>-R</strong> flag on to ld(1).
 <li>Upgrade of awk(1), integration of BSD tsort(1), getopt fixes.  <li>Add lynx 2.8 to the system.
 <li>Sendmail upgraded to version 8.8.5.  <li>Add support for 82553 and 82555B PHY in the fxp driver.
 <li>Added lchown(2) for compatibility with SVR4 implementations.  <li>Fix tmpfile(3) to fchown() the file after unlink() (taking umask() into consideration, too).  This is required by standards.
 <li>New gnu cpio 2.4.2  <li>Fix vnd and ccd drivers to work properly with soft updates.
 <li>Support lchown(2) in dump(8), cp(1), pax(1), cpio(1), chown(8), and  <li>Fix a crash case in compress(1).
         restore(8).  <li>Add <strong>-s</strong> and <strong>-c</strong> options to last(1).
 <li>No buffer lengths in fmt(1).  <li>Add support for <strong>-s section</strong> and <strong>-S subsection</strong> to man(1).
 <li>various adjtime() corrections inside the kernel.  <li>Change the configuration of man(1) so that man4 is read much later; this makes it easier to see pages in man8 with similar names.
 <li>Prevent stat() from disclosing inode generation numbers to non-root userland.  <li>Fix KerberosIV password changing.
 <li>pax in tar mode will understand multiple -v options to generate ls-like output.  <li>On the sparc, support 128KB lebuffer devices.
 <li>Repair many uses of the SIOCGIFCONF code for machines with an outrageous  <li>On the sparc, print hotfix information at the right place in the dmesg log.
         number of network interfaces.  <li>Fix passwd(1) so that YP passwords do not get edited in the local password file.
 <li>More kerberosIV security patches.  <li>Significant efforts made at fleshing out the device driver man page tree better.
 <li>A working fsirand.  <li>Upgrade to gcc 2.8.1
 <li>Completely in-tree <a href="powerpc.html">PowerPC</a> port for non-Apple  <li>Rename 2.2 to 2.3 tree-wide, for the upcoming release.
         hardware.  This port requires nothing outside the in-tree development  <li>Improve IPSEC performance.
         environment to build (except mkisofs for building distributions).  <li>Add many new machine-dependent man4 man pages.
 <li>Some ypbind(8) tightening up, includes a method to specify a list of  <li>XFree86 3.3.2 is now in our X11 source tree.
         valid servers  <li>Add another missing ntohl() in ipnat(8).
 <li>Bug fixed that prevented bufpages/nbuf > 1 setups.  This allows large  <li>Use a p_os field to sub-divide operating system emulation capabilities (like for SVR4 binaries).
         buffer caches even when available kvm space is low, like for i386  <li>Spend almost a week finding and fixing minor goobers discovered by gcc 2.8 throughout the source tree.
         & sparc.  <li>Fix syslog(3) sockaddr initialization.
 <li>Changed netinet IP_HDRINCL option to require ip_len and ip_off in network  <li>Add support for <strong>TIOCM*</strong> family of ioctl(2) values to the sparc serial driver.
         byte order. This is a compatibility/portability fix and we expect  <li>New photurisd(8) that complies with <strong>draft-simpson-photuris-18.txt</strong>.
         other BSD systems to eventually follow suit.  <li>Fix a race bug in mkstemp(3) itself that would make mkstemp(3) have occasionally fail strangely.
 <li>amd (the automounter) is now 64-bit and working on the alpha.  <li>Fix a few more mktemp(3) problems in f77 libraries, and other assorted GNU software.
 <li>The <a href="alpha.html">Alpha</a> port and all it's utilities now compiles  <li>Upgrade to gcc 2.8.0
         using in-tree versions of all tools.  Yipee!  <li>Upgrade to libg++ 2.8.0
 <li>A SA_SIGINFO implementation for sigaction() and signal handlers.  This is a  <li>Make ping(8) work with very large packet sizes on all types of interfaces.
         small part of POSIX 1003.1b and permits the signal handler to figure  <li>Correct behaviour <strong>-x</strong> and <strong>-p</strong> flags in tar(1) to be traditional.
         out the exact cause of a signal; such as fault address information  <li>Remove one of the two copies of math.h in the source tree.
         for SIGSEGV or more detailed information for SIGFPE.  <li>Improve blowfish performance by a factor of 2, and hence increase the rounds by 1 in passwd.conf.
 <li>config.old(8) has been removed from the tree, as the <a href="hp300.html">  <li>Handle unknown hostnames in mountd(8) better.
         hp300</a> port switches to config(8).  <li>Inside the kernel, change struct file's members f_count and f_msgcount to longs, and then add checking for overflows as well.
 <li>/sbin/dump -a saves you from needing to deal with finicky tape length  <li>Add XDM-AUTHORIZATION to X11.
         options (from FreeBSD)  <li>In old gas, move to late resolution of symbols because gcc 2.8 will require this.
 <li>Added RFC-1812 ICMP unreachable codes to ip_icmp.h, traceroute, and ping.  <li>Fix a configuration file parsing bug in ipf(8).
 <li>Be more careful if some fool decides to enable source routing ;-)  <li>In libpcap and tcpdump, use our system ethers(5) parsing routines.
 <li>Support for gzip'd kernels in some bootblocks.  <li>Make <strong>netstat -r</strong> report better information about non-standard netmasks.
 <li>New wgrisc port for Willowglen embedded r3081-based machine with ISA slots.  <li>Fix some bugs in the 3c[59]xx device driver.
 <li>Add cdev and partition support to the ramdisk driver.  <li><font color=#e00000><strong>The 3rd revision of the patch for the mmap() security problem is available, and <a href=errata22.html#mmap>has been placed on top of the 2nd revision</a></strong></font>.
 <li>Merge new ftp(1) changes from NetBSD.  <li>Add a command to ddb that reports out the extent tables.
 <li>Change mktemp(3) and family to generate more random filenames, yet still  <li>Add a clarifying statement to all the Kerberos code that explains how it came to be that this code was released from the USA's crypto stranglehold.
         as collision free as possible.  <li>In the RPC code, ensure that __svc_fdsetsize is always manipulated as a bitcount.
 <li>Have libc/rpc save you from yourself if you do enable source routing.  <li>Clarify crypt(3) manpage as to how many characters each transform actually considers in its calculation.
 <li>The <a href="hp300.html">hp300</a> joins many other ports in supporting  <li>Do not permit TCP connections to any of the broadcast addresses.
         16 disk partitions.  <li>Do not let a user set their password to "s/key".
 <li>IPF 3.1.7 which includes fully working NAT support (ie. IP masquerading).  <li>Permit the disabling of skey system-wide.
 <li>Use lots more XXXX characters in calls to the few remaining mktemp() calls  <li>Convert the xdr(3) and rpc(3) manpages to mandoc format.
         in the source tree. This cuts out a whole class of races.  <li>In mail.local(8), document how to use quotas on a mail spool.
 <li>Improved NFS filehandle creation.  <li>Add <strong>-p</strong> option to uname(1), to display detailed CPU information.
 <li>Make dd(1) work fine with our 64-bit off_t types, now you can copy very  <li>Support for the ST16650 32-byte FIFO uart.
         large disks using it.  <li>Do not copy from off the end of an nfs boot mbuf.
 <li>add RPC service name generation to netstat -a  <li>Some more repair in the games.
 <li>Fix pax & tar to be POSIX compliant.  <li>Support <strong>-rpath dir</strong>, <strong>-shared</strong>, <strong>-soname</strong>, <strong>--whole-archive</strong>, and <strong>--no-whole-archive</strong> in the old ld used on many of our platforms.
 <li>Fix a few netinet kernel crash problems.  <li>CVS version 1.9.24
 <li>Fix so that stack limits which are not a multiple of the pagesize work.  <li>For OLF/ELF binaries, remember the OS tag in execve(), so that emulation code can reference it later.
 <li>fix some more memory and file descriptor leaks in libc/rpc  <li>Make the kernel compile properly (with full warnings) under gcc 2.8.
 <li>New scalable BLOWFISH-based crypt algorithm for passwd file entries. It  <li><font color=#e00000><strong>Do not permit a read+write mmap() operation on a read-only file descriptor open on a device.  This is a security problem in OpenBSD 2.2, and is <a href=errata22.html#mmap> described and fixed with a patch</a></strong></font>.
         uses a very large strong-random `salt' and the number of rotor  <li>Rename /etc/nat.rules to /etc/ipnat.rules.
         runs is configurable.  Hence if you have faster machines you can  <li>Add kerberos kauthd(8).
         slow the crypt routine down and make harder keys.  <li>On the i386, move XFree86 aperature driver into the kernel.  The new sysctl(8) variable <strong>machdep.allowaperture</strong> decides if this driver is active or not.  (This variable can only be modified at high securelevel).
 <li>Add support for /etc/passwd.conf which controls the format and strength  <li>Remove the ftp(1) `stdout redirection' hack and replace it with a <strong>-o filename</strong> option (which also understands a filename of "-" to mean stdout).
         of passwd entries for the next time a user changes their password.  <li>Pull in all the NetBSD changes to the old version of gas over the last year or so.
         These options can be set per-user.  <li>Fix two bugs in adduser(8).
 <li>Working kadmind for kerberosIV.  <li>Change chflags(2) and fchflags(2) to take a u_int for the second parameter.
 <li>IPSEC package from John Ioannidis and Angelos D. Keromytis.  <li><a href=ftp://ftp.openbsd.org/pub/OpenBSD/tools/openbsdpower.gif>New fancy OpenBSD logo for your use</a>.
 <li>cvs 1.9.2  <li>Add XPG4 <strong>-r</strong> option to du(1).
 <li>Fix weak symbol support in ld.  <li>Support <strong>-[width]</strong> option in fmt(1).
 <li>libg++ pulls in libcurses automatically.  <li>New quirk for another Archive VIPER scsi tape drive.
 <li>Replace which(1) with a C program.  <li>Fix another signal handler bug in mail(1).
 <li>newfs(8) now has an inline fsirand(8) with no noticable speed decrease.  <li><font color=#e00000><strong>The mac68k 2.2 CD release had a few problems. These problems have been resolved in the FTP release. <a href=errata22.html#mac68k>For more details...</a></strong></font>
 <li>settimeofday(2) won't roll back the date if securelevel > 0 (from lite2).  <li>Make lpd(8) use keepalives so that it can detect dead network printers.
 <li>deroff(1) 1.0 from Debian (a Linux).  <li>Support the WINBOND pci ethernet cards.
 <li>BIND 4.9.5-P1.  <li>Fixed "%c" in strftime(3).
 <li>Add support for FreeBSD md5 to /etc/passwd.conf.  <li>Various fixes to some of the games, ie. rain, worms, wump.
 <li>Import of the mvme88k kernel port.  <li>If <strong>link0</strong> is set on a loopback interface (ie. lo1) make the address/netmask sets on it make supernets instead of subnets.
 <li>Import of libwrap and tcpd (tcp wrappers).  <li>Place seperate so_ruid and so_euid fields in struct socket, so that in_pcb.c can still do it's job, but also so that identd(8) can be fast and return the proper uid.
 <li>Numerous improvements to pax, including full support for cpio and  <li><font color=#e00000><strong>In the sparc 2.2 release, the SS4/SS5 kernel was not very reliable.  <a href=errata22.html#sparciommu>A simple reliability patch is now available</a></strong></font>.
         a lot of fixes to tar mode.  <li>Fix a map corruption bug in ypxfr(8).
 <li>Let fsck and fsirand automatically work on very large filesystems.  <li>Make stty(1) recognize STRIPDISC.
 <li>Various fixes to the fsck tools.  <li>In compress(1), if the st_flags is 0, do not attempt a chflags(2) call.
 <li>ipsecadm as an initial cut at controlling IPSEC sessions.  <li><font color=#e00000><strong>Make ruserok() significantly more paranoid when parsing the .rhosts file.  This along with another issue is a security problem in OpenBSD 2.2, and is <a href=errata22.html#ruserok> described and fixed with a patch</a></strong></font>.
 <li>Fix pcmcia on the i386.  <li>raise IPPORT_USERRESERVED significantly. Random port numbers will now look much more random than they did before.
 <li>Merged changes from at 2.9 into our own at.  <li>New <strong>-a logdev</strong> argument for syslogd(8), useful for setting up additional /dev/log devices in various chroot spaces.
 <li>pccon(1) to control the pccons driver.  <li>Permit restore(8) to work on a filesystem that has a basic blocksize smaller than the blocksize of the filesystem that was dumped.
 <li>Bye bye tahoe bits.  <li>Make MIPS ldconfig emulate the <strong>-m</strong> flag better.
 <li>noaccesstime option for filesystems (saves batteries on laptops)  <li>The web pages now have a new section on <a href=security.html> security advisories</a>.
 <li>Substantial changes and fixes to the scsi scanner support.  <li>New compat_ibcs2(8) manpage.
 <li>Support for "secure" YP password maps.  <li>Fix rarpd(8) to work properly in the presence of massive routing traffic.
 <li>Various atm fixes.  <li>A start at full lint library support.
 <li>The NE2000 if_ed driver now works on the alpha, too.  <li>smtpd(8) integration spiffied up. Everything you need is now in the system.
 <li>ddb improvements for 64 bit machines.  <li>Emulate that disgusting linux connect() braindamage even better.
 <li>Fixes to fts(3).  <li>Fix some bugs in vacation(1).
 <li>A few ypbind fixes.  <li>Fix /etc/yp/domainname support in ypbind(8).
 <li>sysctl kern.osrevision gives OpenBSD date.  <li><font color=#e00000><strong>In the 2.2 release, the sparc scsi driver caused problems for the Sun 4/300 machines. <a href=errata22.html#sparc>Patches are now available</a></strong></font>.
 <li>gcc no longer defines -D__NetBSD__, only -D__OpenBSD__ now!  <li>Add <strong>FS_CCD</strong> partition type so that the ccd driver can ensure it has the right components.
 <li>Implement NOFILE_MAX--hard limit on max descriptors per process.  <li>Add <strong>/etc/sysctl.conf</strong> which specifies sysctl variables to change at boottime.
 <li>Be more careful about modes of lost+found directories.  <li>Fix a free page count bug in the vm system.
 <li>New termcap and terminfo database files.  <li>Create two new sysctl options: <strong>ddb.panic</strong> decides whether the kernel should enter ddb when it panics, and <strong>ddb.console</strong> controls if it is possible to enter ddb from the console via a hot-key.
 <li>Change mail.local -H behaviour slightly, and convince mail(1) to use it  <li>Add scan_ffs(8), a very useful tool for reconstructing disks.
         for correct locking!  <li>Add strptime(3).
 <li>64 bit clean in.rarpd.  <li><font color=#e00000><strong>Buffer overflow fix in the MIPS ld.so. Replacement binaries for the <a href=errata22.html#pmax>pmax</a> and <a href=errata22.html#arc>arc</a> platforms are available</strong></font>.
 <li>cvs 1.9.6  <li>Avoid DNS lookup timing effects in ping -R.
 <li>16 partition support for the alpha port.  <li>Fix the __{CTOR,DTOR}_LIST__ declarations in c++rt0.c
 <li>Add ./.message support to ftpd  <li><font color=#e00000><strong>Two bugs existed in the the 2.2 pmax release which all users should be aware of.  <a href=errata22.html#pmax>Patches are now available</a></strong></font>.
 <li>Numerous more pax/tar fixes.  <li><font color=#e00000><strong>Be more careful about sourcerouted packets, including never forwarding them.  This is a security problem in OpenBSD 2.2, and is <a href=errata22.html#sourceroute> described and fixed with a patch</a></strong></font>.
 <li>Add md5 & blowfish passwd support to adduser(8).  <li>Teach the kernel about newer PCI device types.
 <li>Add support for YP v1 to ypserv.  <li>Workaround a race condition in syslogd's handling of SIGHUP.
 <li>Fixed some more mktemp races (sigh, will this ever end!)  <li>Some man page fixes so that <strong>man -k</strong> is happier.
 <li>More buffer overflows, but none in sensitive programs.  <li>Low-memory bug fix in setenv(3).
 <li>getnetent() and friends now work a lot more like gethostent().  <li>Self-extending kernel maps in the vm subsystem.
 <li>Use 10 X characters in many remaining mktemp() calls which are  <li>In rc.local, bail on starting cfsd(8) if mountd(8) is not running.
         hard to excise.  <li>Require commands started from in /etc/rc to be executable -- not just readable.
 <li>Solve a few resolver problems after the recent 4.9.5-P1 integration,  <li>Glob extensions for XPG4.
         not all our fault.  <li>Cleanups in wump(6).
 <li>Fix patch to honour Index lines better.  <li>Check both old and new shells in rpc.yppasswdd(8).
 <li>A whole bunch of 64 bit fixes in the source tree (hint: alpha).  <li>Add <strong>-a</strong> flag to which(1).
 <li>Once again, really correct the various source routing pieces of the  <li>On binutils platforms, make ldd(1) work on static executables.
         userland source tree.  <li>IPF 3.2.3.  When you upgrade to this version, you <strong>must</strong> also upgrade the userland utilities (ipf, ipnat, etc.).  You also need to get the latest MAKEDEV and run "sh MAKEDEV ipl" in /dev to create new device entries.
 <li>Make real i386 cpu's work again. In case noone noticed, they didn't  <li>Fix a race in mkdir(1).
         work for about 5 months.  The bug was very hard to find...  <li>More cdrom ioctl's in Linux emulation.
 <li>For config(8), if any kernel options get added/deleted/changed since  <li>Fix select(2) use in sudo(8) so that it can handle large fd_set sizes.
         the previous commit, warn that the compile tree needs 'make clean'.  <li>In termcap databases, map the keyboard backspace key to DEL instead of BS as that is how it really is.
 <li>Use in_addr_t and in_port_t all over the place.  <li>Fix argument handling in expand(1).
 <li>Correct DEV_BSIZE and lp->d_secsize confusion throughout the source  <li>If tar(1) extracts as root, preserve uid/gid as is traditional.
         tree. CD9660 is much happier now.  <li>Repaired the expansion of the kernel panic string.
 <li>Fix AFS string-to-key handling in kerberos.  <li>Much more complete KerberosIV documentation.
 <li>NAT now gets started from /etc/netstart.  <li>Start at bus_dma support.
 <li>Various man page fixes.  <li>Properly error out if yp_match() or yp_first() is asked to lookup long keys.
 <li>For the first time ever, an obj@ populated /usr/src tree compiles cleanly  <li>Groff 1.11a
         when mounted read-only.  <li>Properly ignore whitespace between a conversion and %n in *scanf(3).
 <li>The df(1) utility now has a human-readable "-h" option.  <li>Import of tzcode1998b and tzdata1998b.
 <li>Always skip the first 8KB of all swap partitions (hint: disklabels &  <li>Use new ypwhich(1) flag in ypinit(8) script to get maps from the real master server.
     bootblocks)  <li>Support <strong>-h host</strong> flag to ypwhich(1).
 <li>Repair some bugs in mail(1), especially regarding signal handling.  <li>pppd 2.3.3
 <li>Support .group entries in /etc/passwd.conf  <li>Handle unparseable ulimit specifications as an error, not as the value 0.
 <li>PCI aic7860 scsi support improved.  <li>ncurses 4.1-980103
 <li>Support /etc/rc.shutdown from halt(8).  <li>In w(1), handle processes that set argv[0] to NULL, by printing p_pcomm.
 <li>Support extended partitions in fdisk(8).  <li>Make pkg_install(1) feed a -p option to tar.
 <li>Various fixes to the YP utilities.  <li>sudo version 1.5.4.
 <li>Signal handling fix to crontab(1).  <li>Merge some slight standardization fixes for *printf(3) from FreeBSD (some unlikely cases get handled better).
 <li>Unify naming of architecture names between gcc & binutils.  <li>Bring gethostent() back to life, even though it is a bad interface.
 <li>Some more userland 64 bit fixes.  <li>In disklabel(8), make IDE drive type handling more obvious and intuitive.
 <li>Support for PCI NE2000 clones.  <li>Support all kinds of keyboards in pcvt, like pccons does.
 <li>libpthread works on the m68k.  <li>Support for FAT32 partitions.
 <li>Significantly improved the unpredictability of the DNS packet id's  <li>For scsi tape drives, be silent in the presence of ILI errors.
         in the resolver and named.  <li>Fix a vnode creation race.
 <li>newfs_msdos(8) can has enough brains to find the partition size itself.  <li>Fix a output error in finger(1).
 <li>Split rc.local, creating rc.securelevel. (Securelevels look like a worse  <li>Do not permit dumping corefiles over symbolic links. (We have wanted this changed for a long time, but it required Lite2 vfs).
         and worse idea every month).  <li>Permit extra / terminators in some path-based system calls.
 <li>A bit more man page cleanup starting to happen...  <li>Fix some problems regaring transfer of secure yp maps.
 <li>GNU Groff 1.10 with (improved) Makefile wrapper.  <li>New rc.conf(7) manpage.
 <li>sleep(3) and usleep(3) now call nanosleep(2) for significantly less  <li>Make sure it is clear that so_linger is in seconds.
         overhead.  <li>Add sysctl net.inet.icmp.bmcastecho to block the smurf problem.
 <li>The vnd(4) device has a new safer mode of operation called svnd  <li>Some fixes to fdisk(8) and disklabel(8).
         where you can trust a disk-image right after it's unmounted,  <li>Workaround a problem that happens if a TCP socket is shutdown(2)'d more than once.
         i.e. cache-coherency.  <li>Some more manpage cleanups.
 <li>Repaired install stuff for most architectures significantly, improving  <li>Some slight changes to the PCI device subsystem to make it probe devices nicer (mostly dmesg printing).
         ftp/http installs, single bootable install floppies, and in some  <li>Make md5(1), rmd160(1), and sha1(1) use getopt().
         cases CDROM booting.  Most floppies contain vi, too.  <li>Make {f,}chflags(.., -1) return error EINVAL.
 <li>Support crunch on arc (for bootable installs).  <li>Make mmap() return void * instead of caddr_t, and add the MAP_FAILED define required by new standards.
 <li>Added gzip and cdrom support to the sparc and alpha bootblocks.  <li>Fix some gzip buf oflows.
 <li>Fix keyboard and delay timing in i386 bootfloppy bootblocks. Whee!  <li>Correct an splx botch in the tunnel driver.
 </ul>  <li>Add sysctl ddb.panic_ddb; indicates whether to drop into ddb on a panic.
 <p>  <li>Swap quit and exit commands in fdisk.
 <a name=21></a>  <li>Correct exit code of nohup(1).
 <h3><font color=#0000e0>OpenBSD 2.1 released (July 2, 1997).</font></h3>  <li>lockf() implimentation.
 <p>  <li>Handle DST changeovers automatically in cron.
   <li>IBCS2 emulation also requires fcntl() F_FREESP support.
   <li>The new KTH KerberosIV integration (and security audit) is almost complete.
   <li>If mountd(8) discovers getfh(2) not supported, it now aborts nicely.
   <li>Support fcntl() GETLK,SETLK,UNLK variants in SunOS emulation.
   <li>Fix a bug in make(1) regarding SYSV style : substitution on null variables.
   <li>Check the values of the ftp PORT command even more carefully.
   <li>Fail better for over-long usernames.
   <li>Change ftp(1) so that tries to use passive mode, and falls back to active mode.  Provide environment variables to fall back.  This is incredibly cool.
   <li>Provide workaround for the Cyrix 6x86 COMA bug.  (A workaround for 2.2 is not available).
   <li>Implement fcntl() of F_FREESP in SVR4 emulation. Does this belong in ibcs2 also?
   <li>Fix Linux accept/recvmsg if kernel is compiled with other compat options.
   <li>In numerous programs, avoid fd_set overflows.
   <li>Fix MAKEDEV script regarding /dev/fd/* for some architectures.
   <li>Fix a kernel bug related to "route change ...".
   <li>Support IP_HDRINCL in Linux emulation.
   <li>Update the pkg_* tools a bit.
   <li>Honour TMPDIR in the locate(8) tools.
   <li>Make route(8) non-setuid.
   <li>In ftpd, default to RFC non-conforming behaviour for the PORT command, but provide a runtime switch for those who like holes.
   <li>Addition of Obtuse smtpd(8) and smtpfwd(8) v2.0.
   <li><font color=#e00000><strong>Due to timing constraints, mac68k X11 binaries did not make it onto the 2.2 CDROM. <a href=errata22.html#mac68k>But it is now available for ftp</a></strong></font>.
   <li>Do not clear the setuid/setgid file mode bits for a call to {,f,l}chmod(-1, -1).
   <li>Enable new FreeBSD ppp(8) daemon.  There are now two ppp daemons in the source tree, they have quite different feature sets.
   <li><font color=#e00000><strong>Fixed a panic problem in the i386 apm driver. <a href=errata22.html#i386>A patch is available for 2.2</a></strong></font>.
   <li>Repair a number of retry operation problems in the wdc driver that mostly affected sleeping laptops.
   <li>Handle the controlling tty ioctl in linux emulation.
   <li>Handle SIOCGIFMETRIC and SIOCGIFMTU in linux emulation.
   <li>Handle nanosleep() in linux emulation.
   <li>Use recursive vnode locks to solve a page-in panic reported by chuck & chuck.
   <li>Handle SIOCGIFHWADDR ioctl in linux emulation.
   <li>Handle the cdrom ejecting ioctl in linux emulation.
   <li>Correct an XPG violation in stdlib.h.
   <li>Fix a problem in -current regarding open() of O_TRUNC and O_SHLOCK.
   <li>Fix numerous problems with new KTH kerberos.
   <li><font color=#e00000><strong>A workaround for the Intel P5 F00F lockup problem. <a href=errata22.html#i386>A patch is available for 2.2</a></strong></font>.
   <li>Fix minor numbers for /dev/ch* in the MAKEDEV scripts.
   <li>Add a <strong>kern.nosuidcoredump</strong> sysctl.
   <li>Enhance the performance of pwd_mkdb(8) by expanding the db(3) cache based on input filesize.
   <li>Use <strong>cp -R</strong> instead of <strong>cp -r</strong> for local copies in rcp(1).
   <li>Flesh out scsi(8) a tiny bit more.
   <li>In linux compat, handle the CDROM ioctl() calls.
   <li>Indicate connect direction for tcp sockets in fstat(1).
   <li>Fix scsi CDIOCREADSUBCHANNEL.
   <li>Prevent ipf/ipnnat configuration changes when securelevel > 1.
   <li>Fix an overflow in top(1).
   <li>Fix a deadlock on cd9660.
   <li>Update to ncurses-4.1-971129
   <li><font color=#e00000><strong>On the i386, handle the nasty problem with distinguishing SVR4 and Linux binaries. <a href=errata22.html#i386>A patch is available for 2.2</a></strong></font>.
   <li>Newer ncr device driver.
   <li>Fix SunOS emulation of TIOCGPGRP.
   <li>Add some more XPG4.2 *_t types.
   <li>Import perl 5.004_04.
   <li>Add hosts.equiv(3) and .rhosts(3) man page.
   <li>Add asprintf(3) and vasprintf(3).
   <li>Fix /etc/rc scripts to require IPF if NAT is requested.
   <li>Moving towards KTH kerberos 4-0.9.7.
   <li>Fix <strong>-amin</strong> option in find(1).
   <li>Fix arp(8) ethernet address parsing for the illegal cases.
   <li>Massive performance optimization of the ccd device (RAID-like striping disk driver).
   <li>Work around stupid linux emulation behaviour involving non-blocking connect(2).
   <li>Update to ncurses 4.1.
   <li>Fix a mget prompting error in ftp(1).
   <li>add <strong>-t</strong> option to disklabel(8).
   <li>Some man page cleanups.
   <li>Fix a memory leak in the kernel process group manipulation code.
   <li>Import of FreeBSD's ppp(8) program.
   <li>Update sudo(8).
   <li>Fixed bug in 'systat vm' output.
   <li>Fix the internals of open(2) when O_TRUNC and either O_SHLOCK or O_EXLOCK are set.  (That was a nasty kernel bug).
   <li>Clean /var earlier in the /etc/rc script.
   <li><font color=#e00000><strong>make readlink(1) terminate it's buffer correctly. <a href=errata22.html#all>This affects CDROM builds so a patch is available for 2.2</a></strong></font>.
   <li>Make fstat(2) on AF_UNIX socket return proper st_[acm]time field values.
   <li>Implement FIONBIO in ibcs2 emulation code.
   <li>Consider only the 0177777 bits of the umask(2) value, as documented.
   <li>Added mode rangecheck in chmod(2) and fchmod(2).
   <li>Fix some Y2K problems in the nroff tmac macros.
   <li>Minor logging feature changes in fingerd(8).
   <li>in chat(8), replace Mini Getopt from hell with real getopt().
   <li>Add <strong>SHUT_RD</strong>, <strong>SHUT_WR</strong>, and <strong>SHUT_RDWR</strong> values for shutdown(2) as specified by XPG4.2.
   <li>Make the <strong>-Ss</strong> flag in rpcgen(1) work right.
   <li>Range-check the "how" argument for shutdown(2).
   <li>Change various system calls to take void * instead of caddr_t.
   <li>Fix a line continuation bug in sed(1).
   <li>Add inetd(8) <strong>-R rate</strong> flag, and crank default rate to 256.
   <li>Clear CLOCAL mode in pppd if modem is set but modem_chat is not.
   <li>Make the if_de driver support more cards.
   <li>Make msync(2) POSIX compliant.
   <li>Fix a ONLCR + FLUSHO situation in tty.c
   <li>Support -mmin, -amin, and -cmin in find(1).
   <li>Support an "object" keyword in config(8).
   <li>Make "expr a : /" work.
   <li>Make dumpfs(8) report if soft updates are requested by the superblock.
   <li>Add getsid(2) system call as mandated by XPG4.2.
   <li>Some minor fixes for the libc/db/btree code.
   <li>Flesh out compat_freebsd a fair bit more.
   <li>Some compat_svr4 fixes.
   <li>Update getNAME(8) and fix makewhatis(8) to use it more optimally.
   <li>Fix EXTPROC in pty code.
   <li>Correct TCP's handling of RST.
   <li>Add more things to afterboot(8).
   <li>Fix tty suspend during <strong>sh -c "less file"</strong>.
   <li>double MAX_KMAPENT and MAX_KMAP
   <li>sendmail 8.8.8
   <li>add uu_lock(), uu_unlock() and uu_lockerr() to libutil.
   <li>Start named(8) earlier in /etc/rc.
   <li>Support execution sections in syslog.conf.
   <li>4.4BSD lite2 vfs integration.
   <li>usleep(3) returns int, and add useconds_t type as required by XPG4.2
   <li>Fixed ps(1) LIM and STAT columns.
   <li>makewhatis(8) manpage added.
   <li>Fix rpc.rquotad support if the quotas file resides on another filesystem.
   <li>Truncate large uid and gid values in ranlib(1), in the same way as this is handled in ar(1).
   <li>Document how crypt(3) handles blowfish and MD5 passwords.
   <li>Fix some memory leaks in the RPC code.
   <li>Fix an as(1) parsing bug relating to the .ascii directive.
   <li>Handle C++ and other languages in yacc(1) far better.
   <li>Be more careful with getpwent() information inside rcp(1).
   <li>Replace kernel printf with Torek's libc printf.
   <li>Make disklabel -E deal with multiple partitions which overlap.
   <li>If a non-existant user logs in and asks for s/key authentication, fake a proper s/key prompt.
   <li>SIGWINCH handling in systat(1).
   <li>Add blowfish and cast encryption to IPSEC.
   <li>In tftpd(8), permit syslog() to work when running chroot(2)'d.
   <li>a buffer underrun in ctags(1).
   <li>Make kdump(1) handle the newer emulations.
   <li>Add svr4 jioctl() compat interface.
   
   </ul><p>
   
   <a name=22></a>
   <h3><font color=#0000e0>OpenBSD 2.2 released (Dec 4, 1997).</font></h3><p>
   <h3><font color=#0000e0>Work begins on what will become 2.3....</font></h3><p>
 <ul>  <ul>
 <li>Few quirky changes to the way ISO9660 disklabel spoofing works in  
         some ports.  
 <li>Fix a few more libc functions to generate very large fd_set's properly  
         for select(2).  
 <li>Import newer version of vax port.  
 <li>Newer version of ext2fs that is reliable for read/write operation. This  
         is essentially FULLY OPERATIONAL.  
 <li>Make adduser understand /etc/passwd.conf  
 <li>Support SIGINFO in ping; also add more complete icmp reporting  
         capabilities.  
 <li>New named root.cache from Internic.  
 <li>Lots of man page fixes.  
 <li>Fix more overflows and other bugs in mail(1).  
 <li>tail(1) can now notice if the file been replaced or truncated.  
 <li>getpgid(2) from XPG3(?)  
 <li>In ar(1), truncate uid & gid if too large.  
 <li>Add some more malloc options to malloc(3)  
 <li>tcp wrappers 7.6  
 <li>Fix lots more NetBSD PR's.  
 <li>Few more fixes to pax(1).  
 <li>kill process timers if execve'ing a setuid/setgid executable.  
 <li>fix sendsmg() credential passing on 64 bit machines.  
 <li>Kernel now generates random pid values in fork().  
 <li>A few netinet fixes.  
 <li>Some more security and robustness changes to traceroute and ping.  
 <li>Add <strong>-P proto</strong> support to traceroute.  
 <li>fix SO_SNDTIMEO.  
 <li>add sysctl net.inet.tcp.{keepidle,keepintvl,slowhz}  
 <li>fix disklabel support in vnd/svnd.  
 <li>Ensure TCP RST is within window.  
 <li>Use /etc/namedb/tmp/ to avoid /var/tmp race conditions.  
 <li>Use dynamic fd_set allocation in more places, particularly setuid  
         programs.  
 <li>tftpd -c flag.  
 <li>document the ddb hangman.  
 <li>Move named tmp files to /etc/named/tmp/ to avoid localhost race  
         attacks.  
 <li>Addition of readlink(1).  
 <li>Implement hex/octal offsets in cmp(1), as documented.  
 <li>Repair many cross-references and other documentation problems in  
         the section 2 and 3 man pages, and also fix a few minor  
         other bugs discovered by analysis of recent changes in  
         FreeBSD's and NetBSD's libc.  
 <li>Add tsearch(3) and friends to libc, as required by XPG3(?).  
 <li>Fixed a few netinet bugs as pointed out by TCP/IP Illustrated  
         Vol.2.  
 <li>Improved performance in /dev/*random.  
 <li>Deal with atapi drives that cannot lock their doors.  
 <li>Fix /tmp races in make(1).  
 <li>Add tsearch(3) to libc.  
 <li>In newfs(8), fix -o and -m to work better.  
 <li>Correct -n behaviour in sort(1).  
 <li>Better support for unmounted filesystems in df(1).  
 <li>add per-interface bindings to inetd(8).  
 <li>Fix some more /tmp races in various programs.  
 <li>Support "-d dir" in rpc.yppasswdd(8).  
 <li>Make ifconfig(8) print full information about the full set of  
         interface aliases.  
 <li>add -insecure flag to ypbind(8) so that it can bind to very old ypserv's.  
 <li>More ipsec changes!  
 <li>Change mount(2) to return EFTYPE for invalid filesystem.  
 <li>Some NLS improvements, notably some more language catalogs.  
 <li>Add ELOOP error handling to realpath(3).  
 <li>More paranoia in procfs.  
 <li>Slightly improve ftpd log file.  
 <li>Added automatic power down framework at halt(8) time, currently only  
 supported on sun4m machines with the <i>power</i> device.  
 <li>IPF 3.1.11 + Darren's patches + 64-bit cleanup.  
 <li>Fix a minor problem in popen().  
 <li>Use O_EXLOCK for passwd locking to avoid a class of localhost denial of  
         service attacks.  
 <li>Clip setsockopt SO_SND*/SO_RCV parameters.  
 <li>Repaired hundreds of long != int problems (in a bunch of programs) that  
         affect the alpha.  
 <li>Y2K enhancement to date(1).  
 <li>Race fix to amd(8).  
 <li>Support IP option handling in IPSEC packets.  
 <li>Import of the gnu multi-precision math library, libgmp.  This will be  
         used by an IPSEC key daemon soon.  
 <li>Modify inetd to accept a "hostname,[hostname,...]:" token to added to the  
         front of any line in /etc/inetd.conf.  This permits services to be  
         supplied only on certain interfaces.  
 <li>A few more minor netinet problems fixed.  
 <li>Import of cvs-1.9.10.  
 <li>Fix readlink(1).  
 <li>Permit tftpd to provide files over 32K blocks in size.  
 <li>New kprop/kpropd man pages.  
 <li>Make sleep(1) handle fractions of seconds. This is a nice extension.  
 <li>Move libdes out of the kerberos tree so that it can be used by other  
         parts of the system too.  
 <li>Many more 64 bit fixes for the alpha, in about 20 more programs.  
 <li>libedit update with lots of fixes.  
 <li>Fixed all(?) Makefile wrappers for GNU software to not build and install  
         manpages when NOMAN is set.  
 <li>Fixed highscore handling in battlestar(6).  
 <li>Repaired nfs handling in tcpdump.  
 <li>split ifconfig -a into -a/-A: -A prints ifaliases, -a does not.  
 <li>Fix a number of rtld dynamic loading problems.  
 <li>More IPSEC changes. IPSEC is almost fully useable now.  
 <li>Intel EtherExpress Pro/100B PCI driver.  
 <li>ATAPI devices may now reside in a kernel without wd (disk) devices.  
 <li>Amended issetugid(2) man page to be quite a bit more clear.  
 <li>Fix ruptime output for machines up > 99 days.  
 <li>Maintain process size stats in forkstat struct for "vmstat -f".  
 <li>make compress(1) do gzip support too.  
 <li>Make ed(1) work properly on a non-tty.  
 <li>Fix passive buffer overflow in rusers.  
 <li>Replace libc sha1 code with another version that is better in some respects.  
 <li>Repair symbolic link handling during coredumps (correctly, this time).  
 <li>Lots more IPSEC improvements.  
 <li>Add sha1 support to md5(1).  
 <li>Add sha1 digest support to mtree(8).  
 <li>More mail(1) fixes, particularly regarding long lines.  
 <li>cua devices, new <strong>MAKEDEV</strong> script in the hp300 port.  
 <li>Updated <a href="http://www.sendmail.org/">Sendmail</a> to 8.8.6.  
 <li>man page cleanups.  
 <li>lpd security fixes.  
 <li>Add rmd160 hash support throughout the source tree.  
 <li>Import of the IPSEC photuris daemon.  
 <li>Add <strong>-d date</strong> support to last(1).  
 <li>make ctags operate a bit better in the presence of extra spacing.  
 <li>IPSEC Photuris daemon is integrated into the source tree.  
 <li>mail(1) behaves correctly when interrupted while getting headers from the user.  
 <li>mail(1) supports "inc" command.  
 <li>S/Key keyfile is now readable only by root.  skeyinfo(1) and skeyaudit(1)  
     have been enhanced and rewritten as C programs.  
 <li>Appletalk networking support.  
 <li>permit ftp(1) to download http pages without Content-Length.  
 <li>Some cribbage(6) fixes.  
 <li>All Makefile.bsd-wrapper files can now strip GNU binaries during install (pr 188.)  
 <li>Do not use tempnam(3) in mail(1).  
 <li>make amd(8) use /tmp_mnt by default.  
 <li>Implement IFF_NOARP handling in netinet.  
 <li>Fix pax to not need getcwd(3).  
 <li>Add -T support to last(1).  
 <li>-d flag for shutdown(8).  
 <li>Support lpc(8) "all" keyword option.  
 <li>Support YP map mail.aliases set of maps.  
 <li>Hardcode a list of reserved ports that random port allocation should not  
         reuse.  
 <li>Use sendmail -t instead of other invocation forms inside lots of  
         programs in the source tree.  
 <li>mremap(2) support for Linux emulation.  
 <li>Switch back to nvi; vim has copyright licensing issues.  
 <li>stime(2) support for SunOS emulation.  
 <li>More mail(1) fixes.... It's amazing Todd hasn't broken it.  
 <li>Support -H flag in who(1).  
 <li>Allocate reserved ports for NFS inside the kernel randomly.  
 <li>Man page improvements in many areas.  
 <li>Fix systat manpage.  
 <li>An ugly identd race fixed.  
 <li>More buffer overflow fixes in mail(1).  
 <li>Various fixes and improvements to the 3cXXX ethernet drivers.  
 <li>routed(8) is now disabled by default.  
 <li>Support fpx cards with i82555 PHY.  
 <li>Todd Miller is on a rampage, and making every single buffer inside mail(1)  
         dynamically allocated...  
 <li>Radius support in tcpdump.  
 <li>More fixes to the alpha vga driver.  Curses-based programs now work on it.  
 <li>FSF GNU texinfo 3.11.  
 <li>Attempt to cleanup identd. A long road left.  
 <li>Deal nicer with rfork/execve interactions.  
 <li>Make if_tun to prefix address family as a host byte order u_int32_t instead  
         of a u_char, so that bpf can deal with the interface.  
 <li>Fix a kernel bug regarding double m_freem()..  
 <li>Sendmail 8.8.7.  
 <li>Fixed getnetbyaddr() 'always tried DNS' resolution problem from 2.1.  
 <li>Cyclades driver fixed. Works on alpha, too.  
 <li>More mdoc pages.  
 <li>save errno in most of the tree's SIGCHLD handlers, just in case.  
 <li>Make 127.0.0.1 assumed OK if /var/yp/securenet is in use.  
 <li>Fix pdksh bugs: closed too many fd's on exec, fix handling of (( )) to be  
         compatible with POSIX sh spec without breaking $((, and explain how  
         IFS works when splitting text after a substitution.  
 <li>Fix another race condition in identd.  
 <li>Work has started to fix the remainder of the signal handlers in the  
         source tree with respect to errno clobbering.  
 <li>Seriously rework the identd daemon even further, to avoid even more  
         input parsing problems and race conditions.  
 <li>Fix a memory leak in grep(1).  
 <li>Fix vacation(1) properly.  
 <li>Make bsd.doc.mk use DOCDIR.  
 <li>Support -n better in pstat(8).  
 <li>Change the bounds_check_with_label() API to handle a cpu_disklabel too.  
 <li>Optional TCP syn cookie support enabled via TCPCOOKIE kernel option.  
 <li>Import ypserv performance.  
 <li>Make bad random allocation ports settable via sysctl(8).  
 <li>Make gzexe(1) use mktemp to avoid races.  
 <li>Fix pcap_inject(3) in libpcap.  
 <li>In mountd(8), handle ext2fs specially, like most exported filesystems.  
 <li>Be even more paranoid (if it can be believed) in mail.local(8).  
 <li>Add top(1) to the source tree.  Fix some problems.  
 <li>Fix another procfs security hole.  
 <li>ATAPI quirk for MATSHITA CR-574.  
 <li>Attempt to deal with archive timestamp and filemode problems in texinfo...  
 <li>Put hostname in root crontab mailout subjects.  
 <li>We are starting to pay attention to good things found in the XPG4  
         standard.  We hope to never be compliant, because XPG4 goes way  
         too far.  
 <li>More 1003.2 conformance: cal, cksum, sleep, compress, expr, etc.  
 <li>Support simple add/delete operations on ports in the baddynamic masks  
         via sysctl(8)  
 <li>Be more careful about YP groups in getgrouplist().  
 <li>New PCMCIA Wavelan driver.  
 <li>More user-friendly error messages from mount_* when the filesystem  
         is not in the kernel.  
 <li>Changed realloc(foo,0) semantics to be like malloc(0), not free(foo).  
 <li>Fixed a bug in cp(1) when the -r option is used and the source dir  
         ends in a '/'.  
 <li>Verbose SCSI warnings are now available and on by default.  
 <li>Added basename(3) and dirname(3) for XPG4.  dirname(1) is now trivial.  
 <li>XPG4 compatibility for ps(1) format options.  
 <li>Buffer overflow fixes in tip(1).  
 <li>Fixed err(3)/warn(3) argument usage in the tree.  
 <li>shutdown(8) now gets its own session as it deserves.  
 <li>Fixed a bug where the kernel could lie about how many file descriptors  
         are available and cause a panic.  
 <li>ash is gone gone gone.  
 <li>The group vector could end up with duplicates esp. with YP.  Now it won't.  
 <li>Document a64l(3) and l64a(3).  
 <li>basename(1) and dirname(1) no longer give an error for paths starting  
         with '-'.  
 <li>Don't print duplicate fields in ps(1) when called with silly arguments.  
 <li>Few more 64 bit fixes in userland, in some rarely used system tools.  
 <li>Various fixes to battlestar(6).  
 <li>A few fixes to tip(1).  
 <li>In join(1), require compat options start with '-'.  
 <li>In dump(8), do not consider tape changing time in the timing estimates.  
 <li>Correct 'sync' option to dd(1).  
 <li>Lucent Technologies (formerly AT&T) awk version 970821.  
 <li>Handle setgid lossage in tip(1).  
 <li>Fix a crash in systat(8).  
 <li>Further IPSEC enhancement (but still no man pages for it though).  
 <li>In calendar(1), support "-t date" to let you see the calendar for other days.  
 <li>More SysVR4 emulation: sockets, NTP, POSIX time functions, pread(2)/pwrite(2).  
 <li>Kill "union wait" in a few more places.  
 <li>Handle SIGCHLD better in rlogin.  
 <li>Correct some remaining small inetd bugs.  
 <li>Do permission checking at delivery time for pgid's derived from TIOCSPGRP,  
         F_SETOWN, or FIOSETOWN.  
 <li>Some FreeBSD m4(1) fixes.  
 <li>Fix first directory handling in "find -execdir"  
 <li>make glob(3) XPG4.2 compliant, which means use GLOB_ABORT.  
 <li>ppp 2.3.1...  
 <li>Another tip(1) overflow fix.  
 <li>New COMPAT_BSDOS binary compatibility subsystem.  
 <li>Print system call emulation in ps(1) output.  Try "ps -axO emul".  
 <li>Update ftp(1) to new NetBSD changes.  
 <li>make mail(1) be permissive about <CR><LF> pairs in mailbox files.  
 <li>Cleaned up verbose scsi error reporting.  
 <li>make bpfread() return ENXIO for uninitialized descriptors.  
 <li>Extend buffer lengths in patch(1).  
 <li>Fix a coredumping problem in tip(1).  
 <li>Preliminary manual pages for the IPSEC utils.  
 <li>Fix a long-standing and minor problem with ld.so on m68k.  
 <li>Ignore trailing spaces on priority in /etc/syslogd.conf.  
 <li>Make ddb not think 'h' means hangman.  
 <li>Some setlogin() and getlogin() fixes in the tree.  
 <li>Fixed small pathname buffer in man(1).  
 <li>Made indent(1) handle unlimited number of -T options.  
 <li>Some fsck_msdos(8) fixes.  
 <li>Make popen(3) safe if vfork(2) does real parent address space borrowing.  
 <li>Always set the SCSI-1 LUN field correctly in all transfers.  
 <li>Added ex (EtherExpress Pro/10) driver ported from FreeBSD  
 <li>Fix a ksh(1) bug.  
 <li>Permit a longer path buffer in tgetent(3).  
 <li>Some syslogd fixes.  
 <li>Fix SA_* sigaction(2) fields in the OS compat code.  
 <li>Don't error out of MDTM fails.  
 <li>Add sigaction(2) SA_NOCLDWAIT support.  
 <li>Add mkisofs(8).  
 <li>Run calendar -a in the background. (Points to whoever figures out why).  
 <li>Another important disk-full check in pwd_mkdb(8).  
 <li>Fix ftime(3).  
 <li>Fixed various MAKEDEV bugs on lots of architectures.  
 <li>Deal with some possible buffer overflows in sup.  
 <li>Make top(1) work better on very small screens.  
 <li>Fix tar to deal better with one more kind of strange tar file.  
 <li>Shrink most of the install floppies ;-)  
 <li>Fix a few small problems in rarpd(8).  
 <li>Make ls -d sort directories with files.  
 <li>Do not init pgid in /dev/log's logopen().  
 <li>Fixed a pstat -s related bug in pcvt.  
 <li>Ignore SIGPIPE in inetd(8).  
 <li>In struct sigaction, split sa_handler and the new sa_sigaction function  
         pointers as is being done on newer POSIX systems.  This permits proper  
         prototyping of signal handlers.  
 <li>Fix an ifconfig bug related to interfaces that do not exist.  
 <li>Make execle() use alloca() instead of malloc(); to ensure execle() can be  
         safely called in a signal hander.  
 <li>Fix the : and . support in chown so that usernames can have . in them.  
 <li>Fix a network performance problem introduced with IPSEC.  
 <li>Add support for FNM_LEADING_DIR, FNM_CASEFOLD, FNM_IGNORECASE to fnmatch(3).  
 <li>Fix a bug in libform.  
 <li>Add -f option to readlink which does a realpath(3).  
 <li>More IPSEC improvements after the Interop ANX bakeoff.  
 <li>A few pppd fixes.  
 <li>The random(6) tool (game?) now uses arc4random(3).  
 <li>Fix prompting code in pw_edit(3)  
 <li>Ignore bogus hostnames in the /etc/exports file.  
 <li>Make /etc/security handle blowfish-a passwd entries.  
 <li>Rewrite of fdisk(8).  
 <li>Handle a potential crash in the bpf driver.  
 <li>Quirks for two kinds of hitachi dk515 scsi drives and the  
         Cipher ST150S tape drive.  
 <li>Handle creation of /var/tmp/vi.recover more securely.  
 <li>Implementation of the new disklabel -E mode.  
 <li>Support 'q' modifier in kernel vsprintf/kprintf  
 <li>In fmt(1), support backslashed whitespace inside words better.  
 <li>Make disklabel -E always succeed at writing a label.  Now you  
         can load a fictitious label, edit it, and write it out.  
 <li>Repair the msdosfs timestamping code so that NT/Win95 do not complain.  
 <li>Another lpd security fix.  
 <li>Some minor tftpd bug fixes.  
 <li>Fix one last little problem case in the fts(3) library routine. This  
         is a very complicated piece of code...  
 <li>Fix a memory leak in libdes.  
 <li>Fix mktemp() to work correctly when specified against non-existant  
         directories.  
 <li>Make ac(8) use the correct timestamp if the user specifies a different  
         wtmp file.  
 <li>Fix a select/read race in identd(8) which would make it spin wildly.  
 <li>Make the ncr scsi driver work on big-endian machines too.  
 <li>Add per-host locking support to supfilesrv.  
 <li>Make clri(8) mark the filesystem dirty.  
 <li>Addition of 'kbus' port for the Solbourne Series5 sparc-based machines.  
 <li><strong>The new afterboot(8) man page. Everyone should look at  
         this</strong>.  
 <li>Prevent open(2) with wrong flag modes.  <li>Prevent open(2) with wrong flag modes.
 </ul>  <li><strong>The new afterboot(8) man page. Everyone should look at this</strong>.
   <li>Addition of 'kbus' port for the Solbourne Series5 sparc-based machines.
   <li>Make clri(8) mark the filesystem dirty.
   <li>Add per-host locking support to supfilesrv.
   <li>Make the ncr scsi driver work on big-endian machines too.
   <li>Fix a select/read race in identd(8) which would make it spin wildly.
   <li>Make ac(8) use the correct timestamp if the user specifies a different wtmp file.
   <li>Fix mktemp() to work correctly when specified against non-existant directories.
   <li>Fix a memory leak in libdes.
   <li>Fix one last little problem case in the fts(3) library routine. This is a very complicated piece of code...
   <li>Some minor tftpd bug fixes.
   <li>Another lpd security fix.
   <li>Repair the msdosfs timestamping code so that NT/Win95 do not complain.
   <li>Make disklabel -E always succeed at writing a label.  Now you can load a fictitious label, edit it, and write it out.
   <li>In fmt(1), support backslashed whitespace inside words better.
   <li>Support 'q' modifier in kernel vsprintf/kprintf
   <li>Implementation of the new disklabel -E mode.
   <li>Handle creation of /var/tmp/vi.recover more securely.
   <li>Quirks for two kinds of hitachi dk515 scsi drives and the Cipher ST150S tape drive.
   <li>Handle a potential crash in the bpf driver.
   <li>Rewrite of fdisk(8).
   <li>Make /etc/security handle blowfish-a passwd entries.
   <li>Ignore bogus hostnames in the /etc/exports file.
   <li>Fix prompting code in pw_edit(3)
   <li>The random(6) tool (game?) now uses arc4random(3).
   <li>A few pppd fixes.
   <li>More IPSEC improvements after the Interop ANX bakeoff.
   <li>Add -f option to readlink which does a realpath(3).
   <li>Fix a bug in libform.
   <li>Add support for FNM_LEADING_DIR, FNM_CASEFOLD, FNM_IGNORECASE to fnmatch(3).
   <li>Fix a network performance problem introduced with IPSEC.
   <li>Fix the : and . support in chown so that usernames can have . in them.
   <li>Make execle() use alloca() instead of malloc(); to ensure execle() can be safely called in a signal hander.
   <li>Fix an ifconfig bug related to interfaces that do not exist.
   <li>In struct sigaction, split sa_handler and the new sa_sigaction function pointers as is being done on newer POSIX systems.  This permits proper prototyping of signal handlers.
   <li>Ignore SIGPIPE in inetd(8).
   <li>Fixed a pstat -s related bug in pcvt.
   <li>Do not init pgid in /dev/log's logopen().
   <li>Make ls -d sort directories with files.
   <li>Fix a few small problems in rarpd(8).
   <li>Shrink most of the install floppies ;-)
   <li>Fix tar to deal better with one more kind of strange tar file.
   <li>Make top(1) work better on very small screens.
   <li>Deal with some possible buffer overflows in sup.
   <li>Fixed various MAKEDEV bugs on lots of architectures.
   <li>Fix ftime(3).
   <li>Another important disk-full check in pwd_mkdb(8).
   <li>Run calendar -a in the background. (Points to whoever figures out why).
   <li>Add mkisofs(8).
   <li>Add sigaction(2) SA_NOCLDWAIT support.
   <li>Don't error out of MDTM fails.
   <li>Fix SA_* sigaction(2) fields in the OS compat code.
   <li>Some syslogd fixes.
   <li>Permit a longer path buffer in tgetent(3).
   <li>Fix a ksh(1) bug.
   <li>Added ex (EtherExpress Pro/10) driver ported from FreeBSD
   <li>Always set the SCSI-1 LUN field correctly in all transfers.
   <li>Make popen(3) safe if vfork(2) does real parent address space borrowing.
   <li>Some fsck_msdos(8) fixes.
   <li>Made indent(1) handle unlimited number of -T options.
   <li>Fixed small pathname buffer in man(1).
   <li>Some setlogin() and getlogin() fixes in the tree.
   <li>Make ddb not think 'h' means hangman.
   <li>Ignore trailing spaces on priority in /etc/syslogd.conf.
   <li>Fix a long-standing and minor problem with ld.so on m68k.
   <li>Preliminary manual pages for the IPSEC utils.
   <li>Fix a coredumping problem in tip(1).
   <li>Extend buffer lengths in patch(1).
   <li>make bpfread() return ENXIO for uninitialized descriptors.
   <li>Cleaned up verbose scsi error reporting.
   <li>make mail(1) be permissive about <CR><LF> pairs in mailbox files.
   <li>Update ftp(1) to new NetBSD changes.
   <li>Print system call emulation in ps(1) output.  Try "ps -axO emul".
   <li>New COMPAT_BSDOS binary compatibility subsystem.
   <li>Another tip(1) overflow fix.
   <li>ppp 2.3.1...
   <li>make glob(3) XPG4.2 compliant, which means use GLOB_ABORT.
   <li>Fix first directory handling in "find -execdir"
   <li>Some FreeBSD m4(1) fixes.
   <li>Do permission checking at delivery time for pgid's derived from TIOCSPGRP, F_SETOWN, or FIOSETOWN.
   <li>Correct some remaining small inetd bugs.
   <li>Handle SIGCHLD better in rlogin.
   <li>Kill "union wait" in a few more places.
   <li>More SysVR4 emulation: sockets, NTP, POSIX time functions, pread(2)/pwrite(2).
   <li>In calendar(1), support "-t date" to let you see the calendar for other days.
   <li>Further IPSEC enhancement (but still no man pages for it though).
   <li>Fix a crash in systat(8).
   <li>Handle setgid lossage in tip(1).
   <li>Lucent Technologies (formerly AT&T) awk version 970821.
   <li>Correct 'sync' option to dd(1).
   <li>In dump(8), do not consider tape changing time in the timing estimates.
   <li>In join(1), require compat options start with '-'.
   <li>A few fixes to tip(1).
   <li>Various fixes to battlestar(6).
   <li>Few more 64 bit fixes in userland, in some rarely used system tools.
   <li>Don't print duplicate fields in ps(1) when called with silly arguments.
   <li>basename(1) and dirname(1) no longer give an error for paths starting with '-'.
   <li>Document a64l(3) and l64a(3).
   <li>The group vector could end up with duplicates esp. with YP.  Now it won't.
   <li>ash is gone gone gone.
   <li>Fixed a bug where the kernel could lie about how many file descriptors are available and cause a panic.
   <li>shutdown(8) now gets its own session as it deserves.
   <li>Fixed err(3)/warn(3) argument usage in the tree.
   <li>Buffer overflow fixes in tip(1).
   <li>XPG4 compatibility for ps(1) format options.
   <li>Added basename(3) and dirname(3) for XPG4.  dirname(1) is now trivial.
   <li>Verbose SCSI warnings are now available and on by default.
   <li>Fixed a bug in cp(1) when the -r option is used and the source dir ends in a '/'.
   <li>Changed realloc(foo,0) semantics to be like malloc(0), not free(foo).
   <li>More user-friendly error messages from mount_* when the filesystem is not in the kernel.
   <li>New PCMCIA Wavelan driver.
   <li>Be more careful about YP groups in getgrouplist().
   <li>Support simple add/delete operations on ports in the baddynamic masks via sysctl(8)
   <li>More 1003.2 conformance: cal, cksum, sleep, compress, expr, etc.
   <li>We are starting to pay attention to good things found in the XPG4 standard.  We hope to never be compliant, because XPG4 goes way too far.
   <li>Put hostname in root crontab mailout subjects.
   <li>Attempt to deal with archive timestamp and filemode problems in texinfo...
   <li>ATAPI quirk for MATSHITA CR-574.
   <li>Fix another procfs security hole.
   <li>Add top(1) to the source tree.  Fix some problems.
   <li>Be even more paranoid (if it can be believed) in mail.local(8).
   <li>In mountd(8), handle ext2fs specially, like most exported filesystems.
   <li>Fix pcap_inject(3) in libpcap.
   <li>Make gzexe(1) use mktemp to avoid races.
   <li>Make bad random allocation ports settable via sysctl(8).
   <li>Import ypserv performance.
   <li>Optional TCP syn cookie support enabled via TCPCOOKIE kernel option.
   <li>Change the bounds_check_with_label() API to handle a cpu_disklabel too.
   <li>Support -n better in pstat(8).
   <li>Make bsd.doc.mk use DOCDIR.
   <li>Fix vacation(1) properly.
   <li>Fix a memory leak in grep(1).
   <li>Seriously rework the identd daemon even further, to avoid even more input parsing problems and race conditions.
   <li>Work has started to fix the remainder of the signal handlers in the source tree with respect to errno clobbering.
   <li>Fix another race condition in identd.
   <li>Fix pdksh bugs: closed too many fd's on exec, fix handling of (( )) to be compatible with POSIX sh spec without breaking $((, and explain how IFS works when splitting text after a substitution.
   <li>Make 127.0.0.1 assumed OK if /var/yp/securenet is in use.
   <li>save errno in most of the tree's SIGCHLD handlers, just in case.
   <li>More mdoc pages.
   <li>Cyclades driver fixed. Works on alpha, too.
   <li>Fixed getnetbyaddr() 'always tried DNS' resolution problem from 2.1.
   <li>Sendmail 8.8.7.
   <li>Fix a kernel bug regarding double m_freem()..
   <li>Make if_tun to prefix address family as a host byte order u_int32_t instead of a u_char, so that bpf can deal with the interface.
   <li>Deal nicer with rfork/execve interactions.
   <li>Attempt to cleanup identd. A long road left.
   <li>FSF GNU texinfo 3.11.
   <li>More fixes to the alpha vga driver.  Curses-based programs now work on it.
   <li>Radius support in tcpdump.
   <li>Todd Miller is on a rampage, and making every single buffer inside mail(1) dynamically allocated...
   <li>Support fpx cards with i82555 PHY.
   <li>routed(8) is now disabled by default.
   <li>Various fixes and improvements to the 3cXXX ethernet drivers.
   <li>More buffer overflow fixes in mail(1).
   <li>An ugly identd race fixed.
   <li>Fix systat manpage.
   <li>Man page improvements in many areas.
   <li>Allocate reserved ports for NFS inside the kernel randomly.
   <li>Support -H flag in who(1).
   <li>More mail(1) fixes.... It's amazing Todd hasn't broken it.
   <li>stime(2) support for SunOS emulation.
   <li>Switch back to nvi; vim has copyright licensing issues.
   <li>mremap(2) support for Linux emulation.
   <li>Use sendmail -t instead of other invocation forms inside lots of programs in the source tree.
   <li>Hardcode a list of reserved ports that random port allocation should not reuse.
   <li>Support YP map mail.aliases set of maps.
   <li>Support lpc(8) "all" keyword option.
   <li>-d flag for shutdown(8).
   <li>Add -T support to last(1).
   <li>Fix pax to not need getcwd(3).
   <li>Implement IFF_NOARP handling in netinet.
   <li>make amd(8) use /tmp_mnt by default.
   <li>Do not use tempnam(3) in mail(1).
   <li>All Makefile.bsd-wrapper files can now strip GNU binaries during install (pr 188.)
   <li>Some cribbage(6) fixes.
   <li>permit ftp(1) to download http pages without Content-Length.
   <li>Appletalk networking support.
   <li>S/Key keyfile is now readable only by root.  skeyinfo(1) and skeyaudit(1) have been enhanced and rewritten as C programs.
   <li>mail(1) supports "inc" command.
   <li>mail(1) behaves correctly when interrupted while getting headers from the user.
   <li>IPSEC Photuris daemon is integrated into the source tree.
   <li>make ctags operate a bit better in the presence of extra spacing.
   <li>Add <strong>-d date</strong> support to last(1).
   <li>Import of the IPSEC photuris daemon.
   <li>Add rmd160 hash support throughout the source tree.
   <li>lpd security fixes.
   <li>man page cleanups.
   <li>Updated <a href="http://www.sendmail.org/">Sendmail</a> to 8.8.6.
   <li>cua devices, new <strong>MAKEDEV</strong> script in the hp300 port.
   <li>More mail(1) fixes, particularly regarding long lines.
   <li>Add sha1 digest support to mtree(8).
   <li>Add sha1 support to md5(1).
   <li>Lots more IPSEC improvements.
   <li>Repair symbolic link handling during coredumps (correctly, this time).
   <li>Replace libc sha1 code with another version that is better in some respects.
   <li>Fix passive buffer overflow in rusers.
   <li>Make ed(1) work properly on a non-tty.
   <li>make compress(1) do gzip support too.
   <li>Maintain process size stats in forkstat struct for "vmstat -f".
   <li>Fix ruptime output for machines up > 99 days.
   <li>Amended issetugid(2) man page to be quite a bit more clear.
   <li>ATAPI devices may now reside in a kernel without wd (disk) devices.
   <li>Intel EtherExpress Pro/100B PCI driver.
   <li>More IPSEC changes. IPSEC is almost fully useable now.
   <li>Fix a number of rtld dynamic loading problems.
   <li>split ifconfig -a into -a/-A: -A prints ifaliases, -a does not.
   <li>Repaired nfs handling in tcpdump.
   <li>Fixed highscore handling in battlestar(6).
   <li>Fixed all(?) Makefile wrappers for GNU software to not build and install manpages when NOMAN is set.
   <li>libedit update with lots of fixes.
   <li>Many more 64 bit fixes for the alpha, in about 20 more programs.
   <li>Move libdes out of the kerberos tree so that it can be used by other parts of the system too.
   <li>Make sleep(1) handle fractions of seconds. This is a nice extension.
   <li>New kprop/kpropd man pages.
   <li>Permit tftpd to provide files over 32K blocks in size.
   <li>Fix readlink(1).
   <li>Import of cvs-1.9.10.
   <li>A few more minor netinet problems fixed.
   <li>Modify inetd to accept a "hostname,[hostname,...]:" token to added to the front of any line in /etc/inetd.conf.  This permits services to be supplied only on certain interfaces.
   <li>Import of the gnu multi-precision math library, libgmp.  This will be used by an IPSEC key daemon soon.
   <li>Support IP option handling in IPSEC packets.
   <li>Race fix to amd(8).
   <li>Y2K enhancement to date(1).
   <li>Repaired hundreds of long != int problems (in a bunch of programs) that affect the alpha.
   <li>Clip setsockopt SO_SND*/SO_RCV parameters.
   <li>Use O_EXLOCK for passwd locking to avoid a class of localhost denial of service attacks.
   <li>Fix a minor problem in popen().
   <li>IPF 3.1.11 + Darren's patches + 64-bit cleanup.
   supported on sun4m machines with the <i>power</i> device.
   <li>Added automatic power down framework at halt(8) time, currently only
   <li>Slightly improve ftpd log file.
   <li>More paranoia in procfs.
   <li>Add ELOOP error handling to realpath(3).
   <li>Some NLS improvements, notably some more language catalogs.
   <li>Change mount(2) to return EFTYPE for invalid filesystem.
   <li>More ipsec changes!
   <li>add -insecure flag to ypbind(8) so that it can bind to very old ypserv's.
   <li>Make ifconfig(8) print full information about the full set of interface aliases.
   <li>Support "-d dir" in rpc.yppasswdd(8).
   <li>Fix some more /tmp races in various programs.
   <li>add per-interface bindings to inetd(8).
   <li>Better support for unmounted filesystems in df(1).
   <li>Correct -n behaviour in sort(1).
   <li>In newfs(8), fix -o and -m to work better.
   <li>Add tsearch(3) to libc.
   <li>Fix /tmp races in make(1).
   <li>Deal with atapi drives that cannot lock their doors.
   <li>Improved performance in /dev/*random.
   <li>Fixed a few netinet bugs as pointed out by TCP/IP Illustrated Vol.2.
   <li>Add tsearch(3) and friends to libc, as required by XPG3(?).
   <li>Repair many cross-references and other documentation problems in the section 2 and 3 man pages, and also fix a few minor other bugs discovered by analysis of recent changes in FreeBSD's and NetBSD's libc.
   <li>Implement hex/octal offsets in cmp(1), as documented.
   <li>Addition of readlink(1).
   <li>Move named tmp files to /etc/named/tmp/ to avoid localhost race attacks.
   <li>document the ddb hangman.
   <li>tftpd -c flag.
   <li>Use dynamic fd_set allocation in more places, particularly setuid programs.
   <li>Use /etc/namedb/tmp/ to avoid /var/tmp race conditions.
   <li>Ensure TCP RST is within window.
   <li>fix disklabel support in vnd/svnd.
   <li>add sysctl net.inet.tcp.{keepidle,keepintvl,slowhz}
   <li>fix SO_SNDTIMEO.
   <li>Add <strong>-P proto</strong> support to traceroute.
   <li>Some more security and robustness changes to traceroute and ping.
   <li>A few netinet fixes.
   <li>Kernel now generates random pid values in fork().
   <li>fix sendsmg() credential passing on 64 bit machines.
   <li>kill process timers if execve'ing a setuid/setgid executable.
   <li>Few more fixes to pax(1).
   <li>Fix lots more NetBSD PR's.
   <li>tcp wrappers 7.6
   <li>Add some more malloc options to malloc(3)
   <li>In ar(1), truncate uid & gid if too large.
   <li>getpgid(2) from XPG3(?)
   <li>tail(1) can now notice if the file been replaced or truncated.
   <li>Fix more overflows and other bugs in mail(1).
   <li>Lots of man page fixes.
   <li>New named root.cache from Internic.
   <li>Support SIGINFO in ping; also add more complete icmp reporting capabilities.
   <li>Make adduser understand /etc/passwd.conf
   <li>Newer version of ext2fs that is reliable for read/write operation. This is essentially FULLY OPERATIONAL.
   <li>Import newer version of vax port.
   <li>Fix a few more libc functions to generate very large fd_set's properly for select(2).
   <li>Few quirky changes to the way ISO9660 disklabel spoofing works in some ports.
   
 <a name=22></a>  </ul><p>
 <p>  
 <h3><font color=#0000e0>OpenBSD 2.2 released (Dec 4, 1997).</font></h3>  
 <p>  
   
 <p>  <a name=21></a>
 <h3><font color=#0000e0>Work begins on what will become 2.3....</font></h3>  <h3><font color=#0000e0>OpenBSD 2.1 released (July 2, 1997).</font></h3><p>
 <p>  
   
 <ul>  <ul>
 <li>Add svr4 jioctl() compat interface.  <li>Fix keyboard and delay timing in i386 bootfloppy bootblocks. Whee!
 <li>Make kdump(1) handle the newer emulations.  <li>Added gzip and cdrom support to the sparc and alpha bootblocks.
 <li>a buffer underrun in ctags(1).  <li>Support crunch on arc (for bootable installs).
 <li>In tftpd(8), permit syslog() to work when running chroot(2)'d.  <li>Repaired install stuff for most architectures significantly, improving ftp/http installs, single bootable install floppies, and in some cases CDROM booting.  Most floppies contain vi, too.
 <li>Add blowfish and cast encryption to IPSEC.  <li>The vnd(4) device has a new safer mode of operation called svnd where you can trust a disk-image right after it's unmounted, i.e. cache-coherency.
 <li>SIGWINCH handling in systat(1).  <li>sleep(3) and usleep(3) now call nanosleep(2) for significantly less overhead.
 <li>If a non-existant user logs in and asks for s/key authentication, fake a  <li>GNU Groff 1.10 with (improved) Makefile wrapper.
         proper s/key prompt.  <li>A bit more man page cleanup starting to happen...
 <li>Make disklabel -E deal with multiple partitions which overlap.  <li>Split rc.local, creating rc.securelevel. (Securelevels look like a worse and worse idea every month).
 <li>Replace kernel printf with Torek's libc printf.  <li>newfs_msdos(8) can has enough brains to find the partition size itself.
 <li>Be more careful with getpwent() information inside rcp(1).  <li>Significantly improved the unpredictability of the DNS packet id's in the resolver and named.
 <li>Handle C++ and other languages in yacc(1) far better.  <li>libpthread works on the m68k.
 <li>Fix an as(1) parsing bug relating to the .ascii directive.  <li>Support for PCI NE2000 clones.
 <li>Fix some memory leaks in the RPC code.  <li>Some more userland 64 bit fixes.
 <li>Document how crypt(3) handles blowfish and MD5 passwords.  <li>Unify naming of architecture names between gcc & binutils.
 <li>Truncate large uid and gid values in ranlib(1), in the same way as this  <li>Signal handling fix to crontab(1).
         is handled in ar(1).  <li>Various fixes to the YP utilities.
 <li>Fix rpc.rquotad support if the quotas file resides on another filesystem.  <li>Support extended partitions in fdisk(8).
 <li>makewhatis(8) manpage added.  <li>Support /etc/rc.shutdown from halt(8).
 <li>Fixed ps(1) LIM and STAT columns.  <li>PCI aic7860 scsi support improved.
 <li>usleep(3) returns int, and add useconds_t type as required by XPG4.2  <li>Support .group entries in /etc/passwd.conf
 <li>4.4BSD lite2 vfs integration.  <li>Repair some bugs in mail(1), especially regarding signal handling.
 <li>Support execution sections in syslog.conf.  <li>Always skip the first 8KB of all swap partitions (hint: disklabels & bootblocks)
 <li>Start named(8) earlier in /etc/rc.  <li>The df(1) utility now has a human-readable "-h" option.
 <li>add uu_lock(), uu_unlock() and uu_lockerr() to libutil.  <li>For the first time ever, an obj@ populated /usr/src tree compiles cleanly when mounted read-only.
 <li>sendmail 8.8.8  <li>Various man page fixes.
 <li>double MAX_KMAPENT and MAX_KMAP  <li>NAT now gets started from /etc/netstart.
 <li>Fix tty suspend during <strong>sh -c "less file"</strong>.  <li>Fix AFS string-to-key handling in kerberos.
 <li>Add more things to afterboot(8).  <li>Correct DEV_BSIZE and lp->d_secsize confusion throughout the source tree. CD9660 is much happier now.
 <li>Correct TCP's handling of RST.  <li>Use in_addr_t and in_port_t all over the place.
 <li>Fix EXTPROC in pty code.  <li>For config(8), if any kernel options get added/deleted/changed since the previous commit, warn that the compile tree needs 'make clean'.
 <li>Update getNAME(8) and fix makewhatis(8) to use it more optimally.  <li>Make real i386 cpu's work again. In case noone noticed, they didn't work for about 5 months.  The bug was very hard to find...
 <li>Some compat_svr4 fixes.  <li>Once again, really correct the various source routing pieces of the userland source tree.
 <li>Flesh out compat_freebsd a fair bit more.  <li>A whole bunch of 64 bit fixes in the source tree (hint: alpha).
 <li>Some minor fixes for the libc/db/btree code.  <li>Fix patch to honour Index lines better.
 <li>Add getsid(2) system call as mandated by XPG4.2.  <li>Solve a few resolver problems after the recent 4.9.5-P1 integration, not all our fault.
 <li>Make dumpfs(8) report if soft updates are requested by the superblock.  <li>Use 10 X characters in many remaining mktemp() calls which are hard to excise.
 <li>Make "expr a : /" work.  <li>getnetent() and friends now work a lot more like gethostent().
 <li>Support an "object" keyword in config(8).  <li>More buffer overflows, but none in sensitive programs.
 <li>Support -mmin, -amin, and -cmin in find(1).  <li>Fixed some more mktemp races (sigh, will this ever end!)
 <li>Fix a ONLCR + FLUSHO situation in tty.c  <li>Add support for YP v1 to ypserv.
 <li>Make msync(2) POSIX compliant.  <li>Add md5 & blowfish passwd support to adduser(8).
 <li>Make the if_de driver support more cards.  <li>Numerous more pax/tar fixes.
 <li>Clear CLOCAL mode in pppd if modem is set but modem_chat is not.  <li>Add ./.message support to ftpd
 <li>Add inetd(8) <strong>-R rate</strong> flag, and crank default rate to 256.  <li>16 partition support for the alpha port.
 <li>Fix a line continuation bug in sed(1).  <li>cvs 1.9.6
 <li>Change various system calls to take void * instead of caddr_t.  <li>64 bit clean in.rarpd.
 <li>Range-check the "how" argument for shutdown(2).  <li>Change mail.local -H behaviour slightly, and convince mail(1) to use it for correct locking!
 <li>Make the <strong>-Ss</strong> flag in rpcgen(1) work right.  <li>New termcap and terminfo database files.
 <li>Add <strong>SHUT_RD</strong>, <strong>SHUT_WR</strong>, and  <li>Be more careful about modes of lost+found directories.
         <strong>SHUT_RDWR</strong> values for shutdown(2) as  <li>Implement NOFILE_MAX--hard limit on max descriptors per process.
         specified by XPG4.2.  <li>gcc no longer defines -D__NetBSD__, only -D__OpenBSD__ now!
 <li>in chat(8), replace Mini Getopt from hell with real getopt().  <li>sysctl kern.osrevision gives OpenBSD date.
 <li>Minor logging feature changes in fingerd(8).  <li>A few ypbind fixes.
 <li>Fix some Y2K problems in the nroff tmac macros.  <li>Fixes to fts(3).
 <li>Added mode rangecheck in chmod(2) and fchmod(2).  <li>ddb improvements for 64 bit machines.
 <li>Consider only the 0177777 bits of the umask(2) value, as documented.  <li>The NE2000 if_ed driver now works on the alpha, too.
 <li>Implement FIONBIO in ibcs2 emulation code.  <li>Various atm fixes.
 <li>Make fstat(2) on AF_UNIX socket return proper st_[acm]time field values.  <li>Support for "secure" YP password maps.
 <li><font color=#e00000><strong>make readlink(1) terminate it's buffer correctly.  <li>Substantial changes and fixes to the scsi scanner support.
         <a href=errata22.html#all>This affects CDROM builds so a patch is  <li>noaccesstime option for filesystems (saves batteries on laptops)
         available for 2.2</a></strong></font>.  <li>Bye bye tahoe bits.
 <li>Clean /var earlier in the /etc/rc script.  <li>pccon(1) to control the pccons driver.
 <li>Fix the internals of open(2) when O_TRUNC and either O_SHLOCK or O_EXLOCK  <li>Merged changes from at 2.9 into our own at.
         are set.  (That was a nasty kernel bug).  <li>Fix pcmcia on the i386.
 <li>Fixed bug in 'systat vm' output.  <li>ipsecadm as an initial cut at controlling IPSEC sessions.
 <li>Update sudo(8).  <li>Various fixes to the fsck tools.
 <li>Import of FreeBSD's ppp(8) program.  <li>Let fsck and fsirand automatically work on very large filesystems.
 <li>Fix a memory leak in the kernel process group manipulation code.  <li>Numerous improvements to pax, including full support for cpio and a lot of fixes to tar mode.
 <li>Some man page cleanups.  <li>Import of libwrap and tcpd (tcp wrappers).
 <li>add <strong>-t</strong> option to disklabel(8).  <li>Import of the mvme88k kernel port.
 <li>Fix a mget prompting error in ftp(1).  <li>Add support for FreeBSD md5 to /etc/passwd.conf.
 <li>Update to ncurses 4.1.  <li>BIND 4.9.5-P1.
 <li>Work around stupid linux emulation behaviour involving non-blocking  <li>deroff(1) 1.0 from Debian (a Linux).
         connect(2).  <li>settimeofday(2) won't roll back the date if securelevel > 0 (from lite2).
 <li>Massive performance optimization of the ccd device (RAID-like striping  <li>newfs(8) now has an inline fsirand(8) with no noticable speed decrease.
         disk driver).  <li>Replace which(1) with a C program.
 <li>Fix arp(8) ethernet address parsing for the illegal cases.  <li>libg++ pulls in libcurses automatically.
 <li>Fix <strong>-amin</strong> option in find(1).  <li>Fix weak symbol support in ld.
 <li>Moving towards KTH kerberos 4-0.9.7.  <li>cvs 1.9.2
 <li>Fix /etc/rc scripts to require IPF if NAT is requested.  <li>IPSEC package from John Ioannidis and Angelos D. Keromytis.
 <li>Add asprintf(3) and vasprintf(3).  <li>Working kadmind for kerberosIV.
 <li>Add hosts.equiv(3) and .rhosts(3) man page.  <li>Add support for /etc/passwd.conf which controls the format and strength of passwd entries for the next time a user changes their password. These options can be set per-user.
 <li>Import perl 5.004_04.  <li>New scalable BLOWFISH-based crypt algorithm for passwd file entries. It uses a very large strong-random `salt' and the number of rotor runs is configurable.  Hence if you have faster machines you can slow the crypt routine down and make harder keys.
 <li>Add some more XPG4.2 *_t types.  <li>fix some more memory and file descriptor leaks in libc/rpc
 <li>Fix SunOS emulation of TIOCGPGRP.  <li>Fix so that stack limits which are not a multiple of the pagesize work.
 <li>Newer ncr device driver.  <li>Fix a few netinet kernel crash problems.
 <li><font color=#e00000><strong>On the i386, handle the nasty problem with  <li>Fix pax & tar to be POSIX compliant.
         distinguishing SVR4 and Linux binaries.  <li>add RPC service name generation to netstat -a
         <a href=errata22.html#i386>A patch is available for 2.2</a></strong></font>.  <li>Make dd(1) work fine with our 64-bit off_t types, now you can copy very large disks using it.
 <li>Update to ncurses-4.1-971129  <li>Improved NFS filehandle creation.
 <li>Fix a deadlock on cd9660.  <li>Use lots more XXXX characters in calls to the few remaining mktemp() calls in the source tree. This cuts out a whole class of races.
 <li>Fix an overflow in top(1).  <li>IPF 3.1.7 which includes fully working NAT support (ie. IP masquerading).
 <li>Prevent ipf/ipnnat configuration changes when securelevel > 1.  <li>The <a href="hp300.html">hp300</a> joins many other ports in supporting 16 disk partitions.
 <li>Fix scsi CDIOCREADSUBCHANNEL.  <li>Have libc/rpc save you from yourself if you do enable source routing.
 <li>Indicate connect direction for tcp sockets in fstat(1).  <li>Change mktemp(3) and family to generate more random filenames, yet still as collision free as possible.
 <li>In linux compat, handle the CDROM ioctl() calls.  <li>Merge new ftp(1) changes from NetBSD.
 <li>Flesh out scsi(8) a tiny bit more.  <li>Add cdev and partition support to the ramdisk driver.
 <li>Use <strong>cp -R</strong> instead of <strong>cp -r</strong> for local  <li>New wgrisc port for Willowglen embedded r3081-based machine with ISA slots.
         copies in rcp(1).  <li>Support for gzip'd kernels in some bootblocks.
 <li>Enhance the performance of pwd_mkdb(8) by expanding the db(3) cache based  <li>Be more careful if some fool decides to enable source routing ;-)
         on input filesize.  <li>Added RFC-1812 ICMP unreachable codes to ip_icmp.h, traceroute, and ping.
 <li>Add a <strong>kern.nosuidcoredump</strong> sysctl.  <li>/sbin/dump -a saves you from needing to deal with finicky tape length options (from FreeBSD)
 <li>Fix minor numbers for /dev/ch* in the MAKEDEV scripts.  <li>config.old(8) has been removed from the tree, as the <a href="hp300.html"> hp300</a> port switches to config(8).
 <li><font color=#e00000><strong>A workaround for the Intel P5 F00F lockup problem.  <li>A SA_SIGINFO implementation for sigaction() and signal handlers.  This is a small part of POSIX 1003.1b and permits the signal handler to figure out the exact cause of a signal; such as fault address information for SIGSEGV or more detailed information for SIGFPE.
         <a href=errata22.html#i386>A patch is available for 2.2</a></strong></font>.  <li>The <a href="alpha.html">Alpha</a> port and all it's utilities now compiles using in-tree versions of all tools.  Yipee!
 <li>Fix numerous problems with new KTH kerberos.  <li>amd (the automounter) is now 64-bit and working on the alpha.
 <li>Fix a problem in -current regarding open() of O_TRUNC and O_SHLOCK.  <li>Changed netinet IP_HDRINCL option to require ip_len and ip_off in network byte order. This is a compatibility/portability fix and we expect other BSD systems to eventually follow suit.
 <li>Correct an XPG violation in stdlib.h.  <li>Bug fixed that prevented bufpages/nbuf > 1 setups.  This allows large buffer caches even when available kvm space is low, like for i386 & sparc.
 <li>Handle the cdrom ejecting ioctl in linux emulation.  <li>Some ypbind(8) tightening up, includes a method to specify a list of valid servers
 <li>Handle SIOCGIFHWADDR ioctl in linux emulation.  <li>Completely in-tree <a href="powerpc.html">PowerPC</a> port for non-Apple hardware.  This port requires nothing outside the in-tree development environment to build (except mkisofs for building distributions).
 <li>Use recursive vnode locks to solve a page-in panic reported by chuck & chuck.  <li>A working fsirand.
 <li>Handle nanosleep() in linux emulation.  <li>More kerberosIV security patches.
 <li>Handle SIOCGIFMETRIC and SIOCGIFMTU in linux emulation.  <li>Repair many uses of the SIOCGIFCONF code for machines with an outrageous number of network interfaces.
 <li>Handle the controlling tty ioctl in linux emulation.  <li>pax in tar mode will understand multiple -v options to generate ls-like output.
 <li>Repair a number of retry operation problems in the wdc driver that mostly  <li>Prevent stat() from disclosing inode generation numbers to non-root userland.
         affected sleeping laptops.  <li>various adjtime() corrections inside the kernel.
 <li><font color=#e00000><strong>Fixed a panic problem in the i386 apm driver.  <li>No buffer lengths in fmt(1).
         <a href=errata22.html#i386>A patch is available for 2.2</a></strong></font>.  <li>Support lchown(2) in dump(8), cp(1), pax(1), cpio(1), chown(8), and restore(8).
 <li>Enable new FreeBSD ppp(8) daemon.  There are now two ppp daemons in the  <li>New gnu cpio 2.4.2
         source tree, they have quite different feature sets.  <li>Added lchown(2) for compatibility with SVR4 implementations.
 <li>Do not clear the setuid/setgid file mode bits for a call to  <li>Sendmail upgraded to version 8.8.5.
         {,f,l}chmod(-1, -1).  <li>Upgrade of awk(1), integration of BSD tsort(1), getopt fixes.
 <li><font color=#e00000><strong>Due to timing constraints, mac68k X11 binaries did  <li>Support for the <a href="hp300.html">hp300</a> added.
         not make it onto the 2.2 CDROM.  <li>Fix a fairly nasty security hole in all of the games.
         <a href=errata22.html#mac68k>But it is now available for ftp</a></strong></font>.  <li>new aucat command.
 <li>Addition of Obtuse smtpd(8) and smtpfwd(8) v2.0.  <li>libcrypt goes away. We do not need this stub library anymore. Do not link against it on OpenBSD, all the pieces you need are in libc.
 <li>In ftpd, default to RFC non-conforming behaviour for the PORT command,  <li>ppp 2.3b3
         but provide a runtime switch for those who like holes.  <li>Permit building of kernels without a.out support.
 <li>Make route(8) non-setuid.  <li>Properly use _POSIX_SAVED_IDS throughout the source tree.
 <li>Honour TMPDIR in the locate(8) tools.  <li>Import of the powerpc port.
 <li>Update the pkg_* tools a bit.  <li>Change the games to be run setgid games, not setuid games.  This closes a whole slew of fascinating security holes.
 <li>Support IP_HDRINCL in Linux emulation.  <li>Add disklabels to the vnd device driver.
 <li>Fix a kernel bug related to "route change ...".  <li>Properly split fsck, mount, and newfs into multiple pieces.  Use disklabel information if it is available.
 <li>Fix MAKEDEV script regarding /dev/fd/* for some architectures.  <li>Permit NFS attribute cache to be configured on a per-mount basis.
 <li>In numerous programs, avoid fd_set overflows.  <li>Add XCASE/IUCLC/OLCUC/OCRNL/ONOCR/ONLRET tty subsystem flags for backwards compatibility.
 <li>Fix Linux accept/recvmsg if kernel is compiled with other compat options.  <li>Repair some more KerberosIV buffer overflows.  Hard to believe this is supposed to be security software.
 <li>Implement fcntl() of F_FREESP in SVR4 emulation. Does this belong  <li>f77 0.5.19
         in ibcs2 also?  <li>texinfo 3.9
 <li>Provide workaround for the Cyrix 6x86 COMA bug.  (A workaround for 2.2  <li>sendmail 8.8.4
         is not available).  <li>Fix a few setgroups() related security holes.
 <li>Change ftp(1) so that tries to use passive mode, and falls back to active  <li>Add NetBSD's "route show" implementation, and at the same time fix the new buffer overflows that this provided.
         mode.  Provide environment variables to fall back.  This is  <li>Fix information gathering attack in ping(8).
         incredibly cool.  <li>tcpdump 3.3
 <li>Fail better for over-long usernames.  <li>If disklabel reading code discovers an ISOFS filesystem underlying, spoof a nice disklabel (enough to fool mountroot).
 <li>Check the values of the ftp PORT command even more carefully.  <li>At boottime, have (*mountroot)() look at the root device's disklabel to determine which filesystem type is to be mounted.
 <li>Fix a bug in make(1) regarding SYSV style : substitution on  <li>Add disklabels to the floppy device drivers.
         null variables.  <li>Multiple updates for GNU software
 <li>Support fcntl() GETLK,SETLK,UNLK variants in SunOS emulation.  <li>Hundreds of little fixes all over the place.
 <li>If mountd(8) discovers getfh(2) not supported, it now aborts nicely.  <li>Some YP and bootparamd security changes.
 <li>The new KTH KerberosIV integration (and security audit) is almost  <li>Add FreeBSD md5 diffs to mtree(8).  This can be used to implement a tripwire-like system.
         complete.  <li>GNU gdb works on the mips-based platforms.
 <li>IBCS2 emulation also requires fcntl() F_FREESP support.  <li>Imported FreeBSD's calendar.
 <li>Handle DST changeovers automatically in cron.  <li>Increased compatibility in the pccons driver with BSDi features.
 <li>lockf() implimentation.  <li>Added -C option to pax/tar. Also made -z support compressed files too.
 <li>Correct exit code of nohup(1).  <li>Prevent generic users from mounting filesystems by default.
 <li>Swap quit and exit commands in fdisk.  <li>Use pdksh as our /bin/sh.  This provides excellent POSIX compliance.
 <li>Add sysctl ddb.panic_ddb; indicates whether to drop into ddb on a panic.  <li>Numerous small security fixes again...
 <li>Correct an splx botch in the tunnel driver.  <li>com driver is now bus-independent.
 <li>Fix some gzip buf oflows.  <li>lpt driver is now bus-independent.
 <li>Make mmap() return void * instead of caddr_t, and add the MAP_FAILED  <li>The Arc port family has a new member: The rPC44 works!
         define required by new standards.  <li>New bsd.*.mk feature: DEBUG=-g.  Try it, you'll like it.
 <li>Make {f,}chflags(.., -1) return error EINVAL.  <li>pdksh version is now 5.2.11
 <li>Make md5(1), rmd160(1), and sha1(1) use getopt().  <li>Make login get more consistantly upset about failed logins, and tell user about these failures at the next successful login.
 <li>Some slight changes to the PCI device subsystem to make it probe  <li>Memory leak paranoia in cron.
         devices nicer (mostly dmesg printing).  <li>Numerous more difficult-to-exploit-but-possible-if-someone-really-wanted-to buffer overflows found in system utilities..
 <li>Some more manpage cleanups.  <li>Various repairs to the scsi scanner support.
 <li>Workaround a problem that happens if a TCP socket is shutdown(2)'d more  <li>Import of ctm.
         than once.  <li>Integration of the pmax port.
 <li>Some fixes to fdisk(8) and disklabel(8).  <li>Beware $HOME overflows throughout the source tree.
 <li>Add sysctl net.inet.icmp.bmcastecho to block the smurf problem.  <li>OLF binary type added.  This is like ELF, but includes an OS-dependent tag. elf2olf(1) converts an elf binary to a tagged OLF binary which the kernel can recognize correctly.
 <li>Make sure it is clear that so_linger is in seconds.  <li>In numerous utilities: prefer $LOGNAME, but also accept $USER.
 <li>New rc.conf(7) manpage.  <li>The NIST suite showed numerous errors in libraries and the kernel. Only a few small errors remain now, mostly regarding serial ports.
 <li>Fix some problems regaring transfer of secure yp maps.  <li>More ftpd raging paranoia security fixes.
 <li>Permit extra / terminators in some path-based system calls.  <li>Numerous fixes to the lpr suite, including security.
 <li>Do not permit dumping corefiles over symbolic links. (We have wanted  <li>Crank kvm space on the i386 port, also limit buffer cache useage so that 512MB machines may work (untested :-)
         this changed for a long time, but it required Lite2 vfs).  <li>GPL i387 emulator added.
 <li>Fix a output error in finger(1).  <li>Skey revamped into full OTP (RFC1938) support, including sha1 and md5 support.
 <li>Fix a vnode creation race.  <li>Add stack tracebacks to Arc port's kernel debugger.
 <li>For scsi tape drives, be silent in the presence of ILI errors.  <li>The /dev/*random devices are now default on all architectures.
 <li>Support for FAT32 partitions.  <li>A number of security fixes to the way coredumping works.
 <li>Support all kinds of keyboards in pcvt, like pccons does.  <li>upgrade to CVS version 1.9.
 <li>In disklabel(8), make IDE drive type handling more obvious and  <li>The NIST Posix test suite became free. As a result we have been correcting numerous problems in the source tree, and expect to be completely POSIX compliant very soon.
         intuitive.  
 <li>Bring gethostent() back to life, even though it is a bad interface.  
 <li>Merge some slight standardization fixes for *printf(3) from  
         FreeBSD (some unlikely cases get handled better).  
 <li>sudo version 1.5.4.  
 <li>Make pkg_install(1) feed a -p option to tar.  
 <li>In w(1), handle processes that set argv[0] to NULL, by printing p_pcomm.  
 <li>ncurses 4.1-980103  
 <li>Handle unparseable ulimit specifications as an error, not as the value 0.  
 <li>pppd 2.3.3  
 <li>Support <strong>-h host</strong> flag to ypwhich(1).  
 <li>Use new ypwhich(1) flag in ypinit(8) script to get maps from the real  
         master server.  
 <li>Import of tzcode1998b and tzdata1998b.  
 <li>Properly ignore whitespace between a conversion and %n in *scanf(3).  
 <li>Groff 1.11a  
 <li>Properly error out if yp_match() or yp_first() is asked to lookup  
         long keys.  
 <li>Start at bus_dma support.  
 <li>Much more complete KerberosIV documentation.  
 <li>Repaired the expansion of the kernel panic string.  
 <li>If tar(1) extracts as root, preserve uid/gid as is traditional.  
 <li>Fix argument handling in expand(1).  
 <li>In termcap databases, map the keyboard backspace key to DEL  
         instead of BS as that is how it really is.  
 <li>Fix select(2) use in sudo(8) so that it can handle large fd_set sizes.  
 <li>More cdrom ioctl's in Linux emulation.  
 <li>Fix a race in mkdir(1).  
 <li>IPF 3.2.3.  When you upgrade to this version, you <strong>must</strong>  
         also upgrade the userland utilities (ipf, ipnat, etc.).  You also  
         need to get the latest MAKEDEV and run "sh MAKEDEV ipl" in /dev  
         to create new device entries.  
 <li>On binutils platforms, make ldd(1) work on static executables.  
 <li>Add <strong>-a</strong> flag to which(1).  
 <li>Check both old and new shells in rpc.yppasswdd(8).  
 <li>Cleanups in wump(6).  
 <li>Glob extensions for XPG4.  
 <li>Require commands started from in /etc/rc to be executable -- not just  
         readable.  
 <li>In rc.local, bail on starting cfsd(8) if mountd(8) is not running.  
 <li>Self-extending kernel maps in the vm subsystem.  
 <li>Low-memory bug fix in setenv(3).  
 <li>Some man page fixes so that <strong>man -k</strong> is happier.  
 <li>Workaround a race condition in syslogd's handling of SIGHUP.  
 <li>Teach the kernel about newer PCI device types.  
 <li><font color=#e00000><strong>Be more careful about sourcerouted packets,  
         including never forwarding them.  This is a security  
         problem in OpenBSD 2.2, and is <a href=errata22.html#sourceroute>  
         described and fixed with a patch</a></strong></font>.  
 <li><font color=#e00000><strong>Two bugs existed in the the 2.2 pmax release which all users  
         should be aware of.  
         <a href=errata22.html#pmax>Patches are now available</a></strong></font>.  
 <li>Fix the __{CTOR,DTOR}_LIST__ declarations in c++rt0.c  
 <li>Avoid DNS lookup timing effects in ping -R.  
 <li><font color=#e00000><strong>Buffer overflow fix in the MIPS ld.so. Replacement  
         binaries for the <a href=errata22.html#pmax>pmax</a> and  
         <a href=errata22.html#arc>arc</a> platforms are available</strong></font>.  
 <li>Add strptime(3).  
 <li>Add scan_ffs(8), a very useful tool for reconstructing disks.  
 <li>Create two new sysctl options: <strong>ddb.panic</strong> decides  
         whether the kernel should enter ddb when it panics, and  
         <strong>ddb.console</strong> controls if it is possible to enter  
         ddb from the console via a hot-key.  
 <li>Fix a free page count bug in the vm system.  
 <li>Add <strong>/etc/sysctl.conf</strong> which specifies sysctl variables  
         to change at boottime.  
 <li>Add <strong>FS_CCD</strong> partition type so that the ccd driver can  
         ensure it has the right components.  
 <li><font color=#e00000><strong>In the 2.2 release, the sparc scsi driver caused problems  
         for the Sun 4/300 machines.  
         <a href=errata22.html#sparc>Patches are now available</a></strong></font>.  
 <li>Fix /etc/yp/domainname support in ypbind(8).  
 <li>Fix some bugs in vacation(1).  
 <li>Emulate that disgusting linux connect() braindamage even better.  
 <li>smtpd(8) integration spiffied up. Everything you need is now in the  
         system.  
 <li>A start at full lint library support.  
 <li>Fix rarpd(8) to work properly in the presence of massive routing traffic.  
 <li>New compat_ibcs2(8) manpage.  
 <li>The web pages now have a new section on <a href=security.html>  
         security advisories</a>.  
 <li>Make MIPS ldconfig emulate the <strong>-m</strong> flag better.  
 <li>Permit restore(8) to work on a filesystem that has a basic blocksize  
         smaller than the blocksize of the filesystem that was dumped.  
 <li>New <strong>-a logdev</strong> argument for syslogd(8), useful for  
         setting up additional /dev/log devices in various chroot spaces.  
 <li>raise IPPORT_USERRESERVED significantly. Random port numbers will now  
         look much more random than they did before.  
 <li><font color=#e00000><strong>Make ruserok() significantly more paranoid when  
         parsing the .rhosts file.  This along with another issue is a  
         security problem in OpenBSD 2.2, and is <a href=errata22.html#ruserok>  
         described and fixed with a patch</a></strong></font>.  
 <li>In compress(1), if the st_flags is 0, do not attempt a chflags(2) call.  
 <li>Make stty(1) recognize STRIPDISC.  
 <li>Fix a map corruption bug in ypxfr(8).  
 <li><font color=#e00000><strong>In the sparc 2.2 release, the SS4/SS5 kernel was not  
         very reliable.  <a href=errata22.html#sparciommu>A simple reliability  
         patch is now available</a></strong></font>.  
 <li>Place seperate so_ruid and so_euid fields in struct socket, so that  
         in_pcb.c can still do it's job, but also so that identd(8) can  
         be fast and return the proper uid.  
 <li>If <strong>link0</strong> is set on a loopback interface (ie. lo1) make  
         the address/netmask sets on it make supernets instead of subnets.  
 <li>Various fixes to some of the games, ie. rain, worms, wump.  
 <li>Fixed "%c" in strftime(3).  
 <li>Support the WINBOND pci ethernet cards.  
 <li>Make lpd(8) use keepalives so that it can detect dead network printers.  
 <li><font color=#e00000><strong>The mac68k 2.2 CD release had a few problems.  
         These problems have been resolved in the FTP release.  
         <a href=errata22.html#mac68k>For more details...</a></strong></font>  
 <li>Fix another signal handler bug in mail(1).  
 <li>New quirk for another Archive VIPER scsi tape drive.  
 <li>Support <strong>-[width]</strong> option in fmt(1).  
 <li>Add XPG4 <strong>-r</strong> option to du(1).  
 <li><a href=ftp://ftp.openbsd.org/pub/OpenBSD/tools/openbsdpower.gif>New  
         fancy OpenBSD logo for your use</a>.  
 <li>Change chflags(2) and fchflags(2) to take a u_int for the second  
         parameter.  
 <li>Fix two bugs in adduser(8).  
 <li>Pull in all the NetBSD changes to the old version of gas over the  
         last year or so.  
 <li>Remove the ftp(1) `stdout redirection' hack and replace it with a  
         <strong>-o filename</strong> option (which also understands a  
         filename of "-" to mean stdout).  
 <li>On the i386, move XFree86 aperature driver into the kernel.  The new  
         sysctl(8) variable <strong>machdep.allowaperture</strong> decides  
         if this driver is active or not.  (This variable can only be  
         modified at high securelevel).  
 <li>Add kerberos kauthd(8).  
 <li>Rename /etc/nat.rules to /etc/ipnat.rules.  
 <li><font color=#e00000><strong>Do not permit a read+write mmap() operation on  
         a read-only file descriptor open on a device.  This is a security  
         problem in OpenBSD 2.2, and is <a href=errata22.html#mmap>  
         described and fixed with a patch</a></strong></font>.  
 <li>Make the kernel compile properly (with full warnings) under gcc 2.8.  
 <li>For OLF/ELF binaries, remember the OS tag in execve(), so that emulation  
         code can reference it later.  
 <li>CVS version 1.9.24  
 <li>Support <strong>-rpath dir</strong>, <strong>-shared</strong>,  
         <strong>-soname</strong>, <strong>--whole-archive</strong>,  
         and <strong>--no-whole-archive</strong> in the old ld used on  
         many of our platforms.  
 <li>Some more repair in the games.  
 <li>Do not copy from off the end of an nfs boot mbuf.  
 <li>Support for the ST16650 32-byte FIFO uart.  
 <li>Add <strong>-p</strong> option to uname(1), to display detailed  
         CPU information.  
 <li>In mail.local(8), document how to use quotas on a mail spool.  
 <li>Convert the xdr(3) and rpc(3) manpages to mandoc format.  
 <li>Permit the disabling of skey system-wide.  
 <li>Do not let a user set their password to "s/key".  
 <li>Do not permit TCP connections to any of the broadcast addresses.  
 <li>Clarify crypt(3) manpage as to how many characters each transform  
         actually considers in its calculation.  
 <li>In the RPC code, ensure that __svc_fdsetsize is always manipulated as  
         a bitcount.  
 <li>Add a clarifying statement to all the Kerberos code that explains how  
         it came to be that this code was released from the USA's crypto  
         stranglehold.  
 <li>Add a command to ddb that reports out the extent tables.  
 <li><font color=#e00000><strong>The 3rd revision of the patch for the mmap()  
         security problem is available, and <a href=errata22.html#mmap>has been  
         placed on top of the 2nd revision</a></strong></font>.  
 <li>Fix some bugs in the 3c[59]xx device driver.  
 <li>Make <strong>netstat -r</strong> report better information about  
         non-standard netmasks.  
 <li>In libpcap and tcpdump, use our system ethers(5) parsing routines.  
 <li>Fix a configuration file parsing bug in ipf(8).  
 <li>In old gas, move to late resolution of symbols because gcc 2.8  
         will require this.  
 <li>Add XDM-AUTHORIZATION to X11.  
 <li>Inside the kernel, change struct file's members f_count and  
         f_msgcount to longs, and then add checking for overflows as well.  
 <li>Handle unknown hostnames in mountd(8) better.  
 <li>Improve blowfish performance by a factor of 2, and hence increase  
         the rounds by 1 in passwd.conf.  
 <li>Remove one of the two copies of math.h in the source tree.  
 <li>Correct behaviour <strong>-x</strong> and <strong>-p</strong> flags  
         in tar(1) to be traditional.  
 <li>Make ping(8) work with very large packet sizes on all types  
         of interfaces.  
 <li>Upgrade to libg++ 2.8.0  
 <li>Upgrade to gcc 2.8.0  
 <li>Fix a few more mktemp(3) problems in f77 libraries, and other assorted  
         GNU software.  
 <li>Fix a race bug in mkstemp(3) itself that would make mkstemp(3) have  
         occasionally fail strangely.  
 <li>New photurisd(8) that complies with  
         <strong>draft-simpson-photuris-18.txt</strong>.  
 <li>Add support for <strong>TIOCM*</strong> family of ioctl(2) values to  
         the sparc serial driver.  
 <li>Fix syslog(3) sockaddr initialization.  
 <li>Spend almost a week finding and fixing minor goobers discovered by  
         gcc 2.8 throughout the source tree.  
 <li>Use a p_os field to sub-divide operating system emulation capabilities  
         (like for SVR4 binaries).  
 <li>Add another missing ntohl() in ipnat(8).  
 <li>XFree86 3.3.2 is now in our X11 source tree.  
 <li>Add many new machine-dependent man4 man pages.  
 <li>Improve IPSEC performance.  
 <li>Rename 2.2 to 2.3 tree-wide, for the upcoming release.  
 <li>Upgrade to gcc 2.8.1  
 <li>Significant efforts made at fleshing out the device driver man page  
         tree better.  
 <li>Fix passwd(1) so that YP passwords do not get edited in the  
         local password file.  
 <li>On the sparc, print hotfix information at the right place in the  
         dmesg log.  
 <li>On the sparc, support 128KB lebuffer devices.  
 <li>Fix KerberosIV password changing.  
 <li>Change the configuration of man(1) so that man4 is read much later;  
         this makes it easier to see pages in man8 with similar names.  
 <li>Add support for <strong>-s section</strong> and <strong>-S subsection</strong>  
         to man(1).  
 <li>Add <strong>-s</strong> and <strong>-c</strong> options to last(1).  
 <li>Fix a crash case in compress(1).  
 <li>Fix vnd and ccd drivers to work properly with soft updates.  
 <li>Fix tmpfile(3) to fchown() the file after unlink() (taking umask() into  
         consideration, too).  This is required by standards.  
 <li>Add support for 82553 and 82555B PHY in the fxp driver.  
 <li>Add lynx 2.8 to the system.  
 <li>Configure cc(1) to pass the <strong>-R</strong> flag on to ld(1).  
 <li>Fix an interaction bug in inetd(8) due to SIGPIPE blocking; caused a  
         bad effect in rlogind(8) or other inetd(8) children.  
 <li>Fix mktemp(3) problems in two more YP tools.  
 <li>CVS version 1.9.26  
 <li>Fixes to a few more games.  
 <li>Fully working KerberosIV encryption in telnet(1) and telnetd(8).  
 <li>Flesh out the man pages and explain the security problems behind  
         mktemp(3) and other similar functions, plus explain how to  
         handle these problems better.  
 <li>Merge Kirk McKusick's <a href=softupdate.html>soft update</a> code.  
         This code is still experimental and under a non-commercial  
         license.  It will be included in the next release as an optional  
         compile flag; we cannot ship it enabled by default.  
 <li>Fix <strong>%m</strong>, <strong>%I</strong>, <strong>%S</strong>,  
         <strong>%y</strong>, <strong>%C</strong>, and <strong>%j</strong>  
         conversions in strptime(3).  
 <li>Fix a NULL deference bug in make(1) when using the <strong>-j</strong>  
         flag.  
 <li>In strptime(3), make <strong>%C</strong> influence <strong>%y</strong>  
         regardless of ordering.  
 <li>Add options(4).  This manpage describes what all the kernel options  
         do.  If you spot an error in it, notify us immediately.  
 <li>In get*ent() family of routines in libc, use fgetln(3) instead of  
         fgets(3) so that parsing of overly long lines is more correct.  
 <li>Fix support for VFS loadable kernel modules.  
 <li>Make the functions described in ethers(3) more careful.  
 <li>Add support for <strong>atalk</strong> to ifconfig(8).  
 <li>Make <strong>%Y</strong> override an earlier <strong>%y</strong> in  
         strptime(3).  
 <li>Add support for more PCI NE2000 cards.  
 <li>In the ksh(1) manpage, clarify the behaviour of the  
         <strong>CDPATH</strong> variable.  
 <li>Make <strong>-R path</strong> work a well as <strong>-Rpath</strong>  
         in cc(1).  
 <li>In telnet(1), fix connecting to IP addresses; this was recently broken  
         by the new KTH kerberos telnet integration.  
 <li>In mktemp(1), document why this should be used for temporary filename  
         generation.  
 <li>Add (complete?) support for KerberosIV to our X11R6.  
 <li>Change <strong>SIOCGIFNETMASK</strong>, <strong>SIOCGIFDSTADDR</strong>,  
         and <strong>SIOCGIFBRDADDR</strong> to return information for  
         named/addressed mappings rather than simply named mappings, so that  
         these calls can work on interface aliases.  
 <li>Add ISAPNP driver for the 3c509 cards.  
 <li>On the sparc, switch to an alternate font if the console is <  
         800*600 resolution.  
 <li>Fix ch(4) operation on ncr(4) scsi controllers.  
 <li>Add UID_MAX and GID_MAX to <machine/limits.h> on each architecture.  
 <li>Make edquota(8) handle numeric names as uid's only after checking that  
         an account named so does not exist.  
 <li>Remove libtelnet.so.* from the distribution.  People compiling kerberos  
         into their system were generating significantly different shared  
         libraries; thus it is wrong to make this a shared library.  
 <li>Fix rarpd(8) interaction with routed(8); too much routing information  
         would pile up un-read on the AF_ROUTE socket and rarpd(8) would  
         get too grumpy.  
 <li>Emulate SunOS <strong>otimes(2)</strong> system call so that Netscape  
         doesn't explode.  
 <li>Fix rmd160(3) (and also the IPSEC algorithm) to properly handle data beyond  
         it's block boundary.  
 <li>Support QLogic PCI scsi controllers (at least on the i386).  
 <li>Import <strong>xpm</strong> into our X11 source tree.  
 <li>Add httpd(8) to the OpenBSD tree.  It is apache 1.2.6.  
 <li>Add a <strong>SIOCGIFDATA</strong> ifreq-style ioctl which will get  
         the ifdata informational structure attached to each interface.  
 <li>Import <strong>kx</strong> into our X11 source tree.  
 <li>In utimes(2) and futimes(2), handle <strong>tv_sec</strong> values of -1  
         more carefully, as they are really illegal cases.  
 <li>In ftp(1), for HTTP requests pass the hostname so that virtual hosts  
         work.  
 <li>In login(1), handle cleanup of environment variables correctly.  
 <li>Add AFS token fetching capability to various parts of the source tree.  
 <li>Fix <strong>ru_majflt</strong> counting in the VM system.  
 <li>Add xlockmore(1) to the X11 tree.  
 <li>Add disklabel spoofing to the hp300 port.  
 <li>Significantly improve the system install scripts.  
 <li>Switch a.out ports in the tree (sparc, m68k, i386) to use the  
         newer version of gdb that is part of the binutils tree.  
 <li>Fixes for various (minor) Y2K problems.  
 <li>In the <strong>le</strong> ethernet driver, if the detected ethernet  
         address is ff:ff:ff:ff:ff ... fail.  
 <li>Fix DNS fake-iquery bug.  
 <li>Do not prepend /usr/local/bin to the PATH in zdiff(1), zforce(1), zgrep(1),  
         zmore(1), znew(1), or rcsfreeze(1).  
 <li>sudo version 1.5.5  
 <li>In tar(1), only preserve the uid/gid if the <strong>-p</strong> flag is  
         given.  
 <li>Fix bug oflow in ping(8) <strong>-R</strong> option.  
 <li>Remove KTH Kerberos "eavesdropping" message from telnet(1) and telnetd(8).  
 <li>Modify i386 PS/2 driver to be read/write; this permits new XFree86 source  
         to put mice into advanced modes of operation.  
 <li>Support 3c905B.  
 <li>Fix backtraces in gdb on m68k platforms.  
 <li>Disable console ddb by default.  sysctl can re-enable it.  
 <li>mkisofs 1.11.2  
 <li>Add support for the XR16850 serial chip (128 byte fifos).  
 <li>Fix a race condition in unmount(2).  
 <li>Repair the pkg_add(1) sufficiently for the 2.3 release...  
 <li>Fix 'u'ndo support in disklabel(8)'s <strong>-E</strong> mode, and  
         also add a new 'r' command.  
 <li>Configure xdm(8) and the fwvm window manager sensibly enough for  
         default users to not feel utterly lost.  
 <li>Fix ipsec encap notifies.  
 <li>When root logs in for the first time, let him find that he has an  
         interesting piece of mail about how the system works.  
 <li>Make install procedure prompt & set the initial root password.  
 <li>For the i386, have the install procedure ask if the xf86 driver should  
         be enabled by default.  
 <li>Make disklabel(8) mentions IDE (which is an alias for ESDI).  
 <li>Fix /etc/fbtab handling in init(8).  
 <li>Various other install script fixes.  
 <li>In mktemp(3), repair a bug in the filename incrementing loop.  
 <li>In disklabel(8)'s <strong>-E</strong> mode, set the bootblock sizes  
         so that the hp300 install does not freak out.  
 <li>Fix installboot(8) on the sparc Sun4 models.  
 <li>Support lots of file descriptors in named(8), for when many virtual  
         interfaces exist.  
 <li>On the i386, fix installboot(8) so it works reliably on various filesystem  
         layouts that did not work before.  
 <li><font color=#e00000><strong>A security problem due to a buffer overflow  
         exists in uucpd(8) (which is not enabled by default in our releases).  
         <a href=errata22.html#uucpd>A patch exists</a></strong></font>.  
 <li><font color=#e00000><strong>A security problem due to buffer mismanagement  
         exists in lprm(1).  
         <a href=errata22.html#rmjob>A patch exists</a></strong></font>.  
 </ul>  
   
 <a name=23></a>  </ul><p>
 <p>  
 <h3><font color=#0000e0>OpenBSD 2.3 released (May 19, 1998).</font></h3>  
 <p>  
   
 <p>  <a name=20></a>
 <h3><font color=#0000e0>Work begins on what will become 2.4 or 3.0....</font></h3>  <h3><font color=#0000e0>OpenBSD 2.0 released.</font></h3><p>
 <p>  
   
 <ul>  <ul>
 <li>Ignore SIGPIPE in reboot(8).  <li>CTM is now a supported way of obtaining OpenBSD source code.
 <li>Do not do gethostbyname(3) on "*" in pppd(8).  <li>Added sudo (which is maintained by one of our developers)
 <li>Set <strong>d_bbsize</strong> and <strong>d_sbsize</strong> to defaults  <li>Working Linux ext2fs.
         in the disk drivers.  <li>We have completed security reviews of almost all userland programs and libraries except for the gnu stuff (where, based on preliminary inspection there is poor handling of temp files).
 <li>Make last(1) report on the year.  <li>FreeBSD's adduser(8) command. Also an rmuser(8) command.
 <li>Improve numerous manpages.  <li>A 7% reduction in size of static binaries.
 <li>Change tset(1) and /root/.cshrc behaviour so that ^C at the prompt does  <li>Compile time option to compile the source tree almost completely dynamic.
         not result in noglob remaining set.  <li>Almost a hundred more security fixes, including /tmp races because of strncpy.
 <li>Add <strong>dev</strong> command to cdio(1) so that user can change  <li>Another kerberos security fix.
         device.  <li>deal with the SYN bomb problem (denial of service attack) as well known.
 <li>Use mkdtemp(3) in pkg_add(8) and friends.  <li>less version 2.90
 <li>Fix relative tags in vi(1).  <li>mopd for networking booting Digital machines
 <li>Fix gcc on the m68k to correctly invalidate cached condition codes when  <li>latest GNU groff, incorporated in a clean wrapperized form.
         only a-registers are involved.  <li>secure multicast tools against possible security problems.
 <li>Add <strong>/var/run/rarpd.pid</strong> and syslogging support to  <li>sendmail gecos hole fixed (in a number of ways; other programs in the source tree were also vulnerable.)
         rarpd(8).  <li>Nice sample files in /etc
 <li>Handle truncated reads in dumpfs(8).  <li>16 partitions working on sparc and i386 (yipee!)
 <li>Let fdisk(8) and disklabel(8) compile if NOMAN= is defined.  <li>vim is replacing nvi, since nvi does not have a pure BSD license, and vim also works better.
 <li>Change 3rd parameter to be size_t as required by XPG.  <li>And of course... more security related bugfixes... (ie. dump, restore, mt).
 <li>Make strptime(3) handling of month and weekday names case insensitive.  <li>ftp command modified for easily scripted ftp & http downloads.
 <li>Fix the i386 versions of libm's scalb*() functions.  <li>Complete in-tree development for MIPS/Alpha systems (ie. binutils).
 <li>Run rc.shutdown even if -h or -r was not specified.  <li>New routed from SGI.
 <li>Completely rewritten fmt(1) with more features.  <li>*Hobbit*'s netcat utility. The crackers use it, so should you.
 <li>Make hp300 use new m68k kcore format.  <li>Say goodbye to dump, restore, and mt security holes: They are no longer setuid.
 <li>Fix a very strange bug in backgammon by using -ltermlib instead of -ltermcap.  <li>DDB can now access symbol tables from LKM modules
 <li>64 bit cleanups to the uucp subsystem.  <li>Some serial driver support for /dev/cuaXX devices to support transparent out+dial
 <li>Correct utimes(2) emulation in Linux compat.  <li>FreeBSD pipe() system call; quite a bit faster.
 <li>Make ps(1) look at the kernel physmem variable instead of the far uglier  <li>libgnumalloc is gone; our malloc() is better.
         thing it did before this change.  <li>Kernel warns if /dev/console does not exist; nice warning for booting with an unpopulated /dev directory.
 <li>Delete old gdb; we use modern binutils everywhere now.  <li>cdio command for using CD audio.
 <li>Fix a coredumping problem in oldrdist(1).  <li>Even more security fixes.
 <li>Change ld(1) to accept the first matching shared library it finds.  <li>latest version of perl, and a lndir command.
 <li>Teach dump(8) that ENOSPC on remote or local media means end of tape.  <li>gcc 2.7.2.1 (to get closer to native alpha support ar gcc bugs).
 <li>Merge OSS-like audio code into i386, sparc, amiga, and other architectures.  <li>vim version 4.5
 <li>Add audioctl(1) and mixerctl(1).  <li>a good start at NETIPX support
 <li>Permit socketpair(2) to accept <strong>PF_LOCAL</strong>.  <li>improved locate command
 <li>In oldrdist(8), avoid attempting to create hardlinks between devices.  <li>Fixed timeout support in RPC library, and also fixed it to support more than FD_SETSIZE file descriptors.
 <li>talk(1) cannot distinguish the host a reply comes from. If it is  <li>rudimentary support for ISA Plug-and-Play cards
         suspicious, it now prints that hostname in the connection banner.  <li>`lsof'-style features in fstat.
 <li>Fix a bug in h2ph(1).  <li>Numerous ftpd improvements and fixes, including multihomed and skey support.
 <li>For 3c9xx drivers, fix a bug where bpf attach caused a change to 10Mb mode.  <li>ncr53cXXX scsi scripts assembler
 <li>Make ctype macros dealing with unsigned characters properly index into  <li>arc4-based random support in kernel
         their respective tables.  <li>Kerberos is much more silent if not configured
 <li>Make 'y' command in sed(1) 8-bit clean.  <li>scsi subsystem security fix
 <li>Fix iommu flushing on the sparc Microsparc-1 based machines.  <li>much newer join command (4.4lite2 with other fixes)
 <li>Our c++ compiler is called c++, not g++.  <li>RCS version 5.7
 <li>Use inet_ntoa() in a diagnostic in rwhod(8).  <li>added /etc/fbtab support to login & init.
 <li>Fix a timeout bug in ping(8).  (What a troublesome program it is...)  <li>partial protection against tcp SYN attacks.
 <li>Fix ZIP drive use on the hp300.  <li>POSIX & C2 requirement; lose setuid/setgid bits if owner/group changed by chown(). This can be turned off with sysctl.
 <li>msdosfs in FAT32 mode would hang during a write.  <li>a real adduser program, which can even be used uninteractively.
 <li>Permit relative adjustments in mixerctl(1) using +/- prefixes.  <li>install now supports -C, -p, and -S flags.
 <li><font color=#e00000><strong>xterm(1) and libXaw contain security issues  <li>20 or so more security fixes
         due to buffer mismanagement.  <li>at -f security fix.
         <a href=errata.html#xterm-xaw>A patch exists which solves the problem</a>.  <li>generic protection against the bind() takeover problem.
         <a href=errata22.html#xterm-xaw>(A similar patch which solves the  <li>new rdisc Router Discovery daemon
         problem for OpenBSD 2.2 also exists)</a></strong></font>.  <li>Numerous FreeBSD userland fixes and improvements incorporated.
 <li>In mail(1), do not attempt to remove a mail spool since directory write  <li>FreeBSD malloc() that uses mmap() and is able to free unused memory.
         permission may not exist. Instead, simply truncate it.  <li>Fixed long-standing vm swap-leak.
 <li>Add libossaudio(3) to the source tree.  <li>_POSIX_SAVED_IDS behaviour with permitted BSD extensions.
 <li>In the hp300 port, use actual code to determine how fast the 68040 cpu  <li>Newest version of pppd.
         is running.  <li>zlib (non-GPL'd gzip-compatible library)
 <li>Fix a select(3) bug in syslogd(8).  <li>Numerous more security policy and implementation improvements (OpenBSD defaults to installing in a very secure mode)
 <li><font color=#e00000><strong>A security issue exists in 2.2 and 2.3.  A  <li>Significantly improved ftp daemon.
         lacking test for invalid padding length in IPSEC packets can cause  <li>Protection from the udp spamming and ftp bounce attacks.
         a remote attack possibility if IPSEC is in use.  <li>randomized port allocation in bind(), bindresvport(), and rresvport() -- security via unpredictability.
         <a href=errata.html#ipsec>A patch exists which solves the problem</a>.  <li>The most secure rdist support anywhere.
         <a href=errata22.html#ipsec>(A similar patch exists for OpenBSD  <li>Fortran in the tree.
         2.2)</a></strong></font>.  <li>terminfo database support.
 <li>Add information about more deviant scsi devices.  <li>Working ATAPI audio support for multiple architectures.
 <li>Fix at least one remotely activated buffer overflow in lynx(1).  <li>Linux ext2fs and BSD4.4 LFS support being worked on.
 <li>Enable <strong>#pragma pack</strong> and <strong>#pragma weak</strong>  <li>Accepts FreeBSD MD5 passwords in password maps, soon will be able to generate them too
         support in gcc.  <li>Even more security fixes.
 <li>Fix a number of disklabel issues in the hp300 and pmax ports.  <li>using AT&T awk, gawk is toast
 <li>Fix localtime(3) support inside perl(1).  <li>pax as tar, gnutar is toast
 <li>pppd 2.3.5  <li>Boot kernels with "-c" to edit/enable/disable device configuration tables
 <li>Make the AD1848 and Yamaha OPL3-SA3 sound drivers work.  <li>ATM support (support for one company's sparc & i386 cards available)
 <li>Correct handling of escaped % correctly in crontab lines.  <li>kernfs extensions
 <li>Support 16 partitions in the pmax port.  <li>select() that can handle any amount of file descriptors.
 <li>Fix i386 copyoutstr().  <li>new system calls: rfork(), minherit(), poll().
 <li>Fix some bad uses of sscanf problems in the source tree.  <li>/sbin/init now deals with non-existant ttys, no longer spins gettys madly.
 <li>Fix short read() and write() operation in the RFC1413 handling code in  <li>ncheck utility for ffs
         httpd(1).  <li>Numerous scsi fixes
 <li>Fix 'z' command in mail(1).  <li>Some ddb improvements and extensions
 <li><strong>const</strong> the parameters to a few more system calls.  <li>In-kernel update(8) with an adaptive algorithm
 <li>Make config(8) store the first free unit number in its tables so that  <li>/dev/*random -- a device driver providing some kinds of random data
         pcmcia device re-insertion can come back to the same unit number.  <li>Solid YP master, server, and client capabilities.
 <li>Fix a file parsing overflow in kdb_util(8).  <li>Kerberos and other crypto in the source tree that is exportable
 <li>Niklas is taking a shot at making our cross compiler toolset sufficient  <li>Numerous security related fixes
         for a full cross compile of the vax port.  <li>new scsi, md5, pkg_* commands
 <li><font color=#e00000><strong>A possible new security problem exists if  <li>ATAPI support (should work on all ISA busses)
         you rely on securelevels and immutable or append-only files or  <li>Some LKM support in the tree.
         character devices.  The fix does not permit mmap'ing of immutable  <li>All the pieces needed for cross compilation are in the source tree.
         or append-only files which are otherwise writeable, as the VM  <li>Verbatim integration of the GNU tools (using a wrapper Makefile)
         system will bypass the meaning of the file flags when writes  <li>nlist() that understands ELF, ECOFF, and a.out, allowing non-a.out ports to use kvm utilies
         happen to the file.  <li>better ELF support
         <a href=errata.html#immutable>A patch exists which solves the  <li>ipfilter for filtering dangerous packets and Network Address Translation for IP masquerading.
         problem</a></strong></font>.  <li>The FreeBSD ports subsystem was integrated and is usable by you!
 <li>Make size(1) work on files created via <strong>ld -Z</strong>.  <li>a termlib library which understands termcap.db, needed for new curses.
 <li>Disable dynamic loading in the mips version of perl(1).  <li>New curses library, including libform, libpanel and libmenu.
 <li>Make perl(1) support calls to lockf(3) now that we have it.  <li>Many many NetBSD PR's fixed (which NetBSD has not yet fixed)
 <li>Emulate <strong>umask</strong> and <strong>exit</strong> script  
         commands inside make(1) directly, to get closer to the expected  
         behaviour. Later on we may want to emulate more commands, like  
         gnumake does...  
 <li>Improve documentation about how to properly enable YP client databases.  
 <li>Make the csh(1) command <strong>kill</strong> more standards compliant.  
 <li>As described a few lines above, support even more commands in make(1).  
 <li>Add a man page for ndbm(3).  
 <li>Remove some more incorrect uses of long in kerberos code.  
 <li>Fix i386 divide overflows traps which were possible in the NTP code.  
 <li>Fix less <strong>-d</strong> option.  
 <li>Improve XR16C850 support.  
 <li>Fix a bunch of scanf related buffer overflows.  
 <li>Compile the system with <strong>-O2</strong> instead of <strong>-O</strong>.  
 <li>Start cron at the end of /etc/rc to avoid some security issues.  
 <li>Correct 64 bit timeval storage in ping(8) packets; also put the time in  
         network byte order.  
 <li>In mount_nfs(8), contact the portmapper about the correct protocol (tcp or udp).  
 <li>Fix buffer overflows in getNAME(1).  
 <li>Fix acct(2) to work with append-only files.  
 <li>Fix a memory trashing bug in the IPSEC SPI chain delete function.  
 <li>Fix a free() related bug in csh(1).  
 <li><font color=#e00000><strong>Constrain how kill(2) operates against target  
         processes that are running setuid.  The previous unrestricted  
         behaviour may have had security consequences.  
         <a href=errata.html#kill>The 3rd revision of a patch which solves the  
         problem is available</a></strong></font>.  
 <li>In gdb, do not use 4.3 compatibility tty ioctl() calls.  
 <li>New distribution install notes that use m4 instead of cpp for formatting.  
 <li>Install gdb(1) info pages.  
 <li>Fix numerous source tree uses of readlink() with an incorrect length  
         parameter.  
 <li>Fix numerous uses of MAXHOSTNAMELEN+1 instead of MAXHOSTNAMELEN, and also  
         do the same for other similar cpp variables.  
 <li>Add the required setsockopt(2) interface for IPSEC, update photurisd(8)  
         to accept notify messages from the kernel.  
 <li>Fix two cases of incorrect timeout handling in the RPC library.  
 <li>Install sendmail configuration goo in /usr/share/sendmail.  
 <li>Add sparc magma serial device driver.  
 <li>Various TCP RPC fixes to deal with data streams that could cause lockups  
         inside the library.  
 <li>Stop info gathering in uucpd(8).  
 <li>Handle constant numeric U and LL extensions.  
 <li>bind 4.9.7, with the <strong>-u</strong>, <strong>-g</strong> and  
         <strong>-t</strong> options from 8.1.2.  
 <li>Modified named to stash its argument vector in pid file like sendmail does  
         and modified ndc to use it.  This means "ndc restart" will now  
         restart named with the correct arguments.  
 <li>Added "feature bits" display to i386 cpu detection, and added more AMD  
         and Cyrix processor models.  
 <li>Made i386 pctr driver compatible with all cpu vendors.  
 <li>Fix multi-address support in telnet(1).  
 <li>Integrate XFree86 3.3.2 patch 2.  
 <li>Make named(8) run in a chroot space.  
 <li>Integrate rt(8) and rtdelete(8) directly into ipsecadm(8).  
 <li>Tweak IPSEC so that it supports VPNs trivially.  A new vpn(8) manpage describes  
         how to use this.  
 <li>Fix an nfs crash.  
 <li>Fix sysctl net.inet.icmp.bmcastecho.  
 <li>In chfn(1), permit gecos sub-fields to be empty.  
 <li>On the i386, grow i386 kernel malloc area by 2MB.  
 <li>Fix /tmp use in yacc.  
 <li>in chfn(1), unlink the temp file after finished using it.  
 <li>Add support for pcvt to kbd(1).  
 <li>Move temporary file used by chfn(1) to /var/tmp.  
 <li>Change uudecode(1) to accept spaces in the filename.  
 <li>Permit kill(2) to send signal 0 to processes that are setuid, as long  
         as the existing uid check succeeds.  
 <li>Fix xdm(8) to close an excess file descriptor it left around.  
 <li>terminfo/termcap 10.2.3  
 <li>Fix root password setting code in install script.  
 </ul>  
   
 <a name=end></a>  </ul><p>
   
   
 This list mentions mostly platform-independent changes.  For a list of changes  This list mentions mostly platform-independent changes.  For a list of changes
 made in a particular platform, please check the page for that platform.  If you  made in a particular platform, please check the page for that platform.  If you
Legend:
Removed from v.1.279  
changed lines
  Added in v.1.280