version 1.834, 2002/07/17 02:37:44 |
version 1.835, 2002/07/22 21:58:12 |
|
|
<li>Add a number of resource limits to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>. |
<li>Add a number of resource limits to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>. |
<li>Increase <a href="http://www.openbsd.org/i386.html">i386</a> kvm size to 768M. |
<li>Increase <a href="http://www.openbsd.org/i386.html">i386</a> kvm size to 768M. |
<li>The list of great Theo quotes for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a> continues to grow. |
<li>The list of great Theo quotes for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a> continues to grow. |
<li>Note: Resolver fix applied to 2.9-STABLE, 3.0-STABLE and 3.1-STABLE. |
|
<li><font color=#e00000><strong>SECURITY FIX: A potential buffer overflow in the DNS resolver has been found.</strong></font><br> |
<li><font color=#e00000><strong>SECURITY FIX: A potential buffer overflow in the DNS resolver has been found.</strong></font><br> |
<a href="errata.html#resolver">A source code patch is available</a>.<br> |
<a href="errata.html#resolver">A source code patch is available</a>.<br> |
<a href="stable.html"><font color=#00b000>[Applied to stable]</font></a> |
<a href="stable.html"><font color=#00b000>[Applied to stable]</font></a> |
|
|
<li>Skip routing table lookup when {broad,multi}casting and the outgoing interface is set using <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=setsockopt()&sektion=2">setsockopt(2)</a>. Removes the need for a 224/4 route. <!-- XXX it still gets set in /etc/rc though --> |
<li>Skip routing table lookup when {broad,multi}casting and the outgoing interface is set using <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=setsockopt()&sektion=2">setsockopt(2)</a>. Removes the need for a 224/4 route. <!-- XXX it still gets set in /etc/rc though --> |
<li>Make X use /dev/wsmouse instead of /dev/wsmouse0 by default. |
<li>Make X use /dev/wsmouse instead of /dev/wsmouse0 by default. |
<li>Add some m68k opcode aliases for GNU <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=as&sektion=1">as(1)</a> from recent binutils. |
<li>Add some m68k opcode aliases for GNU <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=as&sektion=1">as(1)</a> from recent binutils. |
<li>Pull the bzero() fix in sys/netinet/tcp_input.c from -current into 3.0-stable. |
|
<li>Fix the FTP relay in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=faithd&sektion=8">faithd(8)</a>. |
<li>Fix the FTP relay in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=faithd&sektion=8">faithd(8)</a>. |
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> reassociation after an AP reboot. |
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> reassociation after an AP reboot. |
<li><font color=#e00000><strong>SECURITY FIX: A buffer overflow can |
<li><font color=#e00000><strong>SECURITY FIX: A buffer overflow can |
|
|
<li>Add volatile to sig_atomic_t. Stand well back. |
<li>Add volatile to sig_atomic_t. Stand well back. |
<li>Use rasops instead of rcons in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cgthree&sektion=4&arch=sparc">cgthree(4/SPARC)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cgsix&sektion=4&arch=sparc">cgsix(4/SPARC)</a>. |
<li>Use rasops instead of rcons in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cgthree&sektion=4&arch=sparc">cgthree(4/SPARC)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cgsix&sektion=4&arch=sparc">cgsix(4/SPARC)</a>. |
<li>Simplify IPv6 link MTU code. |
<li>Simplify IPv6 link MTU code. |
<li>Stop maintaining 2.9-stable. |
|
<li>Bump 2.9-stable to <a href="http://www.openssh.com/">OpenSSH</a> version 3.2.3. |
|
<li>Bump 3.0-stable to <a href="http://www.openssh.com/">OpenSSH</a> version 3.2.3. |
|
<li>Implement PMAP_CANFAIL flag for m68k pmap. |
<li>Implement PMAP_CANFAIL flag for m68k pmap. |
<li>Enable console blanking on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cgthree&sektion=4&arch=sparc">cgthree(4/SPARC)</a>. |
<li>Enable console blanking on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cgthree&sektion=4&arch=sparc">cgthree(4/SPARC)</a>. |
<li>Make sure some struct sockaddr are cleared before use. |
<li>Make sure some struct sockaddr are cleared before use. |
|
|
<li>Now that the Dungeon Master <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dm&sektion=0&manpath=OpenBSD+3.1">dm(1)</a> has gone into well-earned retirement, make those games that need to save high scores, etc. run setgid games. |
<li>Now that the Dungeon Master <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dm&sektion=0&manpath=OpenBSD+3.1">dm(1)</a> has gone into well-earned retirement, make those games that need to save high scores, etc. run setgid games. |
<li>Per-socket <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> policies and options! |
<li>Per-socket <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> policies and options! |
<li>Stop a potential <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> DoS where an attacker could falsely advance the replay counter and so force valid traffic to be discarded. |
<li>Stop a potential <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> DoS where an attacker could falsely advance the replay counter and so force valid traffic to be discarded. |
<li>Add German keyboard map for Apple iBook. |
<li>Add German keyboard map for Apple laptops. |
<li>On ELF platforms, allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc&sektion=1">gcc(1)</a> to link Fortran code with other languages. |
<li>On ELF platforms, allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc&sektion=1">gcc(1)</a> to link Fortran code with other languages. |
<li>Pull <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ldconfig&sektion=8">ldconfig(8)</a> strlcpy() fix into <a href="http://www.openbsd.org/stable.html">-stable</a>. |
<li>Make sure every PCI interrupt is recorded, so ISA doesn't step on one of them later. |
<li>Make sure <em>every</em> PCI interrupt is recorded, so ISA doesn't step on one of them later. |
<li>Better <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=radio&sektion=4">radio(4)</a> devices attachment. |
<li>Attach <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=radio&sektion=4">radio(4)</a> devices properly. |
|
<li>Fix VIA8233 support in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=auvia&sektion=4">auvia(4)</a>. |
<li>Fix VIA8233 support in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=auvia&sektion=4">auvia(4)</a>. |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nc&sektion=1">nc(1)</a> timeouts behave more like netcat. |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nc&sektion=1">nc(1)</a> timeouts behave more like netcat. |
<li>Make sure user's shell is /usr/sbin/authpf before running <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=authpf&sektion=8">authpf(8)</a> to prevent $SSH_CLIENT shenanigans. |
<li>Make sure user's shell is /usr/sbin/authpf before running <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=authpf&sektion=8">authpf(8)</a> to prevent $SSH_CLIENT shenanigans. |
<li>In <a href="http://www.openssh.com">ssh</a>, use OpenSSL's AES implementation instead of our own. |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh</a>, use OpenSSL's AES implementation instead of our own. |
<li>Add -[46] options to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&sektion=1">ftp(1)</a>. |
<li>Add -[46] options to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&sektion=1">ftp(1)</a>. |
<li>Warn to syslog if IPv6 neighbor discovery tries to set the link MTU too small. |
<li>Warn to syslog if IPv6 neighbor discovery tries to set the link MTU too small. |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tip&sektion=1">tip(1)</a> query the driver with the user's baud rate setting rather than only accepting a compiled-in list. |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tip&sektion=1">tip(1)</a> query the driver with the user's baud rate setting rather than only accepting a compiled-in list. |
<li>Better <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wscons&sektion=4">wscons(4)</a> support for Sun type 5 keyboards. |
|
<li>Cleanup and small fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=skeyaudit&sektion=1">skeyaudit(1)</a>. |
<li>Cleanup and small fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=skeyaudit&sektion=1">skeyaudit(1)</a>. |
<li>Fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fms&sektion=4">fms(4)</a>. |
<li>Fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fms&sektion=4">fms(4)</a>. |
<li>Various fixes and enhancements to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a>. |
<li>Various fixes and enhancements to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a>. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> no longer starts in privilege-separated mode unless the PrivSep user sshd and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chroot&sektion=2">chroot(2)</a> dir /var/empty are both present. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> no longer starts in privilege-separated mode unless the PrivSep user sshd and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chroot&sektion=2">chroot(2)</a> dir /var/empty are both present. |
<li>Recognise Intel 830 (laptop Celery support) and 312 southbridge. |
|
<li>Fix potential time overflow in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dd&sektion=1">dd(1)</a>. |
<li>Fix potential time overflow in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dd&sektion=1">dd(1)</a>. |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a> refragment IP packets that are too large for the outgoing interface. |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a> refragment IP packets that are too large for the outgoing interface. |
<li>Remove libdl, support is now in libc. |
<li>Remove libdl, support is in libc since a long time already. |
<li>Recognise Nokia C110 and C111 PC cards as <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> devices. |
<li>Recognise Nokia C110 and C111 PC cards as <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> devices. |
<li>Really sanitize <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a>'s environment as promised in the manpage when running set[ug]id, and test for set[ug]id earlier. |
<li>Really sanitize <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a>'s environment as promised in the manpage when running set[ug]id, and test for set[ug]id earlier. |
<li>Don't allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mktemp&sektion=3">mktemp(3)</a> to back up past the beginning of its input buffer. |
<li>Don't allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mktemp&sektion=3">mktemp(3)</a> to back up past the beginning of its input buffer. |
|
|
<li>struct ifnet now has an array of pointers to data for each address family. Move per-interface IPv6 state and neighbor discovery stuff here. |
<li>struct ifnet now has an array of pointers to data for each address family. Move per-interface IPv6 state and neighbor discovery stuff here. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a> cleanup. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a> cleanup. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ping6&sektion=8">ping6(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=traceroute6&sektion=8">traceroute6(8)</a> updates from <a href="http://www.kame.net/">KAME</a>. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ping6&sektion=8">ping6(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=traceroute6&sektion=8">traceroute6(8)</a> updates from <a href="http://www.kame.net/">KAME</a>. |
<li>unsigned -> unsigned int cleanup. |
<li>unsigned -> unsigned int cleanup. |
<li>pid_t type cleanup. |
<li>Repair machdep.chipset sysctl on alpha. |
|
<li>Audit pid_t type usage. |
|
<li>Audit incorrect signal(2) usage. |
<li>Fix big <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=snprintf&sektion=3">snprintf(3)</a> |
<li>Fix big <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=snprintf&sektion=3">snprintf(3)</a> |
parameter typo in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strftime&sektion=3">strftime(3)</a>. |
parameter typo in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strftime&sektion=3">strftime(3)</a>. |
<li>Don't use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=execlp&sektion=3">execlp(3)</a> when invoking <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign&sektion=8">ssh-keysign(8)</a>. |
<li>Don't use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=execlp&sektion=3">execlp(3)</a> when invoking <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign&sektion=8">ssh-keysign(8)</a>. |
|
|
<li>More IANA interface type values, including IFT_BRIDGE. |
<li>More IANA interface type values, including IFT_BRIDGE. |
<li>Split XFree86 bsd_video.c into architecture-specific files. |
<li>Split XFree86 bsd_video.c into architecture-specific files. |
<li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=8">sysctl(8)</a> toggle net.inet.icmp.tstamprepl (default: 1) for ICMP timestamp replies. |
<li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=8">sysctl(8)</a> toggle net.inet.icmp.tstamprepl (default: 1) for ICMP timestamp replies. |
<li>Yet more safe string function fixes. |
<li>Even more steps toward the death of unsafe string functions. |
<li>In XFree86 build, honour COPTS variable when building third-party apps. |
<li>In XFree86 build, honour COPTS variable when building third-party apps. |
<li>Add LIBS option for crunchgen so custom libraries can be added to boot images. |
<li>Add LIBS option for crunchgen so custom libraries can be added to boot images. |
<li>Run <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rpc.rstatd&sektion=8">rpc.rstatd(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rpc.rusersd&sektion=8">rpc.rusersd(8)</a> as user nobody (boo!) from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inetd&sektion=8">inetd(8)</a>. |
<li>Run <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rpc.rstatd&sektion=8">rpc.rstatd(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rpc.rusersd&sektion=8">rpc.rusersd(8)</a> as user nobody (boo!) from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inetd&sektion=8">inetd(8)</a>. |
<li>From <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a>, remove tests that have no license, and for the same reason replace parts of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld&sektion=1">ld(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ldconfig&sektion=8">ldconfig(8)</a>. |
<li>From <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a>, remove tests that have no license, and for the same reason replace parts of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld&sektion=1">ld(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ldconfig&sektion=8">ldconfig(8)</a>. |
<li>Remove unnecessary instruction cache flushes on <a href="http://www.openbsd.org/sparc64.html">sparc64</a>. |
<li>Remove unnecessary instruction cache flushes on <a href="http://www.openbsd.org/sparc64.html">sparc64</a>. |
<li>Many cleanups in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a>. |
<li>Many cleanups in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a>. |
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=disklabel&sektion=8">disklabel(8)</a> warnings on a SCSI |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cd&sektion=4">cd(4)</a> with no data track. |
|
<li>Allow incoming <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> connections in the temporary <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> ruleset installed by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rc&sektion=8">/etc/rc</a>, just in case the real rulebase fails to load later on. |
|
<li>Support mixed IPv4/IPv6 address lists in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>. |
<li>Support mixed IPv4/IPv6 address lists in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>. |
<li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign&sektion=8">ssh-keysign(8)</a>. |
<li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign&sektion=8">ssh-keysign(8)</a>. |
<li>Remove obsolete <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dm&sektion=8&manpath=OpenBSD+3.0">dm(8)</a>. |
<li>Remove obsolete <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dm&sektion=8&manpath=OpenBSD+3.0">dm(8)</a>. |
|
<li>Fix <a |
|
href="http://www.openbsd.org/cgi-bin/man.cgi?query=disklabel&sektion=8">disklabel(8)</a> |
|
warnings on CD-ROM |
|
(<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cd&sektion=4">cd(4)</a>) |
|
with no data track. |
|
<li>Allow incoming <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> connections in the temporary <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> ruleset installed by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rc&sektion=8">/etc/rc</a>, just in case the real rulebase fails to load later on. |
<li>Hunt for biodone() calls not made at splbio() <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spl&sektion=9">spl(9)</a>, and fix them. |
<li>Hunt for biodone() calls not made at splbio() <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spl&sektion=9">spl(9)</a>, and fix them. |
<li>Improve <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mount_cd9660&sektion=8">cd9660(8)</a> filesystem read-ahead performance. |
<li>Improve <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mount_cd9660&sektion=8">cd9660(8)</a> filesystem read-ahead performance. |
<li>Support software brightness and backlight control on various macppc models. |
<li>Support software brightness and backlight control on various macppc models. |