version 1.849, 2002/11/13 21:26:19 |
version 1.850, 2002/12/09 01:48:36 |
|
|
|
|
<p> |
<p> |
<h3><font color=#0000e0>We are working on OpenBSD-current.</font></h3><p> |
<h3><font color=#0000e0>We are working on OpenBSD-current.</font></h3><p> |
The following list sums up (almost) all the changes made up to November 2. |
The following list sums up (almost) all the changes made up to December 7. |
<p> |
<p> |
|
|
<ul> |
<ul> |
|
<li>strncpy -> strlcpy in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>. |
|
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=compress&sektion=1">compress(1)</a> accept most of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gzip&sektion=1">gzip(1)</a>'s long options. Some cleanup also. |
|
<li>Continuing compatibility tweaks to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getopt_long&sektion=3">getopt_long(3)</a>. |
|
<!-- ^ 20021208 --> |
|
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> queue options can now be in any order. The 'scheduler' keyword is no longer used. |
|
<li>More rule shrinkage: The 'fromto' part of a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> is now optional and defaults to 'all', so e.g. 'block' == 'block all' == 'block from any to any'. <!-- Another uncommented feature, r1.244 --> |
|
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> anchor rules now support parameters, so 'anchor name proto tcp from any to any port smtp' works. |
|
<li>Remove support for the '-a otp' flag from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=telnetd&sektion=8">telnetd(8)</a>. Use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login.conf&sektion=5">login.conf(5)</a> instead. |
|
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=su&sektion=1">su(1)</a>'s -a flag work again. |
|
<li>'pfctl -s' now prints out addresses in rules in the order they are entered. |
|
<li>When <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=telnet&sektion=1">telnet(1)</a> receives a SIGPIPE when writing to the terminal, treat it like a user SIGQUIT. |
|
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> use the actual interface MTU instead of assuming 1500. |
|
<li>Convert string key hashes in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> to network byte order. |
|
<li>Fix a bug in Xaw that reads the wrong error return from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=open&sektion=2">open(2)</a>. |
|
<!-- ^ 20021207 --> |
|
<li>All the games set up the RNG with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=srandomdev&sektion=3">srandomdev(3)</a> instead of by lesser means. |
|
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> set the transform from the Default-Phase-1-Configuration. |
|
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=srandomdev&sektion=3">srandomdev(3)</a> fall back to using sysctl if it can't open /dev/arandom. |
|
<li>Make the libc <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getopt_long&sektion=3">getopt_long(3)</a> more compatible with GNU. |
|
<li>Output from 'pfctl -v' is now valid input to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>. |
|
<li>Make section and tag comparisons in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> case-insensitive. |
|
<!-- ^ 20021206 --> |
|
<li>Allow a null direction in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> rules, so e.g. 'block all' is now valid. <!-- Oh yes. Uncommented effect of r1.237 that introduced anchor rules. --> |
|
<li>Add named rulesets support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>, invoked from 'anchor' rules in the main ruleset. |
|
<li>Kernel memory allocation debugging can now be used anywhere - if the debugging pool is not yet initialised, it just does nothing. |
|
<li>Fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getopt_long&sektion=3">getopt_long(3)</a>. |
|
<li>Rule numbers are no longer output by 'pfctl -v'. Use '-v -v' to get them back. |
|
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&sektion=1">scp(1)</a> handle systems with odd block sizes better. |
|
<!-- ^ 20021205 --> |
|
<li>Drop unnecessary altq devices from the kernel. |
|
<li>Pass correct sizes to memset in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ping6&sektion=8">ping6(8)</a>. |
|
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a> behave better when running spanning tree: Flush the dynamic MAC cache when the forwarding/blocking state changes, and only forward packets while in the forwarding state. |
|
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> accept ACQUIRE requests with a null EXT_ADDRESS_SRC. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>, apply a netmask consistently. |
|
<!-- ^ 20021204 --> |
|
<li>Crank the major version numbers of the X libraries. |
|
<li>Continuing cleanup and shrinkage of the installer scripts. |
|
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=arp&sektion=8">arp(8)</a> now prints the interface name with which an address is associated. |
|
<li>Big cleanup up <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mixerctl&sektion=1">mixerctl(1)</a>. |
|
<li>Import a GNUish <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getopt_long&sektion=3">getopt_long(3)</a> from NetBSD. |
|
<li>Add -4 and -6 command line options to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> to select the address family to use. |
|
<li>Better MTU setting for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfsync&sektion=4">pfsync(4)</a>. |
|
<li>Correct a missed initialiser in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=raid&sektion=4">raid(4)</a>. |
|
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> play nice and shut down its sockets when it's done. |
|
<!-- ^ 20021203 --> |
|
<li>Crank all (system) library major numbers now that propolice is in. |
|
<li>Make a copy of rather than just refer to a string in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld&sektion=1">ld(1)</a>. Cures some ports linking problems. |
|
<li>Allow options at the end of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> pass and block rules to come in any order. |
|
<li>Make the bandwidth specifier optional in altq rules (as well as queue rules.) As a side effect, the altq rules can now have "bandwidth xx%" where the percentage is taken w.r.t. the interface bandwidth. |
|
<li>Implement legacy functions <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ecvt&sektion=3">ecvt(3)</a>, fcvt(3) and gcvt(3) for standards compliance. |
|
<li>Add <a href="http://www.trl.ibm.com/projects/security/ssp">propolice</a> stack attack protection into <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc&sektion=1">gcc(1)</a>. |
|
<li>Updated <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=unifdef&sektion=1">unifdef(1)</a>. |
|
<!-- ^ 20021202 --> |
|
<li>Don't have the X server drop privileges if started by root and from a non-standard config path. |
|
<li>Tweaks and fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>'s ioctl code. |
|
<!-- ^ 20021201 --> |
|
<!-- ^ 20021130 --> |
|
<li>Teach <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a> about <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfsync&sektion=4">pfsync(4)</a>. |
|
<li>Add new pseudo-device <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfsync&sektion=4">pfsync(4)</a>, exposing changes to the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> state table. |
|
<li>Kill a null deref in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>. |
|
<li>Wrap some noisy altq printf()s with #ifdef ALTQ_DEBUG. |
|
<!-- ^ 20021129 --> |
|
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=file&sektion=1">file(1)</a> gets a new option, -b, which supresses the output of the pathname. |
|
<li>Allow a qlimit to be specified in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> altq rules as well as in queue rules. |
|
<li>Use a custom hash function (based on that in if_bridge.c) for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> source-hash nat pools instead of MD5. |
|
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a> checks for invalid icmp6 option length. |
|
<!-- ^ 20021128 --> |
|
<li>page_dir update fixed in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=realloc&sektion=3">realloc(3)</a>. MALLOC_OPTIONS=J is now honoured in realloc() as well. |
|
<li>'fc -e' now works when <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ksh&sektion=1">ksh(1)</a> is invoked in 'sh' mode. |
|
<li>Allow usernames given to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> to contain '@' characters, i.e. the hostname follows the last '@'. |
|
<li>Tweaks to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> altq rules display. |
|
<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=daemon&sektion=3">daemon(3)</a> closing descriptors that <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> needs. |
|
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> read correctly the tbrsize spec. |
|
<li>Fix underflow and wraparound in socket timeout calculation. |
|
<li>Make IPv6 work in Linux emulation mode, though not for IPv4-mapped addresses. |
|
<!-- ^ 20021127 --> |
|
<li>The bandwidth statement in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> queue rules is now optional. |
|
<li>Change <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a> ordering so translation is now after queue... |
|
<li>Parse more include files so that <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kdump&sektion=1">kdump(1)</a> knows about more ioctls. |
|
<li>Pass in the right structure to DIOCCHANGEADDR. |
|
<!-- ^ 20021126 --> |
|
<li>Fix 'pfctl -Fq' so <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=altq&sektion=9">altq(9)</a> gets flushed and reset properly. |
|
<li>setuid() -> seteuid() in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftpd&sektion=8">ftpd(8)</a>. |
|
<li>Tweak <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>'s handling of address families in rules. |
|
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> fetch the address properly for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lo&sektion=4">lo(4)</a> with LINK1 set. |
|
<li>Use 1KB = 1000B instead of 1024B when dealing with bandwidth in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>. |
|
<li>Fix URL CRLF injection bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lynx&sektion=1">lynx(1)</a>. |
|
<!-- Applied to 3.2-stable --> |
|
<li>Add a missing check for snprintf errors in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=identd&sektion=8">identd(8)</a>. |
|
<li>Protect arc4_getbyte() with an splhigh(). |
|
<li>Some cleanup in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=talkd&sektion=8">talkd(8)</a>. |
|
<!-- ^ 20021125 --> |
|
<li>When <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=malloc&sektion=3">malloc(3)</a> stats dumps are enabled, warn if <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atexit&sektion=3">atexit(3)</a> fails. |
|
<li>Enforce new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a> ordering: options, normalization, translation, queue, filter. |
|
<li>Copy TAILQs properly in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>. |
|
<!-- ^ 20021124 --> |
|
<li>Remove a potential access-after-free in libc's syslog code. |
|
<li>New manual page <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc-local&sektion=1">gcc-local(1)</a> documenting OpenBSD-specific changes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc&sektion=1">gcc(1)</a>. |
|
<li>So farewell, then, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=altqd&sektion=8&release=OpenBSD+3.2">altqd(8)</a> and friends. |
|
<li>Better <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> altq rule error checking. |
|
<li>Fix a potential null deref in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>'s parser, and some general cleanup. |
|
<li>Make sure <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=authpf&sektion=8">authpf(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> don't try to issue ioctls when running with -n. |
|
<!-- ^ 20021123 --> |
|
<li>Implement 'nat pools' in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>, allow redirection using (nat, rdr, route-to, dup-to and reply-to) to multiple addresses. |
|
<li>Improvements to the ELF loader. |
|
<li>Some snprintf paranoia in BSD auth, also some extra initialisation. |
|
<li>Added new example dir /usr/share/pf, and example queue rulebase /usr/share/pf/queue1 to show how cool pf+altq is. |
|
<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=authpf&sektion=8">authpf(8)</a> accepting non-interactive sessions. |
|
<li>'pfctl -v' displays altq and queue lines, including child queue assignment. |
|
<li>Match the queue to the return type (icmp-unreach or RST) for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> block rules. |
|
<li>Use a quad_t instead of an int, and fix rlimit sizing for >2GB machines. |
|
<!-- ^ 20021122 --> |
|
<li>Fix some <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strncpy&sektion=3">strncpy(3)</a> lengths in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=telnetd&sektion=8">telnetd(8)</a>. |
|
<li>Add _tokenadm and _radius groups so their respective login programs can be setgid instead of setuid(root). |
|
<li>Add _shadow group and change group and mode of /etc/spwd.db to match |
|
<li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atoll&sektion=3">atoll(3)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strerror&sektion=3">strerror_r(3)</a> to libc. |
|
<li>Add simple multiple-card load balancing to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=9">crypto(9)</a> and add a simplified driver registration API. |
|
<li>Some int -> unsigned int in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>. |
|
<li>New -n option for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslogd&sektion=8">syslogd(8)</a> to disable DNS lookups. |
|
<!-- ^ 20021121 --> |
|
<li>Correct a format string bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=routed&sektion=8">routed(8)</a>'s, er, Makefile. |
|
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=at&sektion=1">at(1)</a> breakage when two jobs are set for the same time. |
|
<li>Correct a use-before-init in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xterm&sektion=1">xterm(1)</a>. |
|
<!-- ^ 20021120 --> |
|
<li>Create a simple lookup table mechanism [dev/pci/pci.c:pci_matchbyid()] to match PCI device IDs, and have several drivers use it. |
|
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vi&sektion=1">vi(1)</a> catalog updates: Fix Russian, add Polish and Ukrainian. |
|
<li>Fix an off-by-one when reading ICMP types and codes by name in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>. |
|
<!-- ^ 20021119 --> |
|
<li>Merge of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=altq&sektion=9">altq(9)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>, still some work left to do. |
|
<li>Don't overwrite SIG{INT,QUIT,TERM} handlers in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> if they're set to ignore. This mirrors <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rsh&sektion=1">rsh(1)</a> behaviour. |
|
<!-- ^ 20021118 --> |
|
<!-- ^ 20021117 --> |
|
<li>Make sure <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=skey&sektion=1">skey(1)</a> issues a fake challenge for a user without an S/Key file. |
|
<!-- ^ 20021116 --> |
|
<li>Enable the pthread library, but install it as libnpthreads so autoconf scripts don't pick it up and use it with -lpthread as well as using -pthread. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftpd&sektion=8">ftpd(8)</a>, prohibit user id changes once logged in, and run more stuff as the logged-in user. |
|
<li>Add 'Default-Phase-1-Configuration' to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>. |
|
<li>Be more careful when loading RSA1 key files in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>. |
|
<!-- ^ 20021115 --> |
|
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>'s handling of multiple values and continuation lines. |
|
<li>Improvements to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a> symbol lookup failure messages. |
|
<li>Allow DNS queries from the initial rulebase loaded by /etc/rc, so <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> can load at boot-time rulebases containing DNS entries. |
|
<!-- ^ 20021114 --> |
|
<li><font color="#e00000"><strong>SECURITY FIX: A buffer overflow in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=named&sektion=8">named(8)</a> could allow an attacker to execute code with the privileges of named. On OpenBSD, named runs as a non-root user in a chrooted environment which mitigates the effects of this bug.</strong></font><br> |
|
<a href="errata.html#named">A source code patch is available</a>.<br> |
|
<a href="stable.html"><font color=#00b000>[Applied to stable]</font></a> |
|
<li>Create links from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=curses&sektion=3">curses(3)</a> libs to ncurses, to satisfy autoconfiguration scripts that expect the latter instead of checking properly. |
|
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> scrub rules now are subject to the same list expansion as other rules. |
|
<li>Add label macro '$if' to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a>, now we can have interfaces in expansion lists. |
|
<li>Add some missing pointer initialisations in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>. |
|
<!-- ^ 20021113 --> |
|
<li>Add a null transform to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=4">crypto(4)</a>, enabled via sysctl kern.cryptodevallowsoft=1. |
|
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>'s determination of the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=execve&sektion=2">execve(2)</a> filename. |
|
<li>Kernel IPsec code checks for short IP headers. |
|
<!-- ^ 20021112 --> |
|
<!-- ^ 20021111 --> |
|
<!-- ^ 20021110 --> |
|
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> checks for invalid system call numbers. |
|
<!-- ^ 20021109 --> |
|
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=su&sektion=1">su(1)</a>'s login emultation mode work even more like <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login&sektion=1">login(1)</a>. |
|
<li>Avoid a possible reference count leak in kernel file descriptor code. |
|
<li>Remove bogus operations on the not-yet-existent file descriptor table in libc_r. |
|
<!-- ^ 20021108 --> |
|
<li>Implement simple vnodeops inheritance for specfs and fifofs, |
|
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&sektion=1">ftp(1)</a> can now follow HTTP redirects. |
|
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&sektion=1">scp(1)</a> properly reflect check the exit status of its <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> process if an error occurs. |
|
<li>Fix some invalid pointers in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>'s <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ioctl&sektion=2">ioctl(2)</a> handler. |
|
<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=makewhatis&sektion=8">makewhatis(8)</a> moaning about non-existent directories. |
|
<li>Don't use the HostbasedAuthentication switch to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign&sektion=8">ssh-keysign(8)</a>; instead, add new option EnableSSHKeysign to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config&sektion=5">ssh_config(5)</a>. |
|
<!-- XXX not added to ssh_config manpage though --> |
|
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=groupdel&sektion=8">groupdel(8)</a> check that the named group exists. |
|
<li>Allow '$' as the last character of a username, to appease Samba. |
|
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>'s -e option (log to stderr) work. |
|
<li>Make the minimum file rotation size 512 bytes instead of 512Kbytes... |
|
<li>Rearrange payload length check for ESP packets so packets with NULL encryption are tested also. |
|
<!-- Applied to 3.2-stable --> |
|
<li>Don't allow a simple non-existent server to crash <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=altqstat&sektion=1">altqstat(1)</a>. |
|
<!-- ^ 20021107 --> |
|
<li>Solve problems static linking with -lpthread. (-static -pthread still broken.) |
|
<li>Stop up a couple of memory leaks in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>. |
|
<li>Fix a few bugs in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mount&sektion=8">mount(8)</a>, and make its command line arguments handling more consistent. |
|
<li>Keep a correct reference count to the file referenced by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ioctl&sektion=2">ioctl(2)</a> under SVR4 emulation. |
|
<!-- Applied to 3.2-stable --> |
|
<!-- ^ 20021106 --> |
|
<li>Gracefully handle broken firewalls that block ECN-enabled TCP sessions by falling back to non-ECN. |
|
<li>Some thread-safety fixes to libc. |
|
<li>Add a cast to handle properly size_t larger than u_int in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>. |
|
<li>Fix some problems <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gzip&sektion=1">gzip(1)</a> had displaying information on files > 2GB. |
|
<!-- ^ 20021105 --> |
|
<li>Serve <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> a strong draught of CIDR (e.g. can use 10/8 now instead of 10.0.0.0/8.) |
|
<li>-STABLE branch created for 3.2. <a href="errata.html#smrsh">smrsh</a>, <a href="errata.html#pfpridge">pfbridge</a> and <a href="errata.html#kadmind">kadmind</a> errata fixes applied to it.<br> |
|
<li>When checking a filename in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>, don't fail when <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=realpath&sektion=3">realpath(3)</a> for the user's home directory - this happens legitimately when using AFS. |
|
<!-- ^ 20021104 --> |
|
<!-- ^ 20021103 --> |
<li>Do a better job when comparing dynamic addresses in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>. |
<li>Do a better job when comparing dynamic addresses in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>. |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> AF macros, operate on the whole address (all 128 bits) unless AF_INET is set. |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> AF macros, operate on the whole address (all 128 bits) unless AF_INET is set. |
<!-- ^ 20021102 --> |
<!-- ^ 20021102 --> |
|
|
<!-- ^ 20021029 --> |
<!-- ^ 20021029 --> |
<li>Remove a bogus test in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dd&sektion=1">dd(1)</a> that stopped a perfectly legal seek on a character device. |
<li>Remove a bogus test in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dd&sektion=1">dd(1)</a> that stopped a perfectly legal seek on a character device. |
<li>Merge OpenSSL 2.2.18, fixing a cross-site scripting bug and two off-by-ones. |
<li>Merge OpenSSL 2.2.18, fixing a cross-site scripting bug and two off-by-ones. |
|
<!-- Applied to 3.2-stable --> |
<li>Add a missing break statement in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>'s arguments parsing code. |
<li>Add a missing break statement in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>'s arguments parsing code. |
<!-- ^ 20021028 --> |
<!-- ^ 20021028 --> |
<li>Add getdents64() support under Linux emulation. |
<li>Add getdents64() support under Linux emulation. |
|
|
<li>Fix a null deref in libc_r. |
<li>Fix a null deref in libc_r. |
<li>Make sure the user process tally is right when kernel stack space can't be allocated for the new proc. |
<li>Make sure the user process tally is right when kernel stack space can't be allocated for the new proc. |
<li>Correctly count the total number of processes in the system. |
<li>Correctly count the total number of processes in the system. |
<li>Fix a remotely exploitable buffer overflow in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kadmind&sektion=8">kadmind(8)</a>.<br> |
<li><font color="#e00000"><strong>SECURITY FIX: A buffer overflow can occur in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kadmind&sektion=8">kadmind(8)</a> daemon, leading to possible remote crash or exploit.</strong></font><br> |
|
<a href="errata.html#kadmin">A source code patch is available</a>.<br> |
<a href="stable.html"><font color=#00b000>[Applied to stable]</font></a> |
<a href="stable.html"><font color=#00b000>[Applied to stable]</font></a> |
<!-- ^ 20021021 --> |
<!-- ^ 20021021 --> |
<li>Add partial support for the 21145 chip to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dc&sektion=4">dc(4)</a>. |
<li>Add partial support for the 21145 chip to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dc&sektion=4">dc(4)</a>. |
|
|
<!-- ^ 20021015 --> |
<!-- ^ 20021015 --> |
<li>In the X server, work around problems caused by certain MTRR configurations whose details are only available under NDA. |
<li>In the X server, work around problems caused by certain MTRR configurations whose details are only available under NDA. |
<li>Kernel tweaks and hacks in preparation for GCC 3.x (kern/subr_prf.c) |
<li>Kernel tweaks and hacks in preparation for GCC 3.x (kern/subr_prf.c) |
<li>Some fixes in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pool&sektion=9">pool(9)</a>. |
<li><font color="#e00000"><strong>A logic error in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pool&sektion=9">pool(9)</a> kernel memory allocator could cause memory corruption in low-memory situations, causing the system to crash.</strong></font><br> |
|
<a href="errata.html#pool">A source code patch is available</a>.<br> |
|
<a href="stable.html"><font color=#00b000>[Applied to stable]</font></a> |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> can now binat a whole netblock with one rule. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> can now binat a whole netblock with one rule. |
<!-- ^ 20021014 --> |
<!-- ^ 20021014 --> |
<li>Remove a potential null pointer deref in BSD authentication code. |
<li>Remove a potential null pointer deref in BSD authentication code. |
|
|
<li>Catch some endianness nits and add zero-padding of keys in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a>. |
<li>Catch some endianness nits and add zero-padding of keys in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a>. |
<li>Teach ALTQ CBQ the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> API. The old API remains for now. |
<li>Teach ALTQ CBQ the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> API. The old API remains for now. |
<!-- ^ 20021011 --> |
<!-- ^ 20021011 --> |
<li>Fix memory corruption that could cause panics in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a>d systems with scrub enabled. |
<li><font color="#e00000"><strong>RELIABILITY FIX: Network bridges running pf with scrubbing enabled could cause mbuf corruption, causing the system to crash.</strong></font><br> |
|
<a href="errata.html#pfbridge">A source code patch is available</a>.<br> |
|
<a href="stable.html"><font color=#00b000>[Applied to stable]</font></a> |
<li>Fix a bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mbuf_tags&sektion=9">m_tag_copy_chain()</a>. |
<li>Fix a bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mbuf_tags&sektion=9">m_tag_copy_chain()</a>. |
<!-- ^ 20021010 --> |
<!-- ^ 20021010 --> |
<li>Hush up noisy IPv6 neighbor discovery. Can be made loud again using sysctl net.inet6.icmp6.nd6_debug. |
<li>Hush up noisy IPv6 neighbor discovery. Can be made loud again using sysctl net.inet6.icmp6.nd6_debug. |
<!-- ^ 20021009 --> |
<!-- ^ 20021009 --> |
<li>In Sendmail, fix a potential bypass of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=smrsh&sektion=8">smrsh(8)</a> (see the Sendmail.org <a href="http://www.sendmail.org/smrsh.adv.txt">advisory</a>.) |
<li><font color="#e00000"><strong>SECURITY FIX: An attacker can bypass the restrictions imposed by sendmail's restricted shell, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=smrsh&sektion=8">smrsh(8)</a>, and execute arbitrary commands with the privileges of his own account.</strong></font><br> |
|
<a href="errata.html#smrsh">A source code patch is available</a>.<br> |
|
<a href="stable.html"><font color=#00b000>[Applied to stable]</font></a> |
<li>Make predicates part of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>'s grammar. |
<li>Make predicates part of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>'s grammar. |
<!-- ^ 20021008 --> |
<!-- ^ 20021008 --> |
<li>Start work on a merge of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=altq&sektion=9">altq(9)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> functionality. Oh yes. |
<li>Start work on a merge of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=altq&sektion=9">altq(9)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> functionality. Oh yes. |
|
|
<li>Give <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=window&sektion=1">window(1)</a> the stdarg treatment. |
<li>Give <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=window&sektion=1">window(1)</a> the stdarg treatment. |
<li>When routing via <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>, use the outgoing interface as decided by the normal routing code, not the interface to which the rule applies. |
<li>When routing via <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>, use the outgoing interface as decided by the normal routing code, not the interface to which the rule applies. |
<li>Fix cross-site scripting vulnerability (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0840">CAN-2002-0840</a>) in the default error page of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a>. Only applies under specific (and non-OpenBSD default) conditions. |
<li>Fix cross-site scripting vulnerability (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0840">CAN-2002-0840</a>) in the default error page of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a>. Only applies under specific (and non-OpenBSD default) conditions. |
|
<a href="stable.html"><font color=#00b000>[Applied to stable]</font></a> |
<!-- ^ 20021004 --> |
<!-- ^ 20021004 --> |
<li>In kernel IP processing, block interrupts with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=splsoftnet&sektion=9">splsoftnet(9)</a> around interface address routing table manipulations. |
<li>In kernel IP processing, block interrupts with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=splsoftnet&sektion=9">splsoftnet(9)</a> around interface address routing table manipulations. |
<li>Make sure <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> doesn't accept out-of-range TX keys. |
<li>Make sure <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> doesn't accept out-of-range TX keys. |