version 1.883, 2003/08/17 21:37:40 |
version 1.884, 2003/08/25 22:24:05 |
|
|
|
|
<p> |
<p> |
<h3><font color="#0000e0">We are working on OpenBSD-current.</font></h3><p> |
<h3><font color="#0000e0">We are working on OpenBSD-current.</font></h3><p> |
The following list sums up (almost) all the changes made up to July 23. |
The following list sums up (almost) all the changes made up to August 24. |
<p> |
<p> |
|
|
<ul> |
<ul> |
|
<!-- ^ 20030825 --> |
|
<li>Fix static <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> builds. |
|
<li>Some 64-bit cleanup in the new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> GSSAPI code. |
|
<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> rejecting perfectly legitimate nat-with-tables rules. |
|
<li>When tables are used in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> routing rules with address pools, only allow round-robin mode. |
|
<li>Structure and defines for generic IEEE 802.11 framework. |
|
<li>'Implement' <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pread&sektion=2">pread(2)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pwrite&sektion=2">pwrite(2)</a> under FreeBSD emulation (they're identical to the native calls.) |
|
<!-- ^ 20030824 --> |
|
<li>In the installer, if an interface is configured using DHCP then assume that the default route is via DHCP also. |
|
<li>Improvements to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&sektion=8">spamd(8)</a>:<ul> |
|
<li>New -s option to specify the delay in seconds between each character sent. |
|
<li>Shrink the TCP receive window to one byte, hurting the sender's stack.<!-- Mwuahahahaha --> |
|
<li>Keep the connection open until ten lines of mail body have been received. |
|
<li>Better logging via syslog. |
|
</ul> |
|
<li>Use the correct format for printing time values in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&sektion=8">spamd(8)</a>. |
|
<li>Check the maximum size of an exec header after <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lkm&sektion=4">lkm(4)</a> load or unload, since the module may just change it. |
|
<li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=8">sysctl(8)</a>-toggled emulations to be switched off after being switched on. |
|
<li>Fix a bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ksh&sektion=1">ksh(1)</a> emacs-mode filename completion. |
|
<!-- ^ 20030823 --> |
|
<li>Fix 64-bit breakage in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> counters output. |
|
<li>Build <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a> with support for DSN-specific timeouts, so bounces can be timed out more quickly. |
|
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ksh&sektion=1">ksh(1)</a>'s end-of-word detection. |
|
<li>Remove <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> support for the kerberos-2@ssh.com authentication method, now obsoleted by GSSAPI. |
|
<li>Add GSSAPI authentication support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>. |
|
<li>Don't age IPv6 non-gateway host routes. (NetBSD PR bin/22568.) |
|
<!-- ^ 20030822 --> |
|
<li>New keywords @extra and @extraunexec for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pkg_create&sektion=1">pkg_create(1)</a>, to specify 'extra' package files that are only undeleted with pkg_delete -c. |
|
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a> can now show the operating system of TCP SYN packets with the -o option. |
|
<li>Add passive OS fingerprinting capability to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>, via the 'os' keyword. |
|
<li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.os&sektion=5">pf.os(5)</a> passive OS fingerprint database. |
|
<li>Add kern.emul.* <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=8">sysctl(8)</a> toggles for the various OS emulations instead of compile-time options. |
|
<li>Fix Apache bug <a href="http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21737">#21737</a> (zombie suexec processes) by reverting to 1.3.27 behaviour. |
|
<li>Merge in Apache 1.3.28 and mod_ssl 2.8.15. |
|
<li>By default, use spamhaus instead of spews for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&sektion=8">spamd(8)</a>. |
|
<li>In libcrypto, add bignum zero to bignum zero without corrupting the result. |
|
<li>Backport a fix for an obscure <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc&sektion=1">g++(1)</a> <a href="http://gcc.gnu.org/ml/gcc-bugs/1999-08n/msg00621.html">bug</a> which propolice trips. |
|
<!-- ^ 20030821 --> |
|
<li><font color="#e00000"><strong>RELIABILITY FIX: An improper bounds check in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=semget&sektion=2">semget(2)</a> system call can allow a local user to cause a kernel panic.</a></strong></font><br> |
|
<a href="errata.html#semget">A source code patch is available</a>.<br> |
|
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> |
|
<li>Queues that list themselves as a child queue are now disallowed by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>. |
|
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> print a more helpful error messages for bad queue definitions and invalid CBQ priorities. |
|
<li>Convert <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bootpd&sektion=8">bootpd(8)</a> from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=select&sektion=2">select(2)</a> to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=poll&sektion=2">poll(2)</a>. |
|
<!-- ^ 20030820 --> |
|
<li>Increase the default FD_SETSIZE from 256 to 1024. |
|
<li>Set the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=select&sektion=2">select(2)</a> timeout properly for active mode FTP under <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=faithd&sektion=8">faithd(8)</a>. |
|
<li>Change ioctl(...SIOCFIGCONF...) to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getifaddrs&sektion=3">getifaddrs(3)</a> in lots of places. |
|
<li>Add dynamic <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=select&sektion=2">select(2)</a> fd_set handling to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ypbind&sektion=8">ypbind(8)</a>. |
|
<li>Convert <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=map-mbone&sektion=8">map-mbone(8)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mrinfo&sektion=8">mrinfo(8)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mtrace&sektion=8">mtrace(8)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pppctl&sektion=8">pppctl(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=timed&sektion=8">timed(8)</a> from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=select&sektion=2">select(2)</a> to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=poll&sektion=2">poll(2)</a>. |
|
<li>Fix accidental fallthrough from SIOCSIFADDR to SIOCIFFLAGS for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tl&sektion=4">tl(4)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tx&sektion=4">tx(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wb&sektion=4">wb(4)</a>. |
|
<li>As well as recommending <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=su&sektion=1">su(1)</a> instead root logins, clearly and distinctly suggest the user read <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=afterboot&sektion=8">afterboot(8)</a>. If that doesn't work, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=banner&sektion=1">banner(1)</a> is available... |
|
<li>Change /etc/mtree/4.4BSD.dist to reflect the move from /usr/include/ssl to /usr/include/openssl. |
|
<li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mtd&sektion=4">mtd(4)</a> driver for Myson Technologies 3-in-1 Fast Ethernet boards. From NetBSD. |
|
<!-- ^ 20030819 --> |
|
<li>New NOFONTS define for XF4, stops fonts being built. Oh yes. |
|
<li>Handle target lookup using the shell PATH nicely in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pmdb&sektion=1">pmdb(1)</a>. |
|
<li>Do a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tzset&sektion=3">tzset(3)</a> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslogd&sektion=8">syslogd(8)</a> before doing the chroot. |
|
<li>Don't treat PKG_PATH-built URL paths to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pkg_info&sektion=1">pkg_info(1)</a> as if they refer to local files. |
|
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pkg_info&sektion=1">pkg_info(1)</a>'s -a option look only at installed packages. |
|
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> detect nonsensical max-mss > 65535 in scrub rules. |
|
<li>Don't loop back a copy of a broadcast or multicast packet to a simplex interface if <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> routing is involved, preventing lockups. |
|
<li>Enable the --initial-tab long option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=diff&sektion=1">diff(1)</a> by spelling it correctly. |
|
<!-- ^ 20030817 --> |
|
<li>Use only <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> to stir <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=arc4random&sektion=3">arc4random(3)</a> using kernel arc4random(). No more messing with /dev/arandom. |
|
<!-- ^ 20030816 --> |
|
<li>Add a bunch of emacs commands to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a> dired mode. |
|
<li>Unbreak <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a> dired mode directory listings. |
|
<li>In the kernel, change arguments to suser(), and add new suser_ucred() for instances where caller doesn't have a process. |
|
<li>New -S option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pkg_create&sektion=1">pkg_create(1)</a>, like -s only better. |
|
<!-- ^ 20030815--> |
|
<li>Zero out unused directory entry fields on FAT12 and FAT16 filesystems, to avoid breakage on Win2k and WinXP (PR#3400.) |
|
<li>Add a bunch more syscall stubs and implement exit_group() under Linux emulation. Needed for newer glibc binaries. |
|
<li>Fix wrongness, memory leakage and a panic on directory reads in other-OS emulation mode on some filesystems. |
|
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen&sektion=1">ssh-keygen(1)</a> exit nicely after screening candidate primes (-T option.) |
|
<li>Much cleanup in the new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=safe&sektion=4">safe(4)</a> driver. |
|
<li>Add the POSIX-mandated struct itimerspec to sys/time.h . |
|
<!-- ^ 20030814 --> |
|
<li>Install the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a> TUNING guide. |
|
<li>Better memory-use optimization for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=diff&sektion=1">diff(1)</a>. |
|
<li>Remove the very deprecated RhostsAuthentication feature from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>. |
|
<li>Use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcsendbreak&sektion=3">tcsendbreak(3)</a> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> instead of ioctl(...TIOCSBRK...), for portability. |
|
<!-- ^ 20030813 --> |
|
<li>Convert <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rshd&sektion=8">rshd(8)</a> to use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=poll&sektion=2">poll(2)</a> instead of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=select&sektion=2">select(2)</a>. |
|
<li>Don't blindly pass FD_SETSIZE as the first argument to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=select&sektion=2">select(2)</a>, that's bad mmmkay? |
|
<li>New driver, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=safe&sektion=4">safe(4)</a>, for the SafeNet crypto accelerator. From FreeBSD. |
|
<li>Remove a bunch of AFS stuff that isn't used by OpenBSD. |
|
<li>Merge in xfs from the ARLA-current as of 20030805. |
|
<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pkg_create&sektion=1">pkg_create(1)</a> erasing the last checksum from CONTENTS. |
|
<!-- ^ 20030812 --> |
|
<li>Kill a panic when creating a block device on a full filesystem (NetBSD <a href="http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=22419">PR#22419</a>.)<br> |
|
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> |
|
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&sektion=1">ftp(1)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rsh&sektion=1">rsh(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=talk&sektion=1">talk(1)</a> now use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=poll&sektion=2">poll(2)</a> instead of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=select&sektion=2">select(2)</a>. |
|
<li>Unbreak <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> DIOCCHANGEADDR.<br> |
|
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> |
|
<li>Some nice robustness-in-the-face-of-spam tweaks to the example <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a> config in cf/courtesan.mc. |
|
<li>Do dynamic <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=select&sektion=2">select(2)</a> fd_set allocation in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nfsd&sektion=8">nfsd(8)</a>. |
|
<li>Handle <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=realloc&sektion=3">realloc(3)</a> failure nicely in the libedit tokenizer. |
|
<li>3.3-current -> 3.4-beta. |
|
<li>Implement CLOCK_MONOTONIC for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=clock_gettime&sektion=2">clock_gettime(2)</a>. From NetBSD. |
|
<li>Don't attach a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=le&sektion=4">le(4)</a> device if the interrupt for it can't be established. |
|
<!-- ^ 20030811 --> |
|
<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=patch&sektion=1">patch(1)</a> adding an extraneous newline at the end of its output. |
|
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=patch&sektion=1">patch(1)</a> warn if a context or unified diff comes without a context, since this makes detection of a previously applied patch impossible. |
|
<li>Remove uvm_useracc() from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uvm&sektion=9">uvm(9)</a>. |
|
<!-- ^ 20030810 --> |
|
<li>Fix an off-by-one in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vacation&sektion=1">vacation(1)</a>. |
|
<li>Allow tables to be used in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> translation and routing rules. |
|
<!-- ^ 20030809 --> |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=diff&sektion=1">diff(1)</a>, do the initial memory allocation using a guesstimate based on the file size. |
|
<li>Fix a bunch of potential null derefs in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>. |
|
<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=patch&sektion=1">patch(1)</a> scanning the input file twice. |
|
<li>Disable a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc&sektion=1">gcc(1)</a> optimization, enabled by -fexpensive-optimizations and hence by -O2, on platforms where it was generating incorrect code. |
|
<!-- ^ 20030808 --> |
|
<li>Fix some memory leaks in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ed&sektion=1">ed(1)</a>. |
|
<li>Allow 192- and 256-bit AES in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=4">crypto(4)</a>. |
|
<li>Use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=setusercontext&sektion=3">setusercontext(3)</a> instead of roll-your-own in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a>, so that <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login.conf&sektion=5">login.conf(5)</a> values apply. |
|
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> matching code handle 32-bit uid and gid values properly. |
|
<li>Make the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> toggle net.inet6.ip6.redirect work as expected. |
|
<li>Fix a potential use-after-free in icmp6 redirect code. |
|
<!-- ^ 20030807 --> |
|
<li>Fix the abnormal exit code in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ohci&sektion=4">ohci(4)</a>. |
|
<li>Plug memory leaks in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=modload&sektion=8">modload(8)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pkg_add&sektion=1">pkg_add(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=usb&sektion=4">usb(4)</a>. |
|
<li>Add -h option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ls&sektion=1">ls(1)</a> for human-readable sizes. |
|
<li>The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc&sektion=1">gcc(1)</a> -Wbounded checker can't handle variable-length arrays yet, so don't try. |
|
<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gdb&sektion=1">gdb(1)</a> crashing on 'set enum' without an argument. |
|
<!-- ^ 20030806 --> |
|
<li>Now the information is actually copied into place, make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mount&sektion=8">mount(8)</a> show procfs info. |
|
<li>Have procfs copy its mount options into statfs.mount_info. |
|
<li>Add a debugging lever that forces <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=patch&sektion=1">patch(1)</a> to use plan B. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=patch&sektion=1">patch(1)</a> plan A, use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mmap&sektion=2">mmap(2)</a> instead of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=read&sektion=2">read(2)</a>/<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=malloc&sektion=3">malloc(3)</a>. |
|
<li>strlcpy() -> strncpy() in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bos&sektion=8">bos(8)</a>, un-busting the AFS wire protocol. |
|
<li>Merge in ARLA -current, set version to 'arla-20030805'. |
|
<!-- ^ 20030805 --> |
|
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> updates from NetBSD and monkey.org. |
|
<li>Add a missing close() in libsa's exec(). |
|
<li>Use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strlcpy&sektion=3">strlcpy(3)</a> to guarantee null termination of the coredump process name. |
|
<!-- ^ 20030804 --> |
|
<li>Implement the WCONTINUED flag in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wait&sektion=2">wait*(2)</a>, as per POSIX. Adapted from FreeBSD. |
|
<li>Fix Linux truncate64() emulation as well. |
|
<li>Remove GNU gzip from the tree. |
|
<!-- ^ 20030803 --> |
|
<li>New, BSD-licensed <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=znew&sektion=1">znew(1)</a> script. |
|
<li>Properly check the result of attempts to read from and write to processes in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pmdb&sektion=1">pmdb(1)</a>. |
|
<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ksh&sektion=1">ksh(1)</a>'s Emacs mode yank-pop command dumping core when run twice (PR#3384.) |
|
<li>Correct emulation of Linux ftruncate64(). |
|
<!-- ^ 20030802 --> |
|
<li><font color="#e00000"><strong>SECURITY FIX: An off-by-one error exists in the C library function <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=realpath&sektion=3">realpath(3)</a>.</strong></font> Since this same bug resulted in a root compromise in the wu-ftpd ftp server it is possible that this bug may allow an attacker to gain escalated privileges on OpenBSD.<br> |
|
<a href="errata.html#realpath">A source code patch is available</a>.<br> |
|
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> |
|
<li>Back out the pthread itimer change (except when profiling) for compatibility reasons. |
|
<li>Add __bounded__ attribute definitions (see <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc-local&sektion=1">gcc-local(1)</a>) for many library functions. |
|
<li>Don't print a pointless read-only warning message when running <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vi&sektion=1">vi(1)</a> in read-only mode. |
|
<li>New -q flag for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pkg_delete&sektion=1">pkg_delete(1)</a> that doesn't do a checksum before removing package files. |
|
<li>Support for Marvell-based devices in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sk&sektion=4">sk(4)</a>. |
|
<!-- ^ 20030801 --> |
|
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> table tickets per-ruleset instead of global. |
|
<li>Remove undocumented '-p' == '-p0' behaviour from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=patch&sektion=1">patch(1)</a>, like GNU patch and in accordance with POSIX. |
|
<li>Repair <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=patch&sektion=1">patch(1)</a>'s relative path handling by not nuking a parameter needed later in the function. |
|
<li>Change the hash function used in the internals of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=diff&sektion=1">diff(1)</a> so it generates fewer collisions. |
|
<li>Privilege separation for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslogd&sektion=8">syslogd(8)</a>. Note new HUP behaviour. |
|
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=patch&sektion=1">patch(1)</a> complain about non-existent lines at most once per patch. |
|
<li>Make sure <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> doesn't attempt to display no-longer-existent queues. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>, check that password authentication is enabled before trying to authenticate users using the 'none' method (i.e. a blank password.) |
|
<li>Add a new, BSD-licensed <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gzexe&sektion=1">gzexe(1)</a>. |
|
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=diff&sektion=1">diff(1)</a> exit codes when comparing against stdin. |
|
<!-- ^ 20030731 --> |
|
<li>Remove GNU diff from the tree. |
|
<li>Add basic support for ftp:// package paths via the PKG_PATH environment variable. |
|
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=patch&sektion=1">patch(1)</a> prompting more POSIX, and add the POSIX -i option. |
|
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifconfig&sektion=8">ifconfig(8)</a> die (instead of just complaining) when addition or deletion of an interface address fails. |
|
<!-- ^ 20030730 --> |
|
<li>Use a sockaddr_storage instead of a sockaddr to avoid a stack smash in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bpf&sektion=4">bpf(4)</a>. |
|
<li>Remove a stray backslash and unbreak 'make release' for XF4. |
|
<li>Save the interface associated with a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> state table entry when the entry is first created, not when another packet matches the entry. |
|
<li>When running <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fsck&sektion=8">fsck(8)</a> as root, bump the data size resource limit up to unlimited (instead of up to the hard limit) to avoid problems with large filesystems. |
|
<li>Better TMPDIR environment variable handling in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=patch&sektion=1">patch(1)</a>. |
|
<li>Improved test for output on stdout in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=compress&sektion=1">compress(1)</a>. |
|
<li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> progress meter implementation, with better licensing. |
|
<li>Add 'pass on lo' to the temporary boottime <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a> (PR#3376.) |
|
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp-proxy&sektion=8">ftp-proxy(8)</a>'s handling of multiline server responses (PR#3378.) |
|
<li>Add a new, BSD-licensed <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=zforce&sektion=1">zforce(1)</a> script. |
|
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=compress&sektion=1">compress(1)</a> do the right thing when confronted with (e.g.) 'gzip -lN < foo.gz'. |
|
<li>Another missing netinet byte-order fixup, this time in fragment reassembly code. |
|
<li>Fix a printf(%s) off-by-one in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>. |
|
<li>Improvements to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> skip-step calculation. |
|
<li>More propolice fixes. |
|
<!-- ^ 20030729 --> |
|
<li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=growfs&sektion=8">growfs(8)</a> from FreeBSD. |
|
<li>Remove unlicensed MATH_EMULATE code (written by some guy named Torvalds) from the kernel, leaving only the GNU emulation code for the moment. |
|
<li>Don't treat consecutive slashes as path components in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=patch&sektion=1">patch(1)</a>, for POSIX reasons. |
|
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=patch&sektion=1">patch(1)</a>'s exit value consistent with POSIX and with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=diff&sektion=1">diff(1)</a>. |
|
<li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mbuf&sektion=9">mbuf(9)</a> markup (M_TUNNEL) for tunnel-mode IPsec connections so that <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gif&sektion=4">gif(4)</a> over IPsec can be detected and unencapsulated consistently (PR#3023.) |
|
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen&sektion=1">ssh-keygen(1)</a> can now generate the Diffie-Hellman groups as needed by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=moduli&sektion=5">moduli(5)</a>. |
|
<!-- ^ 20030728 --> |
|
<li>If <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=compress&sektion=1">compress(1)</a> detects that compressed output would be larger than the input, fail so that the .gz file gets removed. |
|
<li>Fix a missing initialisation and cure a hang that could occur when <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=diff&sektion=1">diff(1)</a>ing a directory. |
|
<li>Try to bound memory and cpu usage of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=diff&sektion=1">diff(1)</a>, old (unbounded) behaviour available with -d. |
|
<!-- ^ 20030727 --> |
|
<li>Install <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ed&sektion=1">ed(1)</a> tutorial papers. |
|
<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mtree&sektion=8">mtree(8)</a>'s -s option enabling -t by mistake. |
|
<!-- ^ 20030726 --> |
|
<li>More tweaks to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=compress&sektion=1">compress(1)</a>. |
|
<li>Fix an x86 DoS (<a href="http://www.securityfocus.com/archive/1/330399/2003-07-21/2003-07-27/0">reported</a> by Michal Zalewski) by zeroing the SYSENTER registers at kernel boot time.<br> |
|
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> |
|
<li>Remove some in-place IP header byte order changes in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a>, missed out before. |
|
<li>Print the right error line number in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newsyslog&sektion=8">newsyslog(8)</a>. |
|
<li>Change references to the now non-existent <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kerberos&sektion=1&manpath=OpenBSD+3.2">kerberos(1)</a> manpage to point at 'info heimdal.' |
|
<li>Add sha2 support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>. |
|
<li>A few *printf cleanups in sys/net/. |
|
<li>New __kprintf__ format attribute for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc&sektion=1">gcc(1)</a> that groks kernel *<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=printf&sektion=9">printf(9)</a> format arguments. See <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc-local&sektion=1">gcc-local(1)</a> for details. |
|
<li>Change <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=patch&sektion=1">patch(1)</a>'s -b option to be POSIX ('save a backup') and give the old functionality (specify backup filename suffix) to the -z option like GNU patch. For now, -b is on by default. |
|
<!-- ^ 20030725 --> |
|
<li>Fix IP packet length setting for IPsec tunnels, lost in recent byte order changes. |
|
<li>Add sha2 support for IPsec. |
|
<li>Add _syslogd user for, um, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslogd&sektion=8">syslogd(8)</a>, soon to get the privsep treatment. |
|
<li>Allow the kernel to build with inet enabled but ether disabled (PR#3356.) |
|
<li>New APIWARN libc/Makefile define, disabled by default, which makes the linker complain whenever unsafe string functions are used. |
<!-- ^ 20030724 --> |
<!-- ^ 20030724 --> |
<li>Move nasty SCSI utility code out of libutil and into <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scsi&sektion=8">scsi(8)</a>, the only place it's used. |
<li>Move nasty SCSI utility code out of libutil and into <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scsi&sektion=8">scsi(8)</a>, the only place it's used. |
<li>When detaching an interface, remove from software interrupt queues any packets pointing to that interface. |
<li>When detaching an interface, remove from software interrupt queues any packets pointing to that interface. |
|
|
<li>Implement the sysinfo() system call under Linux emulation. |
<li>Implement the sysinfo() system call under Linux emulation. |
<li>Remove AFS code from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>. |
<li>Remove AFS code from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>. |
<li>Redo the 'invalid line number' fix for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=patch&sektion=1">patch(1)</a>. |
<li>Redo the 'invalid line number' fix for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=patch&sektion=1">patch(1)</a>. |
<li>Update <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=CGI&sektion=3p">CGI(3p)</a> to version 2.98 to fix a cross-site scripting bug. |
<li>Update <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=CGI&sektion=3p">CGI(3p)</a> to version 2.98 to fix a cross-site scripting bug.<br> |
|
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> |
<!-- ^ 20030723 --> |
<!-- ^ 20030723 --> |
<li>Use libc <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getopt_long&sektion=3">getopt_long(3)</a> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=patch&sektion=1">patch(1)</a> instead of a local version. |
<li>Use libc <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getopt_long&sektion=3">getopt_long(3)</a> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=patch&sektion=1">patch(1)</a> instead of a local version. |
<li>POSIX tweaks to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=patch&sektion=1">patch(1)</a>. |
<li>POSIX tweaks to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=patch&sektion=1">patch(1)</a>. |
|
|
<li>Apply some of the USB SCSI improvements to the FireWire code as well. |
<li>Apply some of the USB SCSI improvements to the FireWire code as well. |
<li>Add string length bounds to an <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sscanf&sektion=3">sscanf(3)</a> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>'s rhosts auth code. |
<li>Add string length bounds to an <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sscanf&sektion=3">sscanf(3)</a> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>'s rhosts auth code. |
<li>Pull in a fix for directory creation under <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>. |
<li>Pull in a fix for directory creation under <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>. |
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> rdr rules with address pools using bitmask and source-hash address selection. |
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> rdr rules with address pools using bitmask and source-hash address selection.<br> |
|
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> |
<li>Allow inverse matching of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> tags. |
<li>Allow inverse matching of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> tags. |
<li>Fix media handling for Intel <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dc&sektion=4">dc(4)</a> devices. |
<li>Fix media handling for Intel <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dc&sektion=4">dc(4)</a> devices. |
<!-- ^ 20030517 --> |
<!-- ^ 20030517 --> |