version 1.908, 2004/03/22 23:05:59 |
version 1.909, 2004/03/23 20:24:52 |
|
|
|
|
<p> |
<p> |
<h3><font color="#0000e0">We are working on OpenBSD-current.</font></h3><p> |
<h3><font color="#0000e0">We are working on OpenBSD-current.</font></h3><p> |
The following list sums up (almost) all the changes made up to March 7. |
The following list sums up (almost) all the changes made up to March 23. |
<p> |
<p> |
|
|
<ul> |
<ul> |
|
<!-- ^ 20040323 --> |
|
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=3">ssl(3)</a> rmd160 breakage on sparc64. |
|
<li>Teach <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a> how to display the new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfsync&sektion=4">pfsync(4)</a> bulk updates. |
|
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfsync&sektion=4">pfsync(4)</a> stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4">carp(4)</a> preempting to become master until the bulk state table sync has completed. |
|
<li>Support best-efforts bulk transfers of states when a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfsync&sektion=4">pfsync(4)</a> syncif is first configured. This this allows pfsync+carp clusters to come up gracefully without killing active connections. |
|
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rc&sektion=8">rc(8)</a> stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4">carp(4)</a> interfaces on system shutdown. |
|
<li>Add pass rules for the pfsync and carp protocols to the default <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> rulebase installed by /etc/<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rc&sektion=8">rc(8)</a>. |
|
<li>Make sure <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfsync&sektion=4">pfsync(4)</a> interfaces are initialised before <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4">carp(4)</a> interfaces in /etc/<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstart&sektion=8">netstart(8)</a>. |
|
<!-- ^ 20040322 --> |
|
<!-- ^ 20040321 --> |
|
<li>Unbreak routing change handling in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4">carp(4)</a>. |
|
<li>Bump OpenSSH to version 3.8.1. |
|
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>'s '-s osfp' option work by spelling it less like OSPF. |
|
<li>Update <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.os&sektion=5">pf.os(5)</a> to include OpenBSD 3.5, since that's where it's now at. |
|
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tn3270&sektion=1">tn3270(1)</a> check errno instead of setting it. |
|
<li>Fix yet another stray semicolon, this time in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=aac&sektion=4">aac(4)</a>. |
|
<li>Implement firmware downloading for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mpt&sektion=4">mpt(4)</a>. |
|
<!-- ^ 20040320 --> |
|
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bge&sektion=4">bge(4)</a> work on 64-bit machines even if they're not alphas. |
|
<li>Have privsep <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=named&sektion=8">named(8)</a> pass SIGINT to the child process. |
|
<li>Upgrade Puffy to 3.5 and lock XF4 for release. |
|
<li>Add final pieces of privilege separation for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> and switch it on. |
|
<li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pxeboot&sektion=8">pxeboot(8)</a> for i386, derived from NetBSD. |
|
<li>Fix another stray semicolon, in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a>'s ASN.1 printer this time. |
|
<li>More <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mpt&sektion=4">mpt(4)</a> fixes, more to come. |
|
<!-- ^ 20040319 --> |
|
<li>When initialising the new state in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> DIOCADDSTATE, point to the default rule instead of NULL. |
|
<li>Merge parts of XFree86 4.4.0 Release not affected by the new license. |
|
<li>Allow a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4">carp(4)</a> device's state to be set explicitly with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifconfig&sektion=8">ifconfig(8)</a>. |
|
<li>Set permissions on the right files for the @owner, @group and @mode directives in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pkg_add&sektion=1">pkg_add(1)</a> when -B is in effect. |
|
<li>For <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> devices with Prism firmware version 1.6.3 or later, support an enhanced security mode for a hostap where the SSID can be hidden from snoopers. |
|
<li>Speed up <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a> session reestablishment. |
|
<li>Fix timeout issues with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=eap&sektion=4">eap(4)</a> audio devices. |
|
<li>Stop the installer asking for the timezone when upgrading. |
|
<!-- ^ 20040318 --> |
|
<!-- Erratum 016 (libssl) applied to stable here, applied to -current 20040317 --> |
|
<!-- Erratum 015 (isakmpd) applied to stable here, -current is 20040310 --> |
|
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&sektion=8">spamd(8)</a>'s logging when the blacklist limit is hit. |
|
<li>Allow users with write access to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a>'s control socket to send queries. |
|
<li>Fix an out-of-bounds read in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=3">ssl(3)</a> (CAN-2004-0112.) This code isn't used in OpenBSD. |
|
<li>Always read at least DEV_BSIZE (512) bytes of the disklabel, some disks have smaller block sizes. |
|
<li><font color="#e00000"><strong>RELIABILITY FIX: A missing check for a NULL-pointer dereference has been found in ssl(3).</strong></font> A remote attacker can use the bug to cause an OpenSSL application to crash; this may lead to a denial of service.<br> |
|
<a href="errata.html#openssl">A source code patch is available</a>.<br> |
|
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> |
|
<li>Fix a minor memory leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>. |
|
<li>Lots of pre-release documentation fixes and additions. |
|
<li>If running at <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=securelevel&sektion=7">securelevel</a> 2, use the -x option to increase the chances of ntpd using slew mode, since stepping backwards is disabled at this level. |
|
<li>Some <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mpt&sektion=4">mpt(4)</a> stability fixes. |
|
<!-- ^ 20040317 --> |
|
<li>Don't signal <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mountd&sektion=8">mountd(8)</a> from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mount&sektion=8">mount(8)</a> when all that's required is a listing of mounts (PR#3695.) |
|
<li>Create <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a>'s control socket later in the startup. |
|
<li>Remember to unlock USB <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> devices on errors. |
|
<li>Since we've allocated a cache for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pax&sektion=1">pax(1)</a>, let's go right ahead and use it. |
|
<li>Remove 'extern int errno' in favour of #include <errno.h> in a number of programs. |
|
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=diff&sektion=1">diff(1)</a> in directory mode skip over anything that's not a regular file or directory, for POSIX reasons. |
|
<!-- ^ 20040316 --> |
|
<li>Yet another stray semicolon removed, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pax&sektion=1">pax(1)</a> is the lucky program. |
|
<li>Prevent blacklist connections we're tarpitting from maxing out <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&sektion=8">spamd(8)</a>'s available connections. Controllable with the new -B option. |
|
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> hostap send an error response if a station sends a bogus challenge instead of just ignoring it. |
|
<li>Make software WEP work on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> devices. Only in BSS (station) and hostap modes for now. |
|
<li>Fix another bug caused by a stray semicolon, this time in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a>. |
|
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=daemon&sektion=3">daemon(3)</a>ise ifstated(8) earlier. |
|
<li>Some logic fixes and additional error checks in USB <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a>. |
|
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sensorsd&sektion=8">sensorsd(8)</a> deal gracefully with attempts to initialise unsupported sensor types. |
|
<li>Fix memory leak caused by a stray semicolon in arla. |
|
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=panic&sektion=9">panic(9)</a> if an attempt is made to initialise the kernel arc4random generator too early. |
|
<li>Fix occasional <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=locate.updatedb&sektion=8">locate.updatedb(8)</a> failures due to a bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sort&sektion=1">sort(1)</a>. |
|
<li>Check <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chdir&sektion=2">chdir(2)</a> return code after <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chroot&sektion=2">chroot(2)</a> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>. |
|
<li>Fix a memory leak and a missing break in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> ioctl processing error paths. |
|
<li>Clear struct sockaddr_un before use in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslogc&sektion=8">syslogc(8)</a>. |
|
<!-- ^ 20030315 --> |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&sektion=8">spamd(8)</a>, only shrink the window once we're in the DATA mode. This way, greylisted connections don't get held up by the tiny window but spam bodies are still sent. Very. Slowly. |
|
<li>Restore <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scsi&sektion=4">scsi(4)</a> bus scans to full speed by not checking LUNs that will be skipped anyway. |
|
<li>Fix fd and another memory leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=routed&sektion=8">routed(8)</a>. |
|
<li>Make the sane_install() tests in the installer match more useful reality. |
|
<li>Check the return code of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chdir&sektion=2">chdir(2)</a> after the privsep <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chroot&sektion=2">chroot(2)</a> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pflogd&sektion=8">pflogd(8)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslogd&sektion=8">syslogd(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a>. |
|
<li>Disable <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=9">crypto(9)</a> MAC functions for now, no current hardware can use them. |
|
<li>Some <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=oosiop&sektion=4">oosiop(4)</a> cleanup based on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=osiop&sektion=4">osiop(4)</a>. |
|
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wskbd&sektion=4">wskbd(4)</a>, make the caps lock key do caps lock instead of shift lock (PR#2555.) |
|
<!-- ^ 20040314 --> |
|
<li>Make it easier to kill <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&sektion=8">spamd(8)</a> greylister processes. |
|
<li>Do <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfsync&sektion=4">pfsync(4)</a> interface setup last in /etc/<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstart&sektion=8">netstart(8)</a>, so that hopefully the syncif gets set up beforehand. |
|
<!-- ^ 20040313 --> |
|
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpctl&sektion=8">bgpctl(8)</a>'s empty-as keyword work. |
|
<li>Extra free-then-NULL paranoia in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&sektion=8">spamd(8)</a>. |
|
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> software WEP on big-endian machines. |
|
<li>Unbreak <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tail&sektion=1">tail(1)</a> -f mode for filesystems not blessed with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a> support. |
|
<li>Implement privilege separation for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=named&sektion=8">named(8)</a>. And there was much rejoicing. |
|
<li>Plug a rtentry leak when TCP gives up on a cached route (in_pcb.c:in_losing().) |
|
<li>Fix (guess what?) a memory leak in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=yacc&sektion=1">yacc(1)</a> skeleton code. |
|
<li>Check the payload size more carefully when printing IKE messages in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a>. |
|
<li>Plug a memory leak in the error path of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=execve&sektion=2">execve(2)</a>. |
|
<li>Preliminary port of the NetBSD <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=oosiop&sektion=4">oosiop(4)</a> driver, supporting really old NCR SCSI chips on hppa machines. |
|
<!-- ^ 20040312 --> |
|
<li>Unbreak <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pkg_add&sektion=1">pkg_add(1)</a>'s handling of packages from stdin. |
|
<li>Fix a bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&sektion=8">spamd(8)</a> that stopped custom 450 messages being displayed. |
|
<li>Some <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=apm&sektion=4">apm(4)</a> fixes on i386. |
|
<li>Sync the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&sektion=8">spamd(8)</a> greylist database after each db operation, to minimise the likelihood of corruption. |
|
<li>Add basic community support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a>. |
|
<li>Correct a missing <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=malloc&sektion=3">malloc(3)</a> error check in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpctl&sektion=8">bgpctl(8)</a>. |
|
<li>Fix byte-ordering problems in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=routed&sektion=8">routed(8)</a> (PR#3704.) Based on NetBSD. |
|
<!-- ^ 20040311 --> |
|
<!-- I know the erratum says March 17, but this is when the -current patch goes in. --> |
|
<li><font color="#e00000"><strong>RELIABILITY FIX: Defects in the payload validation and processing functions of isakmpd(8) have been discovered.</strong></font> An attacker could send malformed ISAKMP messages and cause isakmpd to crash or to loop endlessly.<br> |
|
<a href="errata.html#isakmpd2">A source code patch is available</a>.<br> |
|
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> |
|
<li>Obey the user's 'boot reboot' command at the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ddb&sektion=4">ddb(4)</a> prompt, even if the system is starting up. |
|
<li>Some signedness paranoia when handling <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4">carp(4)</a> sysctls. |
|
<li>Fix missing checks for NULL returned from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getpass&sektion=3">getpass(3)</a> in login_*(8). |
|
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a> work harder to clean up after itself on exit. |
|
<li>More work on capability announcements in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a>. |
|
<li>Fix an <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> crash when deleting an ESP SA with no authentication (PR#2429.) |
|
<li>Symlink-hanlding improvements in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pkg_add&sektion=1">pkg_add(1)</a> etc.'s virtual filesystem code. |
|
<li>Simplify the new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scsi&sektion=4">scsi(4)</a> LUN scanning logic, and print better diagnostics. |
|
<li>New -b option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&sektion=8">spamd(8)</a>, used to set the local bind address. |
|
<!-- ^ 20040310 --> |
|
<li>Allow the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wsdisplay&sektion=4">wsdisplay(4)</a> screen blanker to be turned off again (PR#3123.) |
|
<li>3.5-beta -> 3.5. |
|
<li>Increase the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> X11 cookie lifetime from two to twenty minutes. |
|
<li>Plug some memory leaks in error paths of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>. |
|
<li>Fix multicast for recent <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sk&sektion=4">sk(4)</a> chipsets. From FreeBSD lists. |
|
<li>Be more thorough when URL-encoding usernames and passwords in the installer. |
|
<!-- ^ 20040309 --> |
|
<li>Prevent the user specifying an interface name longer than IFNAMSIZ in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifconfig&sektion=8">ifconfig(8)</a>. |
|
<li>Many, many more memory leak fixes in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>'s parser. |
|
<li>Fix a few missing initialisations in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keyscan&sektion=1">ssh-keyscan(1)</a>. |
<!-- ^ 20040308 --> |
<!-- ^ 20040308 --> |
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pkg_add&sektion=1">pkg_add(1)</a>'s dependency lookup check against local directory listings. |
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pkg_add&sektion=1">pkg_add(1)</a>'s dependency lookup check against local directory listings. |
<li>New -A (pretend to be another architecture) and -P (limit distribution type) options to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pkg_add&sektion=1">pkg_add(1)</a>. |
<li>New -A (pretend to be another architecture) and -P (limit distribution type) options to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pkg_add&sektion=1">pkg_add(1)</a>. |
<li>More memory leak fixes to ifstated(8)'s parser. |
<li>More memory leak fixes to ifstated(8)'s parser. |
<li>Fix a null deref in ifstated(8). |
<li>Fix a null deref in ifstated(8). |
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nc&sektion=1">nc(1)</a> print an error message if <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=connect&sektion=2">connect(2)</a> fails. |
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nc&sektion=1">nc(1)</a> print an error message if <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=connect&sektion=2">connect(2)</a> fails. |
|
<!-- ^ 20030307 --> |
<li>Plug well-hidden memory leaks in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a>, ifstated(8) and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>'s parsers. |
<li>Plug well-hidden memory leaks in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a>, ifstated(8) and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>'s parsers. |
<li>Signal-handling tweaks to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslogd&sektion=8">syslogd(8)</a>. |
<li>Signal-handling tweaks to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslogd&sektion=8">syslogd(8)</a>. |
<li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mpt&sektion=4">mpt(4)</a>, a driver for LSI Fusion-MPT SCSI and Fibre Channel devices. |
<li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mpt&sektion=4">mpt(4)</a>, a driver for LSI Fusion-MPT SCSI and Fibre Channel devices. |
|
|
<li>Cleanup and paranoia in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamdb&sektion=8">spamdb(8)</a>. |
<li>Cleanup and paranoia in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamdb&sektion=8">spamdb(8)</a>. |
<li>Support 'tagged <name>' specifiers on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> anchor rules. |
<li>Support 'tagged <name>' specifiers on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> anchor rules. |
<li>Better IPv4 address validation in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&sektion=8">spamd(8)</a>. |
<li>Better IPv4 address validation in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&sektion=8">spamd(8)</a>. |
<li>Process NOTE_TRUNCATE messages in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tail&sektion=1">tail(1)</a> and unbreak file truncation handling (PR#3689.) |
<li>Process NOTE_TRUNCATE messages in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tail&sektion=1">tail(1)</a> and unbreak file truncation handling in -f mode (PR#3689.) |
<li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a> to run in route-collector mode, i.e. disable the decision process. |
<li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a> to run in route-collector mode, i.e. disable the decision process. |
<li>Build libf2c for GCC3 architectures. |
<li>Build libf2c for GCC3 architectures. |
<li>New -d option for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nc&sektion=1">nc(1)</a>, which disables reading from stdin (PR#3694.) |
<li>New -d option for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nc&sektion=1">nc(1)</a>, which disables reading from stdin (PR#3694.) |
|
|
<!-- ^ 20040219 --> |
<!-- ^ 20040219 --> |
<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bc&sektion=1">bc(1)</a> modifying argv and optind while inside the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getopt&sektion=3">getopt(3)</a> loop. |
<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bc&sektion=1">bc(1)</a> modifying argv and optind while inside the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getopt&sektion=3">getopt(3)</a> loop. |
<li>In gcc3, add a few missing <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=open&sektion=2">open(2)</a> third options when used with O_CREAT. |
<li>In gcc3, add a few missing <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=open&sektion=2">open(2)</a> third options when used with O_CREAT. |
<li>Revoke procmap(1)'s privileges immediately after <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kvm_openfiles&sektion=3">kvm_openfiles(3)</a>. |
<li>Revoke <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=procmap&sektion=1">procmap(1)</a>'s privileges immediately after <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kvm_openfiles&sektion=3">kvm_openfiles(3)</a>. |
<li>Make sure procmap(1) doesn't call <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strtoul&sektion=3">strtoul(3)</a> on non-numbers. |
<li>Make sure doesn't call <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strtoul&sektion=3">strtoul(3)</a> on non-numbers. |
<li>In procmap(1), print the names of missing symbols instead of '(null)'. |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=procmap&sektion=1">procmap(1)</a>, print the names of missing symbols instead of '(null)'. |
<!-- ^ 20040218 --> |
<!-- ^ 20040218 --> |
<li>Extra <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bzero&sektion=3">bzero(3)</a> paranoia for data coming out of the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scsi&sektion=4">scsi(4)</a> xfer pool. |
<li>Extra <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bzero&sektion=3">bzero(3)</a> paranoia for data coming out of the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scsi&sektion=4">scsi(4)</a> xfer pool. |
<li>Memory and string cleanup in procmap(1). |
<li>Memory and string cleanup in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=procmap&sektion=1">procmap(1)</a>. |
<li>Implement <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kevent&sektion=2">kevent(2)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a> under FreeBSD emulation, using the native calls. |
<li>Implement <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kevent&sektion=2">kevent(2)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a> under FreeBSD emulation, using the native calls. |
<li>Fix mishandling of numeric options in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sed&sektion=1">sed(1)</a> (PR#3677.) |
<li>Fix mishandling of numeric options in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sed&sektion=1">sed(1)</a> (PR#3677.) |
<li>Add -i option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>, restricting operations to the given interface. Only -sI implemented for now. |
<li>Add -i option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>, restricting operations to the given interface. Only -sI implemented for now. |
|
|
<li>Add a missing <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=realloc&sektion=3">realloc(3)</a> failure check in asn1_compile. |
<li>Add a missing <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=realloc&sektion=3">realloc(3)</a> failure check in asn1_compile. |
<li>Generate the MAKEDEV(8) manpages automagically based on the same information as the MAKEDEV scripts themselves. |
<li>Generate the MAKEDEV(8) manpages automagically based on the same information as the MAKEDEV scripts themselves. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc&sektion=1">gcc(1)</a> propolice fixes on i386. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc&sektion=1">gcc(1)</a> propolice fixes on i386. |
<li>First cut at procmap(1) from NetBSD (where it's called pmap.) Not yet built by default. |
<li>First cut at <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=procmap&sektion=1">procmap(1)</a> from NetBSD (where it's called pmap.) Not yet built by default. |
<!-- ^ 20040216 --> |
<!-- ^ 20040216 --> |
<li>New 'split' option in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=iostat&sektion=8">iostat(8)</a> for the newly-separated disk read/write stats. |
<li>New 'split' option in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=iostat&sektion=8">iostat(8)</a> for the newly-separated disk read/write stats. |
<li>Check for TDB entries marked as invalid when looking up tcpmd5 connections. |
<li>Check for TDB entries marked as invalid when looking up tcpmd5 connections. |
|
|
<!-- ^ 20031122 --> |
<!-- ^ 20031122 --> |
<li>Also give <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cmp&sektion=1">cmp(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=patch&sektion=1">patch(1)</a> the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=madvise&sektion=2">madvise(2)</a> sequential treatment. |
<li>Also give <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cmp&sektion=1">cmp(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=patch&sektion=1">patch(1)</a> the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=madvise&sektion=2">madvise(2)</a> sequential treatment. |
<li>Speed up <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=install&sektion=1">install(1)</a> by using <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=madvise&sektion=2">madvise(2)</a> with the MADV_SEQUENTIAL flag. |
<li>Speed up <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=install&sektion=1">install(1)</a> by using <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=madvise&sektion=2">madvise(2)</a> with the MADV_SEQUENTIAL flag. |
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> mod_access IP address tests on sparc64. |
<!-- erratum 3.4-httpd2 appeared 13 March 2004... --> |
|
<li><font color="#e00000"><strong>SECURITY FIX: Due to a bug in the parsing of Allow/Deny rules for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a>'s access module, using IP addresses without a netmask on big endian 64-bit platforms causes the rules to fail to match. This only affects sparc64.</strong></font><br> |
|
<a href="errata.html#httpd2">A source code patch is available</a>.<br> |
|
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> |
<li>New -o option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kvm_mkdb&sektion=8">kvm_mkdb(8)</a>, to put the database somewhere other than /var/db. |
<li>New -o option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kvm_mkdb&sektion=8">kvm_mkdb(8)</a>, to put the database somewhere other than /var/db. |
<li>Fix return code from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=diff&sektion=1">diff(1)</a> when the -i option is in use. |
<li>Fix return code from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=diff&sektion=1">diff(1)</a> when the -i option is in use. |
<!-- ^ 20031121 --> |
<!-- ^ 20031121 --> |
|
|
<li>Fix several kernel networking off-by-ones w.r.t. PRC_NCMDS. |
<li>Fix several kernel networking off-by-ones w.r.t. PRC_NCMDS. |
<li>Better error checking for new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bc&sektion=1">bc(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dc&sektion=1">dc(1)</a>. |
<li>Better error checking for new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bc&sektion=1">bc(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dc&sektion=1">dc(1)</a>. |
<li>Make new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bc&sektion=1">bc(1)</a> compile on sparc64. |
<li>Make new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bc&sektion=1">bc(1)</a> compile on sparc64. |
<li>PCI support for hppa through <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bc&sektion=4&arch=hppa">dino(4)</a> bridge driver. |
<li>PCI support for hppa through <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dino&sektion=4&arch=hppa">dino(4)</a> bridge driver. |
<!-- ^ 20030928 --> |
<!-- ^ 20030928 --> |
<!-- ^ 20030927 --> |
<!-- ^ 20030927 --> |
<li>Further <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=realloc&sektion=3">realloc(3)</a> cleanup. |
<li>Further <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=realloc&sektion=3">realloc(3)</a> cleanup. |
|
|
<li>Correct a double-free in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> buffer management code (OpenSSH PR#660.) |
<li>Correct a double-free in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> buffer management code (OpenSSH PR#660.) |
<li>Fix the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> ConnectTimeout option (OpenSSH PR#656.) |
<li>Fix the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> ConnectTimeout option (OpenSSH PR#656.) |
<li>On i386, try harder to boot from removable media by allowing for their removal and insertion. |
<li>On i386, try harder to boot from removable media by allowing for their removal and insertion. |
<!-- 20030918 --> |
<!-- ^ 20030918 --> |
<li>Updated and better-commented openbsd-proto.mc for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a>. |
<li>Updated and better-commented openbsd-proto.mc for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a>. |
<li>Upgrade <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a> to version 8.12.10. The address parsing security fix went into 3.4 and -stable, but not the full version update. |
<li>Upgrade <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a> to version 8.12.10. The address parsing security fix went into 3.4 and -stable, but not the full version update. |
<!-- ^ 20030917 --> |
<!-- ^ 20030917 --> |