| version 1.922, 2004/04/29 14:37:08 |
version 1.923, 2004/05/17 00:35:53 |
|
|
| |
|
| <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> |
| <html> |
<html> |
| <head> |
<head> |
|
|
| |
|
| <p> |
<p> |
| <h3><font color="#0000e0">We are working on OpenBSD-current.</font></h3><p> |
<h3><font color="#0000e0">We are working on OpenBSD-current.</font></h3><p> |
| The following list sums up (almost) all the changes made up to April 25. |
The following list sums up (almost) all the changes made up to May 15. |
| <p> |
<p> |
| |
|
| <ul> |
<ul> |
| |
<li>When <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4">carp(4)</a> backs off because of physical interface problems, advertise this fact immediately instead of waiting for the next scheduled announcement. |
| |
<!-- ^ 20050416 --> |
| |
<li>Add a workaround in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ppp&sektion=8">ppp(8)</a> for the recent multipath routing changes. |
| |
<li>Fix a two-byte buffer overflow when printing sockaddr structs of unknown type in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=route&sektion=8">route(8)</a>. |
| |
<li>Correct error output for bad limit modifiers in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=csh&sektion=1">csh(1)</a>. |
| |
<!-- ^ 20050415 --> |
| |
<li>Fix a reference-counting bug in fifofs that could cause certain non-blocking FIFO users (e.g. qmail) to consume 100% cpu. |
| |
<li>Interpret <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsecadm&sektion=8">ipsecadm(8)</a> cpi and spi parameters as hex even if not preceded by '0x'. |
| |
<li>Unbreak <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pppoe&sektion=8">pppoe(8)</a> server mode by not doing the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chroot&sektion=8">chroot(8)</a>. |
| |
<li>Use a nointr <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pool&sektion=9">pool(9)</a> instead of generic <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=malloc&sektion=9">malloc(9)</a> for pathname storage when doing name-to-inode lookups. |
| |
<!-- ^ 20040514 --> |
| |
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newfs&sektion=8">newfs(8)</a> dump status information to stderr on receipt of SIGINFO if running in quiet (-q) mode. |
| |
<li>Don't allow the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=authpf&sektion=8">authpf(8)</a> shell to be overloaded by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login.conf&sektion=5">login.conf(5)</a>. |
| |
<li>Make the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cron&sektion=8">cron(8)</a> socket close-on-exec. |
| |
<li>Arrange for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cron&sektion=8">cron(8)</a> to check both cron and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=at&sektion=1">at(1)</a> databases for jobs if the newly-non-blocking cron socket returns EAGAIN. |
| |
<li>Display the right fields in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a>'s <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4">carp(4)</a> parser. |
| |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4">carp(4)</a> backoff work properly by heeding the raised advskew on received as well as sent packets. |
| |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient&sektion=8">dhclient(8)</a>'s lease file handling work under the chroot. |
| |
<li>Add some new configuration functionality to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>'s FIFO interface. |
| |
<li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4">carp(4)</a> interfaces to be destroyed by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifconfig&sektion=8">ifconfig(8)</a>. |
| |
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> examples in /etc/systrace (PR#3748). |
| |
<li>Better <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scsi&sektion=4">scsi(4)</a> sense display. |
| |
<!-- ^ 20040513 --> |
| |
<li>Replace the hand-crafted expr() parser in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=m4&sektion=1">m4(1)</a> with a standard <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lex&sektion=1">lex(1)</a>-and-<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=yacc&sektion=1">yacc(1)</a> combo. Easier to work on, and more standards compliant too. |
| |
<li>Fix msdosfs on 64-bit systems. |
| |
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ppp&sektion=8">ppp(8)</a> breakage caused by the new multipath routing code. |
| |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login_passwd&sektion=8">login_passwd(8)</a> setuid root again, it's needed for 'secure' YP maps. |
| |
<li>Call <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tzset&sektion=3">tzset(3)</a> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&sektion=8">dhcpd(8)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcrelay&sektion=8">dhcrelay(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mopd&sektion=8">mopd(8)</a>. |
| |
<!-- ^ 20040512 --> |
| |
<li>Don't print the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a> version if the helpfile is missing. |
| |
<li>Build <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a> with -D_FFR_QUEUERETURN_DSN, allowing faster expiration of spam bounces. |
| |
<li>Unbreak checksum generation when using <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> scrub random-id. |
| |
<li>Change <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> routing loop detection so that visiting a packet more than four times is an error, instead of more than once. |
| |
<li>Don't abort <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lint&sektion=1">lint(1)</a> because a child process fails, just move onto the next file. |
| |
<!-- ^ 20040511 --> |
| |
<li>When doing user mounts, inherit the MNT_NOEXEC flag from the mount point. This stops users bypassing noexec by null-mounting the filesystem on top of itself. |
| |
<li>Filter and lock <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rbootd&sektion=8">rbootd(8)</a>'s <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bpf&sektion=4">bpf(4)</a> descriptor before dropping privileges. |
| |
<li>Unbreak <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chsh&sektion=1">chsh(1)</a> after the recent <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pw_copy&sektion=3">pw_copy(3)</a> changes. |
| |
<li>Import and merge GNU readline 4.3p5. |
| |
<li>Double <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ksh&sektion=1">ksh(1)</a>'s command line buffer size to 2K. |
| |
<li>Allow the banner page to be turned off by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lpr&sektion=1">lpr(1)</a>. |
| |
<li>Add /usr/local/sbin to root's .cshrc, and move /usr/X11R6/bin before /usr/local/{bin,sbin} for both <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=csh&sektion=1">csh(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ksh&sektion=1">ksh(1)</a>. |
| |
<li>Remove a bunch of #ifdef ISO and #ifdef notyet crud from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nfsd&sektion=8">nfsd(8)</a>. |
| |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lint&sektion=1">lint(1)</a> understand the 'long long' type. |
| |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cron&sektion=8">cron(8)</a>'s accept socket non-blocking. |
| |
<li>Clobber the 'clobber' command in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mail&sektion=1">mail(1)</a>. |
| |
<li>When <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=user&sektion=8">user(8)</a> adds a new group, place it before the first '+' entry if one exists (part of a fix for PR#3727). |
| |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strtonum&sektion=3">strtonum(3)</a>-ify <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsecadm&sektion=8">ipsecadm(8)</a> and add some more integer value checks. |
| |
<!-- ^ 20040510 --> |
| |
<li>Properly initialise <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4">carp(4)</a> advskew for values greater than 240. |
| |
<li>Remove unused variables in several programs on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lint&sektion=1">lint(1)</a>'s say-so. |
| |
<li>Use the freshly-generated MD5 digest for the SSH1 session ID instead of random stack garbage. |
| |
<li>Fix a null deref panic in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> TCP normaliser. |
| |
<!-- ^ 20040509 --> |
| |
<li>Swap <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=arc4random&sektion=3">arc4random(3)</a> for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rand&sektion=3">rand(3)</a> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=awk&sektion=1">awk(1)</a> unless the user sets the seed, in which case swap <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=random&sektion=3">random(3)</a> for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rand&sektion=3">rand(3)</a>. |
| |
<li>Add a reference count for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bpf&sektion=4">bpf(4)</a> descriptors, and don't free resources until processes sleeping on a descriptor have been woken up. |
| |
<li>Use a locked, filtered <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bpf&sektion=4">bpf(4)</a> descriptor in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mopd&sektion=8">mopd(8)</a>. |
| |
<li>Replace <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rand&sektion=3">rand(3)</a> with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=arc4random&sektion=3">arc4random(3)</a> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ksh&sektion=1">ksh(1)</a>, unless the user sets the random seed manually in which case rand() is still used. |
| |
<li>Allow manually-keyed <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> AH in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a>. |
| |
<li>Initialise <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ed&sektion=1">ed(1)</a>'s crypto using <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=arc4random&sektion=3">arc4random(3)</a> instead of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rand&sektion=3">rand(3)</a>. |
| |
<li>Fix a few memory leaks in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=regex&sektion=3">regex(3)</a>. |
| |
<li>Resolve hostnames in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd.conf&sektion=5">dhcpd.conf(5)</a> at parse time (PR#3771). |
| |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4">carp(4)</a> back off on other interfaces on IP output errors until reliable delivery is restored. |
| |
<li>Use the right packet length in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a>'s <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfsync&sektion=4">pfsync(4)</a> parser. |
| |
<!-- ^ 20040508 --> |
| |
<li>Enable 802.1q long packets for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vlan&sektion=4">vlan(4)</a> support in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fxp&sektion=4">fxp(4)</a> on cardbus. |
| |
<li>Don't allow command substitution characters in the environment variables passed through to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient-script&sektion=8">dhclient-script(8)</a> by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient&sektion=8">dhclient(8)</a>. |
| |
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=afsd&sektion=8">afsd(8)</a> drop privileges and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chroot&sektion=2">chroot(2)</a> to the cache directory. |
| |
<li>Make the -w option work the same for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=grep&sektion=1">grep(1)</a>'s regex and fast paths. |
| |
<li>Implement <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysconf&sektion=3">sysconf(3)</a> values _SC_SEM_NSEMS_MAX and _SC_SEM_VALUE_MAX. |
| |
<li>Fix sizeof(pointer) bugs in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=amd&sektion=8">amd(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a>. |
| |
<li>Add a fast path for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fgrep&sektion=1">fgrep(1)</a> and fix the -w option. |
| |
<li>Replace the kernel's RSA-derived MD5 implementation with code derived from Colin Plumb's PD version. |
| |
<li>Add a filter option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a> to dump prefixes learned via UPDATEs into a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> table. |
| |
<li>Big FFS softdep merge with FreeBSD, fixing a number of bugs. |
| |
<!-- ^ 20040507 --> |
| |
<li>Some <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=snprintf&sektion=3">snprintf(3)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strlcpy&sektion=3">strlcpy(3)</a> cleaning in the X server. |
| |
<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=grep&sektion=1">grep(1)</a> doing <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fseek&sektion=3">fseek(3)</a> on stdin if it's a terminal. |
| |
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=grep&sektion=1">grep(1)</a> treat a '^H' character as non-binary. |
| |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient-script&sektion=8">dhclient-script(8)</a> work with half-bridge ADSL routers that don't provide a real default gateway (PR#3747). |
| |
<li>Apply The Process to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pppoe&sektion=8">pppoe(8)</a>: Create a filtered and locked <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bpf&sektion=4">bpf(4)</a> descriptor, drop privileges and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chroot&sektion=2">chroot(2)</a> to /var/empty. |
| |
<li>New _afs and _ppp users for privilege separation. |
| |
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a> capability negotiation bugs and speed it up when working with picky peers. |
| |
<li>Increase <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a>'s socket buffer size to 64KB iff <!-- iff is not a typo --> IPsec or md5sig is in use. |
| |
<li>Fix a race condition in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a> when a session is closed but there are updates in the buffer. |
| |
<li>Add strchr() and strrchr() to libkern. |
| |
<!-- ^ 20040506 --> |
| |
<li><font color="#e00000"><strong>SECURITY FIX: Check for integer overflow in procfs.</strong></font> Use of procfs is not recommended.<br> |
| |
<a href="errata.html#procfs">A source code patch is available</a>.<br> |
| |
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> |
| |
<li>When a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> scrub rule with the 'reassemble tcp' option is in effect, use RFC1913 PAWS as a means of extending the TCP sequence space by 10 to 18 bits. This makes blind insertion attacks much more difficult, because the timestamp needs to be guessed as well as the TCP sequence number. |
| |
<li>Sprinkle <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strtonum&sektion=3">strtonum(3)</a> liberally all over <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifconfig&sektion=8">ifconfig(8)</a>. |
| |
<li>Match the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sha2&sektion=3">sha2(3)</a> functions up with the other hash types. |
| |
<li>Add a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bpf&sektion=4">bpf(4)</a> write filter to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient&sektion=8">dhclient(8)</a> and lock the descriptor. |
| |
<li>Use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tzset&sektion=3">tzset(3)</a> before chrooting <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient&sektion=8">dhclient(8)</a>. |
| |
<li>Create the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient&sektion=8">dhclient(8)</a> privsep child before opening <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bpf&sektion=4">bpf(4)</a>, creating the routing socket and opening the lease file. |
| |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=make&sektion=1">make(1)</a>, keep statistics for suffix transformations. |
| |
<!-- ^ 20040505 --> |
| |
<li>Remove <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bootpd&sektion=8">bootpd(8)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bootpef&sektion=8">bootpef(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bootpgw&sektion=8">bootpgw(8)</a> from the tree, their functionality is present in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&sektion=8">dhcpd(8)</a> and friends nowadays. |
| |
<li>Teach <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nm&sektion=1">nm(1)</a> about ELF .plt*, .got*, .init and .fini sections. |
| |
<li>The TCP-specific route metrics are rarely used, so use a trimmed down version in the kernel (struct rt_kmetrics) and fake up a full-fat struct rt_metrics on demand for userland compatility. |
| |
<li>Apply bridge filter rules to frames destined for the local machine, so a single-interface bridge can do filtering and tagging. |
| |
<li>Add privilege separation to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient&sektion=8">dhclient(8)</a>. |
| |
<li>Create /var/empty on the installer miniroot so some futuristic pie-in-the-sky privilege-separated <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient&sektion=8">dhclient(8)</a> can work. |
| |
<!-- ^ 20040504 --> |
| |
<li>Convert <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ping&sektion=8">ping(8)</a> to use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strtonum&sektion=3">strtonum(3)</a>. |
| |
<li>Add COMPAT_35 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=config&sektion=8">config(8)</a> option for kernel binary compatibility with OpenBSD 3.5 |
| |
<li>Add *Pad (do padding like *Final without finishing) and *FileChunk (digest a portion of a file) functions for each of the hash types in libc. |
| |
<li>Tweak <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ndbm&sektion=3">ndbm(3)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=semop&sektion=2">semop(2)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=shmget&sektion=2">shmget(2)</a> to match POSIX. Since this is an API change, crank libc's and libpthread's major version. |
| |
<li>Define bsd_signal(3) as required by XPG. Of course, it's just an alias for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=signal&sektion=3">signal(3)</a> here. |
| |
<li>New stdlib function <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strtonum&sektion=3">strtonum(3)</a>, a safe replacement for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atoi&sektion=3">atoi(3)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strtol&sektion=3">strtol(3)</a> etc. |
| |
<li>Clean up properly if <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> PCMCIA attachment fails. |
| |
<li>Remove OpenBSD/pegasos. See the mailing list archives for some very good reasons why. |
| |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cron&sektion=8">cron(8)</a>'s crontab socket non-blocking. |
| |
<li>When setting PROT_NONE with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mprotect&sektion=2">mprotect(2)</a> on a wired entry, decrement the wired count and stop ntpd causing a panic (PR#3758).<br> |
| |
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> |
| |
<li>Some more fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strerror&sektion=3">strerror(3)</a>. Everything now goes via <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strerror_r&sektion=3">strerror_r(3)</a>. |
| |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cksum&sektion=1">cksum(1)</a> a link (in /bin) to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=md5&sektion=1">md5(1)</a> and remove the old program. |
| |
<li>Add support for cksum (three flavours), md4, sha256, sha384 and sha512 to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=md5&sektion=1">md5(1)</a>. |
| |
<!-- ^ 20040502 --> |
| |
<li>Fix a call to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=disk_unbusy&sektion=9">disk_unbusy(9)</a> that lacked the third argument. |
| |
<li>Implement <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pthread_suspend_all_np&sektion=3">pthread_suspend_all_np(3)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pthread_resume_all_np&sektion=3">pthread_resume_all_np(3)</a>, needed by the Java HotSpot compiler. From FreeBSD. |
| |
<li>Fix the fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strerror&sektion=3">strerror(3)</a>. |
| |
<li>Do privilege revocation in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rbootd&sektion=8">rbootd(8)</a>. |
| |
<li>Fix a bug that could cause <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fxp&sektion=4">fxp(4)</a> to lock up for 15 seconds under heavy load.<br> |
| |
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> |
| |
<!-- ^ 20040501 --> |
| |
<li>Add _rbootd privilege separation/revocation user for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rbootd&sektion=8">rbootd(8)</a>. |
| |
<li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfsync&sektion=4">pfsync(4)</a> to be built in a kernel without <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4">carp(4)</a>. |
| |
<li>Start the 3.5-stable branch. |
| |
<li>Fix non-reentrancy and other bad stuff in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strerror&sektion=3">strerror(3)</a>. |
| |
<!-- ^ 20040530 --> |
| |
<li>Check <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> payload lengths more carefully. |
| |
<li>Speedups and cleanups in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=md4&sektion=3">md4(3)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=md5&sektion=3">md5(3)</a>. |
| |
<li>Fix alignment problems when copying <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sha2&sektion=3">sha2(3)</a>'s data pointer around. |
| |
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nm&sektion=1">nm(1)</a> report empty a.out objects as having "no name list" instead of accusing them of having "bad format". |
| |
<!-- ^ 20040529 --> |
| |
<li>Replace the old RSA Data Security Inc. implementations of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=md4&sektion=3">md4(3)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=md5&sektion=3">md5(3)</a> with code derived from Colin Plumb's public domain MD5 implementation. |
| |
<li>Wire <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdrop&sektion=8">tcpdrop(8)</a> into the build. |
| |
<li>Fix a null-dereference crasher in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a>. |
| |
<li>Fix file descriptor leaks in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pflogd&sektion=8">pflogd(8)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rpc.rusersd&sektion=8">rpc.rusersd(8)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamd-setup&sektion=8">spamd-setup(8)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tftpd&sektion=8">tftpd(8)</a>. |
| |
<li>Remove the old ISC DHCP code from the tree, much to Henning's delight. |
| |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pkg_add&sektion=1">pkg_add(1)</a>, allow the PAGER environment variable to contain spaces. |
| |
<li>Update libevent to 0.8 + local changes. |
| |
<!-- XXX wtf Wed Apr 28 06:50:21 UTC 2004 usr.sbin/pkg_add/OpenBSD PackingList.pm --> |
| |
<li>Add some Zebra bug compatibility into <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a>'s capabilities announcements. |
| |
<li>Put the IP addresses of users authenticated by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=authpf&sektion=8">authpf(8)</a> into the <authpf-users> table. |
| |
<li>Support AH as well as ESP flows for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a> IPsec. |
| |
<li>Fix a bogus return statement in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> tables code when dealing with non-IP packets. |
| |
<li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a> peers to request route refreshes. |
| |
<li>Keep track of SAs inserted by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a>, making it easier to remove them later. |
| |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> return-rst work on pure bridges. |
| |
<li>Remove the assumption, found in a number of places in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>, that af !=INET6 implies af==AF_INET. |
| |
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a> print <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4">carp(4)</a> packets as carp, and not VRRP. |
| |
<li>Some fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4">carp(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfsync&sektion=4">pfsync(4)</a> statistics counters. |
| |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4">carp(4)</a> sensitive to its physical interface: If the physical interface drops, so does the carp interface; and have all other carp interfaces back off (i.e. don't preempt, and set high advskew) so this host is unlikely to stay as master. |
| |
<li>Add IPv6 support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=authpf&sektion=8">authpf(8)</a>. |
| |
<!-- ^ 20040428 --> |
| |
<li>Generate an <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> host key in /etc/<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rc&sektion=8">rc(8)</a>, just like the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> host keys. |
| |
<li>Add IKE to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a>'s IPsec support. |
| |
<li>Exit gracefully from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> with the -vvsq option if no queues are in use. |
| |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&sektion=8">spamd(8)</a> pass a valid pointer as the fourth argument to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getaddrinfo&sektion=3">getaddrinfo(3)</a>. |
| |
<li>Add back a couple of missing break statements in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a>, unbreaking tcpmd5. |
| |
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>'s normaliser check that a TCP RST has exactly the right sequence number. The check only works when we're doing full fragment reassembly. |
| |
<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsecadm&sektion=8">ipsecadm(8)</a> looping forever when displaying zero-sized extensions. |
| |
<li>Allow only BGP traffic over the IPsec flows set up by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a>. |
| |
<li>A number of quad fixes in libc. |
| |
<li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> to pass specified environment variables from client to server (OpenSSH bugzilla #815). |
| |
<li>Support RFC2918 "Route Refresh Capability for BGP-4" in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a>. |
| |
<li>Fix incomplete removal of altq when loading a new rulebase that doesn't contain altq rules. |
| |
<!-- ^ 20040427 --> |
| |
<li>New program <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdrop&sektion=8">tcpdrop(8)</a> that uses the sysctl interface to drop TCP connections. Not built by default yet. |
| |
<li>Add a -n (no name lookup) flag to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systat&sektion=1">systat(1)</a>. |
| |
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=select&sektion=2">select(2)</a>'s readability detection for NFS filehandles (PR#3757). Broken in the change to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=poll&sektion=2">poll(2)</a> backends, fix from UFS code. |
| |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&sektion=8">spamd(8)</a>, clear the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getaddrinfo&sektion=3">getaddrinfo(3)</a> hints structure before use. |
| |
<li>Break an infinite recursion between tcp_output() and tcp_mtudisc() when the TCP MSS gets to be larger then the interface MTU. Connections will still stall, however. |
| |
<li>Allow TCP MSS below the failsafe 216 iff <!-- 'iff' is not a typo --> the interface MTU is less than 256. |
| |
<li>Back out (for now) the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=em&sektion=4">em(4)</a> buffer allocation increase (though not the deferred allocation) as it breaks older cards. |
| |
<li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cron&sektion=8">cron(8)</a> to send mail to logins containing an underscore character. |
| |
<li>Add direct support in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a> for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> between peers. Manual keying only for now. |
| |
<li>Much stricter checking of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bpf&sektion=4">bpf(4)</a> code, preventing arbitrary reads and writes of kernel memory.<br> |
| |
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> |
| |
<li>Allocate more buffers for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=em&sektion=4">em(4)</a> cards, but defer that allocation until <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifconfig&sektion=8">ifconfig(8)</a> up and remove it on interface shutdown. |
| |
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=route&sektion=8">route(8)</a>'s display of the gateway when set using an explicit -gateway modifier. |
| |
<li>When IF_INPUT_ENQUEUE() queues an <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mbuf&sektion=9">mbuf(9)</a> with a cluster, check to see if the data in the cluster will fit into the mbuf and if so, copy the data and deallocate the cluster. |
| |
<li>For <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fxp&sektion=4">fxp(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sis&sektion=4">sis(4)</a>, permanently allocate only the minimum number of buffers. Allocate and deallocate receive buffers when <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifconfig&sektion=8">ifconfig(8)</a> brings the interface up and down respectively. |
| |
<li>Bandwidth checking fixes in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=altq&sektion=9">altq(9)</a>. Now a bandwidth of zero is allowed, producing a blackhole queue for CBQ and a realtime-only queue for HFSC. |
| |
<li>Add some <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=htonl&sektion=3">htonl(3)</a> paranoia around <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=arc4random&sektion=9">arc4random(9)</a> calls in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>, so that biases in the PRNG won't leak the firewall's byte order. |
| |
<li>Fix corruption of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>'s address pools when using more than 256 rules.<br> |
| |
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> |
| |
<li>In /etc/<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rc&sektion=8">rc(8)</a>, check that <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4">carp(4)</a> interfaces really exist before attempting to bring them down at shutdown time. |
| |
<li>Start work on peer-to-peer IPsec support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a>. |
| |
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a> announce RFC2858 multiprotocol capabilities. Only IPv4 multicast is supported for now. |
| |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a> prefer older (more stable) routes before resorting to comparison of BGP IDs and peer IP addresses. |
| |
<li>Add a reference count for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> anchor rules. |
| <!-- ^ 20040426 --> |
<!-- ^ 20040426 --> |
| <li>Since <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isprint&sektion=3">isprint(3)</a> doesn't consider all whitespace printable, also use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isspace&sektion=3">isspace(3)</a> for the binary file test in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=less&sektion=1">less(1)</a>. |
<li>Since <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isprint&sektion=3">isprint(3)</a> doesn't consider all whitespace printable, also use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isspace&sektion=3">isspace(3)</a> for the binary file test in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=less&sektion=1">less(1)</a>. |
| <li>Fix float -> quad conversion in libc. |
<li>Fix float -> quad conversion in libc. |
|
|
| <li>Respect access rights on a union filesystem (PR#745). |
<li>Respect access rights on a union filesystem (PR#745). |
| <li>Add a few pieces missed in the merge of OpenSSL 0.9.7d. |
<li>Add a few pieces missed in the merge of OpenSSL 0.9.7d. |
| <li>Add input queue congestion flag support to a few interfaces that can't use the new IF_INPUT_ENQUEUE macro. |
<li>Add input queue congestion flag support to a few interfaces that can't use the new IF_INPUT_ENQUEUE macro. |
| <li>Prevent an endless loop in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> with 'route-to lo0' rules (PR#3736). |
<li>Prevent an endless loop in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> with 'route-to lo0' rules (PR#3736).<br> |
| |
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> |
| <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=authpf&sektion=8">authpf(8)</a> run <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> to change the rulebase instead of sucking in code from pfctl and doing it itself. |
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=authpf&sektion=8">authpf(8)</a> run <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> to change the rulebase instead of sucking in code from pfctl and doing it itself. |
| <li>Set MINCLSIZE back to its smaller pre-KAME IPv6 value, so now clusters will be used more often. |
<li>Set MINCLSIZE back to its smaller pre-KAME IPv6 value, so now clusters will be used more often. |
| <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfsync&sektion=4">pfsync(4)</a>, purge only a specific expired state instead of doing an expensive purge all expired states while running at a high <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spl&sektion=9">spl(9)</a>. |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfsync&sektion=4">pfsync(4)</a>, purge only a specific expired state instead of doing an expensive purge all expired states while running at a high <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spl&sektion=9">spl(9)</a>. |
|
|
| <li>Give <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=routed&sektion=8">routed(8)</a> a local copy of the radix tree code, so it doesn't get (re)broken by net/radix.c changes. |
<li>Give <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=routed&sektion=8">routed(8)</a> a local copy of the radix tree code, so it doesn't get (re)broken by net/radix.c changes. |
| <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=3">ssl(3)</a> S/MIME work again. |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=3">ssl(3)</a> S/MIME work again. |
| <li>Add 'neighbor cloning' to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a>, allowing a configuration to be specified for a network/prefixlength pair as well as the peer IP address. The configuration is cloned for each new peer in the given address range. |
<li>Add 'neighbor cloning' to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a>, allowing a configuration to be specified for a network/prefixlength pair as well as the peer IP address. The configuration is cloned for each new peer in the given address range. |
| <!-- TCPCTL_DROP XXX --> |
<li>Add tcpdrop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a>, allowing a userland program terminate a TCP connection. |
| <li>Some string cleaning in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ddb&sektion=4">ddb(4)</a>. |
<li>Some string cleaning in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ddb&sektion=4">ddb(4)</a>. |
| <li>Fix a missing return statement in in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a>'s control connection error path. |
<li>Fix a missing return statement in in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a>'s control connection error path. |
| <li>Add multipath support to the radix tree, allowing multiple routes to a single destination (though it won't actually get you anywhere just yet). From KAME. |
<li>Add multipath support to the radix tree, allowing multiple routes to a single destination (though it won't actually get you anywhere just yet). From KAME. |
|
|
| <li>If kernel <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> and/or <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipcomp&sektion=4">ipcomp(4)</a> processing is disabled by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a>, pass any packets through as raw IP to give userland a chance to handle them. |
<li>If kernel <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> and/or <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipcomp&sektion=4">ipcomp(4)</a> processing is disabled by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a>, pass any packets through as raw IP to give userland a chance to handle them. |
| <li>Sync the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=em&sektion=4">em(4)</a> driver with FreeBSD. |
<li>Sync the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=em&sektion=4">em(4)</a> driver with FreeBSD. |
| <li>Tidy up <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=usb&sektion=4">usb(4)</a> kernel configs in line with recent i386 changes. |
<li>Tidy up <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=usb&sektion=4">usb(4)</a> kernel configs in line with recent i386 changes. |
| <li>Restore <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=siop&sektion=4">siop(4)</a>'s ability to detect SCSI options after the recent probe changes. |
<li><font color="#e00000"><strong>RELIABILITY FIX: Restore the ability to negotiate tags/wide/sync with some SCSI controllers</strong></font> (<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=siop&sektion=4">siop(4)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=trm&sektion=4">trm(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=iha&sektion=4">iha(4)</a>).<br> |
| |
<a href="errata.html#scsi">A source code patch is available</a>.<br> |
| |
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> |
| <li>Since <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&sektion=8">dhcpd(8)</a> can now be invoked legitimately without an interface, don't abort when the user doesn't give any options. |
<li>Since <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&sektion=8">dhcpd(8)</a> can now be invoked legitimately without an interface, don't abort when the user doesn't give any options. |
| <!-- ^ 20040418 --> |
<!-- ^ 20040418 --> |
| <li>New _tftpd user and group. |
<li>New _tftpd user and group. |
|
|
| <li>If an interface input queue becomes full, set a new congestion flag in the queue structure. Since a full queue usually indicates processing overload, this flag can be used to allow other subsystems to cooperate in easing the situation. |
<li>If an interface input queue becomes full, set a new congestion flag in the queue structure. Since a full queue usually indicates processing overload, this flag can be used to allow other subsystems to cooperate in easing the situation. |
| <!-- ^ 20040417 --> |
<!-- ^ 20040417 --> |
| <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a> show the number of mbuf clusters in use rather than the number of pages. |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a> show the number of mbuf clusters in use rather than the number of pages. |
| <li>Fix a ufs directory-related panic (PR#3672). Fix from FreeBSD. |
<li>Fix a ufs directory-related panic (PR#3672). Fix from FreeBSD.<br> |
| |
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> |
| <li>Have the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1">cvs(1)</a> server check for attempts by a client to walk up the directory tree illegally. |
<li>Have the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1">cvs(1)</a> server check for attempts by a client to walk up the directory tree illegally. |
| <li>Perform some additional checks on the paths fed to the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1">cvs(1)</a> client by the remote server. |
<li>Undo a non-fix in shared memory <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> kern.shminfo.shmmni.<br> |
| |
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> |
| |
<font color="#e00000"><strong>SECURITY FIX: Pathname validation problems have been found in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1">cvs(1)</a></strong></font>, allowing malicious clients to create files outside the repository, allowing malicious servers to overwrite files outside the local CVS tree on the client and allowing clients to check out files outside the CVS repository.<br> |
| |
<a href="errata.html#cvs">A source code patch is available</a>.<br> |
| |
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> |
| <li>Some address family agnosticism in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a>. |
<li>Some address family agnosticism in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a>. |
| <li>Let <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpctl&sektion=8">bgpctl(8)</a> show IPv6 peer addresses in neighbour view. |
<li>Let <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpctl&sektion=8">bgpctl(8)</a> show IPv6 peer addresses in neighbour view. |
| <!-- ^ 20040416 --> |
<!-- ^ 20040416 --> |
|
|
| <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=9">crypto(9)</a>, add cases for sha2 algorithms in swcr_authcompute(). |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=9">crypto(9)</a>, add cases for sha2 algorithms in swcr_authcompute(). |
| <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systat&sektion=1">systat(1)</a> screen updates after resuming from a ^Z. |
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systat&sektion=1">systat(1)</a> screen updates after resuming from a ^Z. |
| <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> antispoof rules work with dynamic interfaces. |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> antispoof rules work with dynamic interfaces. |
| <li>Match on all characters of the interface name in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> parser. |
<li>Match on all characters of the interface name in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> parser.<br> |
| |
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> |
| <li>Make sure privsep <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a> transitions into STATE_RUN even when writing to stdout with '-w -'. |
<li>Make sure privsep <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a> transitions into STATE_RUN even when writing to stdout with '-w -'. |
| <li>Implement AI_NUMERICSERV (from RFC3493) in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getaddrinfo&sektion=3">getaddrinfo(3)</a>. |
<li>Implement AI_NUMERICSERV (from RFC3493) in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getaddrinfo&sektion=3">getaddrinfo(3)</a>. |
| <li>Since the UDP checksum in mandatory in IPv6, drop any input packets where it's absent and make sure it's set even for error output. |
<li>Since the UDP checksum in mandatory in IPv6, drop any input packets where it's absent and make sure it's set even for error output. |
|
|
| <li>New _PATH_DEVFD and _PATH_VAREMPTY constants in <paths.h>. |
<li>New _PATH_DEVFD and _PATH_VAREMPTY constants in <paths.h>. |
| <li>Fix a null deref in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslogd&sektion=8">syslogd(8)</a>. |
<li>Fix a null deref in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslogd&sektion=8">syslogd(8)</a>. |
| <li>Have new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcrelay&sektion=8">dhcrelay(8)</a> do a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chroot&sektion=2">chroot(2)</a> to /var/empty and drop privileges. |
<li>Have new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcrelay&sektion=8">dhcrelay(8)</a> do a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chroot&sektion=2">chroot(2)</a> to /var/empty and drop privileges. |
| <li>In libpthread, update curthread immediately after a thread switch. |
<li>In libpthread, update curthread immediately after a thread switch.<br> |
| |
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> |
| <li>New _dhcp user and group for, funnily enough, the DHCP programs. |
<li>New _dhcp user and group for, funnily enough, the DHCP programs. |
| <!-- ^ 20040413 --> |
<!-- ^ 20040413 --> |
| <li>Refactor the installer's network initialisation code into IPv4-specific sections in preparation for IPv6. |
<li>Refactor the installer's network initialisation code into IPv4-specific sections in preparation for IPv6. |
|
|
| <li>Huge cleanup of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mopd&sektion=8">mopd(8)</a>. |
<li>Huge cleanup of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mopd&sektion=8">mopd(8)</a>. |
| <li>Implement a rate limit for TCP ACKs of 100pps, and use this more general mechanism for in-window SYN handling too. |
<li>Implement a rate limit for TCP ACKs of 100pps, and use this more general mechanism for in-window SYN handling too. |
| <li>Safely handle aborts in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=malloc&sektion=3">malloc(3)</a> etc. without tripping the recursive call handler by mistake. |
<li>Safely handle aborts in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=malloc&sektion=3">malloc(3)</a> etc. without tripping the recursive call handler by mistake. |
| <li>Fix reliability problems with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bge&sektion=4">bge(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gdt&sektion=4">gdt(4)</a>. |
<li><font color="#e00000"><strong>RELIABILITY FIX: Under load "recent model" gdt(4) controllers will lock up.</strong></font><br> |
| |
<a href="errata.html#gdt">A source code patch is available</a>.<br> |
| |
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> |
| <!-- ^ 20040412 --> |
<!-- ^ 20040412 --> |
| <li>Fix an accidental busy-wait in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sensorsd&sektion=8">sensorsd(8)</a>. |
<li>Fix an accidental busy-wait in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sensorsd&sektion=8">sensorsd(8)</a>. |
| <li>Increase the maximum number of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pty&sektion=4">pty(4)</a> devices to 992. See the <a href="http://www.openbsd.org/faq/upgrade-minifaq.html">Upgrading Mini-FAQ</a> item 3.5.1 for upgrade instructions. |
<li>Increase the maximum number of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pty&sektion=4">pty(4)</a> devices to 992. See the <a href="http://www.openbsd.org/faq/upgrade-minifaq.html">Upgrading Mini-FAQ</a> item 3.5.1 for upgrade instructions. |
|
|
| <li>Never allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> states propogated via <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfsync&sektion=4">pfsync(4)</a> to overwrite newer states held locally. If an overwrite is attempted, broadcast the newer version to the network to speed resynchronisation. |
<li>Never allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> states propogated via <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfsync&sektion=4">pfsync(4)</a> to overwrite newer states held locally. If an overwrite is attempted, broadcast the newer version to the network to speed resynchronisation. |
| <li>Under Linux emulation, pass <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=madvise&sektion=2">madvise(2)</a> straight through to the native syscall. |
<li>Under Linux emulation, pass <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=madvise&sektion=2">madvise(2)</a> straight through to the native syscall. |
| <!-- ^ 20040405 --> |
<!-- ^ 20040405 --> |
| <li>On receipt of an in-window TCP SYN (Stevens vol.II p.964), return a 100pps rate-limited ACK instead of blindly RST'ing the connection. |
<li><font color="#e00000"><strong>RELIABILITY FIX: Reply to in-window SYN with a rate-limited ACK.</strong></font><br> |
| |
<a href="errata.html#tcp">A source code patch is available</a>.<br> |
| |
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> |
| <li>Don't try to recreate the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xfs&sektion=1">xfs(1)</a> logfile after dropping privileges. |
<li>Don't try to recreate the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xfs&sektion=1">xfs(1)</a> logfile after dropping privileges. |
| <li>Don't abort <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xfs&sektion=1">xfs(1)</a> gracelessly when handling an unimplemented protocol request. |
<li>Don't abort <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xfs&sektion=1">xfs(1)</a> gracelessly when handling an unimplemented protocol request. |
| <!-- ^ 20040404 --> |
<!-- ^ 20040404 --> |
![[BACK]](/icons/back.gif){kind=icon}
Return to plus.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www