===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.757
retrieving revision 1.758
diff -u -r1.757 -r1.758
--- www/plus.html 2001/04/23 23:05:53 1.757
+++ www/plus.html 2001/04/24 06:59:17 1.758
@@ -14,7 +14,7 @@
![[OpenBSD]](images/smalltitle.gif)
-
Changes made between OpenBSD 2.8 and OpenBSD-current
+Changes made between OpenBSD 2.9 and OpenBSD-current
This is a partial list of the major machine independent changes
@@ -40,6 +40,7 @@
For changes leading up to OpenBSD 2.6, click here.
For changes leading up to OpenBSD 2.7, click here.
For changes leading up to OpenBSD 2.8, click here.
+For changes leading up to OpenBSD 2.9, click here.
@@ -48,676 +49,7 @@
We are working on OpenBSD-current.
-- SECURITY FIX: Avoid DoS attack in ftpd using glob patch.
- A patch is available.
- [Applied to stable]
- - SECURITY FIX: Fix ipf fragment caching bug.
- A patch is available.
- [Applied to stable]
- - SECURITY FIX: Fix buffer overflows contained in glob(3) function.
- A patch is available.
- [Applied to stable]
- - Check for short packets and bad types sent to timed(8).
- [Applied to stable]
- - OpenSSH 2.5.2 released.
- [Applied to stable]
- - SECURITY FIX: Be careful with file permissions in readline library
- A patch is available.
- [Applied to stable]
- - Make buffer size 8k on NE1000, and 16k otherwise for
-ne.
- [Applied to stable]
- - Move bogus packet length test in udp packets to avoid being stuck at splsoftnet.
- [Applied to stable]
- - SECURITY FIX: for ipsec(4), handle AH packets with IP options more strictly.
- A patch is available.
- [Applied to stable]
- - SECURITY FIX: on i386, check arguments to USER_LDT (not enabled by default) mappings.
- A patch is available.
- [Applied to stable]
- - SECURITY FIX: update to sudo-1.6.3p6 which fixes a buffer overflow on very long argv components.
- A patch is available.
- [Applied to stable]
- - OpenSSH 2.5.1 released.
- [Applied to stable]
- - IMPLEMENTATION FIX: fix port number computation in libwrap client side ident implementation.
- A patch is available.
- [Applied to stable]
- - Disable bogus file check in cvs(1).
- [Applied to stable]
- - OpenSSH 2.5.0 released.
- [Applied to stable]
- - OpenSSH 2.3.2 released.
- [Applied to stable]
- - In tcpdump(8), deobfuscate some IP protocols and improve IPSEC tunnelmode printing.
-
- Set the offset for SCSI chain B properly in the VAX ncr(4) driver.
-
- Import XFree86 4.0.2.
-
- Long username fixes to lpd(8) and lprm(1).
-
- Convert the powerpc port to UVM(9).
-
- Import siop(4), a replacement for the ncr(4) SCSI driver.
-
- Support more NE2000 PCMCIA devices.
-
- Avoid passing shared mbufs around the kernel to prevent accidental overwrites.
-
- Add pcscp(4), a driver which supports AMD Am53c974 SCSI controllers.
-
- Modify sliplogin(8) to handle long usernames.
-
- Add portsplus.html which tracks changes to the ports collection.
-
- Allow X to work without pcvt(4).
-
- Fix an authorizer removal problem in keynote(3).
-
- Deactivate function pointers upon interface detach to avoid crashes.
-
- Deal with the real time clock losing interrupts on i386.
-
- Bump maxusers to 32 in the alpha port.
-
- Avoid a theoretical buffer overflow in getpwent(3).
-
- Fix an uninitialized variable in bsd.port.mk(5).
-
- Disregard ospeed in tetris(6).
-
- Modify wall(1) to handle long usernames.
-
- Many isp(4) SCSI driver improvements and updates.
-
- Fix goto-line 0 case in mg(1).
-
- Fix PermitRootLogin option in ssh(1).
-
- In brconfig(8), skip empty lines in the rulefile.
-
- Fix HTTP installs, which were broken for quite awhile.
-
- Repair statclock on mvme88k.
-
- Ensure softupdates is enabled before performing softupdates-specific operations.
-
- Define a sendmail(8) variable to workaround broken name servers.
-
- Allow up to 12 virtual terminals in wscons(4).
-
- Correct VAX signal handling.
-
- Cleanup MAC support in SSH2.
-
- Support attachment of Cheetah devices to vsbus as well as ibus in the VAX port.
-
- Disable a bogus file check in cvs(1) to ease the pain of having replicated repositories.
-
- Ensure $RSH is set in the rcmd(3) functions.
-
- String table fixes to ddb(4) and modload(8).
-
- Update wscons(4) code.
-
- Pull in fixes for potential buffer overflows in xdm(1).
-
- Compatibility fixes to tar(1).
-
- Many OpenSSH cleanups and improvements.
-
- New ELF symbol handling in ddb(4).
-
- Enable wscons support in XFree86.
-
- Modify PCI power state for clct(4) devices so they work after warm reboots.
-
- Repair BPF support in gre(4).
-
- Fix an uninitialized variable in wsdisplay(4).
-
- Fix file attribute passing in sftp-server(8).
-
- Correct a memory usage error in ssh-keyscan(1).
-
- Add support to the powerpc for loading the bootloader and kernel from an HFS filesystem.
-
- Better failure handling in vr(4).
-
- Add support to dc(4) for parsing media blocks from Intel 21143 SROMs.
-
- Strengthen SSH1 to make traffic analysis more difficult.
-
- Updates to /etc/services from IANA.
-
- In ssh(1), enforce non-batch_mode if StrictHostKeyChecking is set to "ask".
-
- Backport a buffer overflow fix from XFree86 4.0.2 to in-tree XFree 3.3.6.
-
- Stricter prototypes, type fixes, and other cleanups in OpenSSH.
-
- Switch IPv6 raw socket code from NRL to KAME.
-
- Stricter checking in SSH2.
-
- Implement an upper limit for icmp6(4) redirects.
-
- Fix rwhod(8) to work, and make debug code a flag option.
-
- Mark our tree such that we use wscons(4) as if it is vt220, instead of vt100.
-
- In wscons(4), when scrolled back, if a new key is pressed, reset us to our previous location, as pcvt(4) used to do.
-
- Permit sftp(1) over SSH1 protocol.
-
- In sftp(1), do not forward agent or X11 traffic.
-
- In tar(1), fix -T option and add support for -C option
-
- Honor TMPDIR variable in tar(1), cpio(1), and pax(1).
-
- perl(1) patch CHANGE6214.
-
- New route6d(8).
-
- Numerous more changes to sftp-server(8) and sftp(1).
-
- Changes to accept(2) to permit return of ECONNABORTED.
-
- Quieten IPv6 DN message reporting by default.
-
- Improve xmalloc() and friends in ssh(1) code..
-
- Remove dead architecture support from the tree.
-
- Remove support for #! from syslogd(8).
-
- cac(4) driver to support Compaq Smart ARRAY RAID controllers.
-
- Ignore blank lines in hostname.if(5) files.
-
- In ssh(1), add -1 option to force protocol 1.
-
- Enable sftp-server(8) by default.
-
- Numerous bug fixes to sftp-server(8) and sftp(1).
-
- Make scsi work on the vaxstation 4000/90.
-
- Same for tun(4), gif(4), and others..
-
- Change lo(4) initialization code so that boot -c pseudo-device editing code can affect it in the expected fashion.
-
- If kernel has ddb(4) support, add a ddb sub-command inside boot -c.
-
- Teach the bridge to deal with ARP alignment in the presence of numerous previous layers...
-
- EtherIP support in tcpdump(8).
-
- Fix a bug introduced a few weeks ago in yppush(8).
-
- A bit of a trawl through the source tree to please the alpha, since various problems occur in the absence of perfect weak symbols.
-
- libc_r works on the alpha now.
-
- Many new fixes to sort(1).
-
- Teach config -e and boot -c about pseudo-devices.
-
- Fix perl(1) h2ph scripts.
-
- More bridge(4) fixes for unicast learning.
-
- Add sftp(1) client.
-
- Fix an off-by-{1,2,4} error in i386_space_copy(). wscons(4) now works perfectly.
-
- More fixes to rtadvd(8).
-
- Fix bugs in atc(6), snake(6), battlestar(6), phantasia(6), and adventure(6).
-
- Enable scrollback from USB keyboards.
-
- Numerous improvements in ppp(8).
-
- At ELF execve(2) time, check for the OpenBSD note first, so that native binaries run best.
-
- Attempt to share crtbegin/crtend in ELF csu, including an OS note.
-
- Change powerpc ld.so(1) so all architectures use DT_INIT for ctors/init.
-
- Fix overlapping bus space copy operations on i386.
-
- Move EtherIP to version 3 (2 byte padded header).
-
- Art does battle with ksyms(4), gets wounded, but eventually wins.
-
- In sshd(8), S/Key is now called ChallengeResponse.
-
- Make ReverseMappingCheck optional in sshd_config.
-
- Mickey the madman goes on a new timeout crawl through pci and isa drivers.
-
- Fix nlist(3) emulation for cases where the ELF header does not exist; permits /dev/ksyms to work on ELF machines.
-
- Emulate some new freebsd signal(2) related things in compat_freebsd(8).
-
- In IPv6, avoid panic when packet to nonexistent link-local address is issued.
-
- xl(4) no longer needs to whine about tx underruns.
-
- Fix ELF support for compat_freebsd(8).
-
- Catch the alpha up to wscons(4) changes.
-
- Fix wscons(4) wsmux(4) attachment.
-
- Support mvme188 card in mvme88k port.
-
- If a pccbb(4) bridge does not have the right voltages, assume it is dead. Permits single connector adapters to work.
-
- Fix some bugs in the bridge(4), especially regarding gif(4).
-
- IMPLEMENTATION FIX: fix memory allocation in the PCI LANCE ethernet driver, le(4).
- A patch is available.
- [Applied to stable]
- - In config(8) -e and -u, do not write out a new kernel if nothing changed.
-
- Numerous fat utmp(5) changes to utilities.
-
- Move utmp(5) to large format.
-
- Fix some incorrect return values for mmap(2) functions.
- [Applied to stable]
- - Make top(1) not setgid.
-
- Update X11 to support the new i386 changes.
-
- Configure wscons(4) defaults to be what our users expect.
-
- moused(8) is dead for now.
-
- Enable uhci(4) and ohci(4) devices by default in GENERIC.
-
- Range-check invalid .max fields in inetd(8).
-
- Various post-merge ipf fixes. Some previous fixes got removed and had to be put back in.
-
- In ATAPI code, ignore PIOMODE errors.
-
- On many architectures, change console name to ttyC? instead of ttyE?.
-
- Add -U option to ELF ldconfig(8).
-
- Move i386 to wscons(4).
-
- Re-org the alpha boot floppies.
-
- More improvements against the Bleichenbacher pkcs#1 attack.
-
- Fix more select overflow issues in ssh(1).
-
- gcc 2.95.3, test 2.
-
- ises(4), start of a driver for the Pijnenburg PCC-ISES crypto chip. Does random entropy insertion.
-
- Permit many compat system calls to match to the same native call (was not permitted before).
-
- A bunch of people are doing a kernel trawl to update drivers to new timeouts.
-
- Support boot -c on the sparc.
-
- Fix an early timeout bug in wdc/ata support, which caused problems with atapi tape drives.
-
- Niklas runs through the tree doing commits in an attempt to keep up with Todd's much higher commit count.
-
- Receive random numbers from ubsec(4) cards.
-
- Make wdc mode printing more portable, so that the powerpc can use it too.
-
- adb(4) drivers in powerpc port.
-
- New upl(4) driver for Prolific PL2301/PL2302 USB host-to-host driver. This acts like a network device.
-
- Remove -Q flag from sshd(8).
-
- Change audio-driver interface so drivers can supply a minimum delta for mixer value changes.
-
- USB sync.
-
- SECURITY FIX: fix some buffer overflows in named(8).
- A patch is available.
- [Applied to stable]
- - Support Cheetah vaxes.
-
- Improve MAKEDEV(8) manual pages on many architectures.
-
- Cause pcibios(4) to route interrupts via the pci router at the time interrupts are established for each driver, not before.
-
- Optimize pcidevs, usbdevs(8), and other tables in the kernel.
-
- Both wi(4) and awi(4) now support more models of cards.
-
- skey(1) SHA1 is supposed to be little endian.
-
- Improve ping6(8) signal handling further.
-
- Merge isakmpd(8) in. It is no longer separate.
-
- Many ppp(8) improvements.
-
- Handle binary data in install floppy dmesg.
-
- Improve ELF handling of nlist(3).
-
- Print CPU speed in GHz if it is that fast.
-
- Detect Transmeta cpus.
-
- On powerpc, ensure that signal delivery fills in rval[1]; at least pthread was affected.
-
- Move powerpc to MACHINE_NEW_NONCONTIG.
-
- In mg(1), do not use rename(2) on the ~ file; make a new copy so that vipw(8) and crontab(1) do the right thing.
-
- Tweak alpha so it sends SIGBUS for unaligned access, and does NOT do a fixup. This encourages people to fix their code.
-
- KGDB support for the i386.
-
- Pack alpha definition of infinity properly, other architectures too.
-
- Recognize Intel P4 cpu.
-
- Various space optimizations for alpha boot floppies.
-
- Fix CF wdc, which was broken for a while.
-
- Add "enable" keyword in config(8) files.
-
- Merge and simplify emulation directory handling code.
-
- Support Initio INI-91xx cards via new iha(4) driver.
-
- In accept(2), when peer disconnects before accept is issued, do not return junk in mbuf by setting length to 0.
-
- Support Hardware RNG on i850 and i860 hubs.
-
- Fix sysctl(3) so that you can clear a string with it.
-
- In sshd(8), rename "skey" to "challenge response", since this mechanism is now more flexible.
-
- Reduce how long we wait for scsi devices to come ready; 50 seconds is enough.
-
- pcvt keyboard LED update lockup patch.
-
- ncurses-5.2-20010114
-
- Fix many more sshd(8) memory leaks.
-
- Fix memory leak in isakmpd(8).
-
- In timed(8), do not accept packets with an unterminated hostname.
- [Applied to stable]
- - Alias map bios rom at both real address and it's own zero-relative address, because bios roms contain bugs.
-
- In rtadvd(8), sync router renumbering flag bit to conform to 2292bis-02 and RR RFC.
-
- Get rid of -R flag in ssh-keygen(1).
-
- Avoid memory leak in ndp(8).
-
- Establish pccbb(4), ohci(4), and uhci(4) interrupt handler much earlier, because of coming pcibios(4) changes.
-
- Numerous small fixes to sshd(8) and friends.
-
- In ssh(1), fix SIGSEGV for -o "".
-
- On i386, validate gate targets.
-
- The easy delete key always returns ^?, while the more difficult one returns ^H.
-
- Incorporate a set of post-4.4BSD changes to the kernel routing code.
-
- Support more than 256MB of ram on powerpc.
-
- Be more careful with assuming with VIA chips can handle U66.
-
- Document better how code using sigblock(3) and sigsetmask(3) would be converted to use sigprocmask(2).
-
- Get sshd(8) ready for auth-login.
-
- In ifconfig(8), permit prefixlen to work against ipv4 addresses.
-
- Change savecore(8) to deal with machines dumping 1GB or more..
-
- Attempt to deal with inverted signal races in terminal handlers better, throughout the source tree -- ie. main code is deep inside stdio, signal handler calls exit().
-
- Document rules that apply to signal handlers in signal(3) and sigaction(2).
-
- ipf 3.4.15
-
- Fix a vi(1) crash.
-
- SECURITY FIX: The rnd(4) device does not use all of its input when data is written to it.
- A patch is available.
- [Applied to stable]
- - Fix C sequence point issues in dd(1), monop(6), tail(1), and rbootd(8).
-
- Fix previous inetd(8) fix.
-
- Fix signal handler race in apmd(8), bootpd(8), syslogd(8).
-
- Constrain isp(4) openings to 128, since the vendor code lies, cheats, steals, and makes us cry.
-
- Fully support SSH2 RSA keys in sshd(8).
-
- Change alpha bootblocks to ELF.
-
- Fix fd_set overflows and signal races in pppoe(1).
-
- Important pthread fix.
-
- Large block of documentation and functionality changes to mail(1).
-
- fd_set overflow fix to routed(8).
-
- Signal handler fix to newfs(1).
-
- Cleanup various signal races and buffer overflows in ed(1).
-
- Fix signal race in mountd(8) by writing our own svc_run() routine.
-
- Fix uninitialized variable bug in config(8) UKC code that ignored first command sometimes.
-
- Various changes ensure that all known le(4) cards now work on sun4, sun4c, and sun4m machines.
-
- Tweak subr_extent code with respect to boundary cases.
-
- sftp-server(8) draft came out; convert our sftp-server(8) to be compliant.
-
- sendmail 8.11.2
-
- Signal race fixes to fsck_ffs(8), rcp(1), slattach(8), shutdown(8).
-
- Change asm and volatile to __asm__ and __volatile__ in any file which might be compiled using -ansi -pedantic or similar.
-
- Some signal handler cleanup in rcp(1).
-
- Cleanup timeout code in adw(4).
-
- Numerous alpha catchups.
-
- New rtadvd(8) code.
-
- Compute UDP checksum in dhcpd(8).
-
- Move mvme88k to UVM(9).
-
- clct(4) driver for Cirrus Logic CS4281 sound chips.
-
- Support {Allow,Deny}Groups in sshd(8).
-
- sshd(8) SSH2 protocol support for keepalives, IPTOS_LOWDELAY, TCP_NODELAY, and IPTOS_THROUGHPUT.
-
- Add kerberos(1) password handling in sshd(8) for kerberosIV.
-
- More memory leak fixes to sshd(8) and ssh(1).
-
- Tweak strlcat(3) to not crash for a certain "illegal pointers, length 0" situation.
-
- Clarify setjmp(3) variants in the manual pages.
-
- Correct fd_set and signals in ping6(8).
-
- Un-race three signal handlers, and fix select overflows in inetd(8).
-
- Fix signal race in route6d(8).
-
- Move mvme88k to MACHINE_NEW_NONCONTIG.
-
- Fix signal races in rwhod(8).
-
- Fix fd_set overflow in yppush(8).
-
- Fix closedown stub generated and hand-whacked by rpcgen(1) in ypserv(8).
-
- Audio driver for most ESS maestro(8) models.
-
- Signal race repairs in talkd(8) and comsat(8).
-
- Fix select overflow in ssh-agent(1).
-
- Fix rpcgen(1) to deal with large fd_set.
-
- Document various signal races in the source tree which are very difficult to fix, or which turn out to be safe even if they look flawed.
-
- Rename ich(4) to auich(4).
-
- Cleanup the sftp-server(8) implementation.
-
- Support !command feature in bridename.if(5) files as well.
-
- Numerous other small changes to isakmpd(8).
-
- Handle memory failures in passwd(1).
-
- In finger(1), fail nicely if memory allocation fails.
-
- Handle DELETE payloads in isakmpd(8).
-
- Remove signal races from sshd(8).
-
- Ease support for road-warrior scenarious in isakmpd(8), by intuiting the Local-ID when possible.
-
- Change 802.11 DS drivers to operate in BSS mode by default.
-
- Create links for FD_SET(3) and such to point to the select(2) page.
-
- Support TCP_NDELAY on ipv6(4) in ssh(1).
-
- Numerous spelling error corrections in the system.
-
- Various other calendar updates.
-
- Ensure replydirname in ftpd(8) does not ever truncate names.
-
- Ensure ftpd(8) does not sometimes return a stray " at the end of a string.
-
- Various large updates to isp(4).
-
- In restore(8), do not skip TS_BITS or TS_CLRI are set.
-
- Change our own custom EtherIP protocol to the standard one (which is very badly designed, but we are trying to get them to fix that).
-
- Fix KerberosIV code to build better if src and obj are in strange places.
-
- Support Banner option in sshd(8).
-
- Make the openssh-p effort a bit easier by merging some simpler portability hacks.
-
- Various missing free(3) calls repaired in ssh(1).
-
- Attempt to support cardbus 3CXFEM656C 56k Global modem.
-
- In pciide(4), support U100 on ICH2, U66 on Via Apollo, and other repairs to Promise.
-
- Spelling changes to calendar files.
-
- Be more careful with stat(2) handling in mv(1).
-
- Fix %p handling in strptime(3).
-
- Fix various buffer overflows and other fixes in indent(1).
-
- Do not spit out icmp6 checksum messages if not a debug kernel.
-
-
- Permit stripped VAX kernels to load despite unexpected values from libsa.
-
- Simplify locking and a few more fixes to twe(4).
-
- Plug some memory leaks in OpenSSH.
-
- Fix -P in ftpd(8).
-
- Emulation fixes to the VAX code.
-
- Protect bits of dhclient(8) with a locking mechanism to prevent multiple instances from using the leases file simultaneously.
-
- Fix 3 cases in mv(1) relating to the moving of symlinks across filesystems.
-
- In ftpd(8), expand the tilde character in ftp-dir login.conf variable.
-
- Prohibit binding to an anycast, notready, or detached IPv6 address.
-
- Rename fsinfo(8) to xfsinfo in X11 to avoid naming conflict.
-
- Set the correct pfkeyv2 direction for KAME SPD entries in isakmpd(8).
-
- Save and restore errno properly in flex(1) since it may be whacked by isatty(3).
-
- Fix sending/receiving passwords in routed(8).
-
- Add an i386-specific sysctl(3) that modifies halt -p processing in APM to deal with some quirky machines.
-
- More sun3 fixes, mostly to conform better to other m68k architecture code.
-
- Handle login banners better in SSH2 instances of ssh(1).
-
- Various spelling and grammar fixes across the tree.
-
- Use new sysctl(3) interface for kernel memory bucket statistics and clock information.
-
- Correctly check for empty mailq(1) in /etc/daily.
-
- Y2K fix in the mvme68k NVRAM code.
-
- Extend sysctl(3) to support quad values.
-
- Improve SMB packet printing in tcpdump(8).
-
- Add common pidfile-writing code to DHCP so each program doesn't need to roll its own.
-
- To please cap_mkdb(1), make it an error to open a zero-length file for read-only access in hash(3).
-
- Some sun3 architecture fixes.
-
- Ignore environment variables in libssl if we're running setugid.
-
- In ssh(1), log the remote IP address on disconnect.
-
- Check for memory allocation failure in vmstat(8).
-
- Fix a buffer overflow in fsinfo(8).
-
- Handle another special case in apm(4).
-
- Fix a panic in the RAIDframe locking management code.
-
- Add setpid command to fdisk(8) for setting the partition ID.
-
- Change bridge(4) to use gif* instead of enc*.
-
- Set SO_REUSEPORT socket option in DHCP code, so multiple dhclients work.
-
- Allow printing of 8-bit ASCII characters in talk(1) through an option.
-
- Do not perform getnetbyname() in mountd(8) if the address is already in dot-notation.
-
- In ftpd(8), log the actual number of bytes transferred instead of the original file size.
-
- Fix ^C in termtype prompt.
-
- Prevent fsck_ffs(8) from marking a filesystem clean if fsck(8) needs to be rerun.
-
- Resolve scheduling conflict in newsyslog(8).
-
- In dhclient(8), set a reasonable default lease time if the server does not provide one.
-
- Suppress uninteresting PCI bus error messages in ahc(4).
-
- Add m88k support to gprof(1).
-
- Add HostKeyAlias option to ssh(1).
-
- Behave nicely with fixed-rate codecs in auvia(4).
-
- Fix a minor off-by-one error in gprof(1).
-
- In the ports infrastructure, take the old non-fake code out-of-line.
-
- Repair a disgusting rwhod(8) crash.
-
- Fix buffer overflow in csh(1) builtin printf(1) implementation.
-
- Convert atoi(3) to strtoul(3) in top(1).
-
- Emulate Linux truncate64, stat64, lstat64, and fstat64 syscalls.
-
- Revoke root privileges earlier in ping6(8) and traceroute6(8).
- [Applied to stable]
- - Many man page fixes.
-
- Use arc4random(3) in jot(1).
-
- Handle quotas over 4GB in edquota(8) and repquota(8).
-
- Fix IPv6 Path MTU Discovery.
-
- Give up euid more carefully in mrinfo(8) and mtrace(8).
-
- Various OpenSSH fixes.
-
- Add support for ActivCard, CRYPTOCard, and SNK-004 authentication for the BSD authentication framework.
-
- In ksh(1), remain in non-blocking mode if the shell is not interactive.
-
- SECURITY FIX: xlock now authenticates via a pipe.
- A patch is available.
- [Applied to stable]
- - IMPLEMENTATION FIX: PS/2 mouse driver, pms, lockup fix.
- A patch is available.
- [Applied to stable]
- - Implement a workaround in atapiscsi(4) for buggy Toshiba drivers.
-
- SECURITY FIX: Fix holes in procfs(8).
- A patch is available.
- [Applied to stable]
- - Put strlcat(3) and strlcpy(3) into libkern for kernel use.
-
- Fix setting of nwid for wi(4).
- [Applied to stable]
- - Change /etc/security to spit out unified diffs.
-
- Add driver for Compaq SMART Array RAID controllers, cac(4).
-
- Extend the i386 allowaperature sysctl(3) to allow access to the whole 1st MB of memory.
-
- Add some more sanity checking to the PCMCIA code to fix some obscure panics.
-
- Import Apache 1.3.14 + mod_ssl 2.7.1.
-
- Support multiple pfkeyv2 keying daemons.
-
- Compute diffie-hellman in parallel between server and client in OpenSSH.
-
- Support Amigas with more than 64MB of RAM.
-
- Ensure /etc/sudoers is created with a proper secure mode.
-
- Import OpenSSL 0.9.6.
-
- More photurisd(8) improvements.
-
- Update kernel pfkeyv2 code for better conformance to the RFC.
-
- Enable loading of ELF kernels for alpha.
-
- Add extraction support for shell archives to the bsd.port.mk infrastructure.
-
- In ipsec(9), look for TDB if gateway is unspecified.
- [Applied to stable]
- - Fixes to patch(1) -f and -b.
-
- Convert some more drivers to the new timeout(9) interface.
-
- Add bytecounter statistics reporting to netstat(1).
-
- Instrument more random TCP sequence numbers.
-
- IMPLEMENTATION FIX: Compute crypto(9) session IDs correctly for kernel.
- A patch is available.
- [Applied to stable]
- - In sshd(8), permit logins with read-only root filesystems if the tty already has sane modes set.
-
- Source port < 1024 is no longer required for rhosts-rsa in sshd(8).
-
- Remove dead code in hifn(4) driver.
-
- Proper getopt(3) usage in compress(1).
-
- Fix a time specification in last(1).
-
- Do not disable PMTU for established TCP connections unless there is data to send.
-
- Add support for the 802.1D spanning tree protocol to bridge(4).
-
- New BSD authentication login scripts.
-
- Listen to pfkeyv2 acquire messages in photurisd(8), and setup SAs accordingly.
-
- isakmpd(8) update.
-
- apm(4) bug fix that helps a few laptops.
-
- Remove unnecessary code from photurisd(8) in preparation of new SPD framework.
-
- Repair a memory leak in ICMPv6 code.
-
- Turn off PMTU when ICMP needfrag messages get blocked.
-
- Finnish updates for inter.phone.
-
- Display number of successful IPv6 PMTU changes in netstat(1) -s output.
-
- Do not re-print ETA on completion in scp(1) when copying 0-sized files.
-
- Validate ICMPv6 "too big" messages based on PCB.
-
- Do not use already-freed memory in route(8).
-
- Avoid repeated host controller halted messages in uhci(4).
-
- Remove unused libgmp.
-
- Import KerberosIV v1.0.4.
-
- Always request a new challenge for skey/tis-auth in ssh(1).
-
- Support newer cy(4) communication cards.
-
- Provide new international keymaps for pcvt(4).
-
- Ignore filesystems marked "xx" in the install scripts.
-
- Document that pipe(2) is bidirectional, although this behavior is unportable.
-
- Move the default cvs(1) connection protocol from rsh(1) to ssh(1).
-
- Remove a bogus memory free in getnetgrent(3).
-
- Fix a buffer overflow in bad144(8).
-
- Revert back to the old rijndael implementation and solve byte ordering bugs there instead.
-
- Drop unneeded support for RTF_TUNNEL in route(8).
-
- Maintain count of routing table timer entries in route(8).
-
- In makewhatis(8), strip weird characters first, then sequences of spaces.
-
- Big improvements to adw(4).
-
- Teach tcpdump(8) about VRRP, SMB, and timed.
-
- Force calendar(1) to only accept real calendar files as input.
-
- Fix various perror(3) overflows in pcvt(4).
-
- Repair a tftp(1) argv parsing overflow.
-
- Conditionalize some BPF code in wx(4).
-
- Finally remove remaining references to extra RSA libs, since the patent has expired.
-
- New rijndael implementation which solves endian issues.
-
- Support Intel 82801BA pciide(4) controllers.
-
- Exercise more paranoia with passed KRB environment settings in telnetd(8).
-
- Convert some more drivers to the new timeout(9) interface.
-
- Many improvements and modernizations to isp(4).
-
- Update wx(4) with LIVENGOOD support.
-
- Recognize and support the IODATA USB-ET/T Ethernet adapter in kue(4).
-
- Implement asynchronous connections for ssh(1) -R and -L.
-
- Simplify atrun(8) tasks by using asprintf(3).
-
- Kill unused libtermlib.
-
- Import new pool(9) code.
-
- Fix RIPv0 packet printing and NFS port number parsing in tcpdump(8).
-
- Make pcap(3)-generated BPF filters work on the tun(4) interface.
-
- Import David Maziere's ssh-keyscan(1).
-
- SECURITY FIX: Fix buffer overflow in ftpd(8).
- A patch is available.
- [Applied to stable]
- - IMPLEMENTATION FIX: Fix fastroute related panic.
- A patch is available.
- [Applied to stable]
- - Teach OpenSSH about more version strings to improve interoperability.
-
- SECURITY FIX: Fix another security problem in the KerberosIV code.
- A patch is available.
- [Applied to stable]
- - SECURITY FIX: Fix two security problems in the KerberosIV code.
- A patch is available.
- [Applied to stable]
- - Permit ftpd(8) umask setting via both the command line and through a login class in login.conf(5).
-
- Prevent vlan(4) devices from emitting packets if the parent interface is not up and running.
-
- Better error checking in ping6(8).
- [Applied to stable]
- - Some stability fixes to isakmpd(8).
-
- In ssh(1), disable agent/X11 port forwarding if the hostkey has changed.
-
- Fix a coredump in ssh-agent(1).
-
- Reset 16-bit PCMCIA during chip initialization in pccbb(4).
-
- Correct PCI interrupt setup for TI PCI113X CardBus bridges.
-
- Properly powerdown PC cards in pccbb(4) at shutdown time.
-
- Add -D option to sshd(8) to cause startup without a daemon.
-
- Show both the IP address and hostname when a new key is encountered in ssh(1).
-
- Fix a bug in MSChapv2 challenge hashing in ppp(8).
-
- More make(1) tweaks.
-
- Use -n to test for non-zero variables in /etc/netstart.
-
- Be more careful with ARP packets.
-
- Fix deletion of flows in pf_key_v2 handling of isakmpd(8)
- [Applied to stable]
- - Prevent setusercontext(3) in ftpd(8) from setting the umask as this conflicts with any command-line umask specification.
-
- clock(3) fixes for the alpha architecture.
-
- Print select collisions in vmstat(8) -s output.
-
- Implement login_check_expire(3) for libutil.
-
- Add -u username support to pwd_mkdb(8).
-
- Properly implement errno handling for the threaded libc (libc_r) on powerpc.
-
- In adduser(8), get rid of a race condition and use /etc/ptmp as a lock file.
-
- Set reasonable defaults for RSA1, RSA, and DSA keys in ssh-keygen(1).
-
- Reorder check for illegal ciphers in ssh(1) protocol 1 connection code.
-
- Fix pciide(4) support on Alpha 164SX models.
-
- Support 16 slices per device on VAX machines.
-
- Considerable cleanups to make(1).
-
- Improve key repeat logic in wskbd(4).
-
- Changes from KAME to make ifm_data available in getifaddrs(3).
-
- Fix absolute path handling in crunchgen(1).
-
- Shorten /dev/ttyC* device names.
-
- Complain about invalid ciphers in ssh(1), falling back to reasonable defaults when necessary.
-
- Avoid tty races in wsdisplay(4) when switching virtual terminals.
-
- Update isakmpd(8).
-
- Repair lun support in umass(4).
-
- Zero pw_passwd before freeing its memory in the libc BSD authentication routines.
-
- Train makewhatis(8) to handle more special cases.
-
- Avoid double fclose(3) in getcap(3).
-
- Increase delay in RAM probe for hifn(4).
-
- Suffix list fix in make(1).
-
- Various bug fixes in ksh(1).
-
- When using the tail(1) -f flag on stdin, don't reopen a local file named stdin.
-
- Extend kqueue(2) to support kernel events on vnodes.
-
- Bring in BSD authentication support for sudo(8).
-
- Zap MULOG in inetd(8) to improve code readability.
-
- Avoid whacking errno in top(1) signal handlers.
-
- Do not include MFS partitions in quot(8) statistics output.
-
- Add support for the Acenic Copper and Netgear GA620T Gigabit Ethernet cards.
-
- Prevent a type overflow in recno(3).
-
- IMPLEMENTATION FIX: Imac DV reports the VGA device improperly.
- A patch is available.
- [Applied to stable]
- - Import BSD authentication mechanisms from BSDI BSD/OS.
-
- Implement pw_dup(3), a function which copies struct passwd.
-
- Replace getpass(3) with a more flexible readpassphrase(3) interface.
-
- Add strnvis(3), a length-bounded version of the strvis(3) libc function.
-
- Better prompting logic in libskey.
-
- Resurrect binutils on alpha.
-
- Recognize newer Intel audio devices in auich(4).
-
- Stop amphy(4) from attaching to network devices it doesn't belong to.
-
- Enable support for pciide(4) found in newer Intel chipsets.
-
- Correct URL handling in the install scripts.
-
- Limit the number of SCSI luns in umass(4).
-
- Page size fixes to the alpha port.
-
- Import ssh-ask-pass support for X11.
-
- Fix a signal race in ypserv(8) SIGHUP handling.
-
- Enable uaudio(4) by default in GENERIC/i386.
-
- Reserve all-1s addresses in the IPSec code for future policy discovery features.
-
- Resolve HMAC nomenclautre issues.
-
- Be sure to clear passwords out of memory after use in ppp(8).
-
- Support kernel event queues.
-
- Add support for USB scanners through the uscanner(4) driver.
-
- More fixes to qec(4).
-
- Recognize newer AMD CPUs.
-
- Repair incorrect buffer size logic in telnetd(8).
-
- Add a slew of devices to usbdevs(8).
-
- Do not use perror(3) in sshd(8) after forking a child.
-
- RELIABILITY FIX: The qec+qe ethernet cards should not generate NMIs.
- A patch is available.
- [Applied to stable]
- - Add ifmedia(4) support to qec(4), among other improvements.
-
- Extra sanity checking in skeyinit(1).
-
- Repair timeout computations in atapiscsi(4).
-
- Add initial support for DEC Alpha 21264 systems.
-
- Bring the alpha port a bit closer to a fully operational console.
-
- Support Accton EN2242 MiniPCI Ethernet adapters.
-
- Permit O_RDWR on FIFOs to handle legacy applications that depend on it.
-
- Add scrollback support to wscons(4) through the vga(4) driver.
-
- Color change in wscons(4) vt100 emulation to more closely imitate PCVT.
-
- Repair overriding of pseudo devices in config(8)
- [Applied to stable]
- - Accept -inet and -inet6 as options for the show command in route(8).
-
- Don't reorder keys in ssh-agent(1) upon key removal.
-
- Avoid parsing options in ssh(1) if there is an RSA key mismatch.
-
- Various cleanups to ftpd(8).
-
- In many programs, sync usage() output with their respective man page SYNOPSIS.
-
- RELIABILITY FIX: The ThunderLAN driver, tl(4), should not claim all interrupts.
- A patch is available.
- [Applied to stable]
- - In pciide(4), do not map unsafe registers from controllers that require 16-bit I/O space.
-
- Import new pckbc(4), pckbd(4), vga(4), pcdisplay(4), and ega(4) drivers for wscons(4).
-
- In ftpd(8), assert check_login upon receipt of EPSV/LPSV.
-
- Make the aha(4) driver compile without UVM.
-
- Enforce non-cacheable device space on real 80386 machines.
-
- Add RSA authentication support for SSH2 to OpenSSH.
-
- Allow serial mice to work with moused(8) and XFree86 simultaneously.
-
- Repair an off-by-one error in ssh-agent(1).
-
- Convert some old drivers to the new timeout(9) interface.
-
- RELIABILITY FIX: repair AES (rijndael) kernel support.
- A patch is available.
- [Applied to stable]
- - Import PCI support for Alpha EB164 machines.
-
- Add bus_space_barrier macros for the powerpc.
-
- Endian fixes to the USB code.
-
- Better command line parsing in encrypt(1).
-
- Numbering fixups in pfkeyv2 to match IANA assignments.
-
- Crank maximum mbuf size in ppp(8) in order to handle full-sized HDLC frames.
-
- Improve handling of IPv6 Node Information Query packets for better specification conformance.
-
- Fix a panic induced by assigning lo0 an IPv6 alias.
-
- IMPLEMENTATION FIX: In sshd(8), fix skey support in SSH1 protocol.
- A patch is available.
- [Applied to stable]
- - Deprecate pltime=0 in ifconfig(8).
-
- Modifications to the ktrace(2) interface to reduce redundancy.
-
- Do not advertise dynamic/cloned routes in route6d(8).
-
- Allow ping6(8) to send ICMP6 packets smaller than 8 bytes.
- [Applied to stable]
- - Correct free-before-reference bugs in rshd(8) and rlogind(8).
-
- Improve queue handling in gdt(4).
-
- New Adaptec FSA RAID driver called aac(4).
-
- Fix DMA error problems in adw(4).
- [Applied to stable]
- - If MANPS environment variable is set, the system will also build and install postscript manual pages into /usr/share/man/ps[1-9]/.
-
- In date(1), fix an off-by-one error which would happen when changing time over DST.
-
- Permit -Tps in nroff(1).
-
- Make some pfkeyv2 interfaces conform to RFC 2367 numbering.
-
- New timeouts in a couple of network drivers.
-
- Prevent nfsd(8) from swapping out.
-
- Use PHOLD/PRELE in various kernel components.
-
- Buffer overflow fix to telnet(1).
-
- Many man page improvements.
-
- Permit handling more than 6 arguments in a hostname.if(5) file.
-
- kcore handling in kvm(3) for alpha.
-
- Update usb code.
-
- Update alpha architecture support. A snapshot will come out soon.
-
- In pchb(4), for Intel random devices, do not busy wait for data.
-
- Switch amiga to uvm(9).
-
- Fix amiga pmap module submap allocations.
-
- Centralized netisr dispatching.
-
- ppp(8) updated.
-
- In aue(4), fix multicast filter programming.
-
- Repair an uninitialized variable bug in ipsec(4) output.
- [Applied to stable]
- - Add pcibios(4) interrupt setup support for AMD750 chipset.
-
- RELIABILITY FIX: In sparc zs(4), when using serial console, the interrupt routine was unable to distinguish it's own interrupts.
- A patch is available.
- [Applied to stable]
- - Generate new hashkey every time a bridge(4) is brought up.
-
- Change bridge(4) code to use lower spl.
-
- Passive FTP support in lynx(1).
-
- In ssh(1), downgrade to SSH1.3 if server is SSH1.4.
-
- In sshd(8), do not disable rhosts(rsa) if server port greater 1024.
-
- In sshd(8) Agent forwarding and -R support for SSH2 protocol.
-
- ipsecadm(8) man page repairs.
- [Applied to stable]
- - In pfkeyv2, send the message to registered promiscuous listeners.
- [Applied to stable]
- - Some minor bridge(4) fixes.
-
- ld.so(1) support for the pmax.
-
- On powerpc, print out the size of the L2 cache size on G3 and G4 machines.
-
- 2.8 release builds are running, but some of us are already working on post-release hacking.
+
- 2.9 release builds are running, but some of us are already working on post-release hacking.
@@ -738,13 +70,14 @@
For changes leading up to OpenBSD 2.6, click here.
For changes leading up to OpenBSD 2.7, click here.
For changes leading up to OpenBSD 2.8, click here.
+For changes leading up to OpenBSD 2.9, click here.
www@openbsd.org
-
$OpenBSD: plus.html,v 1.757 2001/04/23 23:05:53 jason Exp $
+
$OpenBSD: plus.html,v 1.758 2001/04/24 06:59:17 deraadt Exp $