Annotation of www/plus.html, Revision 1.837
1.14 deraadt 1: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML Strict//EN">
2: <html>
3: <head>
1.424 deraadt 4: <title>OpenBSD-current changes</title>
1.728 horacio 5: <link rev="made" href="mailto:www@openbsd.org">
1.14 deraadt 6: <meta name="resource-type" content="document">
1.716 deraadt 7: <meta name="description" content="OpenBSD-current changes">
8: <meta name="keywords" content="openbsd,current,changes">
1.14 deraadt 9: <meta name="distribution" content="global">
1.810 horacio 10: <meta name="copyright" content="This document copyright 1996-2002 by OpenBSD.">
1.14 deraadt 11: </head>
12:
1.728 horacio 13: <body bgcolor="#ffffff" text="#000000" link="#23238e">
1.14 deraadt 14:
1.828 jsyn 15: <a href="index.html"><img alt="[OpenBSD]" height="30" width="141" src="images/smalltitle.gif" border="0"></a>
1.64 downsj 16: <p>
1.820 deraadt 17: <h2><font color=#e00000>Changes made between OpenBSD 3.1 and OpenBSD-current</font><hr></h2>
1.14 deraadt 18:
19: <p>
1.823 jsyn 20: This is a partial list of the major machine-independent changes
1.602 aaron 21: (i.e., these are the changes people ask about most often). Port
1.29 deraadt 22: specific changes have also been made, and are sometimes mentioned
1.728 horacio 23: in the pages for the specific <a href="plat.html">platforms</a>.
1.14 deraadt 24:
1.17 deraadt 25: <p>
1.725 naddy 26: Changes to the <a href="ports.html">ports</a> collection are documented
1.747 naddy 27: <a href="portsplus/index.html">here</a>.
1.725 naddy 28:
29: <p>
1.185 deraadt 30: Note: <font color=#e00000>Problems for which patches exist are marked in red</font>.
31:
32: <p>
1.186 deraadt 33: <h3>
1.684 deraadt 34: <a href="plus20.html">For changes leading up to OpenBSD 2.0, click here</a>.<br>
35: <a href="plus21.html">For changes leading up to OpenBSD 2.1, click here</a>.<br>
36: <a href="plus22.html">For changes leading up to OpenBSD 2.2, click here</a>.<br>
37: <a href="plus23.html">For changes leading up to OpenBSD 2.3, click here</a>.<br>
38: <a href="plus24.html">For changes leading up to OpenBSD 2.4, click here</a>.<br>
39: <a href="plus25.html">For changes leading up to OpenBSD 2.5, click here</a>.<br>
40: <a href="plus26.html">For changes leading up to OpenBSD 2.6, click here</a>.<br>
41: <a href="plus27.html">For changes leading up to OpenBSD 2.7, click here</a>.<br>
42: <a href="plus28.html">For changes leading up to OpenBSD 2.8, click here</a>.<br>
1.758 deraadt 43: <a href="plus29.html">For changes leading up to OpenBSD 2.9, click here</a>.<br>
1.801 deraadt 44: <a href="plus30.html">For changes leading up to OpenBSD 3.0, click here</a>.<br>
1.820 deraadt 45: <a href="plus31.html">For changes leading up to OpenBSD 3.1, click here</a>.<br>
1.422 deraadt 46: <br>
1.186 deraadt 47: </h3>
48:
49: <p>
1.674 deraadt 50: <h3><font color=#0000e0>We are working on OpenBSD-current.</font></h3><p>
1.837 ! deraadt 51: The following list sums up (almost) all the changes made up to July 29.
1.422 deraadt 52: <ul>
1.831 deraadt 53:
1.837 ! deraadt 54: <li>New 'PermitUserEnvironment' option for SSH. Off by default.
! 55: <li>Add 'with or without modification' clause to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gprof&sektion=1">gprof(1)</a> licensing.
! 56: <li>Sync with OpenSSL 0.9.6e-0.9.7 <a href="http://www.openssl.org/news/patch_20020730_0_9_7.txt">CHANGES file</a>.
! 57: <li><font color="#e00000"><strong>SECURITY FIX: Several remote buffer overflows can occur in the SSL2 server and SSL3 client of the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=8">ssl(8)</a> library, as in the ASN.1 parser code in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=3">crypto(3)</a> library, all of them being potentially remotely exploitable.</strong></font><br>
! 58: <a href="errata.html#ssl">A source code patch is available</a>.<br>
! 59: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
! 60: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>, allow TCP flags to be specified in all rules that include TCP (before the rules had to be exclusively TCP.)
! 61: <!-- ^^^ 20020730 -->
! 62: <li>Fix a buffer overflow in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=backgammon&sektion=6">backgammon(6)</a>, and replace its gameplay algorithm.
! 63: <li>Kill a kernel tty memory leak.
! 64: <li>Super-cautious strcpy()->strlcpy() in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=exec&sektion=3">exec*(3)</a>.
! 65: <li>Return failure if the parameters given to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=calloc&sektion=3">calloc(3)</a> would cause an overflow of size_t.<br>
! 66: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
! 67: <li>Don't enable so many authentication methods by default in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login.conf&sektion=5">login.conf(5)</a>.
! 68: <li><font color=#e00000><strong>SECURITY FIX: A buffer overflow can occur in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xdr_array&sektion=3">xdr_array(3)</a> RPC code, leading to possible remote crash.</strong></font></br>
! 69: <a href="errata.html#xdr">A source code patch is available</a>.<br>
! 70: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
! 71: <li>Privilege drop in new X servers is disabled for now on x86 due to a problem with xf86OpenConsole().
! 72: <li>Support DMA for two more ServerWorks <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pciide&sektion=4">pciide(4)</a> devices.
! 73: <li><font color=#e00000><strong>SECURITY FIX: A race condition exists in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pppd&sektion=8">pppd(8)</a> daemon which may cause it to alter the file permissions of an arbitrary file.</strong></font><br>
! 74: <a href="errata.html#pppd">A source code patch is available</a>.<br>
! 75: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
! 76: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mprotect&sektion=2">mprotect(2)</a> function pointers stored by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atexit&sektion=3">atexit(3)</a> to stop bad guys tweaking the exit handlers.
! 77: <li>"undrugs" <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gpr&sektion=4">gpr(4)</a>.
! 78: <li>Fix two off-by-one bugs in ext2fs.
! 79: <li>Add ld.so support for sparc.
! 80: <li>Lookup of ip6.arpa, then ip6.int for IPv6 reverse resolution. See <a href="http://www.ietf.org/rfc/rfc3152.txt">RFC3152</a> for why.
! 81: <li>Small fix for GCC 3.1.1 in IPv4 checksum code.
! 82: <!-- 20020729 -->
! 83: <li>Apply the 'broken PCI burst-write' workaround to all <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hifn&sektion=4">hifn(4)</a> 7811-based devices.
! 84: <li>Show <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uftdi&sektion=4">uftdi(4)</a> how to use hardware and software flow control.
! 85: <li>Fix a potential access-after-free() in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kue&sektion=4">kue(4)</a>.
! 86: <!-- ^^^ 20020728 -->
! 87: <li>/tmp/.X11-unix and /tmp/.ICE-unix are created in rc, owned by root, removing the need for root privs later on.
! 88: <li>Again, this time in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld&sektion=1">ld(1)</a>, map BSS non-executable.
! 89: <li>Rearrange the new XFree86 server so all tasks for which root privs are needed get done early in osinit(). Of course, revoke root right afterwards.
! 90: <li>Add Dell-specific PERC (right) product IDs so that <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=aac&sektion=4">aac(4)</a> configures Dell PowerEdge 2650 RAID.
! 91: <li>Add leapsecond support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rdate&sektion=8">rdate(8)</a>'s NTP client.
! 92: <!-- ^^^ 20020727 -->
! 93: <li>The install/upgrade scripts no longer automatically mount NFS filesystems.
! 94: <li>Kernel a.out code now allocates (mostly) non-executable BSS.
! 95: <li>Miscellaneous fixes to several games.
! 96: <li>Lots of work on the sparc64 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=creator&sektion=4&arch=sparc64">creator(4/sparc64)</a> framebuffer driver.
! 97: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> the order of the log and quick keywords is now irrelevant.
! 98: <!-- ^^^ 20020726 -->
! 99: <li>Allow X servers to be built without DGA.
! 100: <li>At securelevel 2, stop an attacker from setting the clock forwards to within a year of the time it wraps around to zero.
! 101: <li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=altq&sektion=9">altq(9)</a> to work on pre-Pentium x86 machines that lack pentium_mhz stuff.
! 102: <li>Add a distrib note that due to major changes to the port, the sparc installer won't allow upgrades to 3.2
! 103: <li>Only include a single <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wscons&sektion=4">wscons(4)</a> font when building with option SMALL_KERNEL.
! 104: <li>Add a few more RFC2142-suggested mailbox aliases.
! 105: <li>Improve <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a>'s filename handling.
! 106: <li>More <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hifn&sektion=4">hifn(4)</a> fixes.
! 107: <li>Fix comparison bug in IPv6 multicast routing MTU check.
! 108: <!-- ^^^ 20020725 -->
! 109: <li>Correct bad sizeof() in kernel NFS code.
! 110: <li>Checks for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=snprintf&sektion=3">snprintf(3)</a> return values < 0.
! 111: <li>Improve <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>'s uid/gid tracking.
! 112: <li>Fix the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=csh&sektion=1">csh(1)</a> large directory fix.
! 113: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>, help avoid a potential man-in-the-middle attack by showing all known host keys for a host when we're warning about an unknown host key.
! 114: <li>Fix a TAILQ null deref in pmdb.
! 115: <!-- ^^^ 20020724 -->
! 116: <li>Make the second parameter to r?index()/strr?chr() an int instead of a char.
! 117: <li>Stick a thread mutex around name lookups in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getaddrinfo&sektion=3">getaddrinfo(3)</a>.
! 118: <li>Fix a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> double free().
! 119: <li>Cardbus support for macppc.
! 120: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dc&sektion=4">dc(4)</a> cardbus reads.
! 121: <li>Remove a signedness bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>'s handling of utmp_len (-u option.)
! 122: <li>Fix some bugs in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pool&sektion=9">pool(9)</a>.
! 123: <!-- ^^^ 20020723 -->
! 124: <li>More additions to GNU <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=as&sektion=1">as(1)</a>, this time to make Ogle compile.
! 125: <li>Fix graceful restarts of chroot'ed <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a>.
! 126: <li>Have SSH fall back to the standard path if setusercontext() can't set it.
! 127: <!-- ^^^ 20020722 -->
! 128: <li>Add a sequence number to kernel messages for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>.
! 129: <li>Teach pmdb about corefiles.
! 130: <!-- ^^^ 20020721 -->
! 131: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=noct&sektion=4">noct(4)</a> now works around NSP2000 PCI bridge brokenness. Fix a similar problem in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hifn&sektion=4">hifn(4)</a>.
! 132: <li>Drop the requirement for commas in many <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> lists, useful when used in conjunction with the new variable concat feature.
! 133: <li>Implement string concatenation for variable declarations in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
! 134: <li>Big change to the way signal trampolines are stored and called.
1.836 deraadt 135: <li>Add milter build support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a>, see the Makefile.
1.837 ! deraadt 136: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sudo&sektion=8">sudo(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inetd&sektion=8">inetd(8)</a> die if setusercontext() fails.
! 137: <!-- ^^^ 20020720 -->
! 138: <li>Fix a disk masher bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=siop&sektion=4">siop(4)</a>, a little too late for some.
! 139: <li>Don't install <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mk-amd-map&sektion=8&manpath=OpenBSD+3.1">mk-amd-map(8)</a> any more, we don't use it. And it's broken.
1.836 deraadt 140: <li>Merge Apache 1.3.26 and mod_ssl 2.8.10.
1.837 ! deraadt 141: <li>Have SSH remove fatal cleanups after calling fork().
! 142: <!-- ^^^ 20020719 -->
! 143: <li>/etc/systrace directory added along with policies for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=named&sektion=8">named(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lpd&sektion=8">lpd(8)</a>.
! 144: <li>Make OpenSSL use /bin/sh instead of $SHELL when running scripts. Not everyone uses a Bourne-like shell.
! 145: <li>String handling and other fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rogue&sektion=6">rogue(6)</a>.
! 146: <!-- ^^^ 20020718 -->
! 147: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pax&sektion=1">pax(1)</a> -s replacement string truncation.
! 148: <li>Fix a deref after free() in the kernel's routing socket code.
! 149: <li>Add 'fdcache' to Apache, part of the work to make graceful restart work properly under the chroot().
! 150: <li>The search for a shorter rulebase continues, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> now recognises 'self' as an address, meaning all IPv4 and IPv6 addresses on all interfaces.
! 151: <!-- ^^^ 20020717 -->
! 152: <li>Fix wayward string termination in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rbootd&sektion=8">rbootd(8)</a>.
! 153: <li>Fix a DIAGNOSTIC bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ffs_softupdates&sektion=4">ffs_softupdates(4)</a>, and also make panic() calls show the right type.
! 154: <li>Some mbuf Fixes to the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hifn&sektion=4">hifn(4)</a> driver, more fixes to come.
! 155: <li>Add DES and 3DES to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=noct&sektion=4">noct(4)</a> as well.
! 156: <li>Fix some broken memset() and lseek() calls.
! 157: <!-- ^^^ 20020716 -->
! 158: <li>Work around some limitations of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=noct&sektion=4">noct(4)</a> hardware. Add MD5 and SHA1 support.
1.834 deraadt 159: <li>Small additions to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=as&sektion=1">as(1)</a> to make <a href="http://www.gnupg.org/">gnupg</a> compile.
1.837 ! deraadt 160: <li>Add some new users (names beginning with underscore) to replace user nobody for portmap, rstatd, identd, rusersd and fingerd.
1.834 deraadt 161: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=csh&sektion=1">csh(1)</a> directory completion SIGSEGV with large directories.
162: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atrun&sektion=8">atrun(8)</a> part of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cron&sektion=8">cron(8)</a>, removing the need for the atrun cronjob.
163: <li>More <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>: accept !<interface> syntax. Oh yes.
164: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=top&sektion=1">top(1)</a> now has a BSD license.
165: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> parser spots more silly combinations (return-rst on non-TCP rules, keep-state on block rules.)
1.837 ! deraadt 166: <!-- ^^^ 20020715 -->
! 167: <li>Fix a double free in BSD authentication.
! 168: <!-- XXX sendmail SuperSafe=... thing ? -->
1.834 deraadt 169: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftpd&sektion=8">ftpd(8)</a> always use high port numbers for passive data connections (no more -h option.)
1.837 ! deraadt 170: <!-- ^^^ 20020714 -->
! 171: <li>Add SIGALRM to the list of signals that can be sent (after uid/euid checks) to set[ug]id child processes.
! 172: <li>Enable list expansion for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT rules, broken since the pf.conf/nat.conf merge.
! 173: <li>The XFree86 3.3.x servers that are left now revoke their root privileges right after getting I/O access.
! 174: <li>Now that <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xterm&sektion=1">xterm(1)</a> drops its root privileges, install it setgid(utmp) for utmp updates. Revoke setgid too if not needed.
! 175: <!-- ^^^ 20020713 -->
1.834 deraadt 176: <li>Fix at least one <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a> buffer overflow.<br>
177: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
1.837 ! deraadt 178: <li>Teach MMX (not SSE) to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=as&sektion=1">as(1)</a>.
! 179: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=radio&sektion=4">radio(4)</a> device attachment for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bktr&sektion=4&arch=i386">bktr(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fms&sektion=4">fms(4)</a>.
! 180: <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pcibios&sektion=4&arch=i386">pcibios(4)</a> detect and ignore a too-short PCI IRQ routing table header.
! 181: <li>Changes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a>: Search order now always looks like a.out, destructors are called on dlclose(), move some libc-like functions into private namespace.
! 182: <li>Add support for AGP GART on some i386 AGP chipsets (see <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vga&sektion=4">vga(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=options&sektion=4">options(4)</a>.)
! 183: <li>Remove '\\' -> '\' translation in crontabs to keep the shell happy.
! 184: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xterm&sektion=1">xterm(1)</a> revoke its root privileges.
! 185: <li>Remove a race and some other bugs from the mountpoint locking code. <!-- ok art@ -->
! 186: <li>Add some flags to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dohooks&sektion=9">dohooks(8)</a> and fix a time-honoured memory leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hook_disestablish&sektion=9">hook_disestablish(9)</a>.
! 187: <!-- ^^^ 20020712 -->
! 188: <li>New, hard-won firmware image for the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=txp&sektion=4">txp(4)</a> driver.
! 189: <li>Remove the www group's privileges to the mod_ssl mutex semaphore.
! 190: <li>Really remove SuperProbe from X.
1.834 deraadt 191: <li>Create a skeleton UserDir tree under /var/www/users.
1.837 ! deraadt 192: <li>Have Apache initialise OpenSSL (opening /dev/crypto) before chroot. No more /var/www/dev/crypto.
! 193: <!-- ^^^ 20020711 -->
! 194: <li>Basic IPv6 fragment support (no normalisation yet) in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
! 195: <li>Correct a memcpy error in the kernel and ssh's Rijndael code.
! 196: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> filename intercepts work with chroot().
! 197: <li>Try to make resetting of USB ports work better.
! 198: <li>Add fchmod translation support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>.
! 199: <li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> closing the std file descriptors when going daemon.
! 200: <!-- ^^^ 20020710 -->
! 201: <li>Fix ni6_nametodns() pointer bug in icmp6; NetBSD PR17540.
! 202: <li>Add support in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uftdi&sektion=4">uftdi(4)</a> for FT8U232AM-based USB serial adapters, likewise add more devices to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uplcom&sektion=4">uplcom(4)</a>.
! 203: <li>Fix miniroot typo that was breaking FTP installs.
! 204: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sed&sektion=1">sed(1)</a>'s r command (PR2755.)
! 205: <li>Add a daemon mode to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>.
! 206: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=udsbr&sektion=4">udbsr(4)</a> driver for D-Link radio cards added.
! 207: <li>Add a timeout value to USB I/O calls, rather than having a systemwide timeout.
! 208: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> chroot() and drop root privileges by default. A lot module chroot fixes to come.
! 209: <li>Add syscall aliasing to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> (e.g. stat/fstat/readlink/access/... become 'fsread'.)
! 210: <li>Some fixes to <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=umidi&sektion=4">umidi(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uscanner&sektion=4">uscanner(4)</a>.
! 211: <li>Add SMC 2206 support to <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=aue&sektion=4">aue(4)</a>.
! 212: <li>Fix a potential off-by-five error in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>.
! 213: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> now accepts an interface in most of the places it can take an IP address, and picks up all the IPv4 and IPv6 addresses on that interface.
! 214: <!-- ^^^ 20020709 -->
! 215: <li>Don't try to load a 32-bit quart into a 16-bit pint register in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xl&sektion=4">xl(4)</a>.
! 216: <li>Always load ELF binaries to the address at which they were linked.
! 217: <li>Rig <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=opendir&sektion=3">opendir(3)</a>'s sort so it can't fail due to lack of memory.
! 218: <li>Compatibility fixes for the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ubsec&sektion=4">ubsec(4)</a> 582x series.
1.832 deraadt 219: <li>Some updates to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cron&sektion=8">cron(8)</a>.
1.837 ! deraadt 220: <li>Grab a security fix to bcopy/memcpy from FreeBSD. See their cvsweb entry for <a href="http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libc/i386/string/bcopy.S">bcopy.S</a>.
! 221: <li>Work around <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tl&sektion=4">tl(4)</a>'s broken multicast filter.
1.832 deraadt 222: <li>Remove <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ab&manpath=OpenBSD+3.1">ab(1)</a> from the Apache installation.
223: <li>Remove <a href="http://www.eecis.udel.edu/~ntp/">NTP</a> support from the kernel.
224: <li>Don't attempt to resubmit a structure we just freed in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> / <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipcomp&sektion=4">ipcomp(4)</a>.
225: <li>Small fixes to IP-in-IP encapsulation code.
226: <li>Add Security Mode options to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atactl&sektion=8">atactl(8)</a>.
227: <li>Support a few more HPT <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pciide&sektion=4">pciide(4)</a> cards.
1.834 deraadt 228: <li>Make NEED_VERSION obsolete in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bsd.port.mk&sektion=5">bsd.port.mk(5)</a>.
229: <li>Fill IPv6 null pointer dereference in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1">cvs(1)</a> pserver.
1.832 deraadt 230: <li>Remove some old upgrade hacks from the installer script.
1.834 deraadt 231: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> chokes on invalid '! <interface>' syntax, instead of just ignoring the '!'.
232: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> interface stats, and allow the loginterface feature to be disabled.
233: <li>Make signal handler flags in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> of type volatile sig_atomic_t.
1.831 deraadt 234: <li>Fix a few GCC 3.1 moans in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>.
235: <li>Un-bloating of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ahc&sektion=4">ahc(4)</a>.
236: <li>Cleanup of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rpcgen&sektion=1">rpcgen(1)</a>.
237: <li><font color=#e00000><strong>RELIABILITY FIX: Don't assume we have an active exchange during payload validation, otherwise <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> can be made to crash.</strong></font><br>
238: <a href="errata.html#isakmpd">A source code patch exists to remedy the problem.</a><br>
1.832 deraadt 239: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
1.831 deraadt 240: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ep&sektion=4">ep(4)</a> on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isapnp&sektion=4">isapnp(4)</a> now works on <a href="http://www.openbsd.org/alpha.html">alpha</a>.
241: <li>Improve the way the installer's fileset selection UI works.
1.834 deraadt 242: <li>Fix a potential buffer overflow in xsystrace.
243: <li>Add a note to the unwary in distrib/notes about the danger of skipping several versions when upgrading.
1.831 deraadt 244: <li>Don't have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> allocate memory for stuff we don't need, just to discard it straight away.
1.834 deraadt 245: <li>Set IP_PORTRANGE_HIGH for active mode data channel of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&sektion-1">ftp(1)</a>.
1.831 deraadt 246: <li>Add some more <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=usb&sektion=4">usb(4)</a> product IDs.
247: <li>Fix an off-by-one error in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rmt&sektion=8">rmt(8)</a> and improve string handling in general.
248: <li>Normalise <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nc&sektion=1">nc(1)</a>'s EOF handling.
249: <li>Plug a few <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> memory leaks.
250: <li>Tweak the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tga&sektion=4&arch=alpha">tga(4/ALPHA)</a> driver.
1.832 deraadt 251: <li>Fix several missing or broken <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=malloc&sektion=3">malloc(3)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=realloc&sektion=3">realloc(3)</a> failure checks.
1.834 deraadt 252: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rcs&sektion=1">rcs(1)</a>, actually <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=exit&sektion=3">exit(3)</a> after spotting that LocalId is too long.
1.831 deraadt 253: <li>Lots of ANSIfication of function declarations and prototypes.
1.834 deraadt 254: <li>Fix bug causing 'SPL NOT LOWERED' errors from the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ami&sektion=4">ami(4)</a> RAID controller.
255: <li>Give <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign&sektion=8">ssh-keysign(8)</a> its setuid(root) toys back, but only work at all if HostbasedAuthentication is globally disabled.
1.831 deraadt 256: <li>Use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=RSA_blinding_on&sektion=3">RSA_blinding_on(3)</a> to ward off a <a href="http://www.cryptography.com/resources/whitepapers/TimingAttacks.pdf">Kocher timing attack</a> on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign&sektion=8">ssh-keysign(8)</a>.
257: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=signal&sektion=3">signal(3)</a> race in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ping&sektion=8">ping(8)</a>.
1.834 deraadt 258: <li>Remove <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=adv&sektion=4">adv(4)</a> from the i386 RAMDISK kernel until new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ahc&sektion=4">ahc(4)</a> un-bloats itself.
1.831 deraadt 259: <li>Catch a null pointer dereference when fetching the routing table via <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a>.
260: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sis&sektion=4">sis(4)</a> compile and work on <a href="http://www.openbsd.org/alpha.html">alpha</a>.
261: <li>Return correct result sizes from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ubsec&sektion=4">ubsec(4)</a>.
262: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a> will now compile with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> but no <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
263: <li>Cleanup of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftpd&sektion=8">ftpd(8)</a>.
264: <li>Fix PIO writes code in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wdc&sektion=4">wdc(4)</a>, broken since OpenBSD 2.5!
265: <li>Remove unnecessary <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=longjmp&sektion=3">longjmp(3)</a> from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login&sektion=1">login(1)</a>.
1.834 deraadt 266: <li>Pages allocated with debug_malloc() aren't ever executed, so don't use VM_PROT_ALL.
1.831 deraadt 267: <li>Finally fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a> address cache bug.
1.834 deraadt 268: <li>Properly handle endpoint differences of opinion on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> Compression options
1.831 deraadt 269: <li>Fix the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wsdisplay&sektion=4">wsdisplay(4)</a> blanker after the X server has been running.
1.834 deraadt 270: <li>Make the installer deal correctly with passwords starting with '-X ' for some X, instead of misinterpreting them as options to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=encrypt&sektion=1">encrypt(1)</a>.
1.831 deraadt 271: <li>Fix some compatibility quirks in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ppp&sektion=8">ppp(8)</a>.
272: <li>Add a pushback buffer to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>'s parser.
1.834 deraadt 273: <li>Remove setuid(root) from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign&sektion=8">ssh-keysign(8)</a>, disabling it for now.
274: <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=named&sektion=8">named(8)</a> call <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tzset&sektion=3">tzset(3)</a> so /etc/localtime isn't needed after the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chroot&sektion=2">chroot(2)</a>.
1.831 deraadt 275: <li>More fixes to the new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ahc&sektion=4">ahc(4)</a> driver.
276: <li>Add AlphaServer 800 and 1000 support.
277: <li>Enable <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lc&sektion=4">lc(4)</a> devices in <a href="http://www.openbsd.org/alpha.html">alpha</a> GENERIC kernel.
278: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isapnp&sektion=4">isapnp(4)</a> panics on <a href="http://www.openbsd.org/alpha.html">alpha</a>.
1.834 deraadt 279: <li>Make xf86config give the option of configuring a mouse wheel.
1.831 deraadt 280: <li>Gracefully handle <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=i386_iopl&sektion=2&arch=i386">i386_iopl(2)</a> failure in the X server when trying to give up privileges.
281: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wscons&sektion=4">wscons(4)</a> files to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fbtab&sektion=5">fbtab(5)</a> on <a href="http://www.openbsd.org/i386.html">i386</a>.
1.832 deraadt 282: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a> support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslog&sektion=3">syslog(3)</a>.
1.834 deraadt 283: <li>Evolve strtou?q() into strtou?ll(). Use weak aliases if available (wrappers otherwise) to fake strtou?q().
284: <li>Run <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rpc.rstatd&sektion=8">rpc.rstatd(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rpc.rusersd&sektion=8">rpc.rusersd(8)</a> as root from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inetd&sektion=8">inetd(8)</a> again, but go to nobody's jail at startup.
1.831 deraadt 285: <li>Lots more bounds-checking all over the place.
286: <li>Recognise a few more <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fxp&sektion=4">fxp(4)</a> devices.
1.834 deraadt 287: <li>Correct misleading cgetclose() entry in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getcap&sektion=3">getcap(3)</a> manpage.
1.831 deraadt 288: <li>Try again with the new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ahc&sektion=4">ahc(4)</a> driver.
289: <li>Cleanups of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chpass&sektion=1">chpass(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=passwd&sektion=1">passwd(1)</a>.
290: <li><font color=#e00000><strong>SECURITY FIX: The kernel would let any user <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ktrace&sektion=2">ktrace(2)</a> set[ug]id processes.</strong></font><br>
291: <a href="errata.html#ktrace">A source code patch is available</a>.<br>
292: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
293: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newsyslog&sektion=8">newsyslog(8)</a> now doesn't follow symbolic links by default, fixing PR1913.
294: <li>Change web site banner to "One remote hole in the default install, in nearly 6 years!" That's still an awesome record.
295: <li>More audit of OpenSSH.
296: <li><a href="http://www.openssh.com/openbsd.html">OpenSSH 3.4</a> was released, and there was much rejoicing.
297: <li><font color=#e00000><strong>SECURITY FIX: All versions of OpenSSH's <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> between 2.3.1 and 3.3 contain an input validation error that can result in an integer overflow and privilege escalation. The problem is fixed in OpenSSH 3.4.</strong></font><br>
298: <a href="errata.html#sshd">A source code patch is available</a>.<br>
299: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
300: <li>Add a number of resource limits to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>.
301: <li>Increase <a href="http://www.openbsd.org/i386.html">i386</a> kvm size to 768M.
302: <li>The list of great Theo quotes for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a> continues to grow.
303: <li><font color=#e00000><strong>SECURITY FIX: A potential buffer overflow in the DNS resolver has been found.</strong></font><br>
304: <a href="errata.html#resolver">A source code patch is available</a>.<br>
305: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
306: <li>Merge in <a href="http://www.sendmail.org/">Sendmail</a> 8.12.5.
307: <li>Start work on IP-over-FireWire and IP-over-SCSI.
308: <li>Move a bunch of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> options into <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a>.
309: <li><a href="http://www.openbsd.org/c2k2/">c2k2</a>-inspired changes to the installer.
1.834 deraadt 310: <li>Skip routing table lookup when {broad,multi}casting and the outgoing interface is set using <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=setsockopt()&sektion=2">setsockopt(2)</a>. Removes the need for a 224/4 route. <!-- XXX it still gets set in /etc/rc though -->
311: <li>Make X use /dev/wsmouse instead of /dev/wsmouse0 by default.
1.831 deraadt 312: <li>Add some m68k opcode aliases for GNU <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=as&sektion=1">as(1)</a> from recent binutils.
313: <li>Fix the FTP relay in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=faithd&sektion=8">faithd(8)</a>.
314: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> reassociation after an AP reboot.
315: <li><font color=#e00000><strong>SECURITY FIX: A buffer overflow can
316: occur in the .htaccess parsing code in the mod_ssl <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> module, leading to possible remote crash or exploit (PR2767.)</strong></font><br>
317: <a href="errata.html#modssl">A source code patch is available</a>.<br>
318: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
1.834 deraadt 319: <li>Lots of uid_t and gid_t signedness fixes.
320: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> no longer calls setsid() when run from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inetd&sektion=8">inetd(8)</a>.
321: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1">cvs(1)</a> pserver talk IPv6.
1.832 deraadt 322: <li>Increment <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=boot&sektion=8&arch=i386">boot(8)</a> version to help debug the new memory probe and other fixes.
1.831 deraadt 323: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> less twitchy on quick inserts/ejects.
324: <li>String handling and bounds checking fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login_fbtab&sektion=3">login_fbtab(3)</a>.
325: <li>Bump <a href="http://www.openssh.com/">OpenSSH</a> to version 3.3.<br>
326: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
327: <li>Start adding <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a> support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=noct&sektion=4">noct(4)</a>.
1.834 deraadt 328: <li>System call argument rewriting framework for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a>.
1.831 deraadt 329: <li>Enable <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> on sparc64, after a <em>lot</em> of groundwork.
330: <li>Fix some endianness nits in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a>.
1.832 deraadt 331: <li>Remove <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifmcstat&sektion=8&manpath=OpenBSD+3.1">ifmcstat(8)</a>, the same information is available from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a>.
1.831 deraadt 332: <li>More improvements to 4GB memory probing on <a href="http://www.openbsd.org/i386.html">i386</a>.
1.834 deraadt 333: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> options are now documented in their own sshd?_config(5) manpage.
1.831 deraadt 334: <li>Add option for smooth scrolling to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=talk&sektion=1">talk(1)</a>.
335: <li>Support a few more wireless cards in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a>.
336: <li>Build <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wicontrol&sektion=8">wicontrol(8)</a> on sparc64 as well.
337: <li>String handling cleanups in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=comsat&sektion=8">comsat(8)</a>.
338: <li>Support <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=magma&sektion=0&arch=sparc">magma(4/SPARC)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=magma&sektion=0&arch=sparc64">magma(4/SPARC64)</a> serial/parallel boards.
1.834 deraadt 339: <li>Support <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=stp&sektion=4">stp(4)</a> sbus-PCMCIA bridge based on STP4020 chipset. (The nell driver on Solaris.)
1.831 deraadt 340: <li>Cleanup of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=timed&sektion=8">timed(8)</a>.
1.834 deraadt 341: <li>Removing its setgid(kmem) was not enough, remove <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=trsp&sektion=8">trsp(8)</a> altogether.
1.831 deraadt 342: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=yacc&sektion=1">yacc(1)</a> errors look like C compiler errors, so parser utilities such as <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=error&sektion=1">error(1)</a> can deal with it.
343: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a> support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=random&sektion=9">random(9)</a>.
344: <li>Kill file descriptor leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&sektion=8">dhcpd(8)</a>.
345: <li>Fix lots of format strings in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcp&sektion=8">dhcp(8)</a> programs.
1.834 deraadt 346: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ps&sektion=1">ps(1)</a> shows flag 'x' for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a>'d processes.
1.831 deraadt 347: <li>Lots of work on the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gpr&sektion=4">gpr(4)</a> driver.
348: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uftdi&sektion=4">uftdi(4)</a>.
1.834 deraadt 349: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systat&sektion=1">systat(1)</a> revoke its setgid(kmem) privileges.
350: <li>Remove old pccons driver from <a href="http://www.openbsd.org/i386.html">i386</a>, also the associated XSERVER option from the kernel.
1.831 deraadt 351: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftpd&sektion=8">ftpd(8)</a>'s SIGALRM handler.
1.829 miod 352: <li><font color=#e00000><strong>SECURITY FIX: A buffer overflow can
353: occur during the interpretation of chunked encoding in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a>, leading to possible remote crash.</strong></font><br>
354: <a href="errata.html#httpd">A source code patch is available</a>.<br>
355: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
1.831 deraadt 356: <li>Add the punctuation-challenged Nike psa[play^120 USB widget.
1.834 deraadt 357: <li>Remove setgid(kmem) from the enormously useful <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=trsp&sektion=8">trsp(8)</a>.
358: <li>Add UK keyboard map to <a href="http://www.openbsd.org/macppc.html">macppc</a> (with '#' on Option-3) and also option CAPS_IS_CONTROL.
359: <li>Increase <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xl&sektion=4">xl(4)</a> timeout to squash 'command never completed!' warnings.
360: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a> support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=audio&sektion=4">audio(4)</a>.
1.831 deraadt 361: <li>Import <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=event&sektion=3">event(3)</a>, an API on top of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=select&sektion=2">select(2)</a> or <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a>.
362: <li>Enable DMA on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xl&sektion=4">xl(4)</a>.
363: <li>Allow transparent (statically keyed) <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> processing on a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a>.
364: <li>Help <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ppp&sektion=8">ppp(8)</a> to cope with yet more Microsoft PPP attributes.
365: <li>Extend <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a> key lifetime constraints more flexible (i.e. more than just key lifetime.)
366: <li>Teach ECN attributes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>.
1.834 deraadt 367: <li>Add eui64 option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifconfig&sektion=8">ifconfig(8)</a> for configuring the IPv6 interface index.
1.831 deraadt 368: <li>Add a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> to get the CPU type on sparc and sparc64.
369: <li>Throw away the first 256 words of arc4 output in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=random&sektion=9">random(9)</a>.
1.834 deraadt 370: <li>Gratuitous pid_t cleanup in /usr/bin.
1.831 deraadt 371: <li>Grab multicast <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vlan&sektion=4">vlan(4)</a> code from NetBSD.
1.834 deraadt 372: <li>Add some inlined hash functions for the kernel, in <sys/hash.h>.
1.831 deraadt 373: <li>Cleanup work on conditional evaluation in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=make&sektion=1">make(1)</a>.
374: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> accepts IPComp flows.
1.834 deraadt 375: <li>Drop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> scrub(fragcache) syntax in favour of the fragment ... option in scrub rules.
1.831 deraadt 376: <li>Teach <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a> about <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipcomp&sektion=4">ipcomp(4)</a>.
1.834 deraadt 377: <li>Show sparc64's X server which device it wants to mmap().
1.831 deraadt 378: <li>Add ioctl to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wscons&sektion=4">wscons(4)</a> allowing sparc64 (other architectures later) to find out which PCI device it's using.
379: <li>Enable userland <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=4">crypto(4)</a> support for DSA. Maybe logging in using ssh2 on a 486 needn't take 20 seconds after all.
380: <li>Kernel changes and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> switch for hardware asymmetric <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=4">crypto(4)</a> in userland.
1.832 deraadt 381: <li>Add initial Ultra Port Architecture (<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=upa&sektion=4&arch=sparc64">upa(4/SPARC64)</a>) support. Attach <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=creator&sektion=4&arch=sparc64">creator(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=schizo&sektion=4&arch=sparc64">schizo(4)</a> using it.
1.831 deraadt 382: <li>Import new <a href="http://www.openbsd.org/vax.html">vax</a> boot code from NetBSD.
383: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=umct&sektion=4">umct(4)</a> USB serial driver and .<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=umidi&sektion=4">umidi(4)</a> USB MIDI driver. Not tested, not in GENERIC.
1.834 deraadt 384: <li>Add IPL_STATCLOCK and add lots of splassert()s.
385: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> spends less time with euid==0 even if it is installed setuid(root).
386: <li>Much cleanup in distrib/miniroot.
387: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> -s state print UDP and 'other' states nicely.
388: <li>New scrub(fragcache) ... syntax for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
1.831 deraadt 389: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT proxy port ranges can be specified per-rule.
390: <li>Don't <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=panic&sektion=9">panic(9)</a> if <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> tries to insert a duplicate key.
391: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT and filter rules now all go in the one file (normally <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a>.) New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> file syntax. Oh yes.
392: <li>Clean up semantics of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gre&sektion=4">gre(4)</a> a bit.
393: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifconfig&sektion=8">ifconfig(8)</a> prints the Ethernet address. Yippee!
394: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=route&sektion=8">route(8)</a> now accepts DNS names (and naturally enough treats them as host routes.)
395: <li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> using the same range for SPIs and CPIs.
396: <li>Ports can now be specified in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT rules.
397: <li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a> to attach to a running process.
398: <li>Add ioctl <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a> to retrieve the current emulation of a process.
399: <li>Remove <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dlopen&sektion=3">dlopen(3)</a> stuff from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>.
400: <li>Fix BPF code for a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gif&sektion=4">gif(4)</a> tunnel, and add some more sanity checks.
1.834 deraadt 401: <li>Default RhostsAuthentication and RhostsRSAAuthentication to 'no' now that <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> is now longer setuid(root) by default.
402: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-add&sektion=1">ssh-add(1)</a> key lifetimes can now be specified in nice readable form, e.g. '-t 1h'.
403: <li>Define __weak_alias() for mvme88k.
1.831 deraadt 404: <li>Merge GNU TeXinfo 4.2.
405: <li>Prevent <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mbuf&sektion=9">mbuf(9)</a> leakage from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a>.
1.832 deraadt 406: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bad144&sektion=8&arch=i386">bad144(8)</a>.
1.831 deraadt 407: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=user&sektion=8">user(8)</a> now checks the username length against MaxUserNameLen.
1.834 deraadt 408: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bio&sektion=4">bio(4)</a> device, so userland can talk to devices that don't have nodes in /dev.
1.831 deraadt 409: <li>Remove KerberosIV startup code from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rc&sektion=8">rc(8)</a> files.
410: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT rules work more like normal filter rules.
411: <li>Add SIO*PHYADDR to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gif&sektion=4">gif(4)</a> so <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifconfig&sektion=8">ifconfig(8)</a> can set the outer address.
412: <li>Make published <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=arp&sektion=8">arp(8)</a> entries work again (PR2635.)
413: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcp&sektion=8">dhcp(8)</a> build faster (PR2715.)
414: <li>Start converting <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systat&sektion=1">systat(1)</a> to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> instead of kvm.
415: <li>Set FDDI link MTU the same as IPv4 MTU, fixes PR2714.
416: <li>Allow numeric group IDs in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>.
417: <li>Changes to initialisation and media config of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ep&sektion=4">ep(4)</a>.
1.834 deraadt 418: <li>Add list support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> rdr rules.
1.831 deraadt 419: <li>Fix a number of bad <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strlcpy&sektion=3">strlcpy(3)</a> calls.
420: <li>Fix PR2704 resuming <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=eso&sektion=4">eso(4)</a> after standby.
421: <li>Change a lot of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=index&sektion=3">index(3)</a> calls to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strchr&sektion=3">strchr(3)</a>.
422: <li>Change "'cuz" to "because." Strewth!
1.832 deraadt 423: <li>Add another <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mbuf&sektion=9">mbuf(9)</a> flag M_AUTH_AH, changing the meaning of M_AUTH.
1.834 deraadt 424: <li>Remove a bunch of '\n's from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslog&sektion=3">syslog(3)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=err&sektion=3">err(3)</a> calls.
1.831 deraadt 425: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> IKECFG support work for both SET/ACK and REQ/REPLY modes.
426: <li>Fixes for OpenSSL when talking to hardware <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=4">crypto(4)</a>.
427: <li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&sektion=1">ftp(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftpd&sektion=8">ftpd(8)</a> spilling the IPv6 scope ID onto the wire.
428: <li>The hardware is willing, and now <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xl&sektion=4">xl(4)</a> is able to offload TCP, UDP and IP checksumming to it.
429: <li>Support setting MTU on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sk&sektion=4">sk(4)</a>.
1.834 deraadt 430: <li>Add KERN_{NFILES,TTYCOUNT,NUMVNODES,MBSTAT} <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> entries.
1.831 deraadt 431: <li>For a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a>, handle IPv4 frag-needed-but-DF-set just like on a regular interface.
432: <li>Pull in some <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pciide&sektion=4">pciide(4)</a> fixes from NetBSD.
1.834 deraadt 433: <li>Remove (arguably) unnecessary setgid(operator) from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=df&sektion=1">df(1)</a>.
434: <li>Remove setuid(kmem) from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ps&sektion=1">ps(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=w&sektion=1">w(1)</a> now kvm can use sysctl for some stuff. We don't need no proc filesystem...
435: <li>Make the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kvm&sektion=3">kvm(3)</a> library try to use the shiny new sysctls to fetch process arguments and environment.
1.831 deraadt 436: <li>Add flag to stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kvm_open&sektion=3">kwm_open(3)</a> opening any files, though limiting kvm functionality.
437: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> to retrieve process arguments and environment.
438: <li>Tweak kernel memory allocation on i386 to work better on 4GB machines.
439: <li>Work started on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=schizo&sektion=4&arch=sparc64">schizo(4/SPARC64)</a> PCI controller. Who said that?
1.834 deraadt 440: <li>Install script now puts FQDN in /etc/myname.
441: <li>Make more use of splsoftnet() (instead of splnet()) in IPv6 code.
442: <li>lo0 now only gets ::1 when it's brought up.
1.831 deraadt 443: <li>Merge <a href="http://www.pdc.kth.se/kth-krb/">kth-krb</a> 1.1.1.
1.834 deraadt 444: <li>Enable weak aliases in libc for powerpc, sparc and alpha (already enabled on i386.)
445: <li>Add new splusb() to prevent USB initialisation lossage.
1.831 deraadt 446: <li>Improve SMART support in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atactl&sektion=8">atactl(8)</a>.
1.834 deraadt 447: <li>Silently ignore deprecated options to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> since they may be passed in for a remote scp command.
448: <li>Remove FallbackToRsh from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&sektion=1">scp(1)</a> as well.
1.831 deraadt 449: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT rules now do macro expansion as well.
1.834 deraadt 450: <li>Add Makefile-like (var += ...) macro concatenation to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>, then remove it again.
1.831 deraadt 451: <li>Add per-rule state timeouts to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
452: <li>Fix well-hidden little bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=3">crypto(3)</a> to unbork <a href="http://www.openbsd.org/sparc64.html">sparc64</a> SSL/TLS negotiation.
453: <li>On <a href="http://www.openbsd.org/alpha.html">alpha</a>, don't allow kernel symbols to be paged out.
1.834 deraadt 454: <li>Deprecate FallbackToRsh and UseRsh options in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>.
1.831 deraadt 455: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign&sektion=8">ssh-keysign(8)</a> now insists on 20-byte session IDs.
1.834 deraadt 456: <li>Remove suspect DIAGNOSTIC block from softdep kernel code.
1.831 deraadt 457: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wsdisplay&sektion=4">wsdisplay(4)</a> screen blanker play nice with the X server.
1.834 deraadt 458: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lpr&sektion=1">lpr(1)</a> and friends go from setuid(root) to setgid(daemon). Connections can come from unprivileged ports for now.
1.831 deraadt 459: <li>Add Realtek 8129/8139 cardbus device support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rl&sektion=4">rl(4)</a>.
1.834 deraadt 460: <li>Switch <a href="http://www.openbsd.org/macppc.html">macppc</a> to use gem instead of gm.
1.831 deraadt 461: <li>Multicast fixes and Gigabit Ethernet support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gem&sektion=4">gem(4)</a>.
462: <li>Rule label length increased from 32 to 64 characters.
1.834 deraadt 463: <li>Allow modification of TTL with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> return-rst.
1.831 deraadt 464: <li>Timeout handling improvements to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ohci&sektion=4">ohci(4)</a>.
1.832 deraadt 465: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a> print RIP6 statistics.
1.831 deraadt 466: <li>Allow a per-rule limit to the number of state table entries a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a> rule can create.
467: <li>Switch <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> from AVL to red-black trees.
468: <li>Add Gemplus GPR400 PCMCIA smartcard reader.
469: <li>Don't propose IDEA when negotiating SSL connections.
1.834 deraadt 470: <li>$srcaddr, $srcport, $dstaddr, $dstport, $proto and $nr (rule number) can now be used in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> rule labels.
471: <li>Make a kernel TCP RST and a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> return-rst look the same, to frustrate the nmap crowd.
1.831 deraadt 472: <li>Some <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a> filter list optimizations.
1.834 deraadt 473: <li>Remove IPv4 mapped address support from TCP input code, and remove is_ipv6().
474: <li>Add net.inet6.ip6.v6only <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=8">sysctl(8)</a> flag.
475: <li>Add ikecfg as a valid flag in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd.conf&sektion=5">isakmpd.conf(5)</a>. Start coding SET/ACK mode support.
1.831 deraadt 476: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inetd&sektion=8">inetd(8)</a> no longer accepts UDP packets if the source is a broadcast address.
477: <li>Start work on <a href="http://www.xfree86.org/current/Xkdrive.1.html">KDrive</a> (TinyX) low-footprint X server support.
1.834 deraadt 478: <li>Add a missing bzero() in sys/netinet/tcp_input.c to fix link-local TCP.
1.831 deraadt 479: <li>Add flow type to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>.
480: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> crasher PR2729.
481: <li>Deprecate SIO.*IFPREFIX_IN6 ioctls.
482: <li>Merge <a href="http://www.stacken.kth.se/projekt/arla/">arla</a> release 0.35.7.
483: <li>Merge OpenSSL 0.9.7-stable-20020605.
1.834 deraadt 484: <li>TCP wrappers and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> accept scoped IPv6 addresses.
485: <li>Remove [gs]etprogname() from KerberosIV
1.831 deraadt 486: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> crash described in PR2721.
487: <li>Disable XF86_SVGA drivers in old XFree that are as good or better in XFree86 4.2.0, as defined in their <a href="http://www.xfree86.org/4.2.0/Status.html">status page</a>.
488: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bpf&sektion=4">bpf(4)</a> support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a>
489: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>, add netmask, subnet and DHCP server request support to IKECFG.
1.832 deraadt 490: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bktr&sektion=4&arch=i386">bktr(4)</a> stereo.
491: <li>Support the RNG of AMD-768 southbridge (device <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=amdpm&sektion=4">amdpm(4)</a>.)
1.831 deraadt 492: <li>Fix DMA handing of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hme&sektion=4&arch=sparc">hme(4)</a> (SPARC and SPARC64.)
1.834 deraadt 493: <li>Pull in libcsu change from NetBSD to allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dlopen&sektion=3">dlopen(3)</a> to be used much earlier.
494: <li>Add -t key lifetime option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-add&sektion=1">ssh-add(1)</a>.
495: <li>Use IPv4/IPv6 addresses in /etc/inetd.conf instead of 'localhost' to avoid DNS lookups.
1.830 deraadt 496: <li>Add predicate suffixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>.
1.834 deraadt 497: <li>Add -x and -X options to respectively lock and unlock <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a>.
498: <li>Compatibility tweaks to getpid(), getuid() and getgid() under Linux emulation.
1.832 deraadt 499: <li>Start work on new debugger, pmdb.
1.830 deraadt 500: <li>Additional check (#ifdef DIAGNOSTIC) for duplicate <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uvm&sektion=9">uvm(9)</a> map entries.
1.834 deraadt 501: <li>If <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslog&sektion=3">syslog(3)</a> fails with ENOBUFS when sending to /dev/log, it now waits a millisecond and retries.
1.830 deraadt 502: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslogd&sektion=8">syslogd(8)</a> doubles the socket receive buffer size.
1.831 deraadt 503: <li>Automatic policy generation for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a>.
1.830 deraadt 504: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lynx&sektion=1">lynx(1)</a> now defaults to passive FTP.
1.834 deraadt 505: <li>Remove [gs]etprogname() from KerberosV.
506: <li>New -a <bind_address> option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a> so user can specify the agent's UNIX domain socket.
1.830 deraadt 507: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tbrconfig&sektion=8">tbrconfig(8)</a> statically linked.
1.831 deraadt 508: <li>Remove assumptions about MTU values for certain media types.
1.830 deraadt 509: <li>Use the same byte-order kung fu as the kernel in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atactl&sektion=8">atactl(8)</a>.
510: <li>Don't automagically set -prefixlen 128 on IPv6 host route.
511: <li>rasops instead of rcons for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vgafb&sektion=4&arch=sparc64">vgafb(4/SPARC64)</a>.
1.831 deraadt 512: <li>Add xsystrace(1) [no manpage yet] UI for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a>.
513: <li> Add sbus <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bwtwo&sektion=4&arch=sparc">bwtwo(4)</a> mono framebuffer support (untested.)
1.830 deraadt 514: <li>PrivSep'd <a href="http://www.openssh.com/">ssh</a> monitor processes check each authentication method is enabled before use.
515: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> userland import.
516: <li>Use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=arc4random&sektion=3">arc4random(3)</a> for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rtadvd&sektion=8">rtadvd(8)</a>.
517: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nice&sektion=3">nice(3)</a> standards compliant.
518: <li>More <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> tweaks for Symbol cards.
519: <li>Recognise VIA VT8233 PCI-ISA bridge.
520: <li>Fix <a href="http://www.openbsd.org/sparc64.html">sparc64</a> 64-bit relocation masks in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a>.
521: <li>Merge in <a href="http://www.sendmail.org/">Sendmail</a> 8.12.4.
522: <li>Detect stereo radio reception in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fms&sektion=4">fms(4)</a>.
523: <li>Compatibility tweaks to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=creator&sektion=0&arch=sparc64">creator(4/SPARC64)</a>.
524: <li>Replace <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mr&sektion=4&manpath=OpenBSD+3.1">mr(4)</a> radio driver with new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gtp&sektion=4">gtp(4)</a> driver, which is better tested.
1.834 deraadt 525: <li>'<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl</a> -s all' now prints labels as well.
526: <li>Add volatile to sig_atomic_t. Stand well back.
1.830 deraadt 527: <li>Use rasops instead of rcons in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cgthree&sektion=4&arch=sparc">cgthree(4/SPARC)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cgsix&sektion=4&arch=sparc">cgsix(4/SPARC)</a>.
1.832 deraadt 528: <li>Simplify IPv6 link MTU code.
1.834 deraadt 529: <li>Implement PMAP_CANFAIL flag for m68k pmap.
1.830 deraadt 530: <li>Enable console blanking on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cgthree&sektion=4&arch=sparc">cgthree(4/SPARC)</a>.
1.834 deraadt 531: <li>Make sure some struct sockaddr are cleared before use.
1.831 deraadt 532: <li>Start work on NetOctave NSP2000 (hardware crypto) driver <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=noct&sektion=4">noct(4)</a>. Just the RNG for now.
1.830 deraadt 533: <li>Apply <a href="http://www.dachb0den.com/projects/bsd-airtools.html">BSD Airtools</a> 0.2 patches.
534: <li>Teach <a href="http://www.ietf.org/rfc/rfc3168.txt?number=3168">ECN</a> flags to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
1.831 deraadt 535: <li>Dump <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mkisofs&sektion=8&manpath=OpenBSD+3.1">mkisofs(8)</a> in favor of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mkhybrid&sektion=8">mkhybrid(8)</a>.
1.834 deraadt 536: <li>Avoid fd_set overruns in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rtsold&sektion=8">rtsold(8)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=route6d&sektion=8">route6d(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rtadvd&sektion=8">rtadvd(8)</a>.
1.830 deraadt 537: <li>Clue in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inetd&sektion=8">inetd(8)</a> to IPv6 FTP bounce attacks.
1.834 deraadt 538: <li>Fix /etc/ptmp deletion bug that occurred if <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rmuser&sektion=8">rmuser(8)</a> was aborted.
1.830 deraadt 539: <li>IBSS mode for Symbol cards (firmware >= 2.5) using the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi">wi(4)</a> driver.
540: <li>Add leading-zero padding to RSA signatures in <a href="http://www.openssh.com/">ssh</a>.
1.832 deraadt 541: <li>Tweak <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=altq&sektion=9">altq(9)</a> <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=options&sektion=4">options(4)</a> so the kernel compiles on i[34]86.
1.831 deraadt 542: <li>Add support in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fxp&sektion=4">fxp(4)</a> driver for more Intel PRO/100 VM cards.
1.832 deraadt 543: <li>For those that do metric but refuse to work in meters and kilograms, <a href="http://www.unc.edu/~rowlett/units/dictK.html">kayser</a> conversion has been added to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=units&sektion=1">units(1)</a>. Wow.
1.830 deraadt 544: <li>Fix signal races in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ping&sektion=8">ping(8)</a>.
1.834 deraadt 545: <li>Now that the Dungeon Master <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dm&sektion=0&manpath=OpenBSD+3.1">dm(1)</a> has gone into well-earned retirement, make those games that need to save high scores, etc. run setgid games.
1.830 deraadt 546: <li>Per-socket <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> policies and options!
547: <li>Stop a potential <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> DoS where an attacker could falsely advance the replay counter and so force valid traffic to be discarded.
1.835 miod 548: <li>Add German keyboard map for Apple laptops.
1.830 deraadt 549: <li>On ELF platforms, allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc&sektion=1">gcc(1)</a> to link Fortran code with other languages.
1.835 miod 550: <li>Make sure every PCI interrupt is recorded, so ISA doesn't step on one of them later.
551: <li>Better <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=radio&sektion=4">radio(4)</a> devices attachment.
1.830 deraadt 552: <li>Fix VIA8233 support in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=auvia&sektion=4">auvia(4)</a>.
1.834 deraadt 553: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nc&sektion=1">nc(1)</a> timeouts behave more like netcat.
554: <li>Make sure user's shell is /usr/sbin/authpf before running <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=authpf&sektion=8">authpf(8)</a> to prevent $SSH_CLIENT shenanigans.
1.835 miod 555: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh</a>, use OpenSSL's AES implementation instead of our own.
1.834 deraadt 556: <li>Add -[46] options to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&sektion=1">ftp(1)</a>.
1.831 deraadt 557: <li>Warn to syslog if IPv6 neighbor discovery tries to set the link MTU too small.
1.830 deraadt 558: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tip&sektion=1">tip(1)</a> query the driver with the user's baud rate setting rather than only accepting a compiled-in list.
1.832 deraadt 559: <li>Cleanup and small fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=skeyaudit&sektion=1">skeyaudit(1)</a>.
1.830 deraadt 560: <li>Fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fms&sektion=4">fms(4)</a>.
561: <li>Various fixes and enhancements to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a>.
1.834 deraadt 562: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> no longer starts in privilege-separated mode unless the PrivSep user sshd and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chroot&sektion=2">chroot(2)</a> dir /var/empty are both present.
1.830 deraadt 563: <li>Fix potential time overflow in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dd&sektion=1">dd(1)</a>.
564: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a> refragment IP packets that are too large for the outgoing interface.
1.835 miod 565: <li>Remove libdl, support is in libc since a long time already.
1.830 deraadt 566: <li>Recognise Nokia C110 and C111 PC cards as <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> devices.
567: <li>Really sanitize <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a>'s environment as promised in the manpage when running set[ug]id, and test for set[ug]id earlier.
568: <li>Don't allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mktemp&sektion=3">mktemp(3)</a> to back up past the beginning of its input buffer.
569: <li>Use the correct string buffer size for printing port numbers in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
1.834 deraadt 570: <li>Remove arc4random_8().
571: <li>struct ifnet now has an array of pointers to data for each address family. Move per-interface IPv6 state and neighbor discovery stuff here.
1.832 deraadt 572: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a> cleanup.
1.831 deraadt 573: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ping6&sektion=8">ping6(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=traceroute6&sektion=8">traceroute6(8)</a> updates from <a href="http://www.kame.net/">KAME</a>.
1.835 miod 574: <li>unsigned -> unsigned int cleanup.
575: <li>Repair machdep.chipset sysctl on alpha.
576: <li>Audit pid_t type usage.
577: <li>Audit incorrect signal(2) usage.
1.830 deraadt 578: <li>Fix big <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=snprintf&sektion=3">snprintf(3)</a>
579: parameter typo in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strftime&sektion=3">strftime(3)</a>.
1.831 deraadt 580: <li>Don't use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=execlp&sektion=3">execlp(3)</a> when invoking <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign&sektion=8">ssh-keysign(8)</a>.
1.830 deraadt 581: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kill&sektion=2">kill(2)</a> parameter brainfade in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=amd&sektion=8">amd(8)</a> and KerberosIV's rlogin.
582: <li><a href="http://www.openbsd.org/vax.html">vax</a>: Add board type for VXT2000+.
583: <li>More IANA interface type values, including IFT_BRIDGE.
1.834 deraadt 584: <li>Split XFree86 bsd_video.c into architecture-specific files.
585: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=8">sysctl(8)</a> toggle net.inet.icmp.tstamprepl (default: 1) for ICMP timestamp replies.
1.835 miod 586: <li>Even more steps toward the death of unsafe string functions.
1.830 deraadt 587: <li>In XFree86 build, honour COPTS variable when building third-party apps.
1.834 deraadt 588: <li>Add LIBS option for crunchgen so custom libraries can be added to boot images.
589: <li>Run <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rpc.rstatd&sektion=8">rpc.rstatd(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rpc.rusersd&sektion=8">rpc.rusersd(8)</a> as user nobody (boo!) from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inetd&sektion=8">inetd(8)</a>.
1.830 deraadt 590: <li>From <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a>, remove tests that have no license, and for the same reason replace parts of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld&sektion=1">ld(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ldconfig&sektion=8">ldconfig(8)</a>.
591: <li>Remove unnecessary instruction cache flushes on <a href="http://www.openbsd.org/sparc64.html">sparc64</a>.
592: <li>Many cleanups in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a>.
1.821 miod 593: <li>Support mixed IPv4/IPv6 address lists in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
1.831 deraadt 594: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign&sektion=8">ssh-keysign(8)</a>.
1.821 miod 595: <li>Remove obsolete <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dm&sektion=8&manpath=OpenBSD+3.0">dm(8)</a>.
1.835 miod 596: <li>Fix <a
597: href="http://www.openbsd.org/cgi-bin/man.cgi?query=disklabel&sektion=8">disklabel(8)</a>
598: warnings on CD-ROM
599: (<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cd&sektion=4">cd(4)</a>)
600: with no data track.
601: <li>Allow incoming <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> connections in the temporary <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> ruleset installed by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rc&sektion=8">/etc/rc</a>, just in case the real rulebase fails to load later on.
1.826 horacio 602: <li>Hunt for biodone() calls not made at splbio() <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spl&sektion=9">spl(9)</a>, and fix them.
1.830 deraadt 603: <li>Improve <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mount_cd9660&sektion=8">cd9660(8)</a> filesystem read-ahead performance.
1.823 jsyn 604: <li>Support software brightness and backlight control on various macppc models.
605: <li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wsconsctl&sektion=8">wsconsctl(8)</a> to control brightness and backlight on displays which
1.821 miod 606: support this.
1.823 jsyn 607: <li>New libc IEEE floating-point code and libm routines for hppa.
1.826 horacio 608: <li>splassert (<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spl&sektion=9">spl(9)</a>) on i386.
1.823 jsyn 609: <li>More steps toward the death of unsafe string functions.
1.826 horacio 610: <li>splassert (<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spl&sektion=9">spl(9)</a>) on sparc64.
611: <li>Add a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=creator&sektion=4&arch=sparc64">creator(4)</a> driver for sparc64 Creator and Creator3D cards.
1.821 miod 612: <li>Jumbo <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lpr&sektion=1">lpr(1)</a> changes including IPv6 support, new features, and bugfixes.
1.823 jsyn 613: <li>Still more hppa memory management and low-level code fixes.
1.821 miod 614: <li>Simple pmap optimization on macppc.
1.823 jsyn 615: <li>Did we mention the cleaning of the installation scripts, adding functionality yet reducing size?
1.826 horacio 616: <li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ddb&sektion=4">ddb(4)</a> to do a stack trace into the kernel message buffer.
1.821 miod 617: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isp&sektion=4">isp(4)</a> fixes.
618: <li><font color=#e00000><strong>SECURITY FIX: Fix incorrect ACL check when using BSD authentication in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>.</strong></font><br>
619: <a href="errata.html#sshbsdauth">A source code patch is available</a>.<br>
620: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
621: <li>Fix a memory leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a>.
622: <li>New systrace facility.
623: <li>Better Cyrix cpu support.
624: <li>ECN support.
625: <li>Support SNTP in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rdate&sektion=8">rdate(8)</a>.
626: <li>Fix infinite SIGFPE loop situations on vax.
1.823 jsyn 627: <li>Remove unnecessary setuid bit from binaries that either do not need it or
628: whose functionality requiring root privileges should only be invoked by root
1.821 miod 629: anyways, or which can be changed into a setgid bit for a specific group.
1.826 horacio 630: <li>Switch <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=skey&sektion=1">skey(1)</a> management to per-user directories instead of a flat file and drop setuid bit on related tools.
1.821 miod 631: <li>Lots of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ppp&sektion=8">ppp(8)</a> goodies.
1.822 miod 632: <li>New splassert (see <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spl&sektion=9">spl(9)</a>) debug functionality on sparc.
1.821 miod 633: <li>Enable Altivec instructions in macppc kernels.
634: <li>Support more Hifn cards (7814, 7851, 7854) via the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nofn&sektion=4">nofn(4)</a> driver.
635: <li>OpenSSL 0.9.7.
636: <li>Completely rework <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=at&sektion=1">at(1)</a> and related binaries, and make them POSIX-compliant.
1.822 miod 637: <li>More use of hardware crypto cards functionality via <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ubsec&sektion=4">ubsec(4)</a>.
1.821 miod 638: <li>More hppa memory management fixes.
639: <li>binutils 2.11.2.
640: <li>Add per-gid filtering to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
641: <li>Switch <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=at&sektion=1">at(1)</a> to be setgid crontab as well.
642: <li>Handle host names resolving in several addresses in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
643: <li>Fix compilation warnings for various userland programs.
1.826 horacio 644: <li>Add a new user, crontab, and change <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cron&sektion=8">cron(8)</a> from being setuid root to being setgid crontab.
1.821 miod 645: <li>Add per-uid filtering to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
1.826 horacio 646: <li>More <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=usb&sektion=4">usb(4)</a> support updates.
1.821 miod 647: <li>More <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ubsec&sektion=4">ubsec(4)</a>
648: hackery to get it to do more crypto operations, and hack
649: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hifn&sektion=4">hifn(4)</a>
650: and
651: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lofn&sektion=4">lofn(4)</a>
652: to work with this.
1.822 miod 653: <li>Your average extensive cleaning of the installation scripts, adding functionality yet reducing size.
1.826 horacio 654: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=adb&sektion=4&arch=powerpc">adb(4)</a> french keyboard layout on macppc.
1.821 miod 655: <li>Switch ELF platforms to the native <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gprof&sektion=1">gprof(1)</a>.
656: <li>Obtain a better licence for the hppa spmath routines.
657: <li>Add an <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=url&sektion=4">url(4)</a> driver for Realtek RTL8150L-based USB cards.
658: <li>mvme88k pmap bugfixes.
1.826 horacio 659: <li>Various <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=usb&sektion=4">usb(4)</a> driver updates.
1.821 miod 660: <li>Remove <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rlogin&sektion=1&manpath=OpenBSD+3.0">rlogin(1)</a>,
661: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rlogind&sektion=8&manpath=OpenBSD+3.0">rlogind(8)</a> and
662: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rexecd&sektion=8&manpath=OpenBSD+3.0">rexecd(8)</a>.
1.823 jsyn 663: <li>Fix several wrong computations in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newfs&sektion=8">newfs(8)</a>.
1.821 miod 664: <li>Workaround ghost pcibus detection in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pchb&sektion=4">pchb(4)</a>.
665: <li>Add a tuner driver for the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fms&sektion=4">fms(4)</a> radio cards.
1.826 horacio 666: <li>Allow userland to know which <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> rule created a specific state.
1.821 miod 667: <li>Prevent a 3.0 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wsmoused&sektion=8&arch=i386">wsmoused(8)</a> binary from panic'ing the kernel.
668: <li>Enable privsep by default in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>.
669: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=find&sektion=1">find(1)</a>'s -anewer and -cnewer options behaviour.
670: <li>Sprinkle ptrdiff_t and size_t types instead of int all over the tree.
671: <li>Support LBA48 addressing in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wdc&sektion=4">wdc(4)</a>.
672: <li>Bring back TURBOchannel alpha hardware support.
673: <li>Fix a slightly incorrect behaviour of the device cloning in UKC (<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=boot_config&sektion=8">boot_config(8)</a>).
1.826 horacio 674: <li><font color=#e00000><strong>SECURITY FIX: cause the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=exec&sektion=3">exec(3)</a> to fail if we are unable to allocate resources when dup-ing <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=null&sektion=4">/dev/null(4)</a> to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fd&sektion=4">fd(4)</a>'s 0-2 for setuid programs.</strong></font><br>
1.821 miod 675: <a href="errata.html#fdalloc2">A source code patch is available</a>.<br>
676: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
677: <li>Extended Attributes code updates.
678: <li>Improve PS/2 mouse port detection in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pckbc&sektion=4">pckbc(4)</a>.
1.831 deraadt 679: <li>Better <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hifn&sektion=4">hifn(4)</a> initialisation and memory usage.
1.822 miod 680: <li>Extensive cleaning of the installation scripts, adding functionality yet reducing size. No, you're not having a deja vu.
1.821 miod 681: <li>Fix ethernet interrupt level on sparc, and rework the sparc interrupt framework.
682: <li>Better color depth detection in Xwsfb.
683: <li>64-bit fixes in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vmstat&sektion=8">vmstat(8)</a>.
684: <li>Improve dma processing in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bge&sektion=4">bge(4)</a>.
1.826 horacio 685: <li><font color=#e00000><strong>RELIABILITY FIX: constrain readdirplus request count in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mount_nfs&sektion=8">nfs(8)</a> filesystem.</strong></font><br>
1.821 miod 686: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
687: <li>Switch macppc console from the rcons engine to the rasops engine.
1.822 miod 688: <li>Extensive cleaning of the installation scripts, adding functionality yet reducing size. Yes, once again.
1.821 miod 689: <li>Add IEEE754 floating point completion code on alpha.
690: <li>Improve dma processing in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gx&sektion=4">gx(4)</a>.
691: <li>Build the XFree86 GLX extension on sparc64.
692: <li>Hunt for outdated prototypes for character devices entry points and fix them.
1.826 horacio 693: <li>Switch mvme88k to the new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=MAKEDEV&sektion=8&arch=mvme68k">MAKEDEV(8)</a> generation framework.
694: <li>Implement the -s option in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=m4&sektion=1">m4(1)</a>, for it to be POSIX-compliant.
1.821 miod 695: <li>Kill all mvme68k kernel compilation warnings.
1.823 jsyn 696: <li>Assorted mac68k code cleanups.
1.821 miod 697: <li>Shared key support in hostap mode in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a>.
698: <li>Make Xwsfb support <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tga&sektion=4&arch=alpha">tga(4)</a> cards on alpha.
699: <li>Fix a lock leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ami&sektion=4">ami(4)</a>.
1.826 horacio 700: <li><font color=#e00000><strong>SECURITY FIX: update <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sudo&sektion=8">sudo(8)</a> to sudo 1.6.6.</strong></font><br>
1.821 miod 701: <a href="errata.html#sudo">A source code patch is available</a>.<br>
702: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
703: <li><font color=#e00000><strong>RELIABILITY FIX: avoid buffer overrun on PASV from a malicious server in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&sektion=1">ftp(1)</a>.</strong></font><br>
704: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
705: <li>Add a Soundforte radio driver, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sfr&sektion=4&arch=i386">sfr(4)</a>.
706: <li>Add dynamic interface -> address translation in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
707: <li>Add kernel hooks on ethernet interfaces, triggered by address changes.
708: <li>Extended Attributes code updates.
709: <li>Enable the Freetype library on sparc64.
1.824 aaron 710: <li>Add queueing in the kernel crypto framework.
1.821 miod 711: <li>Make the system includes C++ friendly.
712: <li>Allow explicit filtering of non-reassembled fragments in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
1.825 miod 713: <li>Support more hardware and fix stability issues in the mac68k <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sn&sektion=4&arch=mac68k">sn(4)</a> network driver.
1.821 miod 714: <li>Improved Lithuanian keyboard map for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wscons&sektion=4">wscons(4)</a>.
1.834 deraadt 715: <li><font color=#e00000>SECURITY FIX: fix a buffer overflow in AFS/Kerberos token handling in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>, and send a complete ticket.</font><br>
1.821 miod 716: <a href="errata.html#sshafs">A source code patch is available</a>.<br>
717: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
718: <li>Fix a memory leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a>.
719: <li>Assorted hppa memory management fixes.
1.823 jsyn 720: <li>Allow fractional delays in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=top&sektion=1">top(1)</a>.
1.822 miod 721: <li>Enable upgrade functionality again on alpha installation media.
722: <li>Extensive cleaning of the installation scripts, adding functionality yet reducing size.
1.821 miod 723: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1">cvs(1)</a> create the .cvspass file on a login operation if it does not exist, rather than failing.
724: <li>Extend mac68k disklabels to 16 partitions, like all the other platforms.
725: <li>Add cddb support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cdio&sektion=1">cdio(1)</a>.
726: <li>Support more network cards with the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dc&sektion=4">dc(4)</a> driver.
727: <li>Improve sparc pmap behaviour in some low memory conditions.
728: <li>sendmail 8.13.
1.826 horacio 729: <li>Switch mvme68k to the new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=MAKEDEV&sektion=8&arch=mvme68k">MAKEDEV(8)</a> generation framework.
1.821 miod 730: <li>Improve the library logic in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld&sektion=1">ld(1)</a> to increase speed and decrease memory usage on a.out platforms.
731: <li>New mvme68k installation media.
732: <li>Change fpu probe routine on mac68k.
733: <li>Fix an obscure bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sed&sektion=1">sed(1)</a>.
734: <li>Support more wireless cards with the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> driver, and fix a few issues within.
735: <li>Fix 64-bit issues in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
736: <li>Remove the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wx&sektion=4&manpath=OpenBSD+3.0">wx(4)</a> driver,
737: which had been deprecated in favor of the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gx&sektion=4">gx(4)</a> driver.
1.422 deraadt 738: </ul>
739: <p>
1.203 deraadt 740:
1.95 deraadt 741: This list mentions mostly platform-independent changes. For a list of changes
742: made in a particular platform, please check the page for that platform. If you
743: find them not listed there, the changes are either (1) not being documented or
744: (2) are documented here.<br><br>
1.14 deraadt 745:
746: <hr>
1.424 deraadt 747: <p>
748: <h3>
1.691 jufi 749: <a href="plus20.html">For changes leading up to OpenBSD 2.0, click here</a>.<br>
750: <a href="plus21.html">For changes leading up to OpenBSD 2.1, click here</a>.<br>
751: <a href="plus22.html">For changes leading up to OpenBSD 2.2, click here</a>.<br>
752: <a href="plus23.html">For changes leading up to OpenBSD 2.3, click here</a>.<br>
753: <a href="plus24.html">For changes leading up to OpenBSD 2.4, click here</a>.<br>
754: <a href="plus25.html">For changes leading up to OpenBSD 2.5, click here</a>.<br>
755: <a href="plus26.html">For changes leading up to OpenBSD 2.6, click here</a>.<br>
756: <a href="plus27.html">For changes leading up to OpenBSD 2.7, click here</a>.<br>
757: <a href="plus28.html">For changes leading up to OpenBSD 2.8, click here</a>.<br>
1.758 deraadt 758: <a href="plus29.html">For changes leading up to OpenBSD 2.9, click here</a>.<br>
1.801 deraadt 759: <a href="plus30.html">For changes leading up to OpenBSD 3.0, click here</a>.<br>
1.820 deraadt 760: <a href="plus31.html">For changes leading up to OpenBSD 3.1, click here</a>.<br>
1.424 deraadt 761: <br>
762: </h3>
763:
764: <hr>
1.729 horacio 765: <a href="index.html"><img height=24 width=24 src="back.gif" border=0 alt="OpenBSD"></a>
766: <a href="mailto:www@openbsd.org">www@openbsd.org</a>
1.837 ! deraadt 767: <br><small>$OpenBSD: plus.html,v 1.836 2002/07/23 21:56:24 deraadt Exp $</small>
1.14 deraadt 768:
769: </body>
770: </html>