Annotation of www/plus.html, Revision 1.841
1.14 deraadt 1: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML Strict//EN">
2: <html>
3: <head>
1.424 deraadt 4: <title>OpenBSD-current changes</title>
1.728 horacio 5: <link rev="made" href="mailto:www@openbsd.org">
1.14 deraadt 6: <meta name="resource-type" content="document">
1.716 deraadt 7: <meta name="description" content="OpenBSD-current changes">
8: <meta name="keywords" content="openbsd,current,changes">
1.14 deraadt 9: <meta name="distribution" content="global">
1.810 horacio 10: <meta name="copyright" content="This document copyright 1996-2002 by OpenBSD.">
1.14 deraadt 11: </head>
12:
1.728 horacio 13: <body bgcolor="#ffffff" text="#000000" link="#23238e">
1.14 deraadt 14:
1.828 jsyn 15: <a href="index.html"><img alt="[OpenBSD]" height="30" width="141" src="images/smalltitle.gif" border="0"></a>
1.64 downsj 16: <p>
1.820 deraadt 17: <h2><font color=#e00000>Changes made between OpenBSD 3.1 and OpenBSD-current</font><hr></h2>
1.14 deraadt 18:
19: <p>
1.823 jsyn 20: This is a partial list of the major machine-independent changes
1.602 aaron 21: (i.e., these are the changes people ask about most often). Port
1.29 deraadt 22: specific changes have also been made, and are sometimes mentioned
1.728 horacio 23: in the pages for the specific <a href="plat.html">platforms</a>.
1.14 deraadt 24:
1.17 deraadt 25: <p>
1.725 naddy 26: Changes to the <a href="ports.html">ports</a> collection are documented
1.747 naddy 27: <a href="portsplus/index.html">here</a>.
1.725 naddy 28:
29: <p>
1.185 deraadt 30: Note: <font color=#e00000>Problems for which patches exist are marked in red</font>.
31:
32: <p>
1.186 deraadt 33: <h3>
1.684 deraadt 34: <a href="plus20.html">For changes leading up to OpenBSD 2.0, click here</a>.<br>
35: <a href="plus21.html">For changes leading up to OpenBSD 2.1, click here</a>.<br>
36: <a href="plus22.html">For changes leading up to OpenBSD 2.2, click here</a>.<br>
37: <a href="plus23.html">For changes leading up to OpenBSD 2.3, click here</a>.<br>
38: <a href="plus24.html">For changes leading up to OpenBSD 2.4, click here</a>.<br>
39: <a href="plus25.html">For changes leading up to OpenBSD 2.5, click here</a>.<br>
40: <a href="plus26.html">For changes leading up to OpenBSD 2.6, click here</a>.<br>
41: <a href="plus27.html">For changes leading up to OpenBSD 2.7, click here</a>.<br>
42: <a href="plus28.html">For changes leading up to OpenBSD 2.8, click here</a>.<br>
1.758 deraadt 43: <a href="plus29.html">For changes leading up to OpenBSD 2.9, click here</a>.<br>
1.801 deraadt 44: <a href="plus30.html">For changes leading up to OpenBSD 3.0, click here</a>.<br>
1.820 deraadt 45: <a href="plus31.html">For changes leading up to OpenBSD 3.1, click here</a>.<br>
1.422 deraadt 46: <br>
1.186 deraadt 47: </h3>
48:
49: <p>
1.674 deraadt 50: <h3><font color=#0000e0>We are working on OpenBSD-current.</font></h3><p>
1.840 deraadt 51: The following list sums up (almost) all the changes made up to August 23.
1.422 deraadt 52: <ul>
1.831 deraadt 53:
1.840 deraadt 54: <li>Map the heap non-executable.
55: <!-- ^^^ 20020823 -->
56: <li>Change the way FREF() and FRELE() are called w.r.t. getvnode() (see <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=file&sektion=9">file(9)</a>.)
57: <li>Fix a locking problem that can occur when an executable tries to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=exec&sektion=3">exec(3)</a> itself.
58: <li>Avoid a potential int overflow in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=comsat&sektion=8">comsat(8)</a>
59: <li>Make the resolver ignore DNS AAAA replies containing IPv4-mapped addresses.
60: <!-- ^^^ 20020822 -->
1.841 ! markus 61: <li>Bump the listen() backlog from 5 to 128 (!) in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a>.
1.840 deraadt 62: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>'s default LoginGraceTime reduced from 600 to 60 seconds.
63: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wscons&sektion=4">wscons(4)</a> now attaches to each wsdisplay device by default.
64: <li>Fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strip&sektion=1">strip(1)</a>. -x now works.
65: <!-- ^^^ 20020821 -->
66: <li>net.inet6.ip6_use_deprecated is on by default again...
67: <li>Fix some (but not all) signal races in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fsck_ffs&sektion=8">fsck_ffs(8)</a>.
68: <li>New -n option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftpd&sektion=8">ftpd(8)</a> that disallows anonymous access even if the ftp user exists.
69: <li>Perform /tmp/.{X11,ICE}-unix fixups before the system goes multiuser.
70: <!-- ^^^ 20020820 -->
71: <li>Fix sysctl <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=copyout&sektion=9">copyout(9)</a>s in IPv6 neigbour discovery.
72: <!-- ^^^ 20020819 -->
73: <li>Audit and cleanup of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inet_net_ntop&sektion=3">inet_net_ntop(3)</a>, inet_neta() and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inet_ntop&sektion=3">inet_ntop(3)</a>.
74: <li>TCP now tries to act appropriately w.r.t. net.inet6.ip6_use_deprecated.
75: <!-- ^^^ 20020818 -->
76: <li>Use of IPv6 deprecated addresses switched off by default. (See <a href="http://www.ietf.org/rfc/rfc2462.txt">RFC2462</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=8">sysctl(8)</a> variable net.inet6.ip6_use_deprecated.)
77: <li>Fixes to the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isp&sektion=4">isp(4)</a> SCSI driver.
78: <!-- ^^^ 20020817 -->
79: <li>Correct two sizeof bugs in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=9">crypto(9)</a>.
80: <li>Allow a raw IP socket to see a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gre&sektion=4">gre(4)</a> packets for tunnels we haven't configured.
81: <!-- ^^^ 20020816 -->
82: <li>Add some more cross-compilation targets in /usr/src/Makefile.
83: <li>Backfit Perl 5.80's File::Glob implementation (based on OpenBSD's code) to our <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=perl&sektion=1">perl(1)</a>.
84: <li>Fix a null pointer dereference in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
85: <!-- ^^^ 20020815 -->
86: <!-- ^^^ 20020814 -->
87: <!-- ^^^ some CVS breakage around here -->
88: <!-- ^^^ 20020813 -->
89: <li>Using the state table instead of a special-purpose list, allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT to use the same proxy port for multiple external peers.
90: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a> setgid(_sshagnt). setuid/setgid processes can't be <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ptrace&sektion=2">ptrace(2)</a>ed.
91: <li>SPARC consoles now use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wscons&sektion=4">wscons(4)</a>.
92: <!-- ^^^ 20020812 -->
93: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=traceroute&sektion=8">traceroute(8)</a> now displays '!X' when packets come back as ICMP administratively prohibited by filter.
94: <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rsh&sektion=1">rsh(1)</a> die on fd_set overruns.
95: <li>In a number of places, switch the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=calloc&sektion=3">calloc(3)</a> round the right way.
96: <li>Switch SPARC to ELF.
97: <li>Fix an XFree runtime loader problem seen on Alpha, PowerPC, SPARC and SPARC64.
1.839 deraadt 98: <!-- ^^^ 20020811 -->
99: <li><font color="#e00000"><strong>SECURITY FIX: An insufficient boundary check in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=select&sektion=2">select(2)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=poll&sektion=2">poll(2)</a> system calls allows an attacker to overwrite kernel memory and execute arbitrary code in kernel context.</strong></font><br>
100: <a href="errata.html#scarg">A source code patch is available</a>.<br>
101: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
102: <!-- ^^^ 20020810 -->
103: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=raid&sektion=4">raid(4)</a> no longer gets loud at boot time unless option RAIDDEBUG is used.
104: <li>Sink a few bugs in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bs&sektion=6">bs(6)</a>.
105: <!-- ^^^ 20020809 -->
106: <li>Fix raw socket translation for Linux compatibility mode.
107: <li>Properly clear the argument list in pmdb.
108: <li>Die on fd_set overrun in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mtrace&sektion=8">mtrace(8)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=map-mbone&sektion=8">map-mbone(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mrouted&sektion=8">mrouted(8)</a> (not built by default.)
109: <li>When emulating Linux, don't have accept()ed sockets inherit flags from the listen socket.
110: <li>Fix snprintf length in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslogd&sektion=8">syslogd(8)</a>.
111: <li>Correct a sizeof bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=photurisd&sektion=8">photurisd(8)</a>.
112: <li>Tweak IFF_PROMISC handling in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> to avoid some unnecessary initialisations.
113: <li>Fix a potential off-by-one in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a> that could cause mmap breakage on some architectures.
114: <li>Make insertion of data into socket buffers run in constant time, a huge win especially with large buffers.
115: <li>Relax slightly the conditions under which a TCP SYN packet will trigger the sequence number modulator. Handy for systems with ECN stacks.
116: <li>Fix a number of && -> & bit-test typos in OpenSSH (v1 RSA key use,) <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=routed&sektion=8">routed(8)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pic&sektion=1">pic(1)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fvwm&sektion=1">fvwm(1)</a> and a few in the kernel.
117: <li>Add a couple of missing <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=open&sektion=2">open(2)</a> mode args in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=afsd&sektion=8">afsd(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=msgs&sektion=1">msgs(1)</a>.
118: <!-- ^^^ 20020808 -->
119: <li>Improve TX interrupt handing in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=be&sektion=4&arch=sparc">be(4/SPARC,4/SPARC64)</a>.
120: <li>Fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mrinfo&sektion=8">mrinfo(8)</a> (this isn't built by default.)
121: <li>Improve <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>'s handling of interrupted system calls.
122: <li>Fix a free-in-caught-alloc-failure-block (!) in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ohci&sektion=4">ohci(4)</a>.
123: <li>Rewrite the CRL support in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>. Check for OpenSSL >= 0.9.7, the earliest supported version for now.
124: <!-- ^^^ 20020807 -->
125: <li>Retrofit the new early privilege revocation code to the old X servers.
126: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xlock&sektion=1">xlock(1)</a> defaults to blank mode (rather than random mode.) Also remove bomb mode altogether, to the annoyance of noone.
127: <li>Several fixes to the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hme&sektion=4&arch=sparc">hme(4/SPARC, 4/SPARC64)</a> driver.
128: <li>Restore struct link_map ABI compatibility between ld.so and gdb, broken by the split of link.h into separate MI, ELF and a.out files.
129: <!-- ^^^ 20020806 -->
130: <li>Move AGP chipset support out of machine-independent section (AGP support is per-arch.)
131: <li><strong><font color="#e00000">REVISED SECURITY FIX</font></strong> for the OpenSSL ASN.1 buffer overflows, see the <a href="errata.html#ssl">erratum</a>.<br>
132: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
133: <!-- ^^^ 20020805 -->
134: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=auth_call&sektion=3">auth_call(3)</a>'s error logging.
135: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cron&sektion=8">cron(8)</a> cross-checks the crontab filename against the system username.
136: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a> drops its privileges earlier.
137: <!-- ^^^ 20020804 -->
138: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> can log matching rules to syslog.
139: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=write&sektion=1">write(1)</a> drops privileges after opening the tty.
140: <li>Refactor <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vmstat&sektion=8">vmstat(8)</a> slightly so <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kvm&sektion=3">kvm(3)</a> is only ever opened once (it could be opened a second time by dkstats.c before.)
141: <li>Open the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kvm&sektion=3">kvm(3)</a> library earlier in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fstat&sektion=1">fstat(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systat&sektion=1">systat(1)</a>, and so drop privs earlier.
142: <li>Test for a previously unchecked malloc() return value in the RPC library, and die unceremoniously on failure.
143: <li>Catch file read errors in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rdate&sektion=8">rdate(8)</a>'s leapsecond handler.
144: <li>Cleanup of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=amd&sektion=8">amd(8)</a>.
145: <!-- ^^^ 20020803 -->
146: <li>Remove Kerberos support from the default <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login.conf&sektion=5">login.conf</a> (and its hardwired defaults for when login.conf is absent.) See <a href="http://www.openbsd.org/cgi-bin/cvsweb/src/etc/login.conf?rev=1.12&content-type=text/x-cvsweb-markup">the log</a> for why.
147: <li>No more RPC by default. Expect a lot of 'NFS is broken' email to misc@ when 3.2 is released.
148: <li>Rework some aspects of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crontab&sektion=1">crontab(1)</a>'s file checks.
149: <li>Provide our own <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=RSA_verify&sektion=3">RSA_verify(3)</a> implementation for OpenSSH.
150: <li>Add the _sshagnt group for use by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a>.
151: <li>Correct a pointer comparison typo in libssl's ASN.1 parser library.
152: <li>Check for correct return value of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inet_aton&sektion=3">inet_aton(3)</a> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>.
1.838 deraadt 153: <li>Add some overflow checks similar to the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=calloc&sektion=3">calloc(3)</a> patch to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>.
154: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> support for certificate revocation lists.
155: <!-- ^^^ 20020802 -->
156: <li>Prevent integer overflow in i386 USER_LDT code.
157: <li>Fix NFS's handling of zero-length RPC fragments.
158: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> handles unlinking of a symlink correctly.
159: <li>Limit file size to 2^31 * PAGE_SIZE in FFS code.
160: <li>u_short -> u_int16_t in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mrouted&sektion=8">mtrouted(8)</a>.
161: <!-- ^^^ 20020801 -->
162: <li><strong><font color="#e00000">REVISED SECURITY FIX</font></strong> for the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xdr_array&sektion=3">xdr_array(3)</a> buffer overflow, see the <a href="errata.html#xdr">erratum</a>.<br>
163: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
164: <li>Spot zero-length keys or values in ypmatch_add(), and exit early.
165: <li>Broken by the removal of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atexit&sektion=3">atexit(3)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chpass&sektion=1">chpass(1)</a> now cleans up after itself properly again.
166: <li>Use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fork&sektion=2">fork(2)</a> instead of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vfork&sektion=2">vfork(2)</a> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=make&sektion=1">make(1)</a>. Fixes hppa breakage.
167: <li>Back out the new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atexit&sektion=3">atexit(3)</a> handler changes which appear to break Perl somehow. Bugger.
168: <li>Get <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=calloc&sektion=3">calloc(3)</a> semantics right, while still not allowing the size_t overflow.<br>
169: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
170: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> compilation without mod_ssl.
171: <!-- ^^^ 20020731 -->
172: <li>On i386, allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mprotect&sektion=2">mprotect(2)</a> to alter the execution protection of the stack.
173: <li>Fix some more potential null pointer dereferences, this time in pfkey and netiso.
174: <li>Plug a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a> file descriptor leak in the X server.
175: <li>Have libc <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=opendir&sektion=3">opendir(3)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scandir&sektion=3">scandir(3)</a> check for size_t overflows like the new calloc().
176: <li>Like in libc, fix the calloc() implementation in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=named&sektion=8">named(8)</a> (only used by a feature disabled in OpenBSD.)
177: <li>Lots of work on the sparc and sparc64 console drivers.
178: <li>Kernel IPsec was only doing ESP integrity checks on NICs that had already done so in hardware...
179: <li>Fix a typo that caused a potential null pointer dereference in kernel NFS.
1.837 deraadt 180: <li>New 'PermitUserEnvironment' option for SSH. Off by default.
181: <li>Add 'with or without modification' clause to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gprof&sektion=1">gprof(1)</a> licensing.
182: <li>Sync with OpenSSL 0.9.6e-0.9.7 <a href="http://www.openssl.org/news/patch_20020730_0_9_7.txt">CHANGES file</a>.
183: <li><font color="#e00000"><strong>SECURITY FIX: Several remote buffer overflows can occur in the SSL2 server and SSL3 client of the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=8">ssl(8)</a> library, as in the ASN.1 parser code in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=3">crypto(3)</a> library, all of them being potentially remotely exploitable.</strong></font><br>
184: <a href="errata.html#ssl">A source code patch is available</a>.<br>
185: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
186: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>, allow TCP flags to be specified in all rules that include TCP (before the rules had to be exclusively TCP.)
187: <!-- ^^^ 20020730 -->
188: <li>Fix a buffer overflow in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=backgammon&sektion=6">backgammon(6)</a>, and replace its gameplay algorithm.
1.838 deraadt 189: <li>Kill a kernel tty memory leak.<br>
190: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
1.837 deraadt 191: <li>Super-cautious strcpy()->strlcpy() in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=exec&sektion=3">exec*(3)</a>.
192: <li>Return failure if the parameters given to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=calloc&sektion=3">calloc(3)</a> would cause an overflow of size_t.<br>
193: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
194: <li>Don't enable so many authentication methods by default in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login.conf&sektion=5">login.conf(5)</a>.
195: <li><font color=#e00000><strong>SECURITY FIX: A buffer overflow can occur in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xdr_array&sektion=3">xdr_array(3)</a> RPC code, leading to possible remote crash.</strong></font></br>
196: <a href="errata.html#xdr">A source code patch is available</a>.<br>
197: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
198: <li>Privilege drop in new X servers is disabled for now on x86 due to a problem with xf86OpenConsole().
199: <li>Support DMA for two more ServerWorks <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pciide&sektion=4">pciide(4)</a> devices.
200: <li><font color=#e00000><strong>SECURITY FIX: A race condition exists in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pppd&sektion=8">pppd(8)</a> daemon which may cause it to alter the file permissions of an arbitrary file.</strong></font><br>
201: <a href="errata.html#pppd">A source code patch is available</a>.<br>
202: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
203: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mprotect&sektion=2">mprotect(2)</a> function pointers stored by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atexit&sektion=3">atexit(3)</a> to stop bad guys tweaking the exit handlers.
204: <li>"undrugs" <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gpr&sektion=4">gpr(4)</a>.
205: <li>Fix two off-by-one bugs in ext2fs.
206: <li>Add ld.so support for sparc.
207: <li>Lookup of ip6.arpa, then ip6.int for IPv6 reverse resolution. See <a href="http://www.ietf.org/rfc/rfc3152.txt">RFC3152</a> for why.
208: <li>Small fix for GCC 3.1.1 in IPv4 checksum code.
209: <!-- 20020729 -->
210: <li>Apply the 'broken PCI burst-write' workaround to all <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hifn&sektion=4">hifn(4)</a> 7811-based devices.
211: <li>Show <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uftdi&sektion=4">uftdi(4)</a> how to use hardware and software flow control.
212: <li>Fix a potential access-after-free() in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kue&sektion=4">kue(4)</a>.
213: <!-- ^^^ 20020728 -->
214: <li>/tmp/.X11-unix and /tmp/.ICE-unix are created in rc, owned by root, removing the need for root privs later on.
215: <li>Again, this time in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld&sektion=1">ld(1)</a>, map BSS non-executable.
216: <li>Rearrange the new XFree86 server so all tasks for which root privs are needed get done early in osinit(). Of course, revoke root right afterwards.
217: <li>Add Dell-specific PERC (right) product IDs so that <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=aac&sektion=4">aac(4)</a> configures Dell PowerEdge 2650 RAID.
218: <li>Add leapsecond support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rdate&sektion=8">rdate(8)</a>'s NTP client.
219: <!-- ^^^ 20020727 -->
220: <li>The install/upgrade scripts no longer automatically mount NFS filesystems.
221: <li>Kernel a.out code now allocates (mostly) non-executable BSS.
222: <li>Miscellaneous fixes to several games.
223: <li>Lots of work on the sparc64 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=creator&sektion=4&arch=sparc64">creator(4/sparc64)</a> framebuffer driver.
224: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> the order of the log and quick keywords is now irrelevant.
225: <!-- ^^^ 20020726 -->
226: <li>Allow X servers to be built without DGA.
227: <li>At securelevel 2, stop an attacker from setting the clock forwards to within a year of the time it wraps around to zero.
228: <li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=altq&sektion=9">altq(9)</a> to work on pre-Pentium x86 machines that lack pentium_mhz stuff.
229: <li>Add a distrib note that due to major changes to the port, the sparc installer won't allow upgrades to 3.2
230: <li>Only include a single <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wscons&sektion=4">wscons(4)</a> font when building with option SMALL_KERNEL.
231: <li>Add a few more RFC2142-suggested mailbox aliases.
232: <li>Improve <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a>'s filename handling.
233: <li>More <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hifn&sektion=4">hifn(4)</a> fixes.
234: <li>Fix comparison bug in IPv6 multicast routing MTU check.
235: <!-- ^^^ 20020725 -->
236: <li>Correct bad sizeof() in kernel NFS code.
237: <li>Checks for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=snprintf&sektion=3">snprintf(3)</a> return values < 0.
238: <li>Improve <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>'s uid/gid tracking.
239: <li>Fix the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=csh&sektion=1">csh(1)</a> large directory fix.
240: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>, help avoid a potential man-in-the-middle attack by showing all known host keys for a host when we're warning about an unknown host key.
241: <li>Fix a TAILQ null deref in pmdb.
242: <!-- ^^^ 20020724 -->
243: <li>Make the second parameter to r?index()/strr?chr() an int instead of a char.
244: <li>Stick a thread mutex around name lookups in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getaddrinfo&sektion=3">getaddrinfo(3)</a>.
245: <li>Fix a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> double free().
246: <li>Cardbus support for macppc.
247: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dc&sektion=4">dc(4)</a> cardbus reads.
248: <li>Remove a signedness bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>'s handling of utmp_len (-u option.)
249: <li>Fix some bugs in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pool&sektion=9">pool(9)</a>.
250: <!-- ^^^ 20020723 -->
251: <li>More additions to GNU <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=as&sektion=1">as(1)</a>, this time to make Ogle compile.
252: <li>Fix graceful restarts of chroot'ed <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a>.
253: <li>Have SSH fall back to the standard path if setusercontext() can't set it.
254: <!-- ^^^ 20020722 -->
255: <li>Add a sequence number to kernel messages for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>.
256: <li>Teach pmdb about corefiles.
1.840 deraadt 257: <li>Map stack pages non-executable.
1.837 deraadt 258: <!-- ^^^ 20020721 -->
259: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=noct&sektion=4">noct(4)</a> now works around NSP2000 PCI bridge brokenness. Fix a similar problem in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hifn&sektion=4">hifn(4)</a>.
260: <li>Drop the requirement for commas in many <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> lists, useful when used in conjunction with the new variable concat feature.
261: <li>Implement string concatenation for variable declarations in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
262: <li>Big change to the way signal trampolines are stored and called.
1.836 deraadt 263: <li>Add milter build support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a>, see the Makefile.
1.837 deraadt 264: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sudo&sektion=8">sudo(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inetd&sektion=8">inetd(8)</a> die if setusercontext() fails.
265: <!-- ^^^ 20020720 -->
266: <li>Fix a disk masher bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=siop&sektion=4">siop(4)</a>, a little too late for some.
267: <li>Don't install <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mk-amd-map&sektion=8&manpath=OpenBSD+3.1">mk-amd-map(8)</a> any more, we don't use it. And it's broken.
1.836 deraadt 268: <li>Merge Apache 1.3.26 and mod_ssl 2.8.10.
1.837 deraadt 269: <li>Have SSH remove fatal cleanups after calling fork().
270: <!-- ^^^ 20020719 -->
271: <li>/etc/systrace directory added along with policies for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=named&sektion=8">named(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lpd&sektion=8">lpd(8)</a>.
272: <li>Make OpenSSL use /bin/sh instead of $SHELL when running scripts. Not everyone uses a Bourne-like shell.
273: <li>String handling and other fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rogue&sektion=6">rogue(6)</a>.
274: <!-- ^^^ 20020718 -->
275: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pax&sektion=1">pax(1)</a> -s replacement string truncation.
276: <li>Fix a deref after free() in the kernel's routing socket code.
277: <li>Add 'fdcache' to Apache, part of the work to make graceful restart work properly under the chroot().
278: <li>The search for a shorter rulebase continues, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> now recognises 'self' as an address, meaning all IPv4 and IPv6 addresses on all interfaces.
279: <!-- ^^^ 20020717 -->
280: <li>Fix wayward string termination in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rbootd&sektion=8">rbootd(8)</a>.
281: <li>Fix a DIAGNOSTIC bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ffs_softupdates&sektion=4">ffs_softupdates(4)</a>, and also make panic() calls show the right type.
282: <li>Some mbuf Fixes to the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hifn&sektion=4">hifn(4)</a> driver, more fixes to come.
283: <li>Add DES and 3DES to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=noct&sektion=4">noct(4)</a> as well.
284: <li>Fix some broken memset() and lseek() calls.
285: <!-- ^^^ 20020716 -->
286: <li>Work around some limitations of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=noct&sektion=4">noct(4)</a> hardware. Add MD5 and SHA1 support.
1.834 deraadt 287: <li>Small additions to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=as&sektion=1">as(1)</a> to make <a href="http://www.gnupg.org/">gnupg</a> compile.
1.837 deraadt 288: <li>Add some new users (names beginning with underscore) to replace user nobody for portmap, rstatd, identd, rusersd and fingerd.
1.834 deraadt 289: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=csh&sektion=1">csh(1)</a> directory completion SIGSEGV with large directories.
290: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atrun&sektion=8">atrun(8)</a> part of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cron&sektion=8">cron(8)</a>, removing the need for the atrun cronjob.
291: <li>More <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>: accept !<interface> syntax. Oh yes.
292: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=top&sektion=1">top(1)</a> now has a BSD license.
293: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> parser spots more silly combinations (return-rst on non-TCP rules, keep-state on block rules.)
1.837 deraadt 294: <!-- ^^^ 20020715 -->
295: <li>Fix a double free in BSD authentication.
296: <!-- XXX sendmail SuperSafe=... thing ? -->
1.834 deraadt 297: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftpd&sektion=8">ftpd(8)</a> always use high port numbers for passive data connections (no more -h option.)
1.837 deraadt 298: <!-- ^^^ 20020714 -->
299: <li>Add SIGALRM to the list of signals that can be sent (after uid/euid checks) to set[ug]id child processes.
300: <li>Enable list expansion for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT rules, broken since the pf.conf/nat.conf merge.
301: <li>The XFree86 3.3.x servers that are left now revoke their root privileges right after getting I/O access.
302: <li>Now that <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xterm&sektion=1">xterm(1)</a> drops its root privileges, install it setgid(utmp) for utmp updates. Revoke setgid too if not needed.
303: <!-- ^^^ 20020713 -->
1.834 deraadt 304: <li>Fix at least one <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a> buffer overflow.<br>
305: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
1.837 deraadt 306: <li>Teach MMX (not SSE) to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=as&sektion=1">as(1)</a>.
307: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=radio&sektion=4">radio(4)</a> device attachment for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bktr&sektion=4&arch=i386">bktr(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fms&sektion=4">fms(4)</a>.
308: <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pcibios&sektion=4&arch=i386">pcibios(4)</a> detect and ignore a too-short PCI IRQ routing table header.
309: <li>Changes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a>: Search order now always looks like a.out, destructors are called on dlclose(), move some libc-like functions into private namespace.
310: <li>Add support for AGP GART on some i386 AGP chipsets (see <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vga&sektion=4">vga(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=options&sektion=4">options(4)</a>.)
311: <li>Remove '\\' -> '\' translation in crontabs to keep the shell happy.
312: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xterm&sektion=1">xterm(1)</a> revoke its root privileges.
313: <li>Remove a race and some other bugs from the mountpoint locking code. <!-- ok art@ -->
314: <li>Add some flags to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dohooks&sektion=9">dohooks(8)</a> and fix a time-honoured memory leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hook_disestablish&sektion=9">hook_disestablish(9)</a>.
315: <!-- ^^^ 20020712 -->
316: <li>New, hard-won firmware image for the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=txp&sektion=4">txp(4)</a> driver.
317: <li>Remove the www group's privileges to the mod_ssl mutex semaphore.
318: <li>Really remove SuperProbe from X.
1.834 deraadt 319: <li>Create a skeleton UserDir tree under /var/www/users.
1.837 deraadt 320: <li>Have Apache initialise OpenSSL (opening /dev/crypto) before chroot. No more /var/www/dev/crypto.
321: <!-- ^^^ 20020711 -->
322: <li>Basic IPv6 fragment support (no normalisation yet) in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
323: <li>Correct a memcpy error in the kernel and ssh's Rijndael code.
324: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> filename intercepts work with chroot().
325: <li>Try to make resetting of USB ports work better.
326: <li>Add fchmod translation support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>.
327: <li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> closing the std file descriptors when going daemon.
328: <!-- ^^^ 20020710 -->
329: <li>Fix ni6_nametodns() pointer bug in icmp6; NetBSD PR17540.
330: <li>Add support in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uftdi&sektion=4">uftdi(4)</a> for FT8U232AM-based USB serial adapters, likewise add more devices to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uplcom&sektion=4">uplcom(4)</a>.
331: <li>Fix miniroot typo that was breaking FTP installs.
332: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sed&sektion=1">sed(1)</a>'s r command (PR2755.)
333: <li>Add a daemon mode to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>.
334: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=udsbr&sektion=4">udbsr(4)</a> driver for D-Link radio cards added.
335: <li>Add a timeout value to USB I/O calls, rather than having a systemwide timeout.
336: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> chroot() and drop root privileges by default. A lot module chroot fixes to come.
337: <li>Add syscall aliasing to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> (e.g. stat/fstat/readlink/access/... become 'fsread'.)
1.838 deraadt 338: <li>Some fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=umidi&sektion=4">umidi(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uscanner&sektion=4">uscanner(4)</a>.
339: <li>Add SMC 2206 support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=aue&sektion=4">aue(4)</a>.
1.837 deraadt 340: <li>Fix a potential off-by-five error in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>.
341: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> now accepts an interface in most of the places it can take an IP address, and picks up all the IPv4 and IPv6 addresses on that interface.
342: <!-- ^^^ 20020709 -->
343: <li>Don't try to load a 32-bit quart into a 16-bit pint register in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xl&sektion=4">xl(4)</a>.
344: <li>Always load ELF binaries to the address at which they were linked.
345: <li>Rig <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=opendir&sektion=3">opendir(3)</a>'s sort so it can't fail due to lack of memory.
346: <li>Compatibility fixes for the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ubsec&sektion=4">ubsec(4)</a> 582x series.
1.832 deraadt 347: <li>Some updates to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cron&sektion=8">cron(8)</a>.
1.837 deraadt 348: <li>Grab a security fix to bcopy/memcpy from FreeBSD. See their cvsweb entry for <a href="http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libc/i386/string/bcopy.S">bcopy.S</a>.
349: <li>Work around <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tl&sektion=4">tl(4)</a>'s broken multicast filter.
1.832 deraadt 350: <li>Remove <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ab&manpath=OpenBSD+3.1">ab(1)</a> from the Apache installation.
351: <li>Remove <a href="http://www.eecis.udel.edu/~ntp/">NTP</a> support from the kernel.
352: <li>Don't attempt to resubmit a structure we just freed in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> / <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipcomp&sektion=4">ipcomp(4)</a>.
353: <li>Small fixes to IP-in-IP encapsulation code.
354: <li>Add Security Mode options to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atactl&sektion=8">atactl(8)</a>.
355: <li>Support a few more HPT <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pciide&sektion=4">pciide(4)</a> cards.
1.834 deraadt 356: <li>Make NEED_VERSION obsolete in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bsd.port.mk&sektion=5">bsd.port.mk(5)</a>.
357: <li>Fill IPv6 null pointer dereference in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1">cvs(1)</a> pserver.
1.832 deraadt 358: <li>Remove some old upgrade hacks from the installer script.
1.834 deraadt 359: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> chokes on invalid '! <interface>' syntax, instead of just ignoring the '!'.
360: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> interface stats, and allow the loginterface feature to be disabled.
361: <li>Make signal handler flags in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> of type volatile sig_atomic_t.
1.831 deraadt 362: <li>Fix a few GCC 3.1 moans in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>.
363: <li>Un-bloating of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ahc&sektion=4">ahc(4)</a>.
364: <li>Cleanup of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rpcgen&sektion=1">rpcgen(1)</a>.
365: <li><font color=#e00000><strong>RELIABILITY FIX: Don't assume we have an active exchange during payload validation, otherwise <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> can be made to crash.</strong></font><br>
366: <a href="errata.html#isakmpd">A source code patch exists to remedy the problem.</a><br>
1.832 deraadt 367: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
1.831 deraadt 368: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ep&sektion=4">ep(4)</a> on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isapnp&sektion=4">isapnp(4)</a> now works on <a href="http://www.openbsd.org/alpha.html">alpha</a>.
369: <li>Improve the way the installer's fileset selection UI works.
1.834 deraadt 370: <li>Fix a potential buffer overflow in xsystrace.
371: <li>Add a note to the unwary in distrib/notes about the danger of skipping several versions when upgrading.
1.831 deraadt 372: <li>Don't have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> allocate memory for stuff we don't need, just to discard it straight away.
1.834 deraadt 373: <li>Set IP_PORTRANGE_HIGH for active mode data channel of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&sektion-1">ftp(1)</a>.
1.831 deraadt 374: <li>Add some more <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=usb&sektion=4">usb(4)</a> product IDs.
375: <li>Fix an off-by-one error in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rmt&sektion=8">rmt(8)</a> and improve string handling in general.
376: <li>Normalise <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nc&sektion=1">nc(1)</a>'s EOF handling.
377: <li>Plug a few <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> memory leaks.
378: <li>Tweak the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tga&sektion=4&arch=alpha">tga(4/ALPHA)</a> driver.
1.832 deraadt 379: <li>Fix several missing or broken <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=malloc&sektion=3">malloc(3)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=realloc&sektion=3">realloc(3)</a> failure checks.
1.834 deraadt 380: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rcs&sektion=1">rcs(1)</a>, actually <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=exit&sektion=3">exit(3)</a> after spotting that LocalId is too long.
1.831 deraadt 381: <li>Lots of ANSIfication of function declarations and prototypes.
1.834 deraadt 382: <li>Fix bug causing 'SPL NOT LOWERED' errors from the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ami&sektion=4">ami(4)</a> RAID controller.
383: <li>Give <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign&sektion=8">ssh-keysign(8)</a> its setuid(root) toys back, but only work at all if HostbasedAuthentication is globally disabled.
1.831 deraadt 384: <li>Use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=RSA_blinding_on&sektion=3">RSA_blinding_on(3)</a> to ward off a <a href="http://www.cryptography.com/resources/whitepapers/TimingAttacks.pdf">Kocher timing attack</a> on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign&sektion=8">ssh-keysign(8)</a>.
385: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=signal&sektion=3">signal(3)</a> race in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ping&sektion=8">ping(8)</a>.
1.834 deraadt 386: <li>Remove <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=adv&sektion=4">adv(4)</a> from the i386 RAMDISK kernel until new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ahc&sektion=4">ahc(4)</a> un-bloats itself.
1.831 deraadt 387: <li>Catch a null pointer dereference when fetching the routing table via <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a>.
388: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sis&sektion=4">sis(4)</a> compile and work on <a href="http://www.openbsd.org/alpha.html">alpha</a>.
389: <li>Return correct result sizes from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ubsec&sektion=4">ubsec(4)</a>.
390: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a> will now compile with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> but no <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
391: <li>Cleanup of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftpd&sektion=8">ftpd(8)</a>.
392: <li>Fix PIO writes code in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wdc&sektion=4">wdc(4)</a>, broken since OpenBSD 2.5!
393: <li>Remove unnecessary <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=longjmp&sektion=3">longjmp(3)</a> from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login&sektion=1">login(1)</a>.
1.834 deraadt 394: <li>Pages allocated with debug_malloc() aren't ever executed, so don't use VM_PROT_ALL.
1.831 deraadt 395: <li>Finally fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a> address cache bug.
1.834 deraadt 396: <li>Properly handle endpoint differences of opinion on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> Compression options
1.831 deraadt 397: <li>Fix the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wsdisplay&sektion=4">wsdisplay(4)</a> blanker after the X server has been running.
1.834 deraadt 398: <li>Make the installer deal correctly with passwords starting with '-X ' for some X, instead of misinterpreting them as options to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=encrypt&sektion=1">encrypt(1)</a>.
1.831 deraadt 399: <li>Fix some compatibility quirks in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ppp&sektion=8">ppp(8)</a>.
400: <li>Add a pushback buffer to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>'s parser.
1.834 deraadt 401: <li>Remove setuid(root) from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign&sektion=8">ssh-keysign(8)</a>, disabling it for now.
402: <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=named&sektion=8">named(8)</a> call <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tzset&sektion=3">tzset(3)</a> so /etc/localtime isn't needed after the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chroot&sektion=2">chroot(2)</a>.
1.831 deraadt 403: <li>More fixes to the new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ahc&sektion=4">ahc(4)</a> driver.
404: <li>Add AlphaServer 800 and 1000 support.
405: <li>Enable <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lc&sektion=4">lc(4)</a> devices in <a href="http://www.openbsd.org/alpha.html">alpha</a> GENERIC kernel.
406: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isapnp&sektion=4">isapnp(4)</a> panics on <a href="http://www.openbsd.org/alpha.html">alpha</a>.
1.834 deraadt 407: <li>Make xf86config give the option of configuring a mouse wheel.
1.831 deraadt 408: <li>Gracefully handle <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=i386_iopl&sektion=2&arch=i386">i386_iopl(2)</a> failure in the X server when trying to give up privileges.
409: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wscons&sektion=4">wscons(4)</a> files to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fbtab&sektion=5">fbtab(5)</a> on <a href="http://www.openbsd.org/i386.html">i386</a>.
1.832 deraadt 410: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a> support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslog&sektion=3">syslog(3)</a>.
1.834 deraadt 411: <li>Evolve strtou?q() into strtou?ll(). Use weak aliases if available (wrappers otherwise) to fake strtou?q().
412: <li>Run <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rpc.rstatd&sektion=8">rpc.rstatd(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rpc.rusersd&sektion=8">rpc.rusersd(8)</a> as root from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inetd&sektion=8">inetd(8)</a> again, but go to nobody's jail at startup.
1.831 deraadt 413: <li>Lots more bounds-checking all over the place.
414: <li>Recognise a few more <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fxp&sektion=4">fxp(4)</a> devices.
1.834 deraadt 415: <li>Correct misleading cgetclose() entry in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getcap&sektion=3">getcap(3)</a> manpage.
1.831 deraadt 416: <li>Try again with the new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ahc&sektion=4">ahc(4)</a> driver.
417: <li>Cleanups of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chpass&sektion=1">chpass(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=passwd&sektion=1">passwd(1)</a>.
418: <li><font color=#e00000><strong>SECURITY FIX: The kernel would let any user <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ktrace&sektion=2">ktrace(2)</a> set[ug]id processes.</strong></font><br>
419: <a href="errata.html#ktrace">A source code patch is available</a>.<br>
420: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
421: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newsyslog&sektion=8">newsyslog(8)</a> now doesn't follow symbolic links by default, fixing PR1913.
422: <li>Change web site banner to "One remote hole in the default install, in nearly 6 years!" That's still an awesome record.
423: <li>More audit of OpenSSH.
424: <li><a href="http://www.openssh.com/openbsd.html">OpenSSH 3.4</a> was released, and there was much rejoicing.
425: <li><font color=#e00000><strong>SECURITY FIX: All versions of OpenSSH's <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> between 2.3.1 and 3.3 contain an input validation error that can result in an integer overflow and privilege escalation. The problem is fixed in OpenSSH 3.4.</strong></font><br>
426: <a href="errata.html#sshd">A source code patch is available</a>.<br>
427: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
428: <li>Add a number of resource limits to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>.
429: <li>Increase <a href="http://www.openbsd.org/i386.html">i386</a> kvm size to 768M.
430: <li>The list of great Theo quotes for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a> continues to grow.
431: <li><font color=#e00000><strong>SECURITY FIX: A potential buffer overflow in the DNS resolver has been found.</strong></font><br>
432: <a href="errata.html#resolver">A source code patch is available</a>.<br>
433: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
434: <li>Merge in <a href="http://www.sendmail.org/">Sendmail</a> 8.12.5.
435: <li>Start work on IP-over-FireWire and IP-over-SCSI.
436: <li>Move a bunch of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> options into <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a>.
437: <li><a href="http://www.openbsd.org/c2k2/">c2k2</a>-inspired changes to the installer.
1.834 deraadt 438: <li>Skip routing table lookup when {broad,multi}casting and the outgoing interface is set using <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=setsockopt()&sektion=2">setsockopt(2)</a>. Removes the need for a 224/4 route. <!-- XXX it still gets set in /etc/rc though -->
439: <li>Make X use /dev/wsmouse instead of /dev/wsmouse0 by default.
1.831 deraadt 440: <li>Add some m68k opcode aliases for GNU <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=as&sektion=1">as(1)</a> from recent binutils.
441: <li>Fix the FTP relay in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=faithd&sektion=8">faithd(8)</a>.
442: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> reassociation after an AP reboot.
443: <li><font color=#e00000><strong>SECURITY FIX: A buffer overflow can
444: occur in the .htaccess parsing code in the mod_ssl <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> module, leading to possible remote crash or exploit (PR2767.)</strong></font><br>
445: <a href="errata.html#modssl">A source code patch is available</a>.<br>
446: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
1.834 deraadt 447: <li>Lots of uid_t and gid_t signedness fixes.
448: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> no longer calls setsid() when run from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inetd&sektion=8">inetd(8)</a>.
449: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1">cvs(1)</a> pserver talk IPv6.
1.832 deraadt 450: <li>Increment <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=boot&sektion=8&arch=i386">boot(8)</a> version to help debug the new memory probe and other fixes.
1.831 deraadt 451: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> less twitchy on quick inserts/ejects.
452: <li>String handling and bounds checking fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login_fbtab&sektion=3">login_fbtab(3)</a>.
453: <li>Bump <a href="http://www.openssh.com/">OpenSSH</a> to version 3.3.<br>
454: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
455: <li>Start adding <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a> support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=noct&sektion=4">noct(4)</a>.
1.834 deraadt 456: <li>System call argument rewriting framework for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a>.
1.831 deraadt 457: <li>Enable <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> on sparc64, after a <em>lot</em> of groundwork.
458: <li>Fix some endianness nits in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a>.
1.832 deraadt 459: <li>Remove <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifmcstat&sektion=8&manpath=OpenBSD+3.1">ifmcstat(8)</a>, the same information is available from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a>.
1.831 deraadt 460: <li>More improvements to 4GB memory probing on <a href="http://www.openbsd.org/i386.html">i386</a>.
1.834 deraadt 461: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> options are now documented in their own sshd?_config(5) manpage.
1.831 deraadt 462: <li>Add option for smooth scrolling to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=talk&sektion=1">talk(1)</a>.
463: <li>Support a few more wireless cards in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a>.
464: <li>Build <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wicontrol&sektion=8">wicontrol(8)</a> on sparc64 as well.
465: <li>String handling cleanups in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=comsat&sektion=8">comsat(8)</a>.
466: <li>Support <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=magma&sektion=0&arch=sparc">magma(4/SPARC)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=magma&sektion=0&arch=sparc64">magma(4/SPARC64)</a> serial/parallel boards.
1.834 deraadt 467: <li>Support <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=stp&sektion=4">stp(4)</a> sbus-PCMCIA bridge based on STP4020 chipset. (The nell driver on Solaris.)
1.831 deraadt 468: <li>Cleanup of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=timed&sektion=8">timed(8)</a>.
1.834 deraadt 469: <li>Removing its setgid(kmem) was not enough, remove <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=trsp&sektion=8">trsp(8)</a> altogether.
1.831 deraadt 470: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=yacc&sektion=1">yacc(1)</a> errors look like C compiler errors, so parser utilities such as <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=error&sektion=1">error(1)</a> can deal with it.
471: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a> support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=random&sektion=9">random(9)</a>.
472: <li>Kill file descriptor leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&sektion=8">dhcpd(8)</a>.
473: <li>Fix lots of format strings in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcp&sektion=8">dhcp(8)</a> programs.
1.834 deraadt 474: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ps&sektion=1">ps(1)</a> shows flag 'x' for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a>'d processes.
1.831 deraadt 475: <li>Lots of work on the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gpr&sektion=4">gpr(4)</a> driver.
476: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uftdi&sektion=4">uftdi(4)</a>.
1.834 deraadt 477: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systat&sektion=1">systat(1)</a> revoke its setgid(kmem) privileges.
478: <li>Remove old pccons driver from <a href="http://www.openbsd.org/i386.html">i386</a>, also the associated XSERVER option from the kernel.
1.831 deraadt 479: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftpd&sektion=8">ftpd(8)</a>'s SIGALRM handler.
1.829 miod 480: <li><font color=#e00000><strong>SECURITY FIX: A buffer overflow can
481: occur during the interpretation of chunked encoding in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a>, leading to possible remote crash.</strong></font><br>
482: <a href="errata.html#httpd">A source code patch is available</a>.<br>
483: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
1.831 deraadt 484: <li>Add the punctuation-challenged Nike psa[play^120 USB widget.
1.834 deraadt 485: <li>Remove setgid(kmem) from the enormously useful <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=trsp&sektion=8">trsp(8)</a>.
486: <li>Add UK keyboard map to <a href="http://www.openbsd.org/macppc.html">macppc</a> (with '#' on Option-3) and also option CAPS_IS_CONTROL.
487: <li>Increase <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xl&sektion=4">xl(4)</a> timeout to squash 'command never completed!' warnings.
488: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a> support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=audio&sektion=4">audio(4)</a>.
1.831 deraadt 489: <li>Import <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=event&sektion=3">event(3)</a>, an API on top of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=select&sektion=2">select(2)</a> or <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a>.
490: <li>Enable DMA on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xl&sektion=4">xl(4)</a>.
491: <li>Allow transparent (statically keyed) <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> processing on a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a>.
492: <li>Help <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ppp&sektion=8">ppp(8)</a> to cope with yet more Microsoft PPP attributes.
493: <li>Extend <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a> key lifetime constraints more flexible (i.e. more than just key lifetime.)
494: <li>Teach ECN attributes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>.
1.834 deraadt 495: <li>Add eui64 option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifconfig&sektion=8">ifconfig(8)</a> for configuring the IPv6 interface index.
1.831 deraadt 496: <li>Add a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> to get the CPU type on sparc and sparc64.
497: <li>Throw away the first 256 words of arc4 output in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=random&sektion=9">random(9)</a>.
1.834 deraadt 498: <li>Gratuitous pid_t cleanup in /usr/bin.
1.831 deraadt 499: <li>Grab multicast <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vlan&sektion=4">vlan(4)</a> code from NetBSD.
1.834 deraadt 500: <li>Add some inlined hash functions for the kernel, in <sys/hash.h>.
1.831 deraadt 501: <li>Cleanup work on conditional evaluation in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=make&sektion=1">make(1)</a>.
502: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> accepts IPComp flows.
1.834 deraadt 503: <li>Drop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> scrub(fragcache) syntax in favour of the fragment ... option in scrub rules.
1.831 deraadt 504: <li>Teach <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a> about <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipcomp&sektion=4">ipcomp(4)</a>.
1.834 deraadt 505: <li>Show sparc64's X server which device it wants to mmap().
1.831 deraadt 506: <li>Add ioctl to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wscons&sektion=4">wscons(4)</a> allowing sparc64 (other architectures later) to find out which PCI device it's using.
507: <li>Enable userland <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=4">crypto(4)</a> support for DSA. Maybe logging in using ssh2 on a 486 needn't take 20 seconds after all.
508: <li>Kernel changes and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> switch for hardware asymmetric <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=4">crypto(4)</a> in userland.
1.832 deraadt 509: <li>Add initial Ultra Port Architecture (<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=upa&sektion=4&arch=sparc64">upa(4/SPARC64)</a>) support. Attach <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=creator&sektion=4&arch=sparc64">creator(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=schizo&sektion=4&arch=sparc64">schizo(4)</a> using it.
1.831 deraadt 510: <li>Import new <a href="http://www.openbsd.org/vax.html">vax</a> boot code from NetBSD.
511: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=umct&sektion=4">umct(4)</a> USB serial driver and .<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=umidi&sektion=4">umidi(4)</a> USB MIDI driver. Not tested, not in GENERIC.
1.834 deraadt 512: <li>Add IPL_STATCLOCK and add lots of splassert()s.
513: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> spends less time with euid==0 even if it is installed setuid(root).
514: <li>Much cleanup in distrib/miniroot.
515: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> -s state print UDP and 'other' states nicely.
516: <li>New scrub(fragcache) ... syntax for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
1.831 deraadt 517: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT proxy port ranges can be specified per-rule.
518: <li>Don't <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=panic&sektion=9">panic(9)</a> if <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> tries to insert a duplicate key.
519: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT and filter rules now all go in the one file (normally <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a>.) New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> file syntax. Oh yes.
520: <li>Clean up semantics of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gre&sektion=4">gre(4)</a> a bit.
521: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifconfig&sektion=8">ifconfig(8)</a> prints the Ethernet address. Yippee!
522: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=route&sektion=8">route(8)</a> now accepts DNS names (and naturally enough treats them as host routes.)
523: <li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> using the same range for SPIs and CPIs.
524: <li>Ports can now be specified in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT rules.
525: <li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a> to attach to a running process.
526: <li>Add ioctl <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a> to retrieve the current emulation of a process.
527: <li>Remove <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dlopen&sektion=3">dlopen(3)</a> stuff from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>.
528: <li>Fix BPF code for a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gif&sektion=4">gif(4)</a> tunnel, and add some more sanity checks.
1.834 deraadt 529: <li>Default RhostsAuthentication and RhostsRSAAuthentication to 'no' now that <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> is now longer setuid(root) by default.
530: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-add&sektion=1">ssh-add(1)</a> key lifetimes can now be specified in nice readable form, e.g. '-t 1h'.
531: <li>Define __weak_alias() for mvme88k.
1.831 deraadt 532: <li>Merge GNU TeXinfo 4.2.
533: <li>Prevent <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mbuf&sektion=9">mbuf(9)</a> leakage from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a>.
1.832 deraadt 534: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bad144&sektion=8&arch=i386">bad144(8)</a>.
1.831 deraadt 535: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=user&sektion=8">user(8)</a> now checks the username length against MaxUserNameLen.
1.834 deraadt 536: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bio&sektion=4">bio(4)</a> device, so userland can talk to devices that don't have nodes in /dev.
1.831 deraadt 537: <li>Remove KerberosIV startup code from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rc&sektion=8">rc(8)</a> files.
538: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT rules work more like normal filter rules.
539: <li>Add SIO*PHYADDR to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gif&sektion=4">gif(4)</a> so <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifconfig&sektion=8">ifconfig(8)</a> can set the outer address.
540: <li>Make published <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=arp&sektion=8">arp(8)</a> entries work again (PR2635.)
541: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcp&sektion=8">dhcp(8)</a> build faster (PR2715.)
542: <li>Start converting <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systat&sektion=1">systat(1)</a> to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> instead of kvm.
543: <li>Set FDDI link MTU the same as IPv4 MTU, fixes PR2714.
544: <li>Allow numeric group IDs in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>.
545: <li>Changes to initialisation and media config of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ep&sektion=4">ep(4)</a>.
1.834 deraadt 546: <li>Add list support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> rdr rules.
1.831 deraadt 547: <li>Fix a number of bad <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strlcpy&sektion=3">strlcpy(3)</a> calls.
548: <li>Fix PR2704 resuming <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=eso&sektion=4">eso(4)</a> after standby.
549: <li>Change a lot of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=index&sektion=3">index(3)</a> calls to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strchr&sektion=3">strchr(3)</a>.
550: <li>Change "'cuz" to "because." Strewth!
1.832 deraadt 551: <li>Add another <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mbuf&sektion=9">mbuf(9)</a> flag M_AUTH_AH, changing the meaning of M_AUTH.
1.834 deraadt 552: <li>Remove a bunch of '\n's from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslog&sektion=3">syslog(3)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=err&sektion=3">err(3)</a> calls.
1.831 deraadt 553: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> IKECFG support work for both SET/ACK and REQ/REPLY modes.
554: <li>Fixes for OpenSSL when talking to hardware <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=4">crypto(4)</a>.
555: <li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&sektion=1">ftp(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftpd&sektion=8">ftpd(8)</a> spilling the IPv6 scope ID onto the wire.
556: <li>The hardware is willing, and now <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xl&sektion=4">xl(4)</a> is able to offload TCP, UDP and IP checksumming to it.
557: <li>Support setting MTU on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sk&sektion=4">sk(4)</a>.
1.834 deraadt 558: <li>Add KERN_{NFILES,TTYCOUNT,NUMVNODES,MBSTAT} <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> entries.
1.831 deraadt 559: <li>For a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a>, handle IPv4 frag-needed-but-DF-set just like on a regular interface.
560: <li>Pull in some <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pciide&sektion=4">pciide(4)</a> fixes from NetBSD.
1.834 deraadt 561: <li>Remove (arguably) unnecessary setgid(operator) from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=df&sektion=1">df(1)</a>.
562: <li>Remove setuid(kmem) from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ps&sektion=1">ps(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=w&sektion=1">w(1)</a> now kvm can use sysctl for some stuff. We don't need no proc filesystem...
563: <li>Make the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kvm&sektion=3">kvm(3)</a> library try to use the shiny new sysctls to fetch process arguments and environment.
1.831 deraadt 564: <li>Add flag to stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kvm_open&sektion=3">kwm_open(3)</a> opening any files, though limiting kvm functionality.
565: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> to retrieve process arguments and environment.
566: <li>Tweak kernel memory allocation on i386 to work better on 4GB machines.
567: <li>Work started on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=schizo&sektion=4&arch=sparc64">schizo(4/SPARC64)</a> PCI controller. Who said that?
1.834 deraadt 568: <li>Install script now puts FQDN in /etc/myname.
569: <li>Make more use of splsoftnet() (instead of splnet()) in IPv6 code.
570: <li>lo0 now only gets ::1 when it's brought up.
1.831 deraadt 571: <li>Merge <a href="http://www.pdc.kth.se/kth-krb/">kth-krb</a> 1.1.1.
1.834 deraadt 572: <li>Enable weak aliases in libc for powerpc, sparc and alpha (already enabled on i386.)
573: <li>Add new splusb() to prevent USB initialisation lossage.
1.831 deraadt 574: <li>Improve SMART support in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atactl&sektion=8">atactl(8)</a>.
1.834 deraadt 575: <li>Silently ignore deprecated options to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> since they may be passed in for a remote scp command.
576: <li>Remove FallbackToRsh from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&sektion=1">scp(1)</a> as well.
1.831 deraadt 577: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT rules now do macro expansion as well.
1.834 deraadt 578: <li>Add Makefile-like (var += ...) macro concatenation to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>, then remove it again.
1.831 deraadt 579: <li>Add per-rule state timeouts to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
580: <li>Fix well-hidden little bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=3">crypto(3)</a> to unbork <a href="http://www.openbsd.org/sparc64.html">sparc64</a> SSL/TLS negotiation.
581: <li>On <a href="http://www.openbsd.org/alpha.html">alpha</a>, don't allow kernel symbols to be paged out.
1.834 deraadt 582: <li>Deprecate FallbackToRsh and UseRsh options in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>.
1.831 deraadt 583: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign&sektion=8">ssh-keysign(8)</a> now insists on 20-byte session IDs.
1.834 deraadt 584: <li>Remove suspect DIAGNOSTIC block from softdep kernel code.
1.831 deraadt 585: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wsdisplay&sektion=4">wsdisplay(4)</a> screen blanker play nice with the X server.
1.834 deraadt 586: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lpr&sektion=1">lpr(1)</a> and friends go from setuid(root) to setgid(daemon). Connections can come from unprivileged ports for now.
1.831 deraadt 587: <li>Add Realtek 8129/8139 cardbus device support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rl&sektion=4">rl(4)</a>.
1.834 deraadt 588: <li>Switch <a href="http://www.openbsd.org/macppc.html">macppc</a> to use gem instead of gm.
1.831 deraadt 589: <li>Multicast fixes and Gigabit Ethernet support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gem&sektion=4">gem(4)</a>.
590: <li>Rule label length increased from 32 to 64 characters.
1.834 deraadt 591: <li>Allow modification of TTL with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> return-rst.
1.831 deraadt 592: <li>Timeout handling improvements to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ohci&sektion=4">ohci(4)</a>.
1.832 deraadt 593: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a> print RIP6 statistics.
1.831 deraadt 594: <li>Allow a per-rule limit to the number of state table entries a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a> rule can create.
595: <li>Switch <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> from AVL to red-black trees.
596: <li>Add Gemplus GPR400 PCMCIA smartcard reader.
597: <li>Don't propose IDEA when negotiating SSL connections.
1.834 deraadt 598: <li>$srcaddr, $srcport, $dstaddr, $dstport, $proto and $nr (rule number) can now be used in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> rule labels.
599: <li>Make a kernel TCP RST and a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> return-rst look the same, to frustrate the nmap crowd.
1.831 deraadt 600: <li>Some <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a> filter list optimizations.
1.834 deraadt 601: <li>Remove IPv4 mapped address support from TCP input code, and remove is_ipv6().
602: <li>Add net.inet6.ip6.v6only <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=8">sysctl(8)</a> flag.
603: <li>Add ikecfg as a valid flag in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd.conf&sektion=5">isakmpd.conf(5)</a>. Start coding SET/ACK mode support.
1.831 deraadt 604: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inetd&sektion=8">inetd(8)</a> no longer accepts UDP packets if the source is a broadcast address.
605: <li>Start work on <a href="http://www.xfree86.org/current/Xkdrive.1.html">KDrive</a> (TinyX) low-footprint X server support.
1.834 deraadt 606: <li>Add a missing bzero() in sys/netinet/tcp_input.c to fix link-local TCP.
1.831 deraadt 607: <li>Add flow type to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>.
608: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> crasher PR2729.
609: <li>Deprecate SIO.*IFPREFIX_IN6 ioctls.
610: <li>Merge <a href="http://www.stacken.kth.se/projekt/arla/">arla</a> release 0.35.7.
611: <li>Merge OpenSSL 0.9.7-stable-20020605.
1.834 deraadt 612: <li>TCP wrappers and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> accept scoped IPv6 addresses.
613: <li>Remove [gs]etprogname() from KerberosIV
1.831 deraadt 614: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> crash described in PR2721.
615: <li>Disable XF86_SVGA drivers in old XFree that are as good or better in XFree86 4.2.0, as defined in their <a href="http://www.xfree86.org/4.2.0/Status.html">status page</a>.
616: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bpf&sektion=4">bpf(4)</a> support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a>
617: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>, add netmask, subnet and DHCP server request support to IKECFG.
1.832 deraadt 618: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bktr&sektion=4&arch=i386">bktr(4)</a> stereo.
619: <li>Support the RNG of AMD-768 southbridge (device <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=amdpm&sektion=4">amdpm(4)</a>.)
1.831 deraadt 620: <li>Fix DMA handing of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hme&sektion=4&arch=sparc">hme(4)</a> (SPARC and SPARC64.)
1.834 deraadt 621: <li>Pull in libcsu change from NetBSD to allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dlopen&sektion=3">dlopen(3)</a> to be used much earlier.
622: <li>Add -t key lifetime option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-add&sektion=1">ssh-add(1)</a>.
623: <li>Use IPv4/IPv6 addresses in /etc/inetd.conf instead of 'localhost' to avoid DNS lookups.
1.830 deraadt 624: <li>Add predicate suffixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>.
1.834 deraadt 625: <li>Add -x and -X options to respectively lock and unlock <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a>.
626: <li>Compatibility tweaks to getpid(), getuid() and getgid() under Linux emulation.
1.832 deraadt 627: <li>Start work on new debugger, pmdb.
1.830 deraadt 628: <li>Additional check (#ifdef DIAGNOSTIC) for duplicate <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uvm&sektion=9">uvm(9)</a> map entries.
1.834 deraadt 629: <li>If <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslog&sektion=3">syslog(3)</a> fails with ENOBUFS when sending to /dev/log, it now waits a millisecond and retries.
1.830 deraadt 630: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslogd&sektion=8">syslogd(8)</a> doubles the socket receive buffer size.
1.831 deraadt 631: <li>Automatic policy generation for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a>.
1.830 deraadt 632: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lynx&sektion=1">lynx(1)</a> now defaults to passive FTP.
1.834 deraadt 633: <li>Remove [gs]etprogname() from KerberosV.
634: <li>New -a <bind_address> option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a> so user can specify the agent's UNIX domain socket.
1.830 deraadt 635: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tbrconfig&sektion=8">tbrconfig(8)</a> statically linked.
1.831 deraadt 636: <li>Remove assumptions about MTU values for certain media types.
1.830 deraadt 637: <li>Use the same byte-order kung fu as the kernel in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atactl&sektion=8">atactl(8)</a>.
638: <li>Don't automagically set -prefixlen 128 on IPv6 host route.
639: <li>rasops instead of rcons for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vgafb&sektion=4&arch=sparc64">vgafb(4/SPARC64)</a>.
1.831 deraadt 640: <li>Add xsystrace(1) [no manpage yet] UI for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a>.
641: <li> Add sbus <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bwtwo&sektion=4&arch=sparc">bwtwo(4)</a> mono framebuffer support (untested.)
1.830 deraadt 642: <li>PrivSep'd <a href="http://www.openssh.com/">ssh</a> monitor processes check each authentication method is enabled before use.
643: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> userland import.
644: <li>Use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=arc4random&sektion=3">arc4random(3)</a> for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rtadvd&sektion=8">rtadvd(8)</a>.
645: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nice&sektion=3">nice(3)</a> standards compliant.
646: <li>More <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> tweaks for Symbol cards.
647: <li>Recognise VIA VT8233 PCI-ISA bridge.
648: <li>Fix <a href="http://www.openbsd.org/sparc64.html">sparc64</a> 64-bit relocation masks in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a>.
649: <li>Merge in <a href="http://www.sendmail.org/">Sendmail</a> 8.12.4.
650: <li>Detect stereo radio reception in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fms&sektion=4">fms(4)</a>.
651: <li>Compatibility tweaks to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=creator&sektion=0&arch=sparc64">creator(4/SPARC64)</a>.
652: <li>Replace <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mr&sektion=4&manpath=OpenBSD+3.1">mr(4)</a> radio driver with new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gtp&sektion=4">gtp(4)</a> driver, which is better tested.
1.834 deraadt 653: <li>'<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl</a> -s all' now prints labels as well.
654: <li>Add volatile to sig_atomic_t. Stand well back.
1.830 deraadt 655: <li>Use rasops instead of rcons in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cgthree&sektion=4&arch=sparc">cgthree(4/SPARC)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cgsix&sektion=4&arch=sparc">cgsix(4/SPARC)</a>.
1.832 deraadt 656: <li>Simplify IPv6 link MTU code.
1.834 deraadt 657: <li>Implement PMAP_CANFAIL flag for m68k pmap.
1.830 deraadt 658: <li>Enable console blanking on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cgthree&sektion=4&arch=sparc">cgthree(4/SPARC)</a>.
1.834 deraadt 659: <li>Make sure some struct sockaddr are cleared before use.
1.831 deraadt 660: <li>Start work on NetOctave NSP2000 (hardware crypto) driver <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=noct&sektion=4">noct(4)</a>. Just the RNG for now.
1.830 deraadt 661: <li>Apply <a href="http://www.dachb0den.com/projects/bsd-airtools.html">BSD Airtools</a> 0.2 patches.
662: <li>Teach <a href="http://www.ietf.org/rfc/rfc3168.txt?number=3168">ECN</a> flags to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
1.831 deraadt 663: <li>Dump <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mkisofs&sektion=8&manpath=OpenBSD+3.1">mkisofs(8)</a> in favor of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mkhybrid&sektion=8">mkhybrid(8)</a>.
1.834 deraadt 664: <li>Avoid fd_set overruns in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rtsold&sektion=8">rtsold(8)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=route6d&sektion=8">route6d(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rtadvd&sektion=8">rtadvd(8)</a>.
1.830 deraadt 665: <li>Clue in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inetd&sektion=8">inetd(8)</a> to IPv6 FTP bounce attacks.
1.834 deraadt 666: <li>Fix /etc/ptmp deletion bug that occurred if <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rmuser&sektion=8">rmuser(8)</a> was aborted.
1.830 deraadt 667: <li>IBSS mode for Symbol cards (firmware >= 2.5) using the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi">wi(4)</a> driver.
668: <li>Add leading-zero padding to RSA signatures in <a href="http://www.openssh.com/">ssh</a>.
1.832 deraadt 669: <li>Tweak <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=altq&sektion=9">altq(9)</a> <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=options&sektion=4">options(4)</a> so the kernel compiles on i[34]86.
1.831 deraadt 670: <li>Add support in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fxp&sektion=4">fxp(4)</a> driver for more Intel PRO/100 VM cards.
1.832 deraadt 671: <li>For those that do metric but refuse to work in meters and kilograms, <a href="http://www.unc.edu/~rowlett/units/dictK.html">kayser</a> conversion has been added to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=units&sektion=1">units(1)</a>. Wow.
1.830 deraadt 672: <li>Fix signal races in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ping&sektion=8">ping(8)</a>.
1.834 deraadt 673: <li>Now that the Dungeon Master <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dm&sektion=0&manpath=OpenBSD+3.1">dm(1)</a> has gone into well-earned retirement, make those games that need to save high scores, etc. run setgid games.
1.830 deraadt 674: <li>Per-socket <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> policies and options!
675: <li>Stop a potential <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> DoS where an attacker could falsely advance the replay counter and so force valid traffic to be discarded.
1.835 miod 676: <li>Add German keyboard map for Apple laptops.
1.830 deraadt 677: <li>On ELF platforms, allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc&sektion=1">gcc(1)</a> to link Fortran code with other languages.
1.835 miod 678: <li>Make sure every PCI interrupt is recorded, so ISA doesn't step on one of them later.
679: <li>Better <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=radio&sektion=4">radio(4)</a> devices attachment.
1.830 deraadt 680: <li>Fix VIA8233 support in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=auvia&sektion=4">auvia(4)</a>.
1.834 deraadt 681: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nc&sektion=1">nc(1)</a> timeouts behave more like netcat.
682: <li>Make sure user's shell is /usr/sbin/authpf before running <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=authpf&sektion=8">authpf(8)</a> to prevent $SSH_CLIENT shenanigans.
1.835 miod 683: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh</a>, use OpenSSL's AES implementation instead of our own.
1.834 deraadt 684: <li>Add -[46] options to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&sektion=1">ftp(1)</a>.
1.831 deraadt 685: <li>Warn to syslog if IPv6 neighbor discovery tries to set the link MTU too small.
1.830 deraadt 686: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tip&sektion=1">tip(1)</a> query the driver with the user's baud rate setting rather than only accepting a compiled-in list.
1.832 deraadt 687: <li>Cleanup and small fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=skeyaudit&sektion=1">skeyaudit(1)</a>.
1.830 deraadt 688: <li>Fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fms&sektion=4">fms(4)</a>.
689: <li>Various fixes and enhancements to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a>.
1.834 deraadt 690: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> no longer starts in privilege-separated mode unless the PrivSep user sshd and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chroot&sektion=2">chroot(2)</a> dir /var/empty are both present.
1.830 deraadt 691: <li>Fix potential time overflow in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dd&sektion=1">dd(1)</a>.
692: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a> refragment IP packets that are too large for the outgoing interface.
1.835 miod 693: <li>Remove libdl, support is in libc since a long time already.
1.830 deraadt 694: <li>Recognise Nokia C110 and C111 PC cards as <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> devices.
695: <li>Really sanitize <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a>'s environment as promised in the manpage when running set[ug]id, and test for set[ug]id earlier.
696: <li>Don't allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mktemp&sektion=3">mktemp(3)</a> to back up past the beginning of its input buffer.
697: <li>Use the correct string buffer size for printing port numbers in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
1.834 deraadt 698: <li>Remove arc4random_8().
699: <li>struct ifnet now has an array of pointers to data for each address family. Move per-interface IPv6 state and neighbor discovery stuff here.
1.832 deraadt 700: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a> cleanup.
1.831 deraadt 701: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ping6&sektion=8">ping6(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=traceroute6&sektion=8">traceroute6(8)</a> updates from <a href="http://www.kame.net/">KAME</a>.
1.835 miod 702: <li>unsigned -> unsigned int cleanup.
703: <li>Repair machdep.chipset sysctl on alpha.
704: <li>Audit pid_t type usage.
705: <li>Audit incorrect signal(2) usage.
1.830 deraadt 706: <li>Fix big <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=snprintf&sektion=3">snprintf(3)</a>
707: parameter typo in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strftime&sektion=3">strftime(3)</a>.
1.831 deraadt 708: <li>Don't use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=execlp&sektion=3">execlp(3)</a> when invoking <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign&sektion=8">ssh-keysign(8)</a>.
1.830 deraadt 709: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kill&sektion=2">kill(2)</a> parameter brainfade in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=amd&sektion=8">amd(8)</a> and KerberosIV's rlogin.
710: <li><a href="http://www.openbsd.org/vax.html">vax</a>: Add board type for VXT2000+.
711: <li>More IANA interface type values, including IFT_BRIDGE.
1.834 deraadt 712: <li>Split XFree86 bsd_video.c into architecture-specific files.
713: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=8">sysctl(8)</a> toggle net.inet.icmp.tstamprepl (default: 1) for ICMP timestamp replies.
1.835 miod 714: <li>Even more steps toward the death of unsafe string functions.
1.830 deraadt 715: <li>In XFree86 build, honour COPTS variable when building third-party apps.
1.834 deraadt 716: <li>Add LIBS option for crunchgen so custom libraries can be added to boot images.
717: <li>Run <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rpc.rstatd&sektion=8">rpc.rstatd(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rpc.rusersd&sektion=8">rpc.rusersd(8)</a> as user nobody (boo!) from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inetd&sektion=8">inetd(8)</a>.
1.830 deraadt 718: <li>From <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a>, remove tests that have no license, and for the same reason replace parts of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld&sektion=1">ld(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ldconfig&sektion=8">ldconfig(8)</a>.
719: <li>Remove unnecessary instruction cache flushes on <a href="http://www.openbsd.org/sparc64.html">sparc64</a>.
720: <li>Many cleanups in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a>.
1.821 miod 721: <li>Support mixed IPv4/IPv6 address lists in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
1.831 deraadt 722: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign&sektion=8">ssh-keysign(8)</a>.
1.821 miod 723: <li>Remove obsolete <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dm&sektion=8&manpath=OpenBSD+3.0">dm(8)</a>.
1.835 miod 724: <li>Fix <a
725: href="http://www.openbsd.org/cgi-bin/man.cgi?query=disklabel&sektion=8">disklabel(8)</a>
726: warnings on CD-ROM
727: (<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cd&sektion=4">cd(4)</a>)
728: with no data track.
729: <li>Allow incoming <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> connections in the temporary <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> ruleset installed by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rc&sektion=8">/etc/rc</a>, just in case the real rulebase fails to load later on.
1.826 horacio 730: <li>Hunt for biodone() calls not made at splbio() <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spl&sektion=9">spl(9)</a>, and fix them.
1.830 deraadt 731: <li>Improve <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mount_cd9660&sektion=8">cd9660(8)</a> filesystem read-ahead performance.
1.823 jsyn 732: <li>Support software brightness and backlight control on various macppc models.
733: <li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wsconsctl&sektion=8">wsconsctl(8)</a> to control brightness and backlight on displays which
1.821 miod 734: support this.
1.823 jsyn 735: <li>New libc IEEE floating-point code and libm routines for hppa.
1.826 horacio 736: <li>splassert (<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spl&sektion=9">spl(9)</a>) on i386.
1.823 jsyn 737: <li>More steps toward the death of unsafe string functions.
1.826 horacio 738: <li>splassert (<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spl&sektion=9">spl(9)</a>) on sparc64.
739: <li>Add a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=creator&sektion=4&arch=sparc64">creator(4)</a> driver for sparc64 Creator and Creator3D cards.
1.821 miod 740: <li>Jumbo <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lpr&sektion=1">lpr(1)</a> changes including IPv6 support, new features, and bugfixes.
1.823 jsyn 741: <li>Still more hppa memory management and low-level code fixes.
1.821 miod 742: <li>Simple pmap optimization on macppc.
1.823 jsyn 743: <li>Did we mention the cleaning of the installation scripts, adding functionality yet reducing size?
1.826 horacio 744: <li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ddb&sektion=4">ddb(4)</a> to do a stack trace into the kernel message buffer.
1.821 miod 745: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isp&sektion=4">isp(4)</a> fixes.
746: <li><font color=#e00000><strong>SECURITY FIX: Fix incorrect ACL check when using BSD authentication in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>.</strong></font><br>
747: <a href="errata.html#sshbsdauth">A source code patch is available</a>.<br>
748: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
749: <li>Fix a memory leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a>.
750: <li>New systrace facility.
751: <li>Better Cyrix cpu support.
752: <li>ECN support.
753: <li>Support SNTP in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rdate&sektion=8">rdate(8)</a>.
754: <li>Fix infinite SIGFPE loop situations on vax.
1.823 jsyn 755: <li>Remove unnecessary setuid bit from binaries that either do not need it or
756: whose functionality requiring root privileges should only be invoked by root
1.821 miod 757: anyways, or which can be changed into a setgid bit for a specific group.
1.826 horacio 758: <li>Switch <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=skey&sektion=1">skey(1)</a> management to per-user directories instead of a flat file and drop setuid bit on related tools.
1.821 miod 759: <li>Lots of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ppp&sektion=8">ppp(8)</a> goodies.
1.822 miod 760: <li>New splassert (see <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spl&sektion=9">spl(9)</a>) debug functionality on sparc.
1.821 miod 761: <li>Enable Altivec instructions in macppc kernels.
762: <li>Support more Hifn cards (7814, 7851, 7854) via the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nofn&sektion=4">nofn(4)</a> driver.
763: <li>OpenSSL 0.9.7.
764: <li>Completely rework <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=at&sektion=1">at(1)</a> and related binaries, and make them POSIX-compliant.
1.822 miod 765: <li>More use of hardware crypto cards functionality via <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ubsec&sektion=4">ubsec(4)</a>.
1.821 miod 766: <li>More hppa memory management fixes.
767: <li>binutils 2.11.2.
768: <li>Add per-gid filtering to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
769: <li>Switch <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=at&sektion=1">at(1)</a> to be setgid crontab as well.
770: <li>Handle host names resolving in several addresses in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
771: <li>Fix compilation warnings for various userland programs.
1.826 horacio 772: <li>Add a new user, crontab, and change <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cron&sektion=8">cron(8)</a> from being setuid root to being setgid crontab.
1.821 miod 773: <li>Add per-uid filtering to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
1.826 horacio 774: <li>More <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=usb&sektion=4">usb(4)</a> support updates.
1.821 miod 775: <li>More <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ubsec&sektion=4">ubsec(4)</a>
776: hackery to get it to do more crypto operations, and hack
777: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hifn&sektion=4">hifn(4)</a>
778: and
779: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lofn&sektion=4">lofn(4)</a>
780: to work with this.
1.822 miod 781: <li>Your average extensive cleaning of the installation scripts, adding functionality yet reducing size.
1.826 horacio 782: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=adb&sektion=4&arch=powerpc">adb(4)</a> french keyboard layout on macppc.
1.821 miod 783: <li>Switch ELF platforms to the native <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gprof&sektion=1">gprof(1)</a>.
784: <li>Obtain a better licence for the hppa spmath routines.
785: <li>Add an <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=url&sektion=4">url(4)</a> driver for Realtek RTL8150L-based USB cards.
786: <li>mvme88k pmap bugfixes.
1.826 horacio 787: <li>Various <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=usb&sektion=4">usb(4)</a> driver updates.
1.821 miod 788: <li>Remove <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rlogin&sektion=1&manpath=OpenBSD+3.0">rlogin(1)</a>,
789: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rlogind&sektion=8&manpath=OpenBSD+3.0">rlogind(8)</a> and
790: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rexecd&sektion=8&manpath=OpenBSD+3.0">rexecd(8)</a>.
1.823 jsyn 791: <li>Fix several wrong computations in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newfs&sektion=8">newfs(8)</a>.
1.821 miod 792: <li>Workaround ghost pcibus detection in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pchb&sektion=4">pchb(4)</a>.
793: <li>Add a tuner driver for the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fms&sektion=4">fms(4)</a> radio cards.
1.826 horacio 794: <li>Allow userland to know which <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> rule created a specific state.
1.821 miod 795: <li>Prevent a 3.0 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wsmoused&sektion=8&arch=i386">wsmoused(8)</a> binary from panic'ing the kernel.
796: <li>Enable privsep by default in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>.
797: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=find&sektion=1">find(1)</a>'s -anewer and -cnewer options behaviour.
798: <li>Sprinkle ptrdiff_t and size_t types instead of int all over the tree.
799: <li>Support LBA48 addressing in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wdc&sektion=4">wdc(4)</a>.
800: <li>Bring back TURBOchannel alpha hardware support.
801: <li>Fix a slightly incorrect behaviour of the device cloning in UKC (<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=boot_config&sektion=8">boot_config(8)</a>).
1.826 horacio 802: <li><font color=#e00000><strong>SECURITY FIX: cause the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=exec&sektion=3">exec(3)</a> to fail if we are unable to allocate resources when dup-ing <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=null&sektion=4">/dev/null(4)</a> to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fd&sektion=4">fd(4)</a>'s 0-2 for setuid programs.</strong></font><br>
1.821 miod 803: <a href="errata.html#fdalloc2">A source code patch is available</a>.<br>
804: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
805: <li>Extended Attributes code updates.
806: <li>Improve PS/2 mouse port detection in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pckbc&sektion=4">pckbc(4)</a>.
1.831 deraadt 807: <li>Better <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hifn&sektion=4">hifn(4)</a> initialisation and memory usage.
1.822 miod 808: <li>Extensive cleaning of the installation scripts, adding functionality yet reducing size. No, you're not having a deja vu.
1.821 miod 809: <li>Fix ethernet interrupt level on sparc, and rework the sparc interrupt framework.
810: <li>Better color depth detection in Xwsfb.
811: <li>64-bit fixes in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vmstat&sektion=8">vmstat(8)</a>.
812: <li>Improve dma processing in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bge&sektion=4">bge(4)</a>.
1.826 horacio 813: <li><font color=#e00000><strong>RELIABILITY FIX: constrain readdirplus request count in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mount_nfs&sektion=8">nfs(8)</a> filesystem.</strong></font><br>
1.821 miod 814: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
815: <li>Switch macppc console from the rcons engine to the rasops engine.
1.822 miod 816: <li>Extensive cleaning of the installation scripts, adding functionality yet reducing size. Yes, once again.
1.821 miod 817: <li>Add IEEE754 floating point completion code on alpha.
818: <li>Improve dma processing in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gx&sektion=4">gx(4)</a>.
819: <li>Build the XFree86 GLX extension on sparc64.
820: <li>Hunt for outdated prototypes for character devices entry points and fix them.
1.826 horacio 821: <li>Switch mvme88k to the new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=MAKEDEV&sektion=8&arch=mvme68k">MAKEDEV(8)</a> generation framework.
822: <li>Implement the -s option in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=m4&sektion=1">m4(1)</a>, for it to be POSIX-compliant.
1.821 miod 823: <li>Kill all mvme68k kernel compilation warnings.
1.823 jsyn 824: <li>Assorted mac68k code cleanups.
1.821 miod 825: <li>Shared key support in hostap mode in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a>.
826: <li>Make Xwsfb support <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tga&sektion=4&arch=alpha">tga(4)</a> cards on alpha.
827: <li>Fix a lock leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ami&sektion=4">ami(4)</a>.
1.826 horacio 828: <li><font color=#e00000><strong>SECURITY FIX: update <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sudo&sektion=8">sudo(8)</a> to sudo 1.6.6.</strong></font><br>
1.821 miod 829: <a href="errata.html#sudo">A source code patch is available</a>.<br>
830: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
831: <li><font color=#e00000><strong>RELIABILITY FIX: avoid buffer overrun on PASV from a malicious server in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&sektion=1">ftp(1)</a>.</strong></font><br>
832: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
833: <li>Add a Soundforte radio driver, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sfr&sektion=4&arch=i386">sfr(4)</a>.
834: <li>Add dynamic interface -> address translation in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
835: <li>Add kernel hooks on ethernet interfaces, triggered by address changes.
836: <li>Extended Attributes code updates.
837: <li>Enable the Freetype library on sparc64.
1.824 aaron 838: <li>Add queueing in the kernel crypto framework.
1.821 miod 839: <li>Make the system includes C++ friendly.
840: <li>Allow explicit filtering of non-reassembled fragments in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
1.825 miod 841: <li>Support more hardware and fix stability issues in the mac68k <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sn&sektion=4&arch=mac68k">sn(4)</a> network driver.
1.821 miod 842: <li>Improved Lithuanian keyboard map for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wscons&sektion=4">wscons(4)</a>.
1.834 deraadt 843: <li><font color=#e00000>SECURITY FIX: fix a buffer overflow in AFS/Kerberos token handling in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>, and send a complete ticket.</font><br>
1.821 miod 844: <a href="errata.html#sshafs">A source code patch is available</a>.<br>
845: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
846: <li>Fix a memory leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a>.
847: <li>Assorted hppa memory management fixes.
1.823 jsyn 848: <li>Allow fractional delays in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=top&sektion=1">top(1)</a>.
1.822 miod 849: <li>Enable upgrade functionality again on alpha installation media.
850: <li>Extensive cleaning of the installation scripts, adding functionality yet reducing size.
1.821 miod 851: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1">cvs(1)</a> create the .cvspass file on a login operation if it does not exist, rather than failing.
852: <li>Extend mac68k disklabels to 16 partitions, like all the other platforms.
853: <li>Add cddb support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cdio&sektion=1">cdio(1)</a>.
854: <li>Support more network cards with the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dc&sektion=4">dc(4)</a> driver.
855: <li>Improve sparc pmap behaviour in some low memory conditions.
856: <li>sendmail 8.13.
1.826 horacio 857: <li>Switch mvme68k to the new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=MAKEDEV&sektion=8&arch=mvme68k">MAKEDEV(8)</a> generation framework.
1.821 miod 858: <li>Improve the library logic in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld&sektion=1">ld(1)</a> to increase speed and decrease memory usage on a.out platforms.
859: <li>New mvme68k installation media.
860: <li>Change fpu probe routine on mac68k.
861: <li>Fix an obscure bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sed&sektion=1">sed(1)</a>.
862: <li>Support more wireless cards with the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> driver, and fix a few issues within.
863: <li>Fix 64-bit issues in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
864: <li>Remove the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wx&sektion=4&manpath=OpenBSD+3.0">wx(4)</a> driver,
865: which had been deprecated in favor of the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gx&sektion=4">gx(4)</a> driver.
1.422 deraadt 866: </ul>
867: <p>
1.203 deraadt 868:
1.95 deraadt 869: This list mentions mostly platform-independent changes. For a list of changes
870: made in a particular platform, please check the page for that platform. If you
871: find them not listed there, the changes are either (1) not being documented or
872: (2) are documented here.<br><br>
1.14 deraadt 873:
874: <hr>
1.424 deraadt 875: <p>
876: <h3>
1.691 jufi 877: <a href="plus20.html">For changes leading up to OpenBSD 2.0, click here</a>.<br>
878: <a href="plus21.html">For changes leading up to OpenBSD 2.1, click here</a>.<br>
879: <a href="plus22.html">For changes leading up to OpenBSD 2.2, click here</a>.<br>
880: <a href="plus23.html">For changes leading up to OpenBSD 2.3, click here</a>.<br>
881: <a href="plus24.html">For changes leading up to OpenBSD 2.4, click here</a>.<br>
882: <a href="plus25.html">For changes leading up to OpenBSD 2.5, click here</a>.<br>
883: <a href="plus26.html">For changes leading up to OpenBSD 2.6, click here</a>.<br>
884: <a href="plus27.html">For changes leading up to OpenBSD 2.7, click here</a>.<br>
885: <a href="plus28.html">For changes leading up to OpenBSD 2.8, click here</a>.<br>
1.758 deraadt 886: <a href="plus29.html">For changes leading up to OpenBSD 2.9, click here</a>.<br>
1.801 deraadt 887: <a href="plus30.html">For changes leading up to OpenBSD 3.0, click here</a>.<br>
1.820 deraadt 888: <a href="plus31.html">For changes leading up to OpenBSD 3.1, click here</a>.<br>
1.424 deraadt 889: <br>
890: </h3>
891:
892: <hr>
1.729 horacio 893: <a href="index.html"><img height=24 width=24 src="back.gif" border=0 alt="OpenBSD"></a>
894: <a href="mailto:www@openbsd.org">www@openbsd.org</a>
1.841 ! markus 895: <br><small>$OpenBSD: plus.html,v 1.840 2002/08/23 23:44:48 deraadt Exp $</small>
1.14 deraadt 896:
897: </body>
898: </html>
![[BACK]](/icons/back.gif){kind=icon}
Return to plus.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www