Annotation of www/plus.html, Revision 1.863
1.863 ! naddy 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1.14 deraadt 2: <html>
3: <head>
1.424 deraadt 4: <title>OpenBSD-current changes</title>
1.728 horacio 5: <link rev="made" href="mailto:www@openbsd.org">
1.14 deraadt 6: <meta name="resource-type" content="document">
1.716 deraadt 7: <meta name="description" content="OpenBSD-current changes">
8: <meta name="keywords" content="openbsd,current,changes">
1.14 deraadt 9: <meta name="distribution" content="global">
1.810 horacio 10: <meta name="copyright" content="This document copyright 1996-2002 by OpenBSD.">
1.14 deraadt 11: </head>
12:
1.728 horacio 13: <body bgcolor="#ffffff" text="#000000" link="#23238e">
1.14 deraadt 14:
1.828 jsyn 15: <a href="index.html"><img alt="[OpenBSD]" height="30" width="141" src="images/smalltitle.gif" border="0"></a>
1.64 downsj 16: <p>
1.863 ! naddy 17: <h2><font color="#e00000">Changes made between OpenBSD 3.2 and OpenBSD-current</font></h2>
! 18: <hr>
1.14 deraadt 19:
20: <p>
1.823 jsyn 21: This is a partial list of the major machine-independent changes
1.602 aaron 22: (i.e., these are the changes people ask about most often). Port
1.29 deraadt 23: specific changes have also been made, and are sometimes mentioned
1.728 horacio 24: in the pages for the specific <a href="plat.html">platforms</a>.
1.14 deraadt 25:
1.17 deraadt 26: <p>
1.725 naddy 27: Changes to the <a href="ports.html">ports</a> collection are documented
1.747 naddy 28: <a href="portsplus/index.html">here</a>.
1.725 naddy 29:
30: <p>
1.863 ! naddy 31: Note: <font color="#e00000">Problems for which patches exist are marked in red</font>.
1.185 deraadt 32:
33: <p>
1.186 deraadt 34: <h3>
1.846 deraadt 35: For changes in other releases, click below:<br>
36: <a href="plus20.html">2.0</a>,
37: <a href="plus21.html">2.1</a>,
38: <a href="plus22.html">2.2</a>,
39: <a href="plus23.html">2.3</a>,
40: <a href="plus24.html">2.4</a>,
41: <a href="plus25.html">2.5</a>,
42: <a href="plus26.html">2.6</a>,
43: <a href="plus27.html">2.7</a>,
44: <a href="plus28.html">2.8</a>,
45: <a href="plus29.html">2.9</a>,
46: <a href="plus30.html">3.0</a>,
47: <a href="plus31.html">3.1</a>,
48: <a href="plus32.html">3.2</a>.
1.422 deraadt 49: <br>
1.186 deraadt 50: </h3>
51:
52: <p>
1.863 ! naddy 53: <h3><font color="#0000e0">We are working on OpenBSD-current.</font></h3><p>
1.858 deraadt 54: The following list sums up (almost) all the changes made up to February 19.
1.847 deraadt 55: <p>
56:
1.422 deraadt 57: <ul>
1.863 ! naddy 58: <li><font color="#e00000"><strong>SECURITY FIX: February 25, 2003: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> leaks file inode numbers via ETag header as well as child PIDs in multipart MIME boundary generation. This could lead, for example, to NFS exploitation because it uses inode numbers as part of the file handle.</strong></font><br>
1.861 margarid 59: <a href="errata.html#httpd">A source code patch is available</a>.<br>
1.863 ! naddy 60: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
! 61: <li>Fix a null deref triggered by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipcomp&sektion=4">ipcomp(4)</a>.
1.858 deraadt 62: <!-- ^ 20030220 -->
1.863 ! naddy 63: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> rejects non-existent interfaces in rules using dynamic interface syntax.
! 64: <li>Move /var/at files into /var/cron since <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=at&sektion=1">at(1)</a> is now a part of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cron&sektion=8">cron(8)</a>.
! 65: <li>Fix support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> syntax (if)/24 (dynamic interface name translation with a network prefix.)
! 66: <li><font color="#e00000"><strong>SECURITY FIX: February 22, 2003: In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=8">ssl(8)</a> an information leak can occur via timing by performing a MAC computation even if incorrect block cipher padding has been found, this is a countermeasure. Also, check for negative sizes in memory allocation routines.</strong></font><br>
1.859 margarid 67: <a href="errata.html#ssl">A source code patch is available</a>.<br>
1.863 ! naddy 68: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
! 69: <li>Add a counter for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a> showing how often <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipcomp&sektion=4">ipcomp(4)</a> was skipped because the packet size was below the compression threshold.
! 70: <li>Fix a buffer overflow in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> on 64-bit platforms.
! 71: <li>Stability updates to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vr&sektion=4">vr(4)</a>.
! 72: <li>LFS is not supported, so remove support for it from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=df&sektion=1">df(1)</a>.
1.858 deraadt 73: <!-- ^ 20030219 -->
74: <li>More niggly fixes to newly-added LZS support.
1.863 ! naddy 75: <li>Don't load <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a> options when one of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>'s load switches (-A, -N, -R) is in force.
1.858 deraadt 76: <li>Write the stack to core files properly for upward-growing stack architectures.
1.863 ! naddy 77: <li>Enable LZS support in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipcomp&sektion=4">ipcomp(4)</a>, missed when LZS was added earlier.
1.858 deraadt 78: <li>Turn of BIND 9's logging of lame servers; some people never learn, and we don't want to know about them.
1.863 ! naddy 79: <li>Make min-ttl and random-id operate on inbound as well as outbound <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> scrub rules.
1.858 deraadt 80: <li>Many missing copyright notices added to manpages.
81: <!-- ^ 200300218 -->
82: <li>Add privilege separation support to the X server. Fixes a lot of problems.
1.863 ! naddy 83: <li>Fix a double-free in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&sektion=1">ftp(1)</a>.
! 84: <li>Add -n 'no daemon' option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cron&sektion=8">cron(8)</a>.
! 85: <li>Enqueue the copy and not the original mbuf that's free four lines later, and so stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a> crashing the kernel.
1.858 deraadt 86: <!-- ^ 20030217 -->
87: <li>Improve default route setup in the installer.
1.863 ! naddy 88: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> forced commands with 'PermitRootLogin forced-commands-only' set.
! 89: <li>Similar to the recent pid leak fix, stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> leaking inode numbers. More details in the <a href="http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/httpd/src/main/http_main.c?rev=1.28&content-type=text/x-cvsweb-markup&cvsroot=openbsd">checkin comment</a>.
! 90: <li>Some RFC-compliance fixes to the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> multipart MIME pid leak fix.
! 91: <li>Clean up <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> macro parsing.
1.858 deraadt 92: <!-- ^ 20030216 -->
1.863 ! naddy 93: <li>Fix format string bugs in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=grep&sektion=1">grep(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nohup&sektion=1">nohup(1)</a>.
! 94: <li>strcpy -> strlcpy in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rpc.pcnfsd&sektion=8">rpc.pcnfsd(8)</a>.
! 95: <li>Add support framework for LZS compression to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=9">crypto(9)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a>.
! 96: <li>More write protection paranoia in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a>.
1.858 deraadt 97: <li>Make bsd.rd an install/upgrade target.
1.863 ! naddy 98: <li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> leaking child process IDs in multipart MIME boundary separators. (See the <a href="http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/httpd/src/main/http_protocol.c?rev=1.15&content-type=text/x-cvsweb-markup&cvsroot=openbsd">checkin comment</a> for an example.)
! 99: <li>Increase the size of the rates buffer in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> hostap so 802.11g stations can associate.
1.858 deraadt 100: <li>When outputting raw IP and generating the header manually, make sure the packet is large enough for a full IP header.
101: <!-- ^ 20030215 -->
102: <li>Fix an mbuf leak in IPv6 TCP.
1.863 ! naddy 103: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
! 104: <li>Now that <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> tables spring into existence on demand, remove the unnecessary '-T create' option.
! 105: <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=arc4random&sektion=3">arc4random(3)</a> stir the pool when the caller's pid changes.
! 106: <li>Add 'scrub in all no-df' to the initial <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a> installed by /etc/rc. This helps diskless booters using Linux NFS servers.
! 107: <li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> redirect to loopback interfaces again, now that looping can't occur.
1.858 deraadt 108: <!-- ^ 20030214 -->
109: <li>Fix an fd locking bug in libpthread.
1.863 ! naddy 110: <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&sektion=8">spamd(8)</a> use tables instead of regular rules on an anchor.
1.858 deraadt 111: <li>Improvements to ATAPI PIO mode selection.
1.863 ! naddy 112: <li>Fix an mbuf leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a>.
! 113: <li>Really fix an <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lprm&sektion=1">lprm(1)</a> buffer overflow.
! 114: <li>Finish nForce support in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pciide&sektion=4">pciide(4)</a>.
! 115: <li>When <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> complains about an illegal netmask, have it show the offending article.
1.858 deraadt 116: <!-- ^ 20030213 -->
1.863 ! naddy 117: <li>Fix busted <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ypxfr&sektion=8">ypxfr(8)</a>, the key and values are no longer swapped around. Which is nice.
! 118: <li>Add libedit line editing support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cdio&sektion=1">cdio(1)</a>.
! 119: <li>Teach <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=disklabel&sektion=8">disklabel(8)</a> to use units other than sectors on the command line.
1.858 deraadt 120: <li>3.2-current -> 3.3-beta.
1.863 ! naddy 121: <li>Replace <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>'s and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a>'s crc32 code with BSD-licensed versions.
! 122: <li>Change <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> scrub option 'no-df' to better handle fragments with DF set, such as those sent by Linux NFS.
! 123: <li>When in async mode, signal the process group instead of the process from WSEVENT_WAKEUP in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wscons&sektion=4">wscons(4)</a>.
! 124: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newsyslog.conf&sektion=5">newsyslog.conf(5)</a>, users can separated from groups now with ':' as well as '.'.
! 125: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newsyslog&sektion=8">newsyslog(8)</a> can now rotate files at a specific time.
! 126: <li>Better <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bind&sektion=2">bind(2)</a> error checking in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>.
! 127: <li>Be consistent with ntohs() in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> translation code.
! 128: <li>Some consolidation and tidyup in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>'s rule parsing code.
1.858 deraadt 129: <!-- ^ 20030212 -->
1.863 ! naddy 130: <li>More fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> routing.
! 131: <li>Don't ever send ICMP redirects for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>-redirected packets .
! 132: <li>Allow definition of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> macros on the command line. Oh yes.
1.858 deraadt 133: <li>Remove sinful abbreviation of the unit of frequency as 'hz' (it's 'Hz', don't you know.)
1.863 ! naddy 134: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a> now displays the DF flag for IP fragments.
1.858 deraadt 135: <!-- ^ 20030211 -->
1.863 ! naddy 136: <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&sektion=8">spamd(8)</a> pass sensible parameters to memset().
! 137: <li>Allow IPv6 addresses in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=yp&sektion=8">yp(8)</a> host maps.
1.858 deraadt 138: <!-- ^ 20030210 -->
1.863 ! naddy 139: <li>More <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> rule compression: 'from' and 'to' keywords are optional if 'any' is one of the addresses, and 'any' itself is optional when a port is specified.
1.858 deraadt 140: <!-- ^ 20030209 -->
1.863 ! naddy 141: <li>Change <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chroot&sektion=8">chroot(8)</a>'s -u and -g options' semantics (-u is now what -U used to be, unless -g overrides it,) and remove -U and -G.
! 142: <li>Sync up the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spell&sektion=1">spell(1)</a> dictionaries with FreeBSD and NetBSD changes.
! 143: <li>Add new 'random-id' option for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> scrub rules. This randomises outbound IP IDs and defeats <a href="http://www.research.att.com/~smb/papers/fnat.pdf">NAT detection and OS fingerprinting</a>.
! 144: <li>Stop a number of scripts that use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mktemp&sektion=1">mktemp(1)</a> from leaving dead tempfiles around in failure cases.
1.858 deraadt 145: <!-- ^ 20030208 -->
1.863 ! naddy 146: <li>A little extra paranoia in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chpass&sektion=1">chpass(1)</a>, check that the temp file is owned by our real uid.
! 147: <li>Don't burp <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslog&sektion=3">syslog(3)</a> output to the console unless <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslogd&sektion=8">syslogd(8)</a> was not contactable.
1.858 deraadt 148: <!-- ^ 20030207 -->
1.863 ! naddy 149: <li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> leaking information when PermitRootLogin is set to 'no'.
! 150: <li>Install <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a> mode 0600 by default.
! 151: <li>Fix races in the rename and symlink commands of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp-server&sektion=8">sftp-server(8)</a>.
! 152: <li>Allow 'ProxyCommand none' in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>.
1.858 deraadt 153: <!-- ^ 20030206 -->
1.863 ! naddy 154: <li>Hack around a tools bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=disklabel&sektion=8">disklabel(8)</a>.
! 155: <li>Improve handling of invalid <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> redirections.
! 156: <li>Tidy up <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> ProxyCommand option parsing.
1.858 deraadt 157: <!-- ^ 20030205 -->
158: <li>Last part of the threaded fd improvements, fixing some bugs from stage one on the way.
1.863 ! naddy 159: <li>Set an all-ones mask when doing <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> routing, since round-robin on the whole address space is unlikely to be the desired result.
! 160: <li>First installment of improvements to threaded file descriptor handling (see the <a href="http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libpthread/uthread/uthread_fd.c.diff?r1=1.16&r2=1.17&cvsroot=openbsd&f=h">checkin comment</a> for details.)
! 161: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> now sets the Default-Phase-1-Configuration transform to 3DES-SHA-RSA_SIG, the same as OpenBSD 3.2.
! 162: <li>Don't load a signed int into the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> buffer when doing BSD auth; the buffer type only supports unsigned ints.
1.858 deraadt 163: <!-- ^ 20030204 -->
1.863 ! naddy 164: <li>Note in the documentation that <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=snprintf&sektion=3">snprintf(3)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslog_r&sektion=3">syslog_r(3)</a> are safe (with caveats) for use in signal handlers.
! 165: <li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> {dup,reply,route}-to rules using a loopback interface as the target - currently this can create loops.
! 166: <li>Don't have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> expand altq rules (and so check for parent queues etc.) unless altq rules are actually being loaded.
! 167: <li>More <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc&sektion=1">gcc(1)</a> stack protector fixes and tweaks.
1.858 deraadt 168: <!-- ^ 20030203 -->
1.863 ! naddy 169: <li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> closing a file it hasn't opened.
! 170: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chpass&sektion=1">chpass(1)</a> more paranoid when opening its temp file.
! 171: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=iostat&sektion=8">iostat(8)</a>'s disk throughput bar smarter.
! 172: <li>Implement key exchange guesses as per the secsh standard in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>.
! 173: <li>Relax parsing of usernames in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&sektion=1">scp(1)</a>.
1.857 deraadt 174: <!-- ^ 20030202 -->
1.863 ! naddy 175: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> build without IPv6.
1.857 deraadt 176: <li>Fix an mbuf leak in the ESP code.
1.863 ! naddy 177: <li>Correct a bad array index in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a>.
1.857 deraadt 178: <!-- ^ 20030201 -->
1.863 ! naddy 179: <li>Fix multicast problems with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vlan&sektion=4">vlan(4)</a>, and also remove some unnecessary Ethernet-specificity from the driver.
! 180: <li>Really fix combination of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> translation and route-to/reply-to.
! 181: <li>Check TCP, UDP, ICMP and ICMP6 checksums in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>, and make the sum isn't recalculated when the packet hits layer 4 in the kernel. Packets with invalid checksums are silently dropped, to avoid <a href="http://www.phrack.org/phrack/60/p60-0x0c.txt">firewall detection</a> by use of filter responses to bad packets.
! 182: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>'s TCP state inspection RFC 763 compliant, and send a reset when presented with SYN-cookie schemes that send out-of-window ACKs during the TCP handshake.
! 183: <li>Now that <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=route&sektion=8">route(8)</a> is no longer setuid root, check the effective uid instead of the real uid.
! 184: <li>Fix a number of filesystem locking issues, for details see the <a href="http://www.openbsd.org/cgi-bin/cvsweb/src/sys/kern/vfs_cache.c?rev=1.9&content-type=text/x-cvsweb-markup">checkin comment</a>.
1.857 deraadt 185: <li>Fix an ICMP mbuf leak.<br>
1.863 ! naddy 186: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> <!-- XXX 3.2 -->
1.857 deraadt 187: <!-- ^ 20030131 -->
1.863 ! naddy 188: <li>Create a fake siginfo_t for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pthread_kill&sektion=3">pthread_kill(3)</a>.
! 189: <li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&sektion=8">dhcpd(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcrelay&sektion=8">dhcrelay(8)</a> trying to use dead interfaces.
1.857 deraadt 190: <li>For ELF images, put .rodata in a separate section to the program text, so the read-only data is no longer executable.
1.863 ! naddy 191: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a> interface modifiers: <if>:network for the interface's connected network(s) and <if>:broadcast for the interface's broadcast address(es).
! 192: <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&sektion=8">spamd(8)</a> revoke privileges earlier so it can bind to a priviliged port if desired.
1.857 deraadt 193: <!-- ^ 20030130 -->
194: <li>Mirror the a.out initialise-dependent-libraries-first change for ELF.
1.863 ! naddy 195: <li>For POSIX reasons, make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=setreuid&sektion=2">setre[ug]id(2)</a> real system calls again (albeit still implemented using setres[ug]id()) instead of 4.3BSD compatibility library calls.
! 196: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=authpf&sektion=8">authpf(8)</a> sets the process title to '<user>@<ip>'.
1.857 deraadt 197: <!-- ^ 20030129 -->
1.863 ! naddy 198: <li>Add a missing ntohs in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a> so that <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> actions get printed correctly.
1.857 deraadt 199: <!-- ^ 20030128 -->
200: <li>Make the resolver code in libc more thread-safe.
1.863 ! naddy 201: <li>Fix an fd_set overflow in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=telnetd&sektion=8">telnetd(8)</a>.
! 202: <li>Improvements to pthreads signal handling. See the <a href="http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libpthread/uthread/uthread_sig.c?rev=1.18&content-type=text/x-cvsweb-markup">checkin comment</a> for details.
! 203: <li>For <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=eg&sektion=4">eg(4)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=el&sektion=4">el(4)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ie&sektion=4&arch=hppa">ie(4/HPPA)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=url&sektion=4">url(4)</a> zero-pad frames smaller than the minimum frame length.
1.857 deraadt 204: <li>Update the termcap entry colours for wsvt25 to match reality.
1.863 ! naddy 205: <li>If the -a option is given to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> to specify an anchor, don't allow operations that have a global effect.
! 206: <li>Make sure <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a> correctly exits from the loop that prints IPv6 option headers.
1.857 deraadt 207: <!-- ^ 20030127 -->
1.863 ! naddy 208: <li>Use record instead of play parameters to calculate the record high watermark in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=audio&sektion=4">audio(4)</a>.
! 209: <li>Don't have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp-proxy&sektion=8">ftp-proxy(8)</a> remove leading spaces, this can break multiline commands.
1.857 deraadt 210: <li>Further cleanups and shrinkage of the installer scripts.
211: <!-- ^ 20030126 -->
1.863 ! naddy 212: <li>Correct operation of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> rdr rules involving port ranges. Now the from- and to-range sizes can differ.
! 213: <li>Stop bogus packet drops during <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> normalisation when an offset went negative.
! 214: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> -n option operation with table statements.
! 215: <li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> tables to be initialised from a file listed in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a>.
! 216: <li>Better checking and error reporting for illegal table-related constructs in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> rules.
1.857 deraadt 217: <li>Improve TCP performance by sending segments of no more than half the send buffer space limit. This means that (if enough data is available to be sent) there will always be at least two segments sent. A BSD receiver-TCP will turn off delayed ACKs with more than one un-ACK'd packet on a socket.
218: <!-- ^ 20030125 -->
1.863 ! naddy 219: <li>Improvements to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newsyslog&sektion=8">newsyslog(8)</a> monitor mode.
! 220: <li>Plug a potential memory leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&sektion=8">spamd(8)</a>.
! 221: <li>Make sure <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xinit&sektion=1">xinit(1)</a> never leaks the MIT_MAGIC_COOKIE via the command line.
! 222: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vipw&sektion=8">vipw(8)</a>'s use of timestamps to detect changes to the temp file.
1.857 deraadt 223: <li>Make sure a thread's signal handlers aren't run until the thread is made current.
224: <li>Save the fpu state when switching threads on i386 and sparc64, floating-point preemption regression tests now pass on these architectures.
1.863 ! naddy 225: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ndc&sektion=8">ndc(8)</a>'s reading of the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rc.conf&sektion=8">rc.conf(8)</a> variable NAMED_FLAGS.
! 226: <li>Fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>'s TCP window scaling support.
1.857 deraadt 227: <li>pfctl -vvsq display (altq stats) gets more useful, showing bandwidth and packet rate stats for CBQ and PRIQ.
1.863 ! naddy 228: <li>Install <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nslookup&sektion=8">nslookup(8)</a> along with BIND 9, and don't print the irritating deprecation warning.
1.857 deraadt 229: <!-- ^ 20030124 -->
1.863 ! naddy 230: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp-proxy&sektion=8">ftp-proxy(8)</a> now honours the TCP_WRAPPERS setting in mk.conf.
! 231: <li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1">cvs(1)</a> Checkin-Prog and Update-prog to be disabled with the new CVSROOT/config option "DisableXProg"
! 232: <li>Always use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=splimp&sektion=9">splimp(9)</a> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a>, fixing some transmission failures.
! 233: <li>Add -1 and -2 options to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&sektion=1">scp(1)</a> to force SSH protocol 1 or 2 respectively.
! 234: <li>New -l bandwidth-limiter option for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&sektion=1">scp(1)</a>.
! 235: <li>New -c option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-add&sektion=1">ssh-add(1)</a>, that forces <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a> to pop up a dialog requesting confirmation of the use of a stored key.
! 236: <li>Don't have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> crash the kernel when translating icmp6 packets.
1.857 deraadt 237: <!-- ^ 20030123 -->
1.863 ! naddy 238: <li>More updates to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=unifdef&sektion=1">unifdef(1)</a>.
1.857 deraadt 239: <!-- ^ 20030122 -->
1.863 ! naddy 240: <li>strcpy -> strlcpy in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&sektion=1">ftp(1)</a> macro expansion.
! 241: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> tables automatically spring into existence when referred to by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> add or replace commands.
! 242: <li>Add <a href="http://www.ietf.org/rfc/rfc1323.txt">RFC 1323</a> TCP window scaling support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
! 243: <li>Improvements to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> hostap timeouts.
! 244: <li>Add new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a> -t option to set the default key lifetime.
! 245: <li>Add a generic watchdog interface and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(8)</a> kern.watchdog.
! 246: <li>Shrink <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> and save some space on the install floppies by removing hostap code when compiled with -DSMALL_KERNEL.
! 247: <li>Use the right variable type when <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=traceroute6&sektion=8">traceroute6(8)</a> fetches the default hop limit via <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a>.
! 248: <li>Tweak <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=compat_linux&sektion=8">compat_linux(8)</a> socket syscall emulation. Improves emulation of programs using UDP.
! 249: <li>Fix an incorrect argument length passed to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=setsockopt&sektion=2">setsockopt(2)</a> by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=traceroute6&sektion=8">traceroute6(8)</a>.
1.857 deraadt 250: <!-- ^ 20030121 -->
1.863 ! naddy 251: <li>bzero() after <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=malloc&sektion=9">malloc(9)</a> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=siop&sektion=4">siop(4)</a>.<br>
! 252: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
! 253: <li>Have /etc/rc generate the BIND 9 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rndc&sektion=8">rndc(8)</a> shared secret if it doesn't exist.
1.857 deraadt 254: <li>Add BIND 9 configuration files.
255: <li>Skip DNSSEC programs in BIND 9.
1.863 ! naddy 256: <li>Begin import of BIND 9.2.2rc1. (Local changes documented in <a href="http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/bind/README.OpenBSD?rev=1.1&content-type=text/x-cvsweb-markup">README.OpenBSD</a>.)
! 257: <li>Fix some silly pastos in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> table code.
! 258: <li>Create /var/empty/dev/log for programs that <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chroot&sektion=2">chroot(2)</a> to /var/empty.
! 259: <li>Fix a typo in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> DIOCRSETTFLAGS implmentation, so it doesn't look like changing a table flag created a table when in fact it deleted one.
! 260: <li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslog&sektion=3">syslog(3)</a> from reconnecting to /dev/log on an ENOBUFS as this doesn't help, and it hurts <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chroot&sektion=2">chroot(2)</a>'ed processes.
! 261: <li>Change <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chroot&sektion=2">chroot(2)</a>'ed daemons <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=portmap&sektion=8">portmap(8)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rstatd&sektion=8">rstatd(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rusersd&sektion=8">rusersd(8)</a> to use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=openlog&sektion=3">openlog(3)</a> with LOG_NDELAY.
! 262: <li>Implement <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sigaltstack&sektion=2">sigaltstack(2)</a> under pthreads.
1.857 deraadt 263: <li>Copy the thread sources (including CVS history) from lib/libc_r to lib/pthread, and move libc_r into the Attic.
1.863 ! naddy 264: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> show more information with -vvs[rn] for rules containing tables.
1.857 deraadt 265: <!-- ^ 20030120 -->
1.863 ! naddy 266: <li><font color="#e00000"><strong>SECURITY FIX: January 20, 2003: A double free in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1">cvs(1)</a> could allow an attacker to execute code with the privileges of the user running cvs. This is only an issue when the cvs command is being run on a user's behalf as a different user. This means that, in most cases, the issue only exists for cvs configurations that use the pserver client/server connection method.</strong></font><br>
1.857 deraadt 267: <a href="errata.html#cvs">A source code patch is available</a>.<br>
1.863 ! naddy 268: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
! 269: <li>Add an invalid ioctl sanity check to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gif&sektion=4">gif(4)</a>.
! 270: <li>Bring <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=perl&sektion=1">perl(1)</a>'s build into line with the libc_r -> pthread move.
1.857 deraadt 271: <li>Big improvements to a.out library dependency handling.
1.863 ! naddy 272: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=select&sektion=2">select(2)</a> a thread cancellation point as per the standard.
! 273: <li>Fix some locking-related <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=raidctl&sektion=8">raidctl(8)</a> panics.
1.857 deraadt 274: <!-- ^ 20030119 -->
1.863 ! naddy 275: <li>Updates to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=unifdef&sektion=1">unifdef(1)</a>.
! 276: <li>Fix a null deref in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> when processing the -k option.
! 277: <li>Big cleanup of host() in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> parser.
! 278: <li>When running <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> with insufficient privileges to open /dev/pf, make the -n option work as a syntax checker for table commands.
1.857 deraadt 279: <!-- ^ 20030118 -->
1.863 ! naddy 280: <li>Unbreak <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> nat random source port assignment. Now a rule has to actually ask for static-port in order to get it.
! 281: <li>Enable the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> 'static-port' keyword.
! 282: <li>Extensive <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld&sektion=1">ld(1)</a> changes to better protect ELF executables from tampering (see the <a href="http://www.openbsd.org/cgi-bin/cvsweb/src/gnu/usr.bin/binutils/bfd/elf.c?rev=1.13&content-type=text/x-cvsweb-markup">checkin comment</a> for details.)
! 283: <li>Add new output format option '-f' to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ncheck_ffs&sektion=8">ncheck_ffs(8)</a>.
! 284: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ncheck_ffs&sektion=8">ncheck_ffs(8)</a> no longer reports when the set[ug]id bits are set on directories, since these are meaningless in OpenBSD.
! 285: <li>Fix a missing YYERROR in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> parser.
1.856 deraadt 286: <!-- ^ 20030117 -->
1.863 ! naddy 287: <li>Deal with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cd&sektion=4">cd(4)</a> drives that are picky about being asked to play the leadout track.
! 288: <li><a href="http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/pcidevs.diff?r1=1.586&r2=1.587&f=h">Note with regret and sadness</a> that the <a href="http://www.yourvote.com/pci/">freely available PCI vendor and device list</a> is no longer available.
! 289: <li>Bring <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=protocols&sektion=5">protocols(5)</a> more into line with current reality.
! 290: <li>More improvements and device additions to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pciide&sektion=4">pciide(4)</a>.
1.856 deraadt 291: <!-- ^ 20030116 -->
1.863 ! naddy 292: <li>Explicity use the first path found by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=glob&sektion=3">glob(3)</a> instead of indexing with an uninitialised variable in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a>.
! 293: <li>Small fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=whois&sektion=1">whois(1)</a>.
1.856 deraadt 294: <li>Create PIC archives for a number of X libs, useful for ports that create shared libraries.
1.863 ! naddy 295: <li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nfsstat&sektion=1">nfsstat(1)</a> displaying info for the no-longer-supported <a href="http://docs.freebsd.org/44doc/papers/nqnfs.html">NQNFS</a> protocol.
! 296: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nfsstat&sektion=1">nfsstat(1)</a>'s filesystem id lookup, and a minor buffer overrun.
! 297: <li>Fix some minor bugs in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> table creation.
! 298: <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> recognise the '-T load' option like it used to.
! 299: <li>Plug a memory leak in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> table code when using PFR_FLAG_DUMMY.
! 300: <li>For the benefit of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient&sektion=8">dhclient(8)</a>, allow outbound pings from the initial <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> rulebase installed by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rc&sektion=8">rc(8)</a>.
1.856 deraadt 301: <!-- ^ 20030115 -->
1.863 ! naddy 302: <li>Pull all the IP address parsing code of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> into one place.
1.856 deraadt 303: <li>Goodbye libc_r and libnpthread, hello libpthread.
1.863 ! naddy 304: <li>Check for and report read errors in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=md5&sektion=1">md5(1)</a>.
! 305: <li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a> uploading or downloading non-regular files.
1.856 deraadt 306: <li>/etc/weekly is now built (by default) in /var/tmp rather than /tmp.
307: <!-- ^ 20030114 -->
1.863 ! naddy 308: <li>Add an extra sanity check in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=malloc&sektion=3">malloc(3)</a> to prevent size_t overflows.
! 309: <li>Better input checking and error handling in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> table code.
1.856 deraadt 310: <!-- ^ 20030113 -->
1.863 ! naddy 311: <li>Begin converting <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vmstat&sektion=8">vmstat(8)</a> with the -i option to use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> instead of kvm.
1.856 deraadt 312: <li>Start work on NVIDIA nForce support.
313: <!-- ^ 20030112 -->
1.863 ! naddy 314: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> now supports CIDR-notation IPv4 addresses when manipulating tables.
! 315: <li>Some command-line fixes and tweaks to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rusers&sektion=1">rusers(1)</a>.
! 316: <li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rm&sektion=1">rm(1)</a> with the -P option from overwriting files with multiple links.
1.856 deraadt 317: <!-- ^ 20030111 -->
1.863 ! naddy 318: <li>Fix handling of addition and subtraction of negated addresses to tables in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
! 319: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> only show the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=socket&sektion=2">socket(2)</a> error for the last address to which one tries to connect.
! 320: <li>Don't fill files full of holes with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftruncate&sektion=2">ftruncate(2)</a> after a write error in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rcp&sektion=1">rcp(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&sektion=1">scp(1)</a>.
! 321: <li>Add a progress meter to the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a> client.
1.856 deraadt 322: <!-- ^ 20030110 -->
1.863 ! naddy 323: <li>Remove <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fetch&sektion=9&release=OpenBSD+3.2">fetch(9)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=store&sektion=9&release=OpenBSD+3.2">store(9)</a> from the kernel, and replace calls to them with their <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=copy&sektion=9">copy(9)</a> descendants.
! 324: <li>Various strl* return value checks in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
! 325: <li>Initial support for queue statistics display for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> (-vsq option.)
! 326: <li>'Default-Phase-1-Configuration' -> 'Default-phase-1-configuration', 'Default-Phase-2-Suites' -> 'Default-phase-2-suites' in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>.
! 327: <li>New table manipulation syntax for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a>, and a corresponding new -Tl option for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
! 328: <li>Add support for active/inactive <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> tablesets in the kernel
1.856 deraadt 329: <!-- ^ 20030109 -->
1.863 ! naddy 330: <li>Enable SET/ACK in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> when acting as an ike-mode-cfg responder.
! 331: <li>Improvements and fixes to batch mode <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a>.
1.856 deraadt 332: <!-- ^ 20020108 -->
1.863 ! naddy 333: <li>Big <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strlcpy&sektion=3">strlcpy/strlcat(3)</a> makeover for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=csh&sektion=1">csh(1)</a>.
! 334: <li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=compress&sektion=1">compress(1)</a> from clobbering an existing output file if the input can't be opened.
! 335: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc&sektion=1">gcc(1)</a> attribute(sentinel) improvements.
! 336: <li>Improvements to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=whois&sektion=1">whois(1)</a>: Can specify port with -p; recursive IP lookup; INICHOST (-i) is now netsol.
! 337: <!-- ^ <li>In the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc&sektion=1">gcc(1)</a> stack protector code, avoid using long integer addition on processors that don't support it. --> <!-- reverted anyway 20030112 - phew -->
! 338: <li>Remove old altq packet-classifier code from the kernel now that <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> does its job instead.
1.856 deraadt 339: <!-- ^ 20030107 -->
1.863 ! naddy 340: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>'s string parser can handle strings beginning with an underscore, useful for all those new daemon usernames.
! 341: <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=authpf&sektion=8">authpf(8)</a> clean up after failed previous incarnations of itself.
! 342: <li>Don't allow s[eh]mmni to be set (via the newish <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=8">sysctl(8)</a> interface) greater than 0xffff, to prevent id collisions due to wraparound.
! 343: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> tables now spring into and out of existence on demand.
! 344: <li>Fix the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sudoers&sektion=5">sudoers(5)</a> parser's handling of EOF not preceded by newline.
! 345: <li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a> from always adding u+w permissions to files pulled by get -p.
! 346: <li>Values set in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl.conf&sektion=5">sysctl.conf(5)</a> can contain spaces when quoted as for sh.
! 347: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=shmctl&sektion=2">shmctl(2)</a> can now operate on segments marked for removal.
! 348: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=compress&sektion=1">compress(1)</a>, don't trip the 'may not mix -o, -c or -t' warning by mistake, and don't choke on stdin when compressing.
! 349: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a> the +number option, which moves the point to the given line of each file.
1.856 deraadt 350: <li>Correct a couple of {dup,reply,route}-to problems related to nat pools.
351: <!-- ^ 20030106 -->
1.863 ! naddy 352: <li>Create a new group, _lkm, and install <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=modstat&sektion=8">modstat(8)</a> setgid to it instead of to kmem.
! 353: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pstat&sektion=8">pstat(8)</a> now only does <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kvm_openfiles&sektion=3">kvm_openfiles(3)</a> for the -v option, the rest is obtained using <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a>.
! 354: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cp&sektion=1">cp(1)</a> sets permissions later, so -R works when copying directories with no write access.
! 355: <li>Fix a null deref in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dlsym&sektion=3">dlsym(3)</a>.
1.855 deraadt 356: <!-- ^ 20030105 -->
1.863 ! naddy 357: <li>Avoid a rare division-by-zero in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ps&sektion=1">ps(1)</a> that could occur on non-IEEE systems like the vax.
! 358: <li>Remove the endianness from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bktr&sektion=4">bktr(4)</a>. Enable on macppc.
! 359: <li>Make sure we don't try to free a null pointer in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=whois&sektion=1">whois(1)</a>.
! 360: <li>Change 'no-route' implementation from a flag in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> rule address to an address type.
! 361: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> skip-step calculation honour the 'no-route' keyword.
! 362: <li>Remove code in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld&sektion=1">ld(1)</a> to force linking against a specific library version.
1.855 deraadt 363: <li>Add console support for Polish and Turkish keyboard layouts.
364: <!-- ^ 20030104 -->
1.863 ! naddy 365: <li>Add the userland support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> tables to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=authpf&sektion=8">authpf(8)</a>.
! 366: <li>Remove reference to the now obsolete <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=screenblank&sektion=0&manpath=OpenBSD+3.2&arch=sparc">screenblank</a> from /etc/rc.
! 367: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dig&sektion=1">dig(1)</a> time display on 64-bit big-endian targets.
! 368: <li>Do a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a> routing update if the source interface is in the LEARNING state, not the destination interface.
1.855 deraadt 369: <!-- ^ 20030103 -->
1.863 ! naddy 370: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&sektion=1">ftp(1)</a> does a better job of detecting a failed cd command.
! 371: <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslog&sektion=3">syslog(3)</a> parse '%%m' correctly.
! 372: <li>Fix a null deref in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=at&sektion=1">at(1)</a>.
! 373: <li>Require a direction for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> rules that do routing.
! 374: <li>When combining (route|reply)-to and translation in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> rules, make sure a state table insertion is only attempted once.
1.855 deraadt 375: <!-- ^ 20030102 -->
376: <li>Note (in the system copyright message) that it's now 2003.
377: <li>Update to sendmail 8.12.7.
1.863 ! naddy 378: <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a> display all <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> rule types instead of just pass/block rules.
! 379: <li>Make the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> table code handle duplicate table names and/or duplicate addresses in a single <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ioctl&sektion=2">ioctl(2)</a> call.
1.855 deraadt 380: <!-- ^ 20030101 -->
1.863 ! naddy 381: <li>Remove the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> skip-step for rule action (scrub or no-scrub.)
! 382: <li>Properly update <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> scrub rule statistics.
! 383: <li>Put <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> scrub rules into a ruleset separate to filter rules.
! 384: <li>Implement policy suggestions in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xsystrace&sektion=1">xsystrace(1)</a>.
1.855 deraadt 385: <li>Adios amiga and sun3 platforms.
386: <!-- ^ 20021231 -->
1.863 ! naddy 387: <li>Don't overrun the buffer when listing route entries via <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a>.
! 388: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strtok_r&sektion=3">strtok_r(3)</a> breakage in libwrap that was causing EXCEPT rules to fail.
! 389: <li>Add a missing <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=exit&sektion=3">exit(3)</a> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
! 390: <li>Correctly ignore the case where a directory with the desired executable name appears in one of the paths searched by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=execvp&sektion=3">exec[vl]p(3)</a>.
! 391: <li>Set a default <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> state table size of 10000 entries.
! 392: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a>, change keyword 'ipv6-icmp-type' to 'icmp6-type' and instead of 'proto ipv6-icmp' allow 'icmp6'
1.855 deraadt 393: <li>Fix a C++ compiler problem with Kerberos IV's krb.h, similar to the cdefs.h fix earlier.
1.863 ! naddy 394: <li>Avoid a null deref when parsing the command line of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=make&sektion=1">make(1)</a>.
! 395: <li>Allocate memory for connections to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&sektion=8">spamd(8)</a> based on the -c command line option.
! 396: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cd&sektion=4">cd(4)</a> try more often than other scsi devices, and don't ignore 'not ready' status from the bus.
1.855 deraadt 397: <li>Add a parameter for the number of retries when waiting for a scsi device to come ready (scsi_test_unit_ready().)
1.863 ! naddy 398: <li>If <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=semop&sektion=2">semop(2)</a> has to do a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tsleep&sektion=9">tsleep(9)</a>, wake it back up at a much lower priority.
1.855 deraadt 399: <li>Wait until a semaphore undo structure can be allocated if one isn't available immediately, and check that another hasn't been allocated to our process while we were waiting.
1.863 ! naddy 400: <li>Properly check SOCKS connection return code in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nc&sektion=1">nc(1)</a>.
1.855 deraadt 401: <li>More firewire fixes. Concurrent devices support on the way.
402: <li>Remove outdated references to NFS as an installation source from the install notes.
403: <!-- ^ 20021230 -->
1.863 ! naddy 404: <li>Fix HOSTAP_FLAG_BITS in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a>.
1.855 deraadt 405: <li>Make 'pfctl -a name -s[rn]' show all rules or nats in all rulesets on anchor 'name'.
1.863 ! naddy 406: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=authpf&sektion=8">authpf(8)</a>, set the macro '$user_id' to the username.
1.855 deraadt 407: <li>Fix a couple of missed semaphore counter updates.
1.863 ! naddy 408: <li>Add kernel portion of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> support for efficient tables of addresses (currently implemented as radix tables similar to the kernel routing table).
1.855 deraadt 409: <!-- ^ 20021229 -->
410: <li>Remove an extraneous semicolon in <sys/cdefs.h> that broke some C++ compilers.
1.863 ! naddy 411: <li>Fix an amusingly incorrect <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=calloc&sektion=3">calloc(3)</a> size in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nc&sektion=1">nc(1)</a>.
1.855 deraadt 412: <!-- ^ 20021228 -->
1.863 ! naddy 413: <li>Allow the log keyword in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> scrub rules.
! 414: <li>Some fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> ioctl handling.
! 415: <li>When <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> is routing a stateful connection, use the correct pool address.
! 416: <li>Fix kernel <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>'s ability to match binat-anchor rules.
! 417: <li>Add a missing initialisation that was causing a crash in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
1.854 deraadt 418: <!-- ^ 20021227 -->
1.863 ! naddy 419: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&sektion=8">spamd(8)</a> support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rc&sektion=8">rc(8)</a>. rc.conf and root's crontab.
! 420: <li>More paranoia checks in kernel <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> routing.
1.854 deraadt 421: <!-- ^ 20021226 -->
1.863 ! naddy 422: <li>Unbreak <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&sektion=8">spamd(8)</a>'s connection timeout.
! 423: <li>Honour the -R and -N flags to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
! 424: <li>Tweak <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc&sektion=1">gcc(1)</a>'s handling of inline functions w.r.t. the stack protector.
1.854 deraadt 425: <!-- ^ 20021225 -->
1.863 ! naddy 426: <li>New _spamd user and group for, uh, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&sektion=8">spamd(8)</a>.
! 427: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>'s display of 'control' keyword for CBQ rules.
1.854 deraadt 428: <!-- ^ 20021224 -->
429: <li>Make libc/md/md5c.c compile again for big-endian machines.
1.863 ! naddy 430: <li>Avoid a null deref in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pppd&sektion=8">pppd(8)</a>.
! 431: <li>Remove a couple of extra <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ntohs&sektion=3">ntohs(3)</a> calls in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfsync&sektion=4">pfsync(4)</a>.
! 432: <li>Cleanup of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atactl&sektion=8">atactl(8)</a>.
! 433: <li>Fix device attachment bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=siop&sektion=4">siop(4)</a>.<br>
! 434: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.854 deraadt 435: <!-- ^ 20021223 -->
1.863 ! naddy 436: <li>Update Perl's <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=Safe&sektion=0">Safe(3p)</a> module to 2.09, fixing a <a href="http://archive.develooper.com/perl5-porters@perl.org/msg87643.html">security hole</a>.<br>
! 437: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
! 438: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newsyslog&sektion=8">newsyslog(8)</a> error messages now contain the line number.
! 439: <li>Have 'chroot -U' do a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=setlogin&sektion=2">setlogin(2)</a> if the caller is, or can be made into, the session leader.
! 440: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chroot&sektion=8">chroot(8)</a> check for $SHELL defined as null as well as for undef.
! 441: <li>Increase the receive buffer length of the correct socket in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslogd&sektion=8">syslogd(8)</a>.
! 442: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>'s display of binat rules that use nat pools.
! 443: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=authpf&sektion=8">authpf(8)</a> rules are now managed in their own anchor instead of at the end of the main rulebase. New *anchor rules are needed to activate authpf.
1.854 deraadt 444: <!-- ^ 20021222 -->
1.863 ! naddy 445: <li>Make sure the queue identifier returned by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=msgget&sektion=2">msgget(2)</a> is greater than zero.
! 446: <li>Correctly display <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> rdr rules with no proxy port.
! 447: <li>Fix a missing initialisation in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
1.852 deraadt 448: <!-- ^ 20021221 -->
1.863 ! naddy 449: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&sektion=8">spamd(8)</a>, which uses new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> features to stop spammers even hitting the mail server.
! 450: <li>Fix an Alpha-specific crash in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfsync&sektion=4">pfsync(4)</a> by using bcopy() instead of structure assignment.
! 451: <li>Fix a use-after-free() in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mailwrapper&sektion=8">mailwrapper(8)</a>.
! 452: <li>Add a new kernel <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pool&sektion=9">pool(9)</a> flag, PR_DEBUG, the use of which causes pool memory to be <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=malloc&sektion=9">malloc(9)</a>'d using M_DEBUG.
1.852 deraadt 453: <!-- ^ 20021220 -->
1.863 ! naddy 454: <li>Add new kernel <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=malloc&sektion=9">malloc(9)</a> type M_DEBUG.
! 455: <li>Also support CORENIC handles in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=whois&sektion=1">whois(1)</a>.
! 456: <li>Add dsiz and ssiz keywords to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ps&sektion=1">ps(1)</a> to show data size and stack size respectively.
! 457: <li>Update <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=awk&sektion=1">awk(1)</a> to '<a href="http://cm.bell-labs.com/cm/cs/who/bwk/">one true awk</a>' version 20021213 (Friday 13th ed.)
! 458: <li>Add the -6 and -c registry shortcuts to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=whois&sektion=1">whois(1)</a>, and deal with VNIC handles starting with '!'.
! 459: <li>Better resolver error checking, a few fixes and a lot of message cleanup in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp-proxy&sektion=8">ftp-proxy(8)</a>.
! 460: <li>Stop '-k' being used as an abbreviation for '--keep-locals' in GNU <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=as&sektion=1">as(1)</a>.
! 461: <li>Optimise <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> skip-step calculation to O(n) from O(n-squared).
! 462: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> 'no {binat,nat,rdr}' evaluation.
1.852 deraadt 463: <!-- ^ 20021219 -->
1.863 ! naddy 464: <li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> (with the -vsn) option to display translation statistics as -vsr does for rules.
! 465: <li>When logging <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> rules from anchored rules, display the *anchor rule number, not the rule number within the anchored rules. (Hopefully both will be displayed sometime soon.)
1.852 deraadt 466: <li>Make sure that state table entry display doesn't try to print rules that are no longer in place.
1.863 ! naddy 467: <li>Prevent changes to different rule types overwriting <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> DIOCCHANGE* tickets.
! 468: <li>Support a single destination port in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> rdr-anchor rules.
! 469: <li>Match <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> {binat,nat,rdr}-anchor parsing to what is actually supported.
1.852 deraadt 470: <!-- ^ 20021218 -->
471: <li>Always compile in PRIQ and HFSC schedulers if ALTQ is included in the kernel.
1.863 ! naddy 472: <li>Make SysV shared memory and semaphore limits configurable via <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=8">sysctl(8)</a>. Oh yes.
! 473: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=whois&sektion=1">whois(1)</a> no longer barfs totally if just one of its query list is not found.
! 474: <li>Add PRIQ scheduler support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
! 475: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=su&sektion=1">su(1)</a> only calls <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=setlogin&sektion=2">setlogin(2)</a> if it's the session leader (as noted in the setlogin manpage.)
! 476: <li>More <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=compress&sektion=1">compress(1)</a>-works-like-<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gzip&sektion=1">gzip(1)</a>: Add -r (recurse) option, and make it truncate existing files when extracting.
! 477: <li>Since <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> rule comparison is now done in userland, remove unused pf_compare* functions from the kernel.
! 478: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> DIOCCHANGE* ioctls now require a ticket, to prevent races.
! 479: <li>Merge <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> nat, binat and rdr structures and pools into pf_rule.
! 480: <li>Fix the signedness of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wsconsctl&sektion=8">wsconsctl(8)</a> variable display.focus, so a test against -1 now makes sense.
1.852 deraadt 481: <!-- ^ 20021217 -->
1.863 ! naddy 482: <li>Teach <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=imake&sektion=1">imake(1)</a> how to detect automagically the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc&sektion=1">gcc(1)</a> stack protector.
! 483: <li>Now <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> supports other queue types, only try to create a root queue for CBQ.
! 484: <li>For some peculiar reason, support decoding in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ppt&sektion=6">ppt(6)</a>.
1.852 deraadt 485: <li>Make linux emultation *stat64() work again.
1.863 ! naddy 486: <li>Convert <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=altq&sektion=9">altq(9)</a> disciplines HFSC, PRIQ and RIO to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>-based (CDNR and RED to come,) and remove other queuing disciplines.
1.852 deraadt 487: <!-- ^ 20021216 -->
1.863 ! naddy 488: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=iostat&sektion=8">iostat(8)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systat&sektion=1">systat(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vmstat&sektion=8">vmstat(8)</a> now update their disk stats automatically when a device is detached.
! 489: <li>Enable login failure recording by default, by installing a blank /var/log/failedlogin (see <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login&sektion=1">login(1)</a>.)
1.851 deraadt 490: <li>Fix some problems with the new inlined <ctype.h> functions on 64-bit architectures.
491: <!-- ^ 20021215 -->
1.863 ! naddy 492: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cdio&sektion=1">cdio(1)</a> deal properly with multiline CDDB responses.
1.851 deraadt 493: <!-- ^ 20021214 -->
1.863 ! naddy 494: <li>Add a second 'priority' queue to be specified in a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=rule">pf(rule)</a>, currently used for low-delay ToS packets. Great for ToS-savvy programs like <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>.
! 495: <li>Revert <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nc&sektion=1">nc(1)</a> to the old behaviour, so it exits when the read descriptor is closed instead of requiring both read and write to close.
! 496: <li>Cosmetic fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&sektion=1">scp(1)</a>.
! 497: <li>Allow some ordering freedom for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> scrub rules.
1.851 deraadt 498: <!-- ^ 20021213 -->
499: <li>Lots of firewire fixes. Add SCSI-over-FireWire support
1.863 ! naddy 500: <li>Compare all the bytes of a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> nat pools key, instead of comparing the first byte four times.
1.851 deraadt 501: <li>Fix a linkage problem that stopped 'make build' working with DESTDIR set.
502: <!-- ^ 20021212 -->
1.863 ! naddy 503: <li>Remove setgid(kmem) from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=trpt&sektion=8">trpt(8)</a>.
! 504: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pstat&sektion=8">pstat(8)</a> can now get the tty list using <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> insteam of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kvm_read&sektion=3">kvm_read(3)</a>.
! 505: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> logging so it works for non-translated calls too.
! 506: <li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=close&sektion=2">close(2)</a> clobbering errno in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld&sektion=1">ld(1)</a>.
1.851 deraadt 507: <li>Convert <ctype.h> macros into functions so they are consistent with those in libc.
508: <li>Change XDR.x_handy from int to u_int to avoid sign bugs.
1.863 ! naddy 509: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ar&sektion=1">ar(1)</a> work more like its GNU and Solaris counterparts and not require an archive for the d,m,q and r operations.
1.851 deraadt 510: <li>Fix an mbuf-related panic in kernel PF_KEY v2 code.
511: <li>More ANSIfication in /sbin.
1.863 ! naddy 512: <li>Fix a potential (non-exploitable) buffer overrun in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> macro FIX_PRECISION.
! 513: <li>Add missing <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=snprintf&sektion=3">snprintf(3)</a> error check to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=config&sektion=8">config(8)</a>.
1.851 deraadt 514: <!-- ^ 20021211 -->
1.863 ! naddy 515: <li>When mounting the root partition via NFS, call <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inittodr&sektion=9">inittodr(9)</a> with the root filesystem's atime rather than its mtime (since it's likely to be read-only and pretty static.)
! 516: <li>Renumber some (debug only) <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tun&sektion=4">tun(4)</a> ioctls so they don't clash with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ppp&sektion=4">ppp(4)</a>.
! 517: <li>Make sure <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=user&sektion=8">user(8)</a> cleans up properly on failure by calling <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pw_abort&sektion=3">pw_abort(3)</a>.
! 518: <li>Check the interface is running first to avoid doing unnecessary STP processing in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a>.
! 519: <li>Before <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login_getcapstr&sektion=3">login_getcapstr(3)</a> destroys the information, check that the value of $SHELL given to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> is the same as the user's real shell.
! 520: <li>Remember to take the address of the structure on which we're using <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bzero&sektion=3">bzero(3)</a> in the libc stack protector code. <!-- "bug fix" is not a terribly helpful checkin comment. -Andre -->
! 521: <li>Hack <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=setsockopt&sektion=2">setsockopt(2)</a> under linux emulation so that SO_REUSEADDR works as expected.
1.851 deraadt 522: <!-- ^ 20021210 -->
1.863 ! naddy 523: <li>Use libc's <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getopt_long&sektion=3">getopt_long(3)</a> instead of the private version found in a number of GNU programs.
! 524: <li>Fix a typo in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a> so that <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> actually gets applied to outbound frames...
! 525: <li>Yet more string function paranoia in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
! 526: <li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a> to set the STP path cost.
! 527: <li>Add support for regular expression matches in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> filters.
! 528: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>, don't allow 'permit' to be used on aliases.
1.851 deraadt 529: <!-- ^ 20021209 -->
1.863 ! naddy 530: <li>Now that options to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> rules can mostly be in any order, check for and disallow repeated options.
! 531: <li>Handle '-' as stdin or stdout appropriately in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uniq&sektion=1">uniq(1)</a>.
! 532: <li>strncpy -> strlcpy in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
! 533: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=compress&sektion=1">compress(1)</a> accept most of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gzip&sektion=1">gzip(1)</a>'s long options. Some cleanup also.
! 534: <li>Continuing compatibility tweaks to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getopt_long&sektion=3">getopt_long(3)</a>.
1.850 deraadt 535: <!-- ^ 20021208 -->
1.863 ! naddy 536: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> queue options can now be in any order. The 'scheduler' keyword is no longer used.
! 537: <li>More rule shrinkage: The 'fromto' part of a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> is now optional and defaults to 'all', so e.g. 'block' == 'block all' == 'block from any to any'. <!-- Another uncommented feature, r1.244 -->
! 538: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> anchor rules now support parameters, so 'anchor name proto tcp from any to any port smtp' works.
! 539: <li>Remove support for the '-a otp' flag from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=telnetd&sektion=8">telnetd(8)</a>. Use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login.conf&sektion=5">login.conf(5)</a> instead.
! 540: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=su&sektion=1">su(1)</a>'s -a flag work again.
1.850 deraadt 541: <li>'pfctl -s' now prints out addresses in rules in the order they are entered.
1.863 ! naddy 542: <li>When <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=telnet&sektion=1">telnet(1)</a> receives a SIGPIPE when writing to the terminal, treat it like a user SIGQUIT.
! 543: <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> use the actual interface MTU instead of assuming 1500.
! 544: <li>Convert string key hashes in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> to network byte order.
! 545: <li>Fix a bug in Xaw that reads the wrong error return from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=open&sektion=2">open(2)</a>.
1.850 deraadt 546: <!-- ^ 20021207 -->
1.863 ! naddy 547: <li>All the games set up the RNG with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=srandomdev&sektion=3">srandomdev(3)</a> instead of by lesser means.
! 548: <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> set the transform from the Default-Phase-1-Configuration.
! 549: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=srandomdev&sektion=3">srandomdev(3)</a> fall back to using sysctl if it can't open /dev/arandom.
! 550: <li>Make the libc <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getopt_long&sektion=3">getopt_long(3)</a> more compatible with GNU.
! 551: <li>Output from 'pfctl -v' is now valid input to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
! 552: <li>Make section and tag comparisons in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> case-insensitive.
1.850 deraadt 553: <!-- ^ 20021206 -->
1.863 ! naddy 554: <li>Allow a null direction in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> rules, so e.g. 'block all' is now valid. <!-- Oh yes. Uncommented effect of r1.237 that introduced anchor rules. -->
! 555: <li>Add named rulesets support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>, invoked from 'anchor' rules in the main ruleset.
1.850 deraadt 556: <li>Kernel memory allocation debugging can now be used anywhere - if the debugging pool is not yet initialised, it just does nothing.
1.863 ! naddy 557: <li>Fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getopt_long&sektion=3">getopt_long(3)</a>.
1.850 deraadt 558: <li>Rule numbers are no longer output by 'pfctl -v'. Use '-v -v' to get them back.
1.863 ! naddy 559: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&sektion=1">scp(1)</a> handle systems with odd block sizes better.
1.850 deraadt 560: <!-- ^ 20021205 -->
561: <li>Drop unnecessary altq devices from the kernel.
1.863 ! naddy 562: <li>Pass correct sizes to memset in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ping6&sektion=8">ping6(8)</a>.
! 563: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a> behave better when running spanning tree: Flush the dynamic MAC cache when the forwarding/blocking state changes, and only forward packets while in the forwarding state.
! 564: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> accept ACQUIRE requests with a null EXT_ADDRESS_SRC.
! 565: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>, apply a netmask consistently.
1.850 deraadt 566: <!-- ^ 20021204 -->
567: <li>Crank the major version numbers of the X libraries.
568: <li>Continuing cleanup and shrinkage of the installer scripts.
1.863 ! naddy 569: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=arp&sektion=8">arp(8)</a> now prints the interface name with which an address is associated.
! 570: <li>Big cleanup up <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mixerctl&sektion=1">mixerctl(1)</a>.
! 571: <li>Import a GNUish <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getopt_long&sektion=3">getopt_long(3)</a> from NetBSD.
! 572: <li>Add -4 and -6 command line options to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> to select the address family to use.
! 573: <li>Better MTU setting for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfsync&sektion=4">pfsync(4)</a>.
! 574: <li>Correct a missed initialiser in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=raid&sektion=4">raid(4)</a>.
! 575: <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> play nice and shut down its sockets when it's done.
1.850 deraadt 576: <!-- ^ 20021203 -->
577: <li>Crank all (system) library major numbers now that propolice is in.
1.863 ! naddy 578: <li>Make a copy of rather than just refer to a string in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld&sektion=1">ld(1)</a>. Cures some ports linking problems.
! 579: <li>Allow options at the end of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> pass and block rules to come in any order.
1.850 deraadt 580: <li>Make the bandwidth specifier optional in altq rules (as well as queue rules.) As a side effect, the altq rules can now have "bandwidth xx%" where the percentage is taken w.r.t. the interface bandwidth.
1.863 ! naddy 581: <li>Implement legacy functions <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ecvt&sektion=3">ecvt(3)</a>, fcvt(3) and gcvt(3) for standards compliance.
! 582: <li>Add <a href="http://www.trl.ibm.com/projects/security/ssp">propolice</a> stack attack protection into <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc&sektion=1">gcc(1)</a>.
! 583: <li>Updated <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=unifdef&sektion=1">unifdef(1)</a>.
1.850 deraadt 584: <!-- ^ 20021202 -->
585: <li>Don't have the X server drop privileges if started by root and from a non-standard config path.
1.863 ! naddy 586: <li>Tweaks and fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>'s ioctl code.
1.850 deraadt 587: <!-- ^ 20021201 -->
588: <!-- ^ 20021130 -->
1.863 ! naddy 589: <li>Teach <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a> about <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfsync&sektion=4">pfsync(4)</a>.
! 590: <li>Add new pseudo-device <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfsync&sektion=4">pfsync(4)</a>, exposing changes to the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> state table.
! 591: <li>Kill a null deref in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
1.850 deraadt 592: <li>Wrap some noisy altq printf()s with #ifdef ALTQ_DEBUG.
593: <!-- ^ 20021129 -->
1.863 ! naddy 594: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=file&sektion=1">file(1)</a> gets a new option, -b, which supresses the output of the pathname.
! 595: <li>Allow a qlimit to be specified in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> altq rules as well as in queue rules.
! 596: <li>Use a custom hash function (based on that in if_bridge.c) for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> source-hash nat pools instead of MD5.
! 597: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a> checks for invalid icmp6 option length.
1.850 deraadt 598: <!-- ^ 20021128 -->
1.863 ! naddy 599: <li>page_dir update fixed in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=realloc&sektion=3">realloc(3)</a>. MALLOC_OPTIONS=J is now honoured in realloc() as well.
! 600: <li>'fc -e' now works when <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ksh&sektion=1">ksh(1)</a> is invoked in 'sh' mode.
! 601: <li>Allow usernames given to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> to contain '@' characters, i.e. the hostname follows the last '@'.
! 602: <li>Tweaks to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> altq rules display.
! 603: <li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=daemon&sektion=3">daemon(3)</a> closing descriptors that <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> needs.
! 604: <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> read correctly the tbrsize spec.
1.850 deraadt 605: <li>Fix underflow and wraparound in socket timeout calculation.
606: <li>Make IPv6 work in Linux emulation mode, though not for IPv4-mapped addresses.
607: <!-- ^ 20021127 -->
1.863 ! naddy 608: <li>The bandwidth statement in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> queue rules is now optional.
! 609: <li>Change <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a> ordering so translation is now after queue...
! 610: <li>Parse more include files so that <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kdump&sektion=1">kdump(1)</a> knows about more ioctls.
1.850 deraadt 611: <li>Pass in the right structure to DIOCCHANGEADDR.
612: <!-- ^ 20021126 -->
1.863 ! naddy 613: <li>Fix 'pfctl -Fq' so <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=altq&sektion=9">altq(9)</a> gets flushed and reset properly.
! 614: <li>setuid() -> seteuid() in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftpd&sektion=8">ftpd(8)</a>.
! 615: <li>Tweak <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>'s handling of address families in rules.
! 616: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> fetch the address properly for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lo&sektion=4">lo(4)</a> with LINK1 set.
! 617: <li>Use 1KB = 1000B instead of 1024B when dealing with bandwidth in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
! 618: <li>Fix URL CRLF injection bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lynx&sektion=1">lynx(1)</a>.<br>
! 619: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
! 620: <li>Add a missing check for snprintf errors in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=identd&sektion=8">identd(8)</a>.
1.850 deraadt 621: <li>Protect arc4_getbyte() with an splhigh().
1.863 ! naddy 622: <li>Some cleanup in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=talkd&sektion=8">talkd(8)</a>.
1.850 deraadt 623: <!-- ^ 20021125 -->
1.863 ! naddy 624: <li>When <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=malloc&sektion=3">malloc(3)</a> stats dumps are enabled, warn if <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atexit&sektion=3">atexit(3)</a> fails.
! 625: <li>Enforce new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a> ordering: options, normalization, translation, queue, filter.
! 626: <li>Copy TAILQs properly in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
1.850 deraadt 627: <!-- ^ 20021124 -->
628: <li>Remove a potential access-after-free in libc's syslog code.
1.863 ! naddy 629: <li>New manual page <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc-local&sektion=1">gcc-local(1)</a> documenting OpenBSD-specific changes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc&sektion=1">gcc(1)</a>.
! 630: <li>So farewell, then, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=altqd&sektion=8&release=OpenBSD+3.2">altqd(8)</a> and friends.
! 631: <li>Better <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> altq rule error checking.
! 632: <li>Fix a potential null deref in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>'s parser, and some general cleanup.
! 633: <li>Make sure <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=authpf&sektion=8">authpf(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> don't try to issue ioctls when running with -n.
1.850 deraadt 634: <!-- ^ 20021123 -->
1.863 ! naddy 635: <li>Implement 'nat pools' in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>, allow redirection using (nat, rdr, route-to, dup-to and reply-to) to multiple addresses.
1.850 deraadt 636: <li>Improvements to the ELF loader.
637: <li>Some snprintf paranoia in BSD auth, also some extra initialisation.
638: <li>Added new example dir /usr/share/pf, and example queue rulebase /usr/share/pf/queue1 to show how cool pf+altq is.
1.863 ! naddy 639: <li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=authpf&sektion=8">authpf(8)</a> accepting non-interactive sessions.
1.850 deraadt 640: <li>'pfctl -v' displays altq and queue lines, including child queue assignment.
1.863 ! naddy 641: <li>Match the queue to the return type (icmp-unreach or RST) for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> block rules.
1.850 deraadt 642: <li>Use a quad_t instead of an int, and fix rlimit sizing for >2GB machines.
643: <!-- ^ 20021122 -->
1.863 ! naddy 644: <li>Fix some <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strncpy&sektion=3">strncpy(3)</a> lengths in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=telnetd&sektion=8">telnetd(8)</a>.
1.850 deraadt 645: <li>Add _tokenadm and _radius groups so their respective login programs can be setgid instead of setuid(root).
646: <li>Add _shadow group and change group and mode of /etc/spwd.db to match
1.863 ! naddy 647: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atoll&sektion=3">atoll(3)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strerror&sektion=3">strerror_r(3)</a> to libc.
! 648: <li>Add simple multiple-card load balancing to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=9">crypto(9)</a> and add a simplified driver registration API.
! 649: <li>Some int -> unsigned int in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>.
! 650: <li>New -n option for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslogd&sektion=8">syslogd(8)</a> to disable DNS lookups.
1.850 deraadt 651: <!-- ^ 20021121 -->
1.863 ! naddy 652: <li>Correct a format string bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=routed&sektion=8">routed(8)</a>'s, er, Makefile.
! 653: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=at&sektion=1">at(1)</a> breakage when two jobs are set for the same time.
! 654: <li>Correct a use-before-init in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xterm&sektion=1">xterm(1)</a>.
1.850 deraadt 655: <!-- ^ 20021120 -->
656: <li>Create a simple lookup table mechanism [dev/pci/pci.c:pci_matchbyid()] to match PCI device IDs, and have several drivers use it.
1.863 ! naddy 657: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vi&sektion=1">vi(1)</a> catalog updates: Fix Russian, add Polish and Ukrainian.
! 658: <li>Fix an off-by-one when reading ICMP types and codes by name in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
1.850 deraadt 659: <!-- ^ 20021119 -->
1.863 ! naddy 660: <li>Merge of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=altq&sektion=9">altq(9)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>, still some work left to do.
! 661: <li>Don't overwrite SIG{INT,QUIT,TERM} handlers in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> if they're set to ignore. This mirrors <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rsh&sektion=1">rsh(1)</a> behaviour.
1.850 deraadt 662: <!-- ^ 20021118 -->
663: <!-- ^ 20021117 -->
1.863 ! naddy 664: <li>Make sure <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=skey&sektion=1">skey(1)</a> issues a fake challenge for a user without an S/Key file.
1.850 deraadt 665: <!-- ^ 20021116 -->
666: <li>Enable the pthread library, but install it as libnpthreads so autoconf scripts don't pick it up and use it with -lpthread as well as using -pthread.
1.863 ! naddy 667: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftpd&sektion=8">ftpd(8)</a>, prohibit user id changes once logged in, and run more stuff as the logged-in user.
! 668: <li>Add 'Default-Phase-1-Configuration' to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>.
! 669: <li>Be more careful when loading RSA1 key files in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>.
1.850 deraadt 670: <!-- ^ 20021115 -->
1.863 ! naddy 671: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>'s handling of multiple values and continuation lines.
! 672: <li>Improvements to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a> symbol lookup failure messages.
! 673: <li>Allow DNS queries from the initial rulebase loaded by /etc/rc, so <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> can load at boot-time rulebases containing DNS entries.
1.850 deraadt 674: <!-- ^ 20021114 -->
1.863 ! naddy 675: <li><font color="#e00000"><strong>SECURITY FIX: A buffer overflow in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=named&sektion=8">named(8)</a> could allow an attacker to execute code with the privileges of named. On OpenBSD, named runs as a non-root user in a chrooted environment which mitigates the effects of this bug.</strong></font><br>
1.850 deraadt 676: <a href="errata.html#named">A source code patch is available</a>.<br>
1.863 ! naddy 677: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
! 678: <li>Create links from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=curses&sektion=3">curses(3)</a> libs to ncurses, to satisfy autoconfiguration scripts that expect the latter instead of checking properly.
! 679: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> scrub rules now are subject to the same list expansion as other rules.
! 680: <li>Add label macro '$if' to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a>, now we can have interfaces in expansion lists.
! 681: <li>Add some missing pointer initialisations in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
1.850 deraadt 682: <!-- ^ 20021113 -->
1.863 ! naddy 683: <li>Add a null transform to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=4">crypto(4)</a>, enabled via sysctl kern.cryptodevallowsoft=1.
! 684: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>'s determination of the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=execve&sektion=2">execve(2)</a> filename.
1.850 deraadt 685: <li>Kernel IPsec code checks for short IP headers.
686: <!-- ^ 20021112 -->
687: <!-- ^ 20021111 -->
688: <!-- ^ 20021110 -->
1.863 ! naddy 689: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> checks for invalid system call numbers.
1.850 deraadt 690: <!-- ^ 20021109 -->
1.863 ! naddy 691: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=su&sektion=1">su(1)</a>'s login emultation mode work even more like <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login&sektion=1">login(1)</a>.
1.850 deraadt 692: <li>Avoid a possible reference count leak in kernel file descriptor code.
693: <li>Remove bogus operations on the not-yet-existent file descriptor table in libc_r.
694: <!-- ^ 20021108 -->
695: <li>Implement simple vnodeops inheritance for specfs and fifofs,
1.863 ! naddy 696: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&sektion=1">ftp(1)</a> can now follow HTTP redirects.
! 697: <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&sektion=1">scp(1)</a> properly reflect check the exit status of its <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> process if an error occurs.
! 698: <li>Fix some invalid pointers in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>'s <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ioctl&sektion=2">ioctl(2)</a> handler.
! 699: <li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=makewhatis&sektion=8">makewhatis(8)</a> moaning about non-existent directories.
! 700: <li>Don't use the HostbasedAuthentication switch to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign&sektion=8">ssh-keysign(8)</a>; instead, add new option EnableSSHKeysign to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config&sektion=5">ssh_config(5)</a>.
1.850 deraadt 701: <!-- XXX not added to ssh_config manpage though -->
1.863 ! naddy 702: <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=groupdel&sektion=8">groupdel(8)</a> check that the named group exists.
1.850 deraadt 703: <li>Allow '$' as the last character of a username, to appease Samba.
1.863 ! naddy 704: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>'s -e option (log to stderr) work.
1.850 deraadt 705: <li>Make the minimum file rotation size 512 bytes instead of 512Kbytes...
1.857 deraadt 706: <li>Rearrange payload length check for ESP packets so packets with NULL encryption are tested also.<br>
1.863 ! naddy 707: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
! 708: <li>Don't allow a simple non-existent server to crash <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=altqstat&sektion=1">altqstat(1)</a>.
1.850 deraadt 709: <!-- ^ 20021107 -->
710: <li>Solve problems static linking with -lpthread. (-static -pthread still broken.)
1.863 ! naddy 711: <li>Stop up a couple of memory leaks in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>.
! 712: <li>Fix a few bugs in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mount&sektion=8">mount(8)</a>, and make its command line arguments handling more consistent.
! 713: <li>Keep a correct reference count to the file referenced by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ioctl&sektion=2">ioctl(2)</a> under SVR4 emulation.
1.850 deraadt 714: <!-- Applied to 3.2-stable -->
715: <!-- ^ 20021106 -->
1.857 deraadt 716: <li>Gracefully handle broken firewalls that block ECN-enabled TCP sessions by falling back to non-ECN.<br>
1.863 ! naddy 717: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> <!-- XXX 3.2 -->
1.850 deraadt 718: <li>Some thread-safety fixes to libc.
1.863 ! naddy 719: <li>Add a cast to handle properly size_t larger than u_int in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>.
! 720: <li>Fix some problems <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gzip&sektion=1">gzip(1)</a> had displaying information on files > 2GB.
1.850 deraadt 721: <!-- ^ 20021105 -->
1.863 ! naddy 722: <li>Serve <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> a strong draught of CIDR (e.g. can use 10/8 now instead of 10.0.0.0/8.)
1.850 deraadt 723: <li>-STABLE branch created for 3.2. <a href="errata.html#smrsh">smrsh</a>, <a href="errata.html#pfpridge">pfbridge</a> and <a href="errata.html#kadmind">kadmind</a> errata fixes applied to it.<br>
1.863 ! naddy 724: <li>When checking a filename in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>, don't fail when <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=realpath&sektion=3">realpath(3)</a> for the user's home directory - this happens legitimately when using AFS.
1.850 deraadt 725: <!-- ^ 20021104 -->
726: <!-- ^ 20021103 -->
1.863 ! naddy 727: <li>Do a better job when comparing dynamic addresses in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
! 728: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> AF macros, operate on the whole address (all 128 bits) unless AF_INET is set.
1.849 deraadt 729: <!-- ^ 20021102 -->
730: <!-- ^ 20021101 -->
1.863 ! naddy 731: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=perl&sektion=1">perl(1)</a>'s MakeMaker so manpages get installed the way we like.
1.849 deraadt 732: <li>Plug a memory leak in IPv6 (ip6_output.c)
733: <!-- ^ 20021031 -->
734: <li>Make sure processes aren't added to the process list until they're completely initialised.
735: <li>Implement some 4.3BSD emulation functions in terms of setresuid() etc.
736: <li>Use the new setresuid() etc. calls for FreeBSD, HP-UX and Linux emulation of the same calls.
1.863 ! naddy 737: <li>Implement <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=setresuid&sektion=2">[gs]etres[gu]id(2)</a> system calls. Minor version bump for libc and libc_r.
1.849 deraadt 738: <li>Many fixes to signal and fd handing under threads.
1.863 ! naddy 739: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> interface expansion.
1.849 deraadt 740: <!-- ^ 20021030 -->
1.863 ! naddy 741: <li>Better GRE output from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a>.
! 742: <li>New -U option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chroot&sektion=8">chroot(8)</a> that sets the uid, gid and group vector from the password database.
! 743: <li>To a chorus of approval, add the 'set require-order [yes|no]' option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a>.
1.849 deraadt 744: <!-- ^ 20021029 -->
1.863 ! naddy 745: <li>Remove a bogus test in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dd&sektion=1">dd(1)</a> that stopped a perfectly legal seek on a character device.
1.857 deraadt 746: <li>Merge mod_ssl 2.8.12, fixing a cross-site scripting bug and two off-by-ones.<br>
1.863 ! naddy 747: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
! 748: <li>Add a missing break statement in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>'s arguments parsing code.
1.849 deraadt 749: <!-- ^ 20021028 -->
750: <li>Add getdents64() support under Linux emulation.
751: <li>Merge in Perl 5.8.0.
1.863 ! naddy 752: <li>Have pool elements' sizes rounded up to the alignment passed to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pool_init&sektion=9">pool_init(9)</a> instead of relying on the architecture's ALIGNBYTES value.
! 753: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> can now do pointless-but-common WEP encryption in software for Prism and Symbol cards. Useful if your card doesn't do weak IV avoidance (or if you trust your BSD more than your hardware manufacturer,) and also serves as a framework for better wireless crypto protocols.
1.849 deraadt 754: <li>The installer unpacks siteXX.{tgz,tar.gz} files last so that site-specific tarballs always overwrite standard files.
1.863 ! naddy 755: <li>Remove the error-prone and robustness-principle-defying 'flags X' (as opposed to 'flags X/Y') syntax from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>
1.849 deraadt 756: <li>Be a little less 32-bit-centric in libcrypto.
757: <!-- ^ 20021027 -->
1.863 ! naddy 758: <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=route6d&sektion=8">route6d(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rtsold&sektion=8">rtsold(8)</a> use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=poll&sektion=2">poll(2)</a> instead of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=select&sektion=2">select(2)</a> as well.
! 759: <li>Change <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atoi&sektion=3">atoi(3)</a> to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strtoul&sektion=3">strtoul(3)</a> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=route6d&sektion=8">route6d(8)</a>.
1.849 deraadt 760: <!-- ^ 20021026 -->
761: <li>Change a number of header files so NULL is now defined as 0L instead of 0, and so is the same size as a pointer.
1.863 ! naddy 762: <li>Add to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chroot&sektion=8">chroot(8)</a> the ability to set the uid, gid and group vector after doing the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chroot&sektion=2">chroot(2)</a> call.
! 763: <li>Some additional paranoia added to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=authpf&sektion=8">authpf(8)</a>.
! 764: <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> test rule labels as well when comparing rules.
1.849 deraadt 765: <li>Fix a few instances where %ul was used instead of %lu.
766: <!-- ^ 20021025 -->
1.863 ! naddy 767: <li>Use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=poll&sektion=2">poll(2)</a> instead of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=select&sektion=2">select(2)</a> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ping6&sektion=8">ping6(8)</a>
! 768: <li>More picky argument parsing in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=traceroute6&sektion=8">traceroute6(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ping6&sektion=8">ping6(8)</a>.
1.849 deraadt 769: <!-- ^ 20021024 -->
1.863 ! naddy 770: <li>A couple of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tmpnam&sektion=3">tmpnam(3)</a>s become <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mkstemp&sektion=3">mkstemp(3)</a> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a>.
! 771: <li>Lots of int -> u_long in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=traceroute6&sektion=8">traceroute6(8)</a>.
1.849 deraadt 772: <!-- ^ 20021023 -->
1.863 ! naddy 773: <li>Correct an off-by-one in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a>.
! 774: <li>Fix a printf format string typo in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
! 775: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> apply the netmask to addresses right away, so bogus netmasks show up as munges network numbers in -v output.
1.849 deraadt 776: <!-- ^ 20021022 -->
1.863 ! naddy 777: <li>Correct a couple of typos in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>'s ioctl() code.
1.849 deraadt 778: <li>Fix a null deref in libc_r.
779: <li>Make sure the user process tally is right when kernel stack space can't be allocated for the new proc.
780: <li>Correctly count the total number of processes in the system.
1.863 ! naddy 781: <li><font color="#e00000"><strong>SECURITY FIX: A buffer overflow can occur in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kadmind&sektion=8">kadmind(8)</a> daemon, leading to possible remote crash or exploit.</strong></font><br>
1.850 deraadt 782: <a href="errata.html#kadmin">A source code patch is available</a>.<br>
1.863 ! naddy 783: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.849 deraadt 784: <!-- ^ 20021021 -->
1.863 ! naddy 785: <li>Add partial support for the 21145 chip to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dc&sektion=4">dc(4)</a>.
1.849 deraadt 786: <!-- ^ 20021020 -->
1.863 ! naddy 787: <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xconsole&sektion=1">xconsole(1)</a> get a pseudoterminal using <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=openpty&sektion=3">openpty(3)</a> instead of going all #ifdef.
1.849 deraadt 788: <li>More NULL -> (void *)NULL, this time in XFree, to make sure varargs sentinel is pointer-width.
789: <!-- ^ 20021019 -->
1.863 ! naddy 790: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pax&sektion=1">pax(1)</a> now honours @LongLink, and has a new option to stop the next volume prompt.
1.849 deraadt 791: <!-- ^ 20021018 -->
1.863 ! naddy 792: <li>Improved media support and a boundary check fix for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a>.
! 793: <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=route&sektion=8">route(8)</a> correctly interpret -prefixlen 32 (or 128 for IPv6) network as a host route.
1.847 deraadt 794: <li>Enable uvm_tree_sanity() check #ifdef DEBUG.
1.863 ! naddy 795: <li>Fix a potential null deref in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=route&sektion=8">route(8)</a>'s arguments parser.
! 796: <li>Renumber <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ch&sektion=4">ch(4)</a> CHIO* ioctls. Old definitions renamed to OCHIO*, binary backwards compatibility will be left in intact until post-3.3.
! 797: <li>Teach <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kdump&sektion=1">kdump(1)</a> to print AUDIO_* ioctls, and add a few missing syscall defines.
! 798: <li>Support <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fxp&sektion=4">fxp(4)</a> on big-endian architectures.
! 799: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> allows protocols to be specified by a (valid) protocol number.
! 800: <li>Add a missing free() in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pflogd&sektion=8">pflogd(8)</a>.
1.847 deraadt 801: <!-- ^ 20021017 -->
802: <li>Treat manually- and auto-configured IPv6 address prefixes the same way.
1.863 ! naddy 803: <li>For positively POSIX reasons, implement <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isfdtype&sektion=3">isfdtype(3)</a>.
! 804: <li>Bring <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pax&sektion=1">pax(1)</a>'s date handling code back into sync with that in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=date&sektion=1">date(1)</a>. Four digit years parse now.
! 805: <li>Start to break out machine-dependent parts of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=MAKEDEV&sektion=8">MAKEDEV(8)</a> into separate files.
! 806: <li>Send <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ksh&sektion=1">ksh</a>.kshrc label() and ilabel() output to /dev/tty insted of stdout, so command output streams doesn't get messed up.
! 807: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> supports system call-granularity privilege elevation!
! 808: <li>Correct a typo in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> that was causing group predicates to be evaluated incorrectly.
! 809: <li>Range-check values given to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atactl&sektion=8">atactl(8)</a>.
! 810: <li>Better mask comparison for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> binat.
1.847 deraadt 811: <!-- ^ 20021016 -->
1.863 ! naddy 812: <li>Remove the setuid bit from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login&sektion=1">login(1)</a>. If run with a non-root euid, it invokes <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=su&sektion=1">su(1)</a> with the new -L flag.
! 813: <li>Add '-L' flag to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=su&sektion=1">su(1)</a> to make it work like <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login&sektion=1">login(1)</a>.
! 814: <li>Enable the META key in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ksh&sektion=1">ksh(1)</a> for 7-bit locales.
1.847 deraadt 815: <li>Make sure some varargs end-of-list sentinel NULLs are pointer-width.
816: <li>Fix a subtle dangling pointer bug in BSD auth.
817: <li>Sync Brazil's Daylight Savings Time handling with new reality.<br>
1.863 ! naddy 818: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
! 819: <li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=makewhatis&sektion=8">makewhatis(8)</a> grumbling about having Perl 5.8.x instead of 5.6.x.
1.847 deraadt 820: <!-- ^ 20021015 -->
821: <li>In the X server, work around problems caused by certain MTRR configurations whose details are only available under NDA.
822: <li>Kernel tweaks and hacks in preparation for GCC 3.x (kern/subr_prf.c)
1.863 ! naddy 823: <li><font color="#e00000"><strong>A logic error in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pool&sektion=9">pool(9)</a> kernel memory allocator could cause memory corruption in low-memory situations, causing the system to crash.</strong></font><br>
1.850 deraadt 824: <a href="errata.html#pool">A source code patch is available</a>.<br>
1.863 ! naddy 825: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
! 826: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> can now binat a whole netblock with one rule.
1.847 deraadt 827: <!-- ^ 20021014 -->
828: <li>Remove a potential null pointer deref in BSD authentication code.
1.863 ! naddy 829: <li>Fix a bad printf format string in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftpd&sektion=8">ftpd(8)</a>. Non-critical because it's only ever fed by parts of the authentication system which sanitise the input first.<br>
! 830: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> <!-- XXX 3.2 -->
! 831: <li>Do some more unsigned checks to system call parameters, as with the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=setitimer&sektion=2">setitimer(2)</a> <a href="http://www.openbsd.org/errata31.html#kerntime">erratum</a>.<br>
! 832: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.847 deraadt 833: <!-- ^ 20021013 -->
834: <li>Prepare the GNU floating-point emulation code on i386 for ELF.
835: <!-- ^ 20021012 -->
836: <li>Update <a href="stable.html">stable</a> to OpenSSH 3.5.
1.863 ! naddy 837: <li>Catch some endianness nits and add zero-padding of keys in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a>.
! 838: <li>Teach ALTQ CBQ the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> API. The old API remains for now.
1.847 deraadt 839: <!-- ^ 20021011 -->
1.850 deraadt 840: <li><font color="#e00000"><strong>RELIABILITY FIX: Network bridges running pf with scrubbing enabled could cause mbuf corruption, causing the system to crash.</strong></font><br>
841: <a href="errata.html#pfbridge">A source code patch is available</a>.<br>
1.863 ! naddy 842: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
! 843: <li>Fix a bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mbuf_tags&sektion=9">m_tag_copy_chain()</a>.
1.847 deraadt 844: <!-- ^ 20021010 -->
845: <li>Hush up noisy IPv6 neighbor discovery. Can be made loud again using sysctl net.inet6.icmp6.nd6_debug.
846: <!-- ^ 20021009 -->
1.863 ! naddy 847: <li><font color="#e00000"><strong>SECURITY FIX: An attacker can bypass the restrictions imposed by sendmail's restricted shell, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=smrsh&sektion=8">smrsh(8)</a>, and execute arbitrary commands with the privileges of his own account.</strong></font><br>
1.850 deraadt 848: <a href="errata.html#smrsh">A source code patch is available</a>.<br>
1.863 ! naddy 849: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
! 850: <li>Make predicates part of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>'s grammar.
1.847 deraadt 851: <!-- ^ 20021008 -->
1.863 ! naddy 852: <li>Start work on a merge of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=altq&sektion=9">altq(9)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> functionality. Oh yes.
! 853: <li>Add a missing htons() in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=talkd&sektion=8">talkd(8)</a>.
1.847 deraadt 854: <li>In pmdb, fix a crash that occurred when an attempt to set a breakpoint failed.
855: <li>Support SA_RESETHAND support to libc_r, in preparation for SA_SIGINFO support.
856: <li>Merge in Apache 1.3.27 and mod_ssl 2.8.11.
857: <li>New block-policy option to set the default response to a block rule.
858: <li>More rulebase reduction: "block return ..." now does The Right Thing, RST for TCP, ICMP for UDP, silent block otherwise.
1.863 ! naddy 859: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> support for icmpv6 returns in response to block rules.
! 860: <li>New reply-to rule option for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>, works like route-to but applies to reply packets in a stateful connection.
! 861: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> restarts work even when srm.conf is not present.
1.847 deraadt 862: <li>Have the X server complain less about unknown scancodes.
863: <!-- ^ 20021007 -->
1.863 ! naddy 864: <li>Initialise the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uvm&sektion=9">uvm</a>_pglistalloc result list in the function, instead of requiring the caller to do it.
! 865: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslog&sektion=3">syslog(3)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslog_r&sektion=3">syslog_r(3)</a> now take the new __syslog__ format attribute.
! 866: <li>Make the default <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> config files use php4 instead of php3.
1.847 deraadt 867: <!-- ^ 20021006 -->
1.863 ! naddy 868: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> expands lists left-to-right instead of right-to-left.
! 869: <li>Teach <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> how to filter on the IP TOS field.
1.847 deraadt 870: <!-- ^ 20021005 -->
871: <li>Fix list handling problem in ALTQ CBQ that showed up with three or more CBQ instances.
1.863 ! naddy 872: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=smtpd&sektion=8&release=OpenBSD+3.2">smtpd(8)</a> has left the building.
! 873: <li>By default, add the -H option to the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sort&sektion=1">sort(1)</a> invoked by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=locate.updatedb&sektion=8">locate.updatedb(8)</a>.
! 874: <li>Give <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=window&sektion=1">window(1)</a> the stdarg treatment.
! 875: <li>When routing via <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>, use the outgoing interface as decided by the normal routing code, not the interface to which the rule applies.
! 876: <li>Fix cross-site scripting vulnerability (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0840">CAN-2002-0840</a>) in the default error page of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a>. Only applies under specific (and non-OpenBSD default) conditions.
! 877: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.847 deraadt 878: <!-- ^ 20021004 -->
1.863 ! naddy 879: <li>In kernel IP processing, block interrupts with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=splsoftnet&sektion=9">splsoftnet(9)</a> around interface address routing table manipulations.
! 880: <li>Make sure <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> doesn't accept out-of-range TX keys.
! 881: <li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ami&sektion=4">ami(4)</a> matching I2O-configured devices.
1.847 deraadt 882: <li>3.2 -> 3.2-current.
883: <!-- ^ 20021003 -->
1.422 deraadt 884: </ul>
885: <p>
1.203 deraadt 886:
1.95 deraadt 887: This list mentions mostly platform-independent changes. For a list of changes
888: made in a particular platform, please check the page for that platform. If you
889: find them not listed there, the changes are either (1) not being documented or
890: (2) are documented here.<br><br>
1.14 deraadt 891:
892: <hr>
1.424 deraadt 893: <p>
894: <h3>
1.846 deraadt 895: For changes in other releases, click below:<br>
896: <a href="plus20.html">2.0</a>,
897: <a href="plus21.html">2.1</a>,
898: <a href="plus22.html">2.2</a>,
899: <a href="plus23.html">2.3</a>,
900: <a href="plus24.html">2.4</a>,
901: <a href="plus25.html">2.5</a>,
902: <a href="plus26.html">2.6</a>,
903: <a href="plus27.html">2.7</a>,
904: <a href="plus28.html">2.8</a>,
905: <a href="plus29.html">2.9</a>,
906: <a href="plus30.html">3.0</a>,
907: <a href="plus31.html">3.1</a>,
908: <a href="plus32.html">3.2</a>.
1.424 deraadt 909: <br>
910: </h3>
911:
912: <hr>
1.729 horacio 913: <a href="index.html"><img height=24 width=24 src="back.gif" border=0 alt="OpenBSD"></a>
914: <a href="mailto:www@openbsd.org">www@openbsd.org</a>
1.863 ! naddy 915: <br><small>$OpenBSD: plus.html,v 1.862 2003/03/04 13:03:43 nick Exp $</small>
1.14 deraadt 916:
917: </body>
918: </html>
![[BACK]](/icons/back.gif){kind=icon}
Return to plus.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www