File: [local] / www / plus.html (download) (as text)
Revision 1.833, Wed Jul 10 06:48:01 2002 UTC (21 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.832: +108 -108 lines
<code> looks like crap
|
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML Strict//EN">
<html>
<head>
<title>OpenBSD-current changes</title>
<link rev="made" href="mailto:www@openbsd.org">
<meta name="resource-type" content="document">
<meta name="description" content="OpenBSD-current changes">
<meta name="keywords" content="openbsd,current,changes">
<meta name="distribution" content="global">
<meta name="copyright" content="This document copyright 1996-2002 by OpenBSD.">
</head>
<body bgcolor="#ffffff" text="#000000" link="#23238e">
<a href="index.html"><img alt="[OpenBSD]" height="30" width="141" src="images/smalltitle.gif" border="0"></a>
<p>
<h2><font color=#e00000>Changes made between OpenBSD 3.1 and OpenBSD-current</font><hr></h2>
<p>
This is a partial list of the major machine-independent changes
(i.e., these are the changes people ask about most often). Port
specific changes have also been made, and are sometimes mentioned
in the pages for the specific <a href="plat.html">platforms</a>.
<p>
Changes to the <a href="ports.html">ports</a> collection are documented
<a href="portsplus/index.html">here</a>.
<p>
Note: <font color=#e00000>Problems for which patches exist are marked in red</font>.
<p>
<h3>
<a href="plus20.html">For changes leading up to OpenBSD 2.0, click here</a>.<br>
<a href="plus21.html">For changes leading up to OpenBSD 2.1, click here</a>.<br>
<a href="plus22.html">For changes leading up to OpenBSD 2.2, click here</a>.<br>
<a href="plus23.html">For changes leading up to OpenBSD 2.3, click here</a>.<br>
<a href="plus24.html">For changes leading up to OpenBSD 2.4, click here</a>.<br>
<a href="plus25.html">For changes leading up to OpenBSD 2.5, click here</a>.<br>
<a href="plus26.html">For changes leading up to OpenBSD 2.6, click here</a>.<br>
<a href="plus27.html">For changes leading up to OpenBSD 2.7, click here</a>.<br>
<a href="plus28.html">For changes leading up to OpenBSD 2.8, click here</a>.<br>
<a href="plus29.html">For changes leading up to OpenBSD 2.9, click here</a>.<br>
<a href="plus30.html">For changes leading up to OpenBSD 3.0, click here</a>.<br>
<a href="plus31.html">For changes leading up to OpenBSD 3.1, click here</a>.<br>
<br>
</h3>
<p>
<h3><font color=#0000e0>We are working on OpenBSD-current.</font></h3><p>
The following list sums up (almost) all the changes made up to July 9.
<ul>
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> <strong>chroot()</strong> and drop <strong>root</strong> privileges by default.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> now accepts an interface in most of the places it can take an IP address, and picks up all the IPv4 <em>and</em> IPv6 addresses on that interface.
<li>Some updates to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cron&sektion=8">cron(8)</a>.
<li>Remove <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ab&manpath=OpenBSD+3.1">ab(1)</a> from the Apache installation.
<li>Remove <a href="http://www.eecis.udel.edu/~ntp/">NTP</a> support from the kernel.
<li>Don't attempt to resubmit a structure we just freed in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> / <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipcomp&sektion=4">ipcomp(4)</a>.
<li>Small fixes to IP-in-IP encapsulation code.
<li>Add Security Mode options to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atactl&sektion=8">atactl(8)</a>.
<li>Support a few more HPT <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pciide&sektion=4">pciide(4)</a> cards.
<li>Make <strong>NEED_VERSION</strong> obsolete in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bsd.port.mk&sektion=5">bsd.port.mk(5)</a>.
<li>Fill IPv6 null pointer dereference in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1">cvs(1)</a> <strong>pserver</strong>.
<li>Remove some old upgrade hacks from the installer script.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> chokes on invalid '<strong>! <interface></strong>' syntax, instead of just ignoring the '<strong>!</strong>'.
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> interface stats, and allow the <strong>loginterface</strong> feature to be disabled.
<li>Make signal handler flags in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> of type <strong>volatile sig_atomic_t</strong>.
<li>Fix a few GCC 3.1 moans in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>.
<li>Un-bloating of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ahc&sektion=4">ahc(4)</a>.
<li>Cleanup of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rpcgen&sektion=1">rpcgen(1)</a>.
<li><font color=#e00000><strong>RELIABILITY FIX: Don't assume we have an active exchange during payload validation, otherwise <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> can be made to crash.</strong></font><br>
<a href="errata.html#isakmpd">A source code patch exists to remedy the problem.</a><br>
<a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ep&sektion=4">ep(4)</a> on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isapnp&sektion=4">isapnp(4)</a> now works on <a href="http://www.openbsd.org/alpha.html">alpha</a>.
<li>Improve the way the installer's fileset selection UI works.
<li>Fix a potential buffer overflow in <strong>xsystrace</strong>.
<li>Add a note to the unwary in <strong>distrib/notes</strong> about the danger of skipping several versions when upgrading.
<li>Don't have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> allocate memory for stuff we don't need, just to discard it straight away.
<li>Set <strong>IP_PORTRANGE_HIGH</strong> for active mode data channel of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&sektion-1">ftp(1)</a>.
<li>Add some more <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=usb&sektion=4">usb(4)</a> product IDs.
<li>Fix an off-by-one error in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rmt&sektion=8">rmt(8)</a> and improve string handling in general.
<li>Normalise <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nc&sektion=1">nc(1)</a>'s EOF handling.
<li>Plug a few <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> memory leaks.
<li>Tweak the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tga&sektion=4&arch=alpha">tga(4/ALPHA)</a> driver.
<li>Fix several missing or broken <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=malloc&sektion=3">malloc(3)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=realloc&sektion=3">realloc(3)</a> failure checks.
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rcs&sektion=1">rcs(1)</a>, actually <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=exit&sektion=3">exit(3)</a> after spotting that <strong>LocalId</strong> is too long.
<li>Lots of ANSIfication of function declarations and prototypes.
<li>Fix bug causing '<strong>SPL NOT LOWERED</strong>' errors from the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ami&sektion=4">ami(4)</a> RAID controller.
<li>Give <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign&sektion=8">ssh-keysign(8)</a> its <strong>setuid(root)</strong> toys back, but only work at all if <strong>HostbasedAuthentication</strong> is globally disabled.
<li>Use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=RSA_blinding_on&sektion=3">RSA_blinding_on(3)</a> to ward off a <a href="http://www.cryptography.com/resources/whitepapers/TimingAttacks.pdf">Kocher timing attack</a> on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign&sektion=8">ssh-keysign(8)</a>.
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=signal&sektion=3">signal(3)</a> race in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ping&sektion=8">ping(8)</a>.
<li>Remove <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=adv&sektion=4">adv(4)</a> from the i386 <strong>RAMDISK</strong> kernel until new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ahc&sektion=4">ahc(4)</a> un-bloats itself.
<li>Catch a null pointer dereference when fetching the routing table via <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a>.
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sis&sektion=4">sis(4)</a> compile and work on <a href="http://www.openbsd.org/alpha.html">alpha</a>.
<li>Return correct result sizes from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ubsec&sektion=4">ubsec(4)</a>.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a> will now compile with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> but no <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
<li>Cleanup of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftpd&sektion=8">ftpd(8)</a>.
<li>Fix PIO writes code in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wdc&sektion=4">wdc(4)</a>, broken since OpenBSD 2.5!
<li>Remove unnecessary <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=longjmp&sektion=3">longjmp(3)</a> from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login&sektion=1">login(1)</a>.
<li>Pages allocated with <strong>debug_malloc()</strong> aren't ever executed, so don't use <strong>VM_PROT_ALL</strong>.
<li>Finally fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a> address cache bug.
<li>Properly handle endpoint differences of opinion on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> <strong>Compression</strong> options
<li>Fix the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wsdisplay&sektion=4">wsdisplay(4)</a> blanker after the X server has been running.
<li>Make the installer deal correctly with passwords starting with '<strong>-X </strong>' for some <strong>X</strong>, instead of misinterpreting them as options to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=encrypt&sektion=1">encrypt(1)</a>.
<li>Fix some compatibility quirks in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ppp&sektion=8">ppp(8)</a>.
<li>Add a pushback buffer to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>'s parser.
<li>Remove <strong>setuid(root)</strong> from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign&sektion=8">ssh-keysign(8)</a>, disabling it for now.
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=named&sektion=8">named(8)</a> call <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tzset&sektion=3">tzset(3)</a> so <strong>/etc/localtime</strong> isn't needed after the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chroot&sektion=2">chroot(2)</a>.
<li>More fixes to the new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ahc&sektion=4">ahc(4)</a> driver.
<li>Add AlphaServer 800 and 1000 support.
<li>Enable <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lc&sektion=4">lc(4)</a> devices in <a href="http://www.openbsd.org/alpha.html">alpha</a> GENERIC kernel.
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isapnp&sektion=4">isapnp(4)</a> panics on <a href="http://www.openbsd.org/alpha.html">alpha</a>.
<li>Make <strong>xf86config</strong> give the option of configuring a mouse wheel.
<li>Gracefully handle <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=i386_iopl&sektion=2&arch=i386">i386_iopl(2)</a> failure in the X server when trying to give up privileges.
<li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wscons&sektion=4">wscons(4)</a> files to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fbtab&sektion=5">fbtab(5)</a> on <a href="http://www.openbsd.org/i386.html">i386</a>.
<li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a> support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslog&sektion=3">syslog(3)</a>.
<li>Evolve <strong>strtou?q()</strong> into <strong>strtou?ll()</strong>. Use weak aliases if available (wrappers otherwise) to fake <strong>strtou?q()</strong>.
<li>Run <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rpc.rstatd&sektion=8">rpc.rstatd(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rpc.rusersd&sektion=8">rpc.rusersd(8)</a> as <strong>root</strong> from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inetd&sektion=8">inetd(8)</a> again, but go to <strong>nobody</strong>'s jail at startup.
<li>Lots more bounds-checking all over the place.
<li>Recognise a few more <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fxp&sektion=4">fxp(4)</a> devices.
<li>Correct misleading <strong>cgetclose()</strong> entry in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getcap&sektion=3">getcap(3)</a> manpage.
<li>Try again with the new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ahc&sektion=4">ahc(4)</a> driver.
<li>Cleanups of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chpass&sektion=1">chpass(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=passwd&sektion=1">passwd(1)</a>.
<li><font color=#e00000><strong>SECURITY FIX: The kernel would let any user <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ktrace&sektion=2">ktrace(2)</a> set[ug]id processes.</strong></font><br>
<a href="errata.html#ktrace">A source code patch is available</a>.<br>
<a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newsyslog&sektion=8">newsyslog(8)</a> now doesn't follow symbolic links by default, fixing PR1913.
<li>Change web site banner to "One remote hole in the default install, in nearly 6 years!" That's still an awesome record.
<li>More audit of OpenSSH.
<li><a href="http://www.openssh.com/openbsd.html">OpenSSH 3.4</a> was released, and there was much rejoicing.
<li><font color=#e00000><strong>SECURITY FIX: All versions of OpenSSH's <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> between 2.3.1 and 3.3 contain an input validation error that can result in an integer overflow and privilege escalation. The problem is fixed in OpenSSH 3.4.</strong></font><br>
<a href="errata.html#sshd">A source code patch is available</a>.<br>
<a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
<li>Add a number of resource limits to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>.
<li>Increase <a href="http://www.openbsd.org/i386.html">i386</a> kvm size to 768M.
<li>The list of great Theo quotes for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a> continues to grow.
<li>Note: Resolver fix applied to 2.9-STABLE, 3.0-STABLE and 3.1-STABLE.
<li><font color=#e00000><strong>SECURITY FIX: A potential buffer overflow in the DNS resolver has been found.</strong></font><br>
<a href="errata.html#resolver">A source code patch is available</a>.<br>
<a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
<li>Merge in <a href="http://www.sendmail.org/">Sendmail</a> 8.12.5.
<li>Start work on IP-over-FireWire and IP-over-SCSI.
<li>Move a bunch of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> options into <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a>.
<li><a href="http://www.openbsd.org/c2k2/">c2k2</a>-inspired changes to the installer.
<li>Skip routing table lookup when {broad,multi}casting and the outgoing interface is set using <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=setsockopt()&sektion=2">setsockopt(2)</a>. Removes the need for a <strong>224/4</strong> route. <!-- XXX it still gets set in /etc/rc though -->
<li>Make X use <strong>/dev/wsmouse</strong> instead of <strong>/dev/wsmouse0</strong> by default.
<li>Add some m68k opcode aliases for GNU <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=as&sektion=1">as(1)</a> from recent binutils.
<li>Pull the <strong>bzero()</strong> fix in <strong>sys/netinet/tcp_input.c</strong> from -current into 3.0-stable.
<li>Fix the FTP relay in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=faithd&sektion=8">faithd(8)</a>.
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> reassociation after an AP reboot.
<li><font color=#e00000><strong>SECURITY FIX: A buffer overflow can
occur in the .htaccess parsing code in the mod_ssl <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> module, leading to possible remote crash or exploit (PR2767.)</strong></font><br>
<a href="errata.html#modssl">A source code patch is available</a>.<br>
<a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
<li>Lots of <strong>uid_t</strong> and <strong>gid_t</strong> signedness fixes.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> no longer calls <strong>setsid()</strong> when run from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inetd&sektion=8">inetd(8)</a>.
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1">cvs(1)</a> <strong>pserver</strong> talk IPv6.
<li>Increment <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=boot&sektion=8&arch=i386">boot(8)</a> version to help debug the new memory probe and other fixes.
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> less twitchy on quick inserts/ejects.
<li>String handling and bounds checking fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login_fbtab&sektion=3">login_fbtab(3)</a>.
<li>Bump <a href="http://www.openssh.com/">OpenSSH</a> to version 3.3.<br>
<a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
<li>Start adding <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a> support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=noct&sektion=4">noct(4)</a>.
<li>System call argument rewriting framework for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a>.
<li>Enable <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> on sparc64, after a <em>lot</em> of groundwork.
<li>Fix some endianness nits in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a>.
<li>Remove <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifmcstat&sektion=8&manpath=OpenBSD+3.1">ifmcstat(8)</a>, the same information is available from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a>.
<li>More improvements to 4GB memory probing on <a href="http://www.openbsd.org/i386.html">i386</a>.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> options are now documented in their own <strong>sshd?_config(5)</strong> manpage.
<li>Add option for smooth scrolling to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=talk&sektion=1">talk(1)</a>.
<li>Support a few more wireless cards in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a>.
<li>Build <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wicontrol&sektion=8">wicontrol(8)</a> on sparc64 as well.
<li>String handling cleanups in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=comsat&sektion=8">comsat(8)</a>.
<li>Support <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=magma&sektion=0&arch=sparc">magma(4/SPARC)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=magma&sektion=0&arch=sparc64">magma(4/SPARC64)</a> serial/parallel boards.
<li>Support <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=stp&sektion=4">stp(4)</a> sbus-PCMCIA bridge based on STP4020 chipset. (The <strong>nell</strong> driver on Solaris.)
<li>Cleanup of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=timed&sektion=8">timed(8)</a>.
<li>Removing its <strong>setgid(kmem)</strong> was not enough, remove <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=trsp&sektion=8">trsp(8)</a> altogether.
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=yacc&sektion=1">yacc(1)</a> errors look like C compiler errors, so parser utilities such as <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=error&sektion=1">error(1)</a> can deal with it.
<li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a> support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=random&sektion=9">random(9)</a>.
<li>Kill file descriptor leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&sektion=8">dhcpd(8)</a>.
<li>Fix lots of format strings in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcp&sektion=8">dhcp(8)</a> programs.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ps&sektion=1">ps(1)</a> shows flag '<strong>x</strong>' for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a>'d processes.
<li>Lots of work on the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gpr&sektion=4">gpr(4)</a> driver.
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uftdi&sektion=4">uftdi(4)</a>.
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systat&sektion=1">systat(1)</a> revoke its <strong>setgid(kmem)</strong> privileges.
<li>Remove old <strong>pccons</strong> driver from <a href="http://www.openbsd.org/i386.html">i386</a>, also the associated <strong>XSERVER</strong> option from the kernel.
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftpd&sektion=8">ftpd(8)</a>'s SIGALRM handler.
<li><font color=#e00000><strong>SECURITY FIX: A buffer overflow can
occur during the interpretation of chunked encoding in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a>, leading to possible remote crash.</strong></font><br>
<a href="errata.html#httpd">A source code patch is available</a>.<br>
<a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
<li>Add the punctuation-challenged Nike psa[play^120 USB widget.
<li>Remove <strong>setgid(kmem)</strong> from the enormously useful <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=trsp&sektion=8">trsp(8)</a>.
<li>Add UK keyboard map to <a href="http://www.openbsd.org/macppc.html">macppc</a> (with '#' on Option-3) and also <strong>option CAPS_IS_CONTROL</strong>.
<li>Increase <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xl&sektion=4">xl(4)</a> timeout to squash '<strong>command never completed!</strong>' warnings.
<li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a> support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=audio&sektion=4">audio(4)</a>.
<li>Import <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=event&sektion=3">event(3)</a>, an API on top of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=select&sektion=2">select(2)</a> or <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a>.
<li>Enable DMA on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xl&sektion=4">xl(4)</a>.
<li>Allow transparent (statically keyed) <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> processing on a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a>.
<li>Help <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ppp&sektion=8">ppp(8)</a> to cope with yet more Microsoft PPP attributes.
<li>Extend <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a> key lifetime constraints more flexible (i.e. more than just key lifetime.)
<li>Teach ECN attributes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>.
<li>Add <strong>eui64</strong> option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifconfig&sektion=8">ifconfig(8)</a> for configuring the IPv6 interface index.
<li>Add a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> to get the CPU type on sparc and sparc64.
<li>Throw away the first 256 words of arc4 output in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=random&sektion=9">random(9)</a>.
<li>Gratuitous <strong>pid_t</strong> cleanup in <strong>/usr/bin</strong>.
<li>Grab multicast <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vlan&sektion=4">vlan(4)</a> code from NetBSD.
<li>Add some inlined hash functions for the kernel, in <strong><sys/hash.h></strong>.
<li>Cleanup work on conditional evaluation in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=make&sektion=1">make(1)</a>.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> accepts IPComp flows.
<li>Drop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> <strong>scrub(fragcache)</strong> syntax in favour of the <strong>fragment ...</strong> option in <strong>scrub</strong> rules.
<li>Teach <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a> about <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipcomp&sektion=4">ipcomp(4)</a>.
<li>Show sparc64's X server which device it wants to <strong>mmap()</strong>.
<li>Add ioctl to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wscons&sektion=4">wscons(4)</a> allowing sparc64 (other architectures later) to find out which PCI device it's using.
<li>Enable userland <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=4">crypto(4)</a> support for DSA. Maybe logging in using ssh2 on a 486 needn't take 20 seconds after all.
<li>Kernel changes and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> switch for hardware asymmetric <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=4">crypto(4)</a> in userland.
<li>Add initial Ultra Port Architecture (<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=upa&sektion=4&arch=sparc64">upa(4/SPARC64)</a>) support. Attach <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=creator&sektion=4&arch=sparc64">creator(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=schizo&sektion=4&arch=sparc64">schizo(4)</a> using it.
<li>Import new <a href="http://www.openbsd.org/vax.html">vax</a> boot code from NetBSD.
<li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=umct&sektion=4">umct(4)</a> USB serial driver and .<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=umidi&sektion=4">umidi(4)</a> USB MIDI driver. Not tested, not in GENERIC.
<li>Add IPL_STATCLOCK and add lots of <strong>splassert()</strong>s.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> spends less time with <strong>euid==0</strong> even if it is installed <strong>setuid(root)</strong>.
<li>Much cleanup in <strong>distrib/miniroot</strong>.
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> <strong>-s state</strong> print UDP and 'other' states nicely.
<li>New <strong>scrub(fragcache) ...</strong> syntax for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
<li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mbuf_tags&sektion=9">mbuf_tags(9)</a> <strong>PACKET_TAG_PF_FRAGCACHE</strong> to stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> misdetecting duplicate fragments.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT proxy port ranges can be specified per-rule.
<li>Don't <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=panic&sektion=9">panic(9)</a> if <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> tries to insert a duplicate key.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT and filter rules now all go in the one file (normally <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a>.) New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> file syntax. Oh yes.
<li>Clean up semantics of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gre&sektion=4">gre(4)</a> a bit.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifconfig&sektion=8">ifconfig(8)</a> prints the Ethernet address. Yippee!
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=route&sektion=8">route(8)</a> now accepts DNS names (and naturally enough treats them as host routes.)
<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> using the same range for SPIs and CPIs.
<li>Ports can now be specified in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT rules.
<li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a> to attach to a running process.
<li>Add ioctl <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a> to retrieve the current emulation of a process.
<li>Remove <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dlopen&sektion=3">dlopen(3)</a> stuff from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>.
<li>Fix BPF code for a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gif&sektion=4">gif(4)</a> tunnel, and add some more sanity checks.
<li>Default <strong>RhostsAuthentication</strong> and <strong>RhostsRSAAuthentication</strong> to 'no' now that <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> is now longer <strong>setuid(root)</strong> by default.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-add&sektion=1">ssh-add(1)</a> key lifetimes can now be specified in nice readable form, e.g. '<strong>-t 1h</strong>'.
<li>Define <strong>__weak_alias()</strong> for mvme88k.
<li>Merge GNU TeXinfo 4.2.
<li>Prevent <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mbuf&sektion=9">mbuf(9)</a> leakage from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a>.
<li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bad144&sektion=8&arch=i386">bad144(8)</a>.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=user&sektion=8">user(8)</a> now checks the username length against MaxUserNameLen.
<li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bio&sektion=4">bio(4)</a> device, so userland can talk to devices that don't have nodes in <strong>/dev</strong>.
<li>Remove KerberosIV startup code from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rc&sektion=8">rc(8)</a> files.
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT rules work more like normal filter rules.
<li>Add SIO*PHYADDR to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gif&sektion=4">gif(4)</a> so <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifconfig&sektion=8">ifconfig(8)</a> can set the outer address.
<li>Make published <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=arp&sektion=8">arp(8)</a> entries work again (PR2635.)
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcp&sektion=8">dhcp(8)</a> build faster (PR2715.)
<li>Start converting <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systat&sektion=1">systat(1)</a> to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> instead of kvm.
<li>Set FDDI link MTU the same as IPv4 MTU, fixes PR2714.
<li>Allow numeric group IDs in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>.
<li>Changes to initialisation and media config of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ep&sektion=4">ep(4)</a>.
<li>Add list support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> <strong>rdr</strong> rules.
<li>Fix a number of bad <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strlcpy&sektion=3">strlcpy(3)</a> calls.
<li>Fix PR2704 resuming <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=eso&sektion=4">eso(4)</a> after standby.
<li>Change a lot of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=index&sektion=3">index(3)</a> calls to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strchr&sektion=3">strchr(3)</a>.
<li>Change "'cuz" to "because." Strewth!
<li>Add another <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mbuf&sektion=9">mbuf(9)</a> flag M_AUTH_AH, changing the meaning of M_AUTH.
<li>Remove a bunch of '<strong>\n</strong>'s from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslog&sektion=3">syslog(3)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=err&sektion=3">err(3)</a> calls.
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> IKECFG support work for both SET/ACK and REQ/REPLY modes.
<li>Fixes for OpenSSL when talking to hardware <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=4">crypto(4)</a>.
<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&sektion=1">ftp(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftpd&sektion=8">ftpd(8)</a> spilling the IPv6 scope ID onto the wire.
<li>The hardware is willing, and now <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xl&sektion=4">xl(4)</a> is able to offload TCP, UDP and IP checksumming to it.
<li>Support setting MTU on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sk&sektion=4">sk(4)</a>.
<li>Add <strong>KERN_{NFILES,TTYCOUNT,NUMVNODES,MBSTAT}</strong> <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> entries.
<li>For a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a>, handle IPv4 frag-needed-but-DF-set just like on a regular interface.
<li>Pull in some <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pciide&sektion=4">pciide(4)</a> fixes from NetBSD.
<li>Remove (arguably) unnecessary <strong>setgid(operator)</strong> from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=df&sektion=1">df(1)</a>.
<li>Remove <strong>setuid(kmem)</strong> from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ps&sektion=1">ps(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=w&sektion=1">w(1)</a> now kvm can use sysctl for some stuff. We don't need no <strong>proc</strong> filesystem...
<li>Make the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kvm&sektion=3">kvm(3)</a> library try to use the shiny new sysctls to fetch process arguments and environment.
<li>Add flag to stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kvm_open&sektion=3">kwm_open(3)</a> opening any files, though limiting kvm functionality.
<li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> to retrieve process arguments and environment.
<li>Tweak kernel memory allocation on i386 to work better on 4GB machines.
<li>Work started on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=schizo&sektion=4&arch=sparc64">schizo(4/SPARC64)</a> PCI controller. Who said that?
<li>Install script now puts FQDN in <strong>/etc/myname</strong>.
<li>Make more use of <strong>splsoftnet()</strong> (instead of <strong>splnet()</strong>) in IPv6 code.
<li><strong>lo0</strong> now only gets <strong>::1</strong> when it's brought up.
<li>Merge <a href="http://www.pdc.kth.se/kth-krb/">kth-krb</a> 1.1.1.
<li>Enable weak aliases in <strong>libc</strong> for powerpc, sparc and alpha (already enabled on i386.)
<li>Add new <strong>splusb()</strong> to prevent USB initialisation lossage.
<li>Improve SMART support in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atactl&sektion=8">atactl(8)</a>.
<li>Silently ignore deprecated options to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> since they may be passed in for a remote <strong>scp</strong> command.
<li>Remove <strong>FallbackToRsh</strong> from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&sektion=1">scp(1)</a> as well.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT rules now do macro expansion as well.
<li>Add Makefile-like (<strong>var += ...</strong>) macro concatenation to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>, then remove it again.
<li>Add per-rule state timeouts to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
<li>Fix well-hidden little bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=3">crypto(3)</a> to unbork <a href="http://www.openbsd.org/sparc64.html">sparc64</a> SSL/TLS negotiation.
<li>On <a href="http://www.openbsd.org/alpha.html">alpha</a>, don't allow kernel symbols to be paged out.
<li>Deprecate <strong>FallbackToRsh</strong> and <strong>UseRsh</strong> options in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign&sektion=8">ssh-keysign(8)</a> now insists on 20-byte session IDs.
<li>Remove suspect <strong>DIAGNOSTIC</strong> block from softdep kernel code.
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wsdisplay&sektion=4">wsdisplay(4)</a> screen blanker play nice with the X server.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lpr&sektion=1">lpr(1)</a> and friends go from <strong>setuid(root)</strong> to <strong>setgid(daemon)</strong>. Connections can come from unprivileged ports for now.
<li>Add Realtek 8129/8139 cardbus device support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rl&sektion=4">rl(4)</a>.
<li>Switch <a href="http://www.openbsd.org/macppc.html">macppc</a> to use <strong>gem</strong> instead of <strong>gm</strong>.
<li>Multicast fixes and Gigabit Ethernet support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gem&sektion=4">gem(4)</a>.
<li>Rule label length increased from 32 to 64 characters.
<li>Allow modification of TTL with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> <strong>return-rst</strong>.
<li>Timeout handling improvements to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ohci&sektion=4">ohci(4)</a>.
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a> print RIP6 statistics.
<li>Allow a per-rule limit to the number of state table entries a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a> rule can create.
<li>Switch <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> from AVL to red-black trees.
<li>Add Gemplus GPR400 PCMCIA smartcard reader.
<li>If sending on another interface, resubmit <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> routed packets for filtering and NAT by <strong>pf</strong>. Add an <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mbuf_tags&sektion=9">mbuf_tags(9)</a> to stop loops forming.
<li>Don't propose IDEA when negotiating SSL connections.
<li><strong>$srcaddr</strong>, <strong>$srcport</strong>, <strong>$dstaddr</strong>, <strong>$dstport</strong>, <strong>$proto</strong> and <strong>$nr</strong> (rule number) can now be used in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> rule labels.
<li>Make a kernel TCP RST and a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> <strong>return-rst</strong> look the same, to frustrate the nmap crowd.
<li>Some <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a> filter list optimizations.
<li>Remove IPv4 mapped address support from TCP input code, and remove <strong>is_ipv6()</strong>.
<li>Add <strong>net.inet6.ip6.v6only</strong> <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=8">sysctl(8)</a> flag.
<li>Add <strong>ikecfg</strong> as a valid flag in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd.conf&sektion=5">isakmpd.conf(5)</a>. Start coding SET/ACK mode support.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inetd&sektion=8">inetd(8)</a> no longer accepts UDP packets if the source is a broadcast address.
<li>Start work on <a href="http://www.xfree86.org/current/Xkdrive.1.html">KDrive</a> (TinyX) low-footprint X server support.
<li>Add a missing <strong>bzero()</strong> in <strong>sys/netinet/tcp_input.c</strong> to fix link-local TCP.
<li>Add flow type to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>.
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> crasher PR2729.
<li>Deprecate SIO.*IFPREFIX_IN6 ioctls.
<li>Merge <a href="http://www.stacken.kth.se/projekt/arla/">arla</a> release 0.35.7.
<li>Merge OpenSSL 0.9.7-stable-20020605.
<li>TCP wrappers and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> accept scoped IPv6 addresses.
<li>Remove <strong>[gs]etprogname()</strong> from KerberosIV
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> crash described in PR2721.
<li>Disable XF86_SVGA drivers in old XFree that are as good or better in XFree86 4.2.0, as defined in their <a href="http://www.xfree86.org/4.2.0/Status.html">status page</a>.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bpf&sektion=4">bpf(4)</a> support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a>
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>, add netmask, subnet and DHCP server request support to IKECFG.
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bktr&sektion=4&arch=i386">bktr(4)</a> stereo.
<li>Support the RNG of AMD-768 southbridge (device <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=amdpm&sektion=4">amdpm(4)</a>.)
<li>Fix DMA handing of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hme&sektion=4&arch=sparc">hme(4)</a> (SPARC and SPARC64.)
<li>Pull in <strong>libcsu</strong> change from NetBSD to allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dlopen&sektion=3">dlopen(3)</a> to be used much earlier.
<li>Add <strong>-t</strong> key lifetime option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-add&sektion=1">ssh-add(1)</a>.
<li>Use IPv4/IPv6 addresses in <strong>/etc/inetd.conf</strong> instead of 'localhost' to avoid DNS lookups.
<li>Add predicate suffixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>.
<li>Add <strong>-x</strong> and <strong>-X</strong> options to respectively lock and unlock <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a>.
<li>Compatibility tweaks to <strong>getpid()</strong>, <strong>getuid()</strong> and <strong>getgid()</strong> under Linux emulation.
<li>Start work on new debugger, pmdb.
<li>Additional check (#ifdef DIAGNOSTIC) for duplicate <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uvm&sektion=9">uvm(9)</a> map entries.
<li>If <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslog&sektion=3">syslog(3)</a> fails with ENOBUFS when sending to <strong>/dev/log</strong>, it now waits a millisecond and retries.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslogd&sektion=8">syslogd(8)</a> doubles the socket receive buffer size.
<li>Automatic policy generation for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a>.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lynx&sektion=1">lynx(1)</a> now defaults to passive FTP.
<li>Remove <strong>[gs]etprogname()</strong> from KerberosV.
<li>New <strong>-a <bind_address></strong> option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a> so user can specify the agent's UNIX domain socket.
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tbrconfig&sektion=8">tbrconfig(8)</a> statically linked.
<li>Remove assumptions about MTU values for certain media types.
<li>Use the same byte-order kung fu as the kernel in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atactl&sektion=8">atactl(8)</a>.
<li>Don't automagically set -prefixlen 128 on IPv6 host route.
<li>rasops instead of rcons for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vgafb&sektion=4&arch=sparc64">vgafb(4/SPARC64)</a>.
<li>Add xsystrace(1) [no manpage yet] UI for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a>.
<li> Add sbus <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bwtwo&sektion=4&arch=sparc">bwtwo(4)</a> mono framebuffer support (untested.)
<li>PrivSep'd <a href="http://www.openssh.com/">ssh</a> monitor processes check each authentication method is enabled before use.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> userland import.
<li>Use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=arc4random&sektion=3">arc4random(3)</a> for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rtadvd&sektion=8">rtadvd(8)</a>.
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nice&sektion=3">nice(3)</a> standards compliant.
<li>More <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> tweaks for Symbol cards.
<li>Recognise VIA VT8233 PCI-ISA bridge.
<li>Fix <a href="http://www.openbsd.org/sparc64.html">sparc64</a> 64-bit relocation masks in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a>.
<li>Merge in <a href="http://www.sendmail.org/">Sendmail</a> 8.12.4.
<li>Detect stereo radio reception in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fms&sektion=4">fms(4)</a>.
<li>Compatibility tweaks to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=creator&sektion=0&arch=sparc64">creator(4/SPARC64)</a>.
<li>Replace <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mr&sektion=4&manpath=OpenBSD+3.1">mr(4)</a> radio driver with new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gtp&sektion=4">gtp(4)</a> driver, which is better tested.
<li>'<strong><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl</a> -s all</strong>' now prints labels as well.
<li>Add <strong>volatile</strong> to <strong>sig_atomic_t</strong>. Stand well back.
<li>Use rasops instead of rcons in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cgthree&sektion=4&arch=sparc">cgthree(4/SPARC)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cgsix&sektion=4&arch=sparc">cgsix(4/SPARC)</a>.
<li>Simplify IPv6 link MTU code.
<li>Stop maintaining 2.9-stable.
<li>Bump 2.9-stable to <a href="http://www.openssh.com/">OpenSSH</a> version 3.2.3.
<li>Bump 3.0-stable to <a href="http://www.openssh.com/">OpenSSH</a> version 3.2.3.
<li>Implement <strong>PMAP_CANFAIL</strong> flag for m68k pmap.
<li>Enable console blanking on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cgthree&sektion=4&arch=sparc">cgthree(4/SPARC)</a>.
<li>Make sure some <strong>struct sockaddr</strong> are cleared before use.
<li>Start work on NetOctave NSP2000 (hardware crypto) driver <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=noct&sektion=4">noct(4)</a>. Just the RNG for now.
<li>Apply <a href="http://www.dachb0den.com/projects/bsd-airtools.html">BSD Airtools</a> 0.2 patches.
<li>Teach <a href="http://www.ietf.org/rfc/rfc3168.txt?number=3168">ECN</a> flags to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
<li>Dump <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mkisofs&sektion=8&manpath=OpenBSD+3.1">mkisofs(8)</a> in favor of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mkhybrid&sektion=8">mkhybrid(8)</a>.
<li>Avoid <strong>fd_set</strong> overruns in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rtsold&sektion=8">rtsold(8)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=route6d&sektion=8">route6d(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rtadvd&sektion=8">rtadvd(8)</a>.
<li>Clue in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inetd&sektion=8">inetd(8)</a> to IPv6 FTP bounce attacks.
<li>Fix <strong>/etc/ptmp</strong> deletion bug that occurred if <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rmuser&sektion=8">rmuser(8)</a> was aborted.
<li>IBSS mode for Symbol cards (firmware >= 2.5) using the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi">wi(4)</a> driver.
<li>Add leading-zero padding to RSA signatures in <a href="http://www.openssh.com/">ssh</a>.
<li>Tweak <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=altq&sektion=9">altq(9)</a> <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=options&sektion=4">options(4)</a> so the kernel compiles on i[34]86.
<li>Add support in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fxp&sektion=4">fxp(4)</a> driver for more Intel PRO/100 VM cards.
<li>For those that do metric but refuse to work in meters and kilograms, <a href="http://www.unc.edu/~rowlett/units/dictK.html">kayser</a> conversion has been added to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=units&sektion=1">units(1)</a>. Wow.
<li>Fix signal races in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ping&sektion=8">ping(8)</a>.
<li>Now that the Dungeon Master <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dm&sektion=0&manpath=OpenBSD+3.1">dm(1)</a> has gone into well-earned retirement, make those games that need to save high scores, etc. run setgid <strong>games</strong>.
<li>Per-socket <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> policies and options!
<li>Stop a potential <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> DoS where an attacker could falsely advance the replay counter and so force valid traffic to be discarded.
<li>Add German keyboard map for Apple iBook.
<li>On ELF platforms, allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc&sektion=1">gcc(1)</a> to link Fortran code with other languages.
<li>Pull <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ldconfig&sektion=8">ldconfig(8)</a> <strong>strlcpy()</strong> fix into <a href="http://www.openbsd.org/stable.html">-stable</a>.
<li>Make sure <em>every</em> PCI interrupt is recorded, so ISA doesn't step on one of them later.
<li>Attach <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=radio&sektion=4">radio(4)</a> devices properly.
<li>Fix VIA8233 support in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=auvia&sektion=4">auvia(4)</a>.
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nc&sektion=1">nc(1)</a> timeouts behave more like <strong>netcat</strong>.
<li>Make sure user's shell is <strong>/usr/sbin/authpf</strong> before running <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=authpf&sektion=8">authpf(8)</a> to prevent <strong>$SSH_CLIENT</strong> shenanigans.
<li>In <a href="http://www.openssh.com">ssh</a>, use OpenSSL's AES implementation instead of our own.
<li>Add <strong>-[46]</strong> options to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&sektion=1">ftp(1)</a>.
<li>Warn to syslog if IPv6 neighbor discovery tries to set the link MTU too small.
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tip&sektion=1">tip(1)</a> query the driver with the user's baud rate setting rather than only accepting a compiled-in list.
<li>Better <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wscons&sektion=4">wscons(4)</a> support for Sun type 5 keyboards.
<li>Cleanup and small fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=skeyaudit&sektion=1">skeyaudit(1)</a>.
<li>Fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fms&sektion=4">fms(4)</a>.
<li>Various fixes and enhancements to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a>.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> no longer starts in privilege-separated mode unless the PrivSep user <strong>sshd</strong> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chroot&sektion=2">chroot(2)</a> dir <strong>/var/empty</strong> are both present.
<li>Recognise Intel 830 (laptop Celery support) and 312 southbridge.
<li>Fix potential time overflow in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dd&sektion=1">dd(1)</a>.
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a> refragment IP packets that are too large for the outgoing interface.
<li>Remove <strong>libdl</strong>, support is now in <strong>libc</strong>.
<li>Recognise Nokia C110 and C111 PC cards as <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> devices.
<li>Really sanitize <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a>'s environment as promised in the manpage when running set[ug]id, and test for set[ug]id earlier.
<li>Don't allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mktemp&sektion=3">mktemp(3)</a> to back up past the beginning of its input buffer.
<li>Use the correct string buffer size for printing port numbers in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
<li>Remove <strong>arc4random_8()</strong>.
<li><strong>struct ifnet</strong> now has an array of pointers to data for each address family. Move per-interface IPv6 state and neighbor discovery stuff here.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a> cleanup.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ping6&sektion=8">ping6(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=traceroute6&sektion=8">traceroute6(8)</a> updates from <a href="http://www.kame.net/">KAME</a>.
<li><strong>unsigned</strong> -> <strong>unsigned int</strong> cleanup.
<li><strong>pid_t</strong> type cleanup.
<li>Fix big <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=snprintf&sektion=3">snprintf(3)</a>
parameter typo in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strftime&sektion=3">strftime(3)</a>.
<li>Don't use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=execlp&sektion=3">execlp(3)</a> when invoking <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign&sektion=8">ssh-keysign(8)</a>.
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kill&sektion=2">kill(2)</a> parameter brainfade in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=amd&sektion=8">amd(8)</a> and KerberosIV's rlogin.
<li><a href="http://www.openbsd.org/vax.html">vax</a>: Add board type for VXT2000+.
<li>More IANA interface type values, including IFT_BRIDGE.
<li>Split XFree86 <strong>bsd_video.c</strong> into architecture-specific files.
<li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=8">sysctl(8)</a> toggle <strong>net.inet.icmp.tstamprepl</strong> (default: 1) for ICMP timestamp replies.
<li>Yet more safe string function fixes.
<li>In XFree86 build, honour COPTS variable when building third-party apps.
<li>Add <strong>LIBS</strong> option for <strong>crunchgen</strong> so custom libraries can be added to boot images.
<li>Run <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rpc.rstatd&sektion=8">rpc.rstatd(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rpc.rusersd&sektion=8">rpc.rusersd(8)</a> as user <strong>nobody</strong> (boo!) from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inetd&sektion=8">inetd(8)</a>.
<li>From <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a>, remove tests that have no license, and for the same reason replace parts of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld&sektion=1">ld(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ldconfig&sektion=8">ldconfig(8)</a>.
<li>Remove unnecessary instruction cache flushes on <a href="http://www.openbsd.org/sparc64.html">sparc64</a>.
<li>Many cleanups in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a>.
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=disklabel&sektion=8">disklabel(8)</a> warnings on a SCSI
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cd&sektion=4">cd(4)</a> with no data track.
<li>Allow incoming <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> connections in the temporary <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> ruleset installed by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rc&sektion=8">/etc/rc</a>, just in case the real rulebase fails to load later on.
<li>Support mixed IPv4/IPv6 address lists in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
<li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign&sektion=8">ssh-keysign(8)</a>.
<li>Remove obsolete <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dm&sektion=8&manpath=OpenBSD+3.0">dm(8)</a>.
<li>Hunt for biodone() calls not made at splbio() <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spl&sektion=9">spl(9)</a>, and fix them.
<li>Improve <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mount_cd9660&sektion=8">cd9660(8)</a> filesystem read-ahead performance.
<li>Support software brightness and backlight control on various macppc models.
<li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wsconsctl&sektion=8">wsconsctl(8)</a> to control brightness and backlight on displays which
support this.
<li>New libc IEEE floating-point code and libm routines for hppa.
<li>splassert (<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spl&sektion=9">spl(9)</a>) on i386.
<li>More steps toward the death of unsafe string functions.
<li>splassert (<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spl&sektion=9">spl(9)</a>) on sparc64.
<li>Add a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=creator&sektion=4&arch=sparc64">creator(4)</a> driver for sparc64 Creator and Creator3D cards.
<li>Jumbo <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lpr&sektion=1">lpr(1)</a> changes including IPv6 support, new features, and bugfixes.
<li>Still more hppa memory management and low-level code fixes.
<li>Simple pmap optimization on macppc.
<li>Did we mention the cleaning of the installation scripts, adding functionality yet reducing size?
<li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ddb&sektion=4">ddb(4)</a> to do a stack trace into the kernel message buffer.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isp&sektion=4">isp(4)</a> fixes.
<li><font color=#e00000><strong>SECURITY FIX: Fix incorrect ACL check when using BSD authentication in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>.</strong></font><br>
<a href="errata.html#sshbsdauth">A source code patch is available</a>.<br>
<a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
<li>Fix a memory leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a>.
<li>New systrace facility.
<li>Better Cyrix cpu support.
<li>ECN support.
<li>Support SNTP in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rdate&sektion=8">rdate(8)</a>.
<li>Fix infinite SIGFPE loop situations on vax.
<li>Remove unnecessary setuid bit from binaries that either do not need it or
whose functionality requiring root privileges should only be invoked by root
anyways, or which can be changed into a setgid bit for a specific group.
<li>Switch <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=skey&sektion=1">skey(1)</a> management to per-user directories instead of a flat file and drop setuid bit on related tools.
<li>Lots of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ppp&sektion=8">ppp(8)</a> goodies.
<li>New splassert (see <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spl&sektion=9">spl(9)</a>) debug functionality on sparc.
<li>Enable Altivec instructions in macppc kernels.
<li>Support more Hifn cards (7814, 7851, 7854) via the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nofn&sektion=4">nofn(4)</a> driver.
<li>OpenSSL 0.9.7.
<li>Completely rework <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=at&sektion=1">at(1)</a> and related binaries, and make them POSIX-compliant.
<li>More use of hardware crypto cards functionality via <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ubsec&sektion=4">ubsec(4)</a>.
<li>More hppa memory management fixes.
<li>binutils 2.11.2.
<li>Add per-gid filtering to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
<li>Switch <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=at&sektion=1">at(1)</a> to be setgid crontab as well.
<li>Handle host names resolving in several addresses in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
<li>Fix compilation warnings for various userland programs.
<li>Add a new user, crontab, and change <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cron&sektion=8">cron(8)</a> from being setuid root to being setgid crontab.
<li>Add per-uid filtering to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
<li>More <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=usb&sektion=4">usb(4)</a> support updates.
<li>More <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ubsec&sektion=4">ubsec(4)</a>
hackery to get it to do more crypto operations, and hack
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hifn&sektion=4">hifn(4)</a>
and
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lofn&sektion=4">lofn(4)</a>
to work with this.
<li>Your average extensive cleaning of the installation scripts, adding functionality yet reducing size.
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=adb&sektion=4&arch=powerpc">adb(4)</a> french keyboard layout on macppc.
<li>Switch ELF platforms to the native <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gprof&sektion=1">gprof(1)</a>.
<li>Obtain a better licence for the hppa spmath routines.
<li>Add an <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=url&sektion=4">url(4)</a> driver for Realtek RTL8150L-based USB cards.
<li>mvme88k pmap bugfixes.
<li>Various <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=usb&sektion=4">usb(4)</a> driver updates.
<li>Remove <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rlogin&sektion=1&manpath=OpenBSD+3.0">rlogin(1)</a>,
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rlogind&sektion=8&manpath=OpenBSD+3.0">rlogind(8)</a> and
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rexecd&sektion=8&manpath=OpenBSD+3.0">rexecd(8)</a>.
<li>Fix several wrong computations in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newfs&sektion=8">newfs(8)</a>.
<li>Workaround ghost pcibus detection in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pchb&sektion=4">pchb(4)</a>.
<li>Add a tuner driver for the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fms&sektion=4">fms(4)</a> radio cards.
<li>Allow userland to know which <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> rule created a specific state.
<li>Prevent a 3.0 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wsmoused&sektion=8&arch=i386">wsmoused(8)</a> binary from panic'ing the kernel.
<li>Enable privsep by default in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>.
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=find&sektion=1">find(1)</a>'s -anewer and -cnewer options behaviour.
<li>Sprinkle ptrdiff_t and size_t types instead of int all over the tree.
<li>Support LBA48 addressing in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wdc&sektion=4">wdc(4)</a>.
<li>Bring back TURBOchannel alpha hardware support.
<li>Fix a slightly incorrect behaviour of the device cloning in UKC (<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=boot_config&sektion=8">boot_config(8)</a>).
<li><font color=#e00000><strong>SECURITY FIX: cause the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=exec&sektion=3">exec(3)</a> to fail if we are unable to allocate resources when dup-ing <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=null&sektion=4">/dev/null(4)</a> to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fd&sektion=4">fd(4)</a>'s 0-2 for setuid programs.</strong></font><br>
<a href="errata.html#fdalloc2">A source code patch is available</a>.<br>
<a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
<li>Extended Attributes code updates.
<li>Improve PS/2 mouse port detection in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pckbc&sektion=4">pckbc(4)</a>.
<li>Better <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hifn&sektion=4">hifn(4)</a> initialisation and memory usage.
<li>Extensive cleaning of the installation scripts, adding functionality yet reducing size. No, you're not having a deja vu.
<li>Fix ethernet interrupt level on sparc, and rework the sparc interrupt framework.
<li>Better color depth detection in Xwsfb.
<li>64-bit fixes in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vmstat&sektion=8">vmstat(8)</a>.
<li>Improve dma processing in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bge&sektion=4">bge(4)</a>.
<li><font color=#e00000><strong>RELIABILITY FIX: constrain readdirplus request count in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mount_nfs&sektion=8">nfs(8)</a> filesystem.</strong></font><br>
<a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
<li>Switch macppc console from the rcons engine to the rasops engine.
<li>Extensive cleaning of the installation scripts, adding functionality yet reducing size. Yes, once again.
<li>Add IEEE754 floating point completion code on alpha.
<li>Improve dma processing in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gx&sektion=4">gx(4)</a>.
<li>Build the XFree86 GLX extension on sparc64.
<li>Hunt for outdated prototypes for character devices entry points and fix them.
<li>Switch mvme88k to the new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=MAKEDEV&sektion=8&arch=mvme68k">MAKEDEV(8)</a> generation framework.
<li>Implement the -s option in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=m4&sektion=1">m4(1)</a>, for it to be POSIX-compliant.
<li>Kill all mvme68k kernel compilation warnings.
<li>Assorted mac68k code cleanups.
<li>Shared key support in hostap mode in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a>.
<li>Make Xwsfb support <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tga&sektion=4&arch=alpha">tga(4)</a> cards on alpha.
<li>Fix a lock leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ami&sektion=4">ami(4)</a>.
<li><font color=#e00000><strong>SECURITY FIX: update <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sudo&sektion=8">sudo(8)</a> to sudo 1.6.6.</strong></font><br>
<a href="errata.html#sudo">A source code patch is available</a>.<br>
<a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
<li><font color=#e00000><strong>RELIABILITY FIX: avoid buffer overrun on PASV from a malicious server in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&sektion=1">ftp(1)</a>.</strong></font><br>
<a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
<li>Add a Soundforte radio driver, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sfr&sektion=4&arch=i386">sfr(4)</a>.
<li>Add dynamic interface -> address translation in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
<li>Add kernel hooks on ethernet interfaces, triggered by address changes.
<li>Extended Attributes code updates.
<li>Enable the Freetype library on sparc64.
<li>Add queueing in the kernel crypto framework.
<li>Make the system includes C++ friendly.
<li>Allow explicit filtering of non-reassembled fragments in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
<li>Support more hardware and fix stability issues in the mac68k <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sn&sektion=4&arch=mac68k">sn(4)</a> network driver.
<li>Improved Lithuanian keyboard map for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wscons&sektion=4">wscons(4)</a>.
<li><font color=#e00000><strong>SECURITY FIX: fix a buffer overflow in AFS/Kerberos token handling in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>, and send a complete ticket.</strong></font><br>
<a href="errata.html#sshafs">A source code patch is available</a>.<br>
<a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
<li>Fix a memory leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a>.
<li>Assorted hppa memory management fixes.
<li>Allow fractional delays in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=top&sektion=1">top(1)</a>.
<li>Enable upgrade functionality again on alpha installation media.
<li>Extensive cleaning of the installation scripts, adding functionality yet reducing size.
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1">cvs(1)</a> create the .cvspass file on a login operation if it does not exist, rather than failing.
<li>Extend mac68k disklabels to 16 partitions, like all the other platforms.
<li>Add cddb support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cdio&sektion=1">cdio(1)</a>.
<li>Support more network cards with the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dc&sektion=4">dc(4)</a> driver.
<li>Improve sparc pmap behaviour in some low memory conditions.
<li>sendmail 8.13.
<li>Switch mvme68k to the new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=MAKEDEV&sektion=8&arch=mvme68k">MAKEDEV(8)</a> generation framework.
<li>Improve the library logic in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld&sektion=1">ld(1)</a> to increase speed and decrease memory usage on a.out platforms.
<li>New mvme68k installation media.
<li>Change fpu probe routine on mac68k.
<li>Fix an obscure bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sed&sektion=1">sed(1)</a>.
<li>Support more wireless cards with the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> driver, and fix a few issues within.
<li>Fix 64-bit issues in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
<li>Remove the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wx&sektion=4&manpath=OpenBSD+3.0">wx(4)</a> driver,
which had been deprecated in favor of the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gx&sektion=4">gx(4)</a> driver.
</ul>
<p>
This list mentions mostly platform-independent changes. For a list of changes
made in a particular platform, please check the page for that platform. If you
find them not listed there, the changes are either (1) not being documented or
(2) are documented here.<br><br>
<hr>
<p>
<h3>
<a href="plus20.html">For changes leading up to OpenBSD 2.0, click here</a>.<br>
<a href="plus21.html">For changes leading up to OpenBSD 2.1, click here</a>.<br>
<a href="plus22.html">For changes leading up to OpenBSD 2.2, click here</a>.<br>
<a href="plus23.html">For changes leading up to OpenBSD 2.3, click here</a>.<br>
<a href="plus24.html">For changes leading up to OpenBSD 2.4, click here</a>.<br>
<a href="plus25.html">For changes leading up to OpenBSD 2.5, click here</a>.<br>
<a href="plus26.html">For changes leading up to OpenBSD 2.6, click here</a>.<br>
<a href="plus27.html">For changes leading up to OpenBSD 2.7, click here</a>.<br>
<a href="plus28.html">For changes leading up to OpenBSD 2.8, click here</a>.<br>
<a href="plus29.html">For changes leading up to OpenBSD 2.9, click here</a>.<br>
<a href="plus30.html">For changes leading up to OpenBSD 3.0, click here</a>.<br>
<a href="plus31.html">For changes leading up to OpenBSD 3.1, click here</a>.<br>
<br>
</h3>
<hr>
<a href="index.html"><img height=24 width=24 src="back.gif" border=0 alt="OpenBSD"></a>
<a href="mailto:www@openbsd.org">www@openbsd.org</a>
<br><small>$OpenBSD: plus.html,v 1.833 2002/07/10 06:48:01 deraadt Exp $</small>
</body>
</html>
![[BACK]](/icons/back.gif){kind=icon}
Return to plus.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www