<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML Strict//EN">
<html>
<head>
<title>OpenBSD-current changes</title>
<link rev="made" href="mailto:www@openbsd.org">
<meta name="resource-type" content="document">
<meta name="description" content="OpenBSD-current changes">
<meta name="keywords" content="openbsd,current,changes">
<meta name="distribution" content="global">
<meta name="copyright" content="This document copyright 1996-2002 by OpenBSD.">
</head>
<body bgcolor="#ffffff" text="#000000" link="#23238e">
<a href="index.html"><img alt="[OpenBSD]" height="30" width="141" src="images/smalltitle.gif" border="0"></a>
<p>
<h2><font color=#e00000>Changes made between OpenBSD 3.2 and OpenBSD-current</font><hr></h2>
<p>
This is a partial list of the major machine-independent changes
(i.e., these are the changes people ask about most often). Port
specific changes have also been made, and are sometimes mentioned
in the pages for the specific <a href="plat.html">platforms</a>.
<p>
Changes to the <a href="ports.html">ports</a> collection are documented
<a href="portsplus/index.html">here</a>.
<p>
Note: <font color=#e00000>Problems for which patches exist are marked in red</font>.
<p>
<h3>
For changes in other releases, click below:<br>
<a href="plus20.html">2.0</a>,
<a href="plus21.html">2.1</a>,
<a href="plus22.html">2.2</a>,
<a href="plus23.html">2.3</a>,
<a href="plus24.html">2.4</a>,
<a href="plus25.html">2.5</a>,
<a href="plus26.html">2.6</a>,
<a href="plus27.html">2.7</a>,
<a href="plus28.html">2.8</a>,
<a href="plus29.html">2.9</a>,
<a href="plus30.html">3.0</a>,
<a href="plus31.html">3.1</a>,
<a href="plus32.html">3.2</a>.
<br>
</h3>
<p>
<h3><font color=#0000e0>We are working on OpenBSD-current.</font></h3><p>
The following list sums up (almost) all the changes made up to December 14.
<p>
<ul>
<li>Fix some problems with the new inlined <ctype.h> functions on 64-bit architectures.
<!-- ^ 20021215 -->
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cdio&sektion=1">cdio(1)</a> deal properly with multiline CDDB responses.
<!-- ^ 20021214 -->
<li>Add a second 'priority' queue to be specified in a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=rule">pf(rule)</a>, currently used for low-delay ToS packets. Great for ToS-savvy programs like <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>.
<li>Revert <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nc&sektion=1">nc(1)</a> to the old behaviour, so it exits when the read descriptor is closed instead of requiring both read and write to close.
<li>Cosmetic fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&sektion=1">scp(1)</a>.
<li>Allow some ordering freedom for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> scrub rules.
<!-- ^ 20021213 -->
<li>Lots of firewire fixes. Add SCSI-over-FireWire support
<li>Compare all the bytes of a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> nat pools key, instead of comparing the first byte four times.
<li>Fix a linkage problem that stopped 'make build' working with DESTDIR set.
<!-- ^ 20021212 -->
<li>Remove setgid(kmem) from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=trpt&sektion=8">trpt(8)</a>.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pstat&sektion=8">pstat(8)</a> can now get the tty list using <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> insteam of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kvm_read&sektion=3">kvm_read(3)</a>.
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> logging so it works for non-translated calls too.
<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=close&sektion=2">close(2)</a> clobbering errno in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld&sektion=1">ld(1)</a>.
<li>Convert <ctype.h> macros into functions so they are consistent with those in libc.
<li>Change XDR.x_handy from int to u_int to avoid sign bugs.
<il>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ar&sektion=1">ar(1)</a> work more like its GNU and Solaris counterparts and not require an archive for the d,m,q and r operations.
<li>Fix an mbuf-related panic in kernel PF_KEY v2 code.
<li>More ANSIfication in /sbin.
<li>Fix a potential (non-exploitable) buffer overrun in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> macro FIX_PRECISION.
<li>Add missing <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=snprintf&sektion=3">snprintf(3)</a> error check to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=config&sektion=8">config(8)</a>.
<!-- ^ 20021211 -->
<li>When mounting the root partition via NFS, call <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inittodr&sektion=9">inittodr(9)</a> with the root filesystem's atime rather than its mtime (since it's likely to be read-only and pretty static.)
<li>Renumber some (debug only) <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tun&sektion=4">tun(4)</a> ioctls so they don't clash with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ppp&sektion=4">ppp(4)</a>.
<li>Make sure <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=user&sektion=8">user(8)</a> cleans up properly on failure by calling <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pw_abort&sektion=3">pw_abort(3)</a>.
<li>Check the interface is running first to avoid doing unnecessary STP processing in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a>.
<li>Before <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login_getcapstr&sektion=3">login_getcapstr(3)</a> destroys the information, check that the value of $SHELL given to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> is the same as the user's real shell.
<li>Remember to take the address of the structure on which we're using <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bzero&sektion=3">bzero(3)</a> in the libc stack protector code. <!-- "bug fix" is not a terribly helpful checkin comment. -Andre -->
<li>Hack <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=setsockopt&sektion=2">setsockopt(2)</a> under linux emulation so that SO_REUSEADDR works as expected.
<!-- ^ 20021210 -->
<li>Use libc's <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getopt_long&sektion=3">getopt_long(3)</a> instead of the private version found in a number of GNU programs.
<li>Fix a typo in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a> so that <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> actually gets applied to outbound frames...
<li>Yet more string function paranoia in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
<li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a> to set the STP path cost.
<li>Add support for regular expression matches in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> filters.
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>, don't allow 'permit' to be used on aliases.
<!-- ^ 20021209 -->
<li>Now that options to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> rules can mostly be in any order, check for and disallow repeated options.
<li>Handle '-' as stdin or stdout appropriately in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uniq&sektion=1">uniq(1)</a>.
<li>strncpy -> strlcpy in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=compress&sektion=1">compress(1)</a> accept most of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gzip&sektion=1">gzip(1)</a>'s long options. Some cleanup also.
<li>Continuing compatibility tweaks to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getopt_long&sektion=3">getopt_long(3)</a>.
<!-- ^ 20021208 -->
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> queue options can now be in any order. The 'scheduler' keyword is no longer used.
<li>More rule shrinkage: The 'fromto' part of a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> is now optional and defaults to 'all', so e.g. 'block' == 'block all' == 'block from any to any'. <!-- Another uncommented feature, r1.244 -->
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> anchor rules now support parameters, so 'anchor name proto tcp from any to any port smtp' works.
<li>Remove support for the '-a otp' flag from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=telnetd&sektion=8">telnetd(8)</a>. Use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login.conf&sektion=5">login.conf(5)</a> instead.
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=su&sektion=1">su(1)</a>'s -a flag work again.
<li>'pfctl -s' now prints out addresses in rules in the order they are entered.
<li>When <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=telnet&sektion=1">telnet(1)</a> receives a SIGPIPE when writing to the terminal, treat it like a user SIGQUIT.
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> use the actual interface MTU instead of assuming 1500.
<li>Convert string key hashes in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> to network byte order.
<li>Fix a bug in Xaw that reads the wrong error return from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=open&sektion=2">open(2)</a>.
<!-- ^ 20021207 -->
<li>All the games set up the RNG with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=srandomdev&sektion=3">srandomdev(3)</a> instead of by lesser means.
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> set the transform from the Default-Phase-1-Configuration.
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=srandomdev&sektion=3">srandomdev(3)</a> fall back to using sysctl if it can't open /dev/arandom.
<li>Make the libc <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getopt_long&sektion=3">getopt_long(3)</a> more compatible with GNU.
<li>Output from 'pfctl -v' is now valid input to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
<li>Make section and tag comparisons in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> case-insensitive.
<!-- ^ 20021206 -->
<li>Allow a null direction in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> rules, so e.g. 'block all' is now valid. <!-- Oh yes. Uncommented effect of r1.237 that introduced anchor rules. -->
<li>Add named rulesets support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>, invoked from 'anchor' rules in the main ruleset.
<li>Kernel memory allocation debugging can now be used anywhere - if the debugging pool is not yet initialised, it just does nothing.
<li>Fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getopt_long&sektion=3">getopt_long(3)</a>.
<li>Rule numbers are no longer output by 'pfctl -v'. Use '-v -v' to get them back.
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&sektion=1">scp(1)</a> handle systems with odd block sizes better.
<!-- ^ 20021205 -->
<li>Drop unnecessary altq devices from the kernel.
<li>Pass correct sizes to memset in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ping6&sektion=8">ping6(8)</a>.
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a> behave better when running spanning tree: Flush the dynamic MAC cache when the forwarding/blocking state changes, and only forward packets while in the forwarding state.
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> accept ACQUIRE requests with a null EXT_ADDRESS_SRC.
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>, apply a netmask consistently.
<!-- ^ 20021204 -->
<li>Crank the major version numbers of the X libraries.
<li>Continuing cleanup and shrinkage of the installer scripts.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=arp&sektion=8">arp(8)</a> now prints the interface name with which an address is associated.
<li>Big cleanup up <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mixerctl&sektion=1">mixerctl(1)</a>.
<li>Import a GNUish <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getopt_long&sektion=3">getopt_long(3)</a> from NetBSD.
<li>Add -4 and -6 command line options to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> to select the address family to use.
<li>Better MTU setting for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfsync&sektion=4">pfsync(4)</a>.
<li>Correct a missed initialiser in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=raid&sektion=4">raid(4)</a>.
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> play nice and shut down its sockets when it's done.
<!-- ^ 20021203 -->
<li>Crank all (system) library major numbers now that propolice is in.
<li>Make a copy of rather than just refer to a string in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld&sektion=1">ld(1)</a>. Cures some ports linking problems.
<li>Allow options at the end of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> pass and block rules to come in any order.
<li>Make the bandwidth specifier optional in altq rules (as well as queue rules.) As a side effect, the altq rules can now have "bandwidth xx%" where the percentage is taken w.r.t. the interface bandwidth.
<li>Implement legacy functions <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ecvt&sektion=3">ecvt(3)</a>, fcvt(3) and gcvt(3) for standards compliance.
<li>Add <a href="http://www.trl.ibm.com/projects/security/ssp">propolice</a> stack attack protection into <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc&sektion=1">gcc(1)</a>.
<li>Updated <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=unifdef&sektion=1">unifdef(1)</a>.
<!-- ^ 20021202 -->
<li>Don't have the X server drop privileges if started by root and from a non-standard config path.
<li>Tweaks and fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>'s ioctl code.
<!-- ^ 20021201 -->
<!-- ^ 20021130 -->
<li>Teach <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a> about <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfsync&sektion=4">pfsync(4)</a>.
<li>Add new pseudo-device <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfsync&sektion=4">pfsync(4)</a>, exposing changes to the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> state table.
<li>Kill a null deref in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
<li>Wrap some noisy altq printf()s with #ifdef ALTQ_DEBUG.
<!-- ^ 20021129 -->
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=file&sektion=1">file(1)</a> gets a new option, -b, which supresses the output of the pathname.
<li>Allow a qlimit to be specified in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> altq rules as well as in queue rules.
<li>Use a custom hash function (based on that in if_bridge.c) for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> source-hash nat pools instead of MD5.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a> checks for invalid icmp6 option length.
<!-- ^ 20021128 -->
<li>page_dir update fixed in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=realloc&sektion=3">realloc(3)</a>. MALLOC_OPTIONS=J is now honoured in realloc() as well.
<li>'fc -e' now works when <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ksh&sektion=1">ksh(1)</a> is invoked in 'sh' mode.
<li>Allow usernames given to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> to contain '@' characters, i.e. the hostname follows the last '@'.
<li>Tweaks to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> altq rules display.
<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=daemon&sektion=3">daemon(3)</a> closing descriptors that <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> needs.
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> read correctly the tbrsize spec.
<li>Fix underflow and wraparound in socket timeout calculation.
<li>Make IPv6 work in Linux emulation mode, though not for IPv4-mapped addresses.
<!-- ^ 20021127 -->
<li>The bandwidth statement in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> queue rules is now optional.
<li>Change <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a> ordering so translation is now after queue...
<li>Parse more include files so that <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kdump&sektion=1">kdump(1)</a> knows about more ioctls.
<li>Pass in the right structure to DIOCCHANGEADDR.
<!-- ^ 20021126 -->
<li>Fix 'pfctl -Fq' so <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=altq&sektion=9">altq(9)</a> gets flushed and reset properly.
<li>setuid() -> seteuid() in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftpd&sektion=8">ftpd(8)</a>.
<li>Tweak <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>'s handling of address families in rules.
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> fetch the address properly for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lo&sektion=4">lo(4)</a> with LINK1 set.
<li>Use 1KB = 1000B instead of 1024B when dealing with bandwidth in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
<li>Fix URL CRLF injection bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lynx&sektion=1">lynx(1)</a>.
<!-- Applied to 3.2-stable -->
<li>Add a missing check for snprintf errors in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=identd&sektion=8">identd(8)</a>.
<li>Protect arc4_getbyte() with an splhigh().
<li>Some cleanup in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=talkd&sektion=8">talkd(8)</a>.
<!-- ^ 20021125 -->
<li>When <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=malloc&sektion=3">malloc(3)</a> stats dumps are enabled, warn if <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atexit&sektion=3">atexit(3)</a> fails.
<li>Enforce new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a> ordering: options, normalization, translation, queue, filter.
<li>Copy TAILQs properly in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
<!-- ^ 20021124 -->
<li>Remove a potential access-after-free in libc's syslog code.
<li>New manual page <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc-local&sektion=1">gcc-local(1)</a> documenting OpenBSD-specific changes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc&sektion=1">gcc(1)</a>.
<li>So farewell, then, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=altqd&sektion=8&release=OpenBSD+3.2">altqd(8)</a> and friends.
<li>Better <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> altq rule error checking.
<li>Fix a potential null deref in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>'s parser, and some general cleanup.
<li>Make sure <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=authpf&sektion=8">authpf(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> don't try to issue ioctls when running with -n.
<!-- ^ 20021123 -->
<li>Implement 'nat pools' in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>, allow redirection using (nat, rdr, route-to, dup-to and reply-to) to multiple addresses.
<li>Improvements to the ELF loader.
<li>Some snprintf paranoia in BSD auth, also some extra initialisation.
<li>Added new example dir /usr/share/pf, and example queue rulebase /usr/share/pf/queue1 to show how cool pf+altq is.
<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=authpf&sektion=8">authpf(8)</a> accepting non-interactive sessions.
<li>'pfctl -v' displays altq and queue lines, including child queue assignment.
<li>Match the queue to the return type (icmp-unreach or RST) for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> block rules.
<li>Use a quad_t instead of an int, and fix rlimit sizing for >2GB machines.
<!-- ^ 20021122 -->
<li>Fix some <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strncpy&sektion=3">strncpy(3)</a> lengths in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=telnetd&sektion=8">telnetd(8)</a>.
<li>Add _tokenadm and _radius groups so their respective login programs can be setgid instead of setuid(root).
<li>Add _shadow group and change group and mode of /etc/spwd.db to match
<li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atoll&sektion=3">atoll(3)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strerror&sektion=3">strerror_r(3)</a> to libc.
<li>Add simple multiple-card load balancing to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=9">crypto(9)</a> and add a simplified driver registration API.
<li>Some int -> unsigned int in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>.
<li>New -n option for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslogd&sektion=8">syslogd(8)</a> to disable DNS lookups.
<!-- ^ 20021121 -->
<li>Correct a format string bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=routed&sektion=8">routed(8)</a>'s, er, Makefile.
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=at&sektion=1">at(1)</a> breakage when two jobs are set for the same time.
<li>Correct a use-before-init in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xterm&sektion=1">xterm(1)</a>.
<!-- ^ 20021120 -->
<li>Create a simple lookup table mechanism [dev/pci/pci.c:pci_matchbyid()] to match PCI device IDs, and have several drivers use it.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vi&sektion=1">vi(1)</a> catalog updates: Fix Russian, add Polish and Ukrainian.
<li>Fix an off-by-one when reading ICMP types and codes by name in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
<!-- ^ 20021119 -->
<li>Merge of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=altq&sektion=9">altq(9)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>, still some work left to do.
<li>Don't overwrite SIG{INT,QUIT,TERM} handlers in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> if they're set to ignore. This mirrors <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rsh&sektion=1">rsh(1)</a> behaviour.
<!-- ^ 20021118 -->
<!-- ^ 20021117 -->
<li>Make sure <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=skey&sektion=1">skey(1)</a> issues a fake challenge for a user without an S/Key file.
<!-- ^ 20021116 -->
<li>Enable the pthread library, but install it as libnpthreads so autoconf scripts don't pick it up and use it with -lpthread as well as using -pthread.
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftpd&sektion=8">ftpd(8)</a>, prohibit user id changes once logged in, and run more stuff as the logged-in user.
<li>Add 'Default-Phase-1-Configuration' to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>.
<li>Be more careful when loading RSA1 key files in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>.
<!-- ^ 20021115 -->
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>'s handling of multiple values and continuation lines.
<li>Improvements to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a> symbol lookup failure messages.
<li>Allow DNS queries from the initial rulebase loaded by /etc/rc, so <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> can load at boot-time rulebases containing DNS entries.
<!-- ^ 20021114 -->
<li><font color="#e00000"><strong>SECURITY FIX: A buffer overflow in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=named&sektion=8">named(8)</a> could allow an attacker to execute code with the privileges of named. On OpenBSD, named runs as a non-root user in a chrooted environment which mitigates the effects of this bug.</strong></font><br>
<a href="errata.html#named">A source code patch is available</a>.<br>
<a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
<li>Create links from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=curses&sektion=3">curses(3)</a> libs to ncurses, to satisfy autoconfiguration scripts that expect the latter instead of checking properly.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> scrub rules now are subject to the same list expansion as other rules.
<li>Add label macro '$if' to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a>, now we can have interfaces in expansion lists.
<li>Add some missing pointer initialisations in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
<!-- ^ 20021113 -->
<li>Add a null transform to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=4">crypto(4)</a>, enabled via sysctl kern.cryptodevallowsoft=1.
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>'s determination of the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=execve&sektion=2">execve(2)</a> filename.
<li>Kernel IPsec code checks for short IP headers.
<!-- ^ 20021112 -->
<!-- ^ 20021111 -->
<!-- ^ 20021110 -->
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> checks for invalid system call numbers.
<!-- ^ 20021109 -->
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=su&sektion=1">su(1)</a>'s login emultation mode work even more like <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login&sektion=1">login(1)</a>.
<li>Avoid a possible reference count leak in kernel file descriptor code.
<li>Remove bogus operations on the not-yet-existent file descriptor table in libc_r.
<!-- ^ 20021108 -->
<li>Implement simple vnodeops inheritance for specfs and fifofs,
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&sektion=1">ftp(1)</a> can now follow HTTP redirects.
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&sektion=1">scp(1)</a> properly reflect check the exit status of its <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> process if an error occurs.
<li>Fix some invalid pointers in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>'s <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ioctl&sektion=2">ioctl(2)</a> handler.
<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=makewhatis&sektion=8">makewhatis(8)</a> moaning about non-existent directories.
<li>Don't use the HostbasedAuthentication switch to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign&sektion=8">ssh-keysign(8)</a>; instead, add new option EnableSSHKeysign to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config&sektion=5">ssh_config(5)</a>.
<!-- XXX not added to ssh_config manpage though -->
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=groupdel&sektion=8">groupdel(8)</a> check that the named group exists.
<li>Allow '$' as the last character of a username, to appease Samba.
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>'s -e option (log to stderr) work.
<li>Make the minimum file rotation size 512 bytes instead of 512Kbytes...
<li>Rearrange payload length check for ESP packets so packets with NULL encryption are tested also.
<!-- Applied to 3.2-stable -->
<li>Don't allow a simple non-existent server to crash <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=altqstat&sektion=1">altqstat(1)</a>.
<!-- ^ 20021107 -->
<li>Solve problems static linking with -lpthread. (-static -pthread still broken.)
<li>Stop up a couple of memory leaks in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>.
<li>Fix a few bugs in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mount&sektion=8">mount(8)</a>, and make its command line arguments handling more consistent.
<li>Keep a correct reference count to the file referenced by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ioctl&sektion=2">ioctl(2)</a> under SVR4 emulation.
<!-- Applied to 3.2-stable -->
<!-- ^ 20021106 -->
<li>Gracefully handle broken firewalls that block ECN-enabled TCP sessions by falling back to non-ECN.
<li>Some thread-safety fixes to libc.
<li>Add a cast to handle properly size_t larger than u_int in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>.
<li>Fix some problems <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gzip&sektion=1">gzip(1)</a> had displaying information on files > 2GB.
<!-- ^ 20021105 -->
<li>Serve <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> a strong draught of CIDR (e.g. can use 10/8 now instead of 10.0.0.0/8.)
<li>-STABLE branch created for 3.2. <a href="errata.html#smrsh">smrsh</a>, <a href="errata.html#pfpridge">pfbridge</a> and <a href="errata.html#kadmind">kadmind</a> errata fixes applied to it.<br>
<li>When checking a filename in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>, don't fail when <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=realpath&sektion=3">realpath(3)</a> for the user's home directory - this happens legitimately when using AFS.
<!-- ^ 20021104 -->
<!-- ^ 20021103 -->
<li>Do a better job when comparing dynamic addresses in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> AF macros, operate on the whole address (all 128 bits) unless AF_INET is set.
<!-- ^ 20021102 -->
<!-- ^ 20021101 -->
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=perl&sektion=1">perl(1)</a>'s MakeMaker so manpages get installed the way we like.
<li>Plug a memory leak in IPv6 (ip6_output.c)
<!-- ^ 20021031 -->
<li>Make sure processes aren't added to the process list until they're completely initialised.
<li>Implement some 4.3BSD emulation functions in terms of setresuid() etc.
<li>Use the new setresuid() etc. calls for FreeBSD, HP-UX and Linux emulation of the same calls.
<li>Implement <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=setresuid&sektion=2">[gs]etres[gu]id(2)</a> system calls. Minor version bump for libc and libc_r.
<li>Many fixes to signal and fd handing under threads.
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> interface expansion.
<!-- ^ 20021030 -->
<li>Better GRE output from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a>.
<li>New -U option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chroot&sektion=8">chroot(8)</a> that sets the uid, gid and group vector from the password database.
<li>To a chorus of approval, add the 'set require-order [yes|no]' option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a>.
<!-- ^ 20021029 -->
<li>Remove a bogus test in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dd&sektion=1">dd(1)</a> that stopped a perfectly legal seek on a character device.
<li>Merge OpenSSL 2.2.18, fixing a cross-site scripting bug and two off-by-ones.
<!-- Applied to 3.2-stable -->
<li>Add a missing break statement in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>'s arguments parsing code.
<!-- ^ 20021028 -->
<li>Add getdents64() support under Linux emulation.
<li>Merge in Perl 5.8.0.
<li>Have pool elements' sizes rounded up to the alignment passed to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pool_init&sektion=9">pool_init(9)</a> instead of relying on the architecture's ALIGNBYTES value.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> can now do pointless-but-common WEP encryption in software for Prism and Symbol cards. Useful if your card doesn't do weak IV avoidance (or if you trust your BSD more than your hardware manufacturer,) and also serves as a framework for better wireless crypto protocols.
<li>The installer unpacks siteXX.{tgz,tar.gz} files last so that site-specific tarballs always overwrite standard files.
<li>Remove the error-prone and robustness-principle-defying 'flags X' (as opposed to 'flags X/Y') syntax from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>
<li>Be a little less 32-bit-centric in libcrypto.
<!-- ^ 20021027 -->
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=route6d&sektion=8">route6d(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rtsold&sektion=8">rtsold(8)</a> use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=poll&sektion=2">poll(2)</a> instead of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=select&sektion=2">select(2)</a> as well.
<li>Change <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atoi&sektion=3">atoi(3)</a> to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strtoul&sektion=3">strtoul(3)</a> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=route6d&sektion=8">route6d(8)</a>.
<!-- ^ 20021026 -->
<li>Change a number of header files so NULL is now defined as 0L instead of 0, and so is the same size as a pointer.
<li>Add to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chroot&sektion=8">chroot(8)</a> the ability to set the uid, gid and group vector after doing the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chroot&sektion=2">chroot(2)</a> call.
<li>Some additional paranoia added to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=authpf&sektion=8">authpf(8)</a>.
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> test rule labels as well when comparing rules.
<li>Fix a few instances where %ul was used instead of %lu.
<!-- ^ 20021025 -->
<li>Use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=poll&sektion=2">poll(2)</a> instead of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=select&sektion=2">select(2)</a> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ping6&sektion=8">ping6(8)</a>
<li>More picky argument parsing in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=traceroute6&sektion=8">traceroute6(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ping6&sektion=8">ping6(8)</a>.
<!-- ^ 20021024 -->
<li>A couple of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tmpnam&sektion=3">tmpnam(3)</a>s become <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mkstemp&sektion=3">mkstemp(3)</a> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a>.
<li>Lots of int -> u_long in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=traceroute6&sektion=8">traceroute6(8)</a>.
<!-- ^ 20021023 -->
<li>Correct an off-by-one in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a>.
<li>Fix a printf format string typo in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> apply the netmask to addresses right away, so bogus netmasks show up as munges network numbers in -v output.
<!-- ^ 20021022 -->
<li>Correct a couple of typos in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>'s ioctl() code.
<li>Fix a null deref in libc_r.
<li>Make sure the user process tally is right when kernel stack space can't be allocated for the new proc.
<li>Correctly count the total number of processes in the system.
<li><font color="#e00000"><strong>SECURITY FIX: A buffer overflow can occur in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kadmind&sektion=8">kadmind(8)</a> daemon, leading to possible remote crash or exploit.</strong></font><br>
<a href="errata.html#kadmin">A source code patch is available</a>.<br>
<a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
<!-- ^ 20021021 -->
<li>Add partial support for the 21145 chip to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dc&sektion=4">dc(4)</a>.
<!-- ^ 20021020 -->
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xconsole&sektion=1">xconsole(1)</a> get a pseudoterminal using <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=openpty&sektion=3">openpty(3)</a> instead of going all #ifdef.
<li>More NULL -> (void *)NULL, this time in XFree, to make sure varargs sentinel is pointer-width.
<!-- ^ 20021019 -->
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pax&sektion=1">pax(1)</a> now honours @LongLink, and has a new option to stop the next volume prompt.
<!-- ^ 20021018 -->
<li>Improved media support and a boundary check fix for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a>.
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=route&sektion=8">route(8)</a> correctly interpret -prefixlen 32 (or 128 for IPv6) network as a host route.
<li>Enable uvm_tree_sanity() check #ifdef DEBUG.
<li>Fix a potential null deref in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=route&sektion=8">route(8)</a>'s arguments parser.
<li>Renumber <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ch&sektion=4">ch(4)</a> CHIO* ioctls. Old definitions renamed to OCHIO*, binary backwards compatibility will be left in intact until post-3.3.
<li>Teach <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kdump&sektion=1">kdump(1)</a> to print AUDIO_* ioctls, and add a few missing syscall defines.
<li>Support <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fxp&sektion=4">fxp(4)</a> on big-endian architectures.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> allows protocols to be specified by a (valid) protocol number.
<li>Add a missing free() in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pflogd&sektion=8">pflogd(8)</a>.
<!-- ^ 20021017 -->
<li>Treat manually- and auto-configured IPv6 address prefixes the same way.
<li>For positively POSIX reasons, implement <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isfdtype&sektion=3">isfdtype(3)</a>.
<li>Bring <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pax&sektion=1">pax(1)</a>'s date handling code back into sync with that in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=date&sektion=1">date(1)</a>. Four digit years parse now.
<li>Start to break out machine-dependent parts of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=MAKEDEV&sektion=8">MAKEDEV(8)</a> into separate files.
<li>Send <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ksh&sektion=1">ksh</a>.kshrc label() and ilabel() output to /dev/tty insted of stdout, so command output streams doesn't get messed up.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> supports system call-granularity privilege elevation!
<li>Correct a typo in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> that was causing group predicates to be evaluated incorrectly.
<li>Range-check values given to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atactl&sektion=8">atactl(8)</a>.
<li>Better mask comparison for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> binat.
<!-- ^ 20021016 -->
<li>Remove the setuid bit from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login&sektion=1">login(1)</a>. If run with a non-root euid, it invokes <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=su&sektion=1">su(1)</a> with the new -L flag.
<li>Add '-L' flag to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=su&sektion=1">su(1)</a> to make it work like <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login&sektion=1">login(1)</a>.
<li>Enable the META key in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ksh&sektion=1">ksh(1)</a> for 7-bit locales.
<li>Make sure some varargs end-of-list sentinel NULLs are pointer-width.
<li>Fix a subtle dangling pointer bug in BSD auth.
<li>Sync Brazil's Daylight Savings Time handling with new reality.<br>
<a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=makewhatis&sektion=8">makewhatis(8)</a> grumbling about having Perl 5.8.x instead of 5.6.x.
<!-- ^ 20021015 -->
<li>In the X server, work around problems caused by certain MTRR configurations whose details are only available under NDA.
<li>Kernel tweaks and hacks in preparation for GCC 3.x (kern/subr_prf.c)
<li><font color="#e00000"><strong>A logic error in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pool&sektion=9">pool(9)</a> kernel memory allocator could cause memory corruption in low-memory situations, causing the system to crash.</strong></font><br>
<a href="errata.html#pool">A source code patch is available</a>.<br>
<a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> can now binat a whole netblock with one rule.
<!-- ^ 20021014 -->
<li>Remove a potential null pointer deref in BSD authentication code.
<li>Fix a bad printf format string in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftpd&sektion=8">ftpd(8)</a>. Non-critical because it's only ever fed by parts of the authentication system which sanitise the input first.
<li>Do some more unsigned checks to system call parameters, as with the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=setitimer&sektion=2">setitimer(2)</a> <a href="http://www.openbsd.org/errata31.html#kerntime">erratum</a>.<br>
<a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
<!-- ^ 20021013 -->
<li>Prepare the GNU floating-point emulation code on i386 for ELF.
<!-- ^ 20021012 -->
<li>Update <a href="stable.html">stable</a> to OpenSSH 3.5.
<li>Catch some endianness nits and add zero-padding of keys in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a>.
<li>Teach ALTQ CBQ the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> API. The old API remains for now.
<!-- ^ 20021011 -->
<li><font color="#e00000"><strong>RELIABILITY FIX: Network bridges running pf with scrubbing enabled could cause mbuf corruption, causing the system to crash.</strong></font><br>
<a href="errata.html#pfbridge">A source code patch is available</a>.<br>
<a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
<li>Fix a bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mbuf_tags&sektion=9">m_tag_copy_chain()</a>.
<!-- ^ 20021010 -->
<li>Hush up noisy IPv6 neighbor discovery. Can be made loud again using sysctl net.inet6.icmp6.nd6_debug.
<!-- ^ 20021009 -->
<li><font color="#e00000"><strong>SECURITY FIX: An attacker can bypass the restrictions imposed by sendmail's restricted shell, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=smrsh&sektion=8">smrsh(8)</a>, and execute arbitrary commands with the privileges of his own account.</strong></font><br>
<a href="errata.html#smrsh">A source code patch is available</a>.<br>
<a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
<li>Make predicates part of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>'s grammar.
<!-- ^ 20021008 -->
<li>Start work on a merge of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=altq&sektion=9">altq(9)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> functionality. Oh yes.
<li>Add a missing htons() in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=talkd&sektion=8">talkd(8)</a>.
<li>In pmdb, fix a crash that occurred when an attempt to set a breakpoint failed.
<li>Support SA_RESETHAND support to libc_r, in preparation for SA_SIGINFO support.
<li>Merge in Apache 1.3.27 and mod_ssl 2.8.11.
<li>New block-policy option to set the default response to a block rule.
<li>More rulebase reduction: "block return ..." now does The Right Thing, RST for TCP, ICMP for UDP, silent block otherwise.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> support for icmpv6 returns in response to block rules.
<li>New reply-to rule option for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>, works like route-to but applies to reply packets in a stateful connection.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> restarts work even when srm.conf is not present.
<li>Have the X server complain less about unknown scancodes.
<!-- ^ 20021007 -->
<li>Initialise the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uvm&sektion=9">uvm</a>_pglistalloc result list in the function, instead of requiring the caller to do it.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslog&sektion=3">syslog(3)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslog_r&sektion=3">syslog_r(3)</a> now take the new __syslog__ format attribute.
<li>Make the default <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> config files use php4 instead of php3.
<!-- ^ 20021006 -->
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> expands lists left-to-right instead of right-to-left.
<li>Teach <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> how to filter on the IP TOS field.
<!-- ^ 20021005 -->
<li>Fix list handling problem in ALTQ CBQ that showed up with three or more CBQ instances.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=smtpd&sektion=8&release=OpenBSD+3.2">smtpd(8)</a> has left the building.
<li>By default, add the -H option to the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sort&sektion=1">sort(1)</a> invoked by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=locate.updatedb&sektion=8">locate.updatedb(8)</a>.
<li>Give <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=window&sektion=1">window(1)</a> the stdarg treatment.
<li>When routing via <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>, use the outgoing interface as decided by the normal routing code, not the interface to which the rule applies.
<li>Fix cross-site scripting vulnerability (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0840">CAN-2002-0840</a>) in the default error page of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a>. Only applies under specific (and non-OpenBSD default) conditions.
<a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
<!-- ^ 20021004 -->
<li>In kernel IP processing, block interrupts with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=splsoftnet&sektion=9">splsoftnet(9)</a> around interface address routing table manipulations.
<li>Make sure <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> doesn't accept out-of-range TX keys.
<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ami&sektion=4">ami(4)</a> matching I2O-configured devices.
<li>3.2 -> 3.2-current.
<!-- ^ 20021003 -->
</ul>
<p>
This list mentions mostly platform-independent changes. For a list of changes
made in a particular platform, please check the page for that platform. If you
find them not listed there, the changes are either (1) not being documented or
(2) are documented here.<br><br>
<hr>
<p>
<h3>
For changes in other releases, click below:<br>
<a href="plus20.html">2.0</a>,
<a href="plus21.html">2.1</a>,
<a href="plus22.html">2.2</a>,
<a href="plus23.html">2.3</a>,
<a href="plus24.html">2.4</a>,
<a href="plus25.html">2.5</a>,
<a href="plus26.html">2.6</a>,
<a href="plus27.html">2.7</a>,
<a href="plus28.html">2.8</a>,
<a href="plus29.html">2.9</a>,
<a href="plus30.html">3.0</a>,
<a href="plus31.html">3.1</a>,
<a href="plus32.html">3.2</a>.
<br>
</h3>
<hr>
<a href="index.html"><img height=24 width=24 src="back.gif" border=0 alt="OpenBSD"></a>
<a href="mailto:www@openbsd.org">www@openbsd.org</a>
<br><small>$OpenBSD: plus.html,v 1.851 2002/12/15 21:47:45 deraadt Exp $</small>
</body>
</html>
![[BACK]](/icons/back.gif){kind=icon}
Return to plus.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www