<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>OpenBSD-current changes</title>
<link rev="made" href="mailto:www@openbsd.org">
<meta name="resource-type" content="document">
<meta name="description" content="OpenBSD-current changes">
<meta name="keywords" content="openbsd,current,changes">
<meta name="distribution" content="global">
<meta name="copyright" content="This document copyright 1996-2002 by OpenBSD.">
</head>
<body bgcolor="#ffffff" text="#000000" link="#23238e">
<a href="index.html"><img alt="[OpenBSD]" height="30" width="141" src="images/smalltitle.gif" border="0"></a>
<p>
<h2><font color="#e00000">Changes made between OpenBSD 3.4 and OpenBSD-current</font></h2>
<hr>
<p>
This is a partial list of the major machine-independent changes
(i.e., these are the changes people ask about most often). Port
specific changes have also been made, and are sometimes mentioned
in the pages for the specific <a href="plat.html">platforms</a>.
<p>
Changes to the <a href="ports.html">ports</a> collection are documented
<a href="portsplus/index.html">here</a>.
<p>
Note: <font color="#e00000">Problems for which patches exist are marked in red</font>.
<p>
<h3>
For changes in other releases, click below:<br>
<a href="plus20.html">2.0</a>,
<a href="plus21.html">2.1</a>,
<a href="plus22.html">2.2</a>,
<a href="plus23.html">2.3</a>,
<a href="plus24.html">2.4</a>,
<a href="plus25.html">2.5</a>,
<a href="plus26.html">2.6</a>,
<a href="plus27.html">2.7</a>,
<a href="plus28.html">2.8</a>,
<a href="plus29.html">2.9</a>,
<a href="plus30.html">3.0</a>,
<a href="plus31.html">3.1</a>,
<a href="plus32.html">3.2</a>,
<a href="plus33.html">3.3</a>,
<a href="plus34.html">3.4</a>.
<br>
</h3>
<p>
<h3><font color="#0000e0">We are working on OpenBSD-current.</font></h3><p>
The following list sums up (almost) all the changes made up to November 10.
<p>
<ul>
<li>Merge in OpenSSL 0.9.7c.
<li>Some nonportable syntactic sugar for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dc&sektion=1">dc(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bc&sektion=1">bc(1)</a>.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=free&sektion=9">free(9)</a>ing stack variables is a bad idea, don't do it in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ubsa&sektion=4">ubsa(4)</a>.
<li>Don't leak memory from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a> if the library name is invalid.
<li>Better parsing of library version numbers in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a>, so 'libpython2.1.so.0.0' and 'libpython2.2.so.0.0' can coexist in peace.
<li>New 'print' statement for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bc&sektion=1">bc(1)</a>, a non-portable extension.
<!-- ^ 20031111 -->
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ksh&sektion=1">ksh(1)</a>'s handling of redirection of a file to the same file, e.g. '2>&2'.
<li>Add more privacy flags to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a> cf/openbsd-proto.mc, requiring HELO/EHLO and disabling EXPN/VRFY.
<li>Add a classic paper on password security in /usr/share/doc/smm/17.password.
<li>Send <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=diff&sektion=1">diff(1)</a> output 'no newline at end of file' to stderr instead of stdout, for compatibility.
<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pkg_add&sektion=1">pkg_add(1)</a> considering as errors attempts to add an already-added package.
<!-- ^ 20031110 -->
<li>Keep track of errors when adding multiple packages with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pkg_add&sektion=1">pkg_add(1)</a>, and set a useful error code on return.
<li>Remove the automatic setting of packing-list prefix from the first @cwd.
<li>Restore printing of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vlan&sektion=4">vlan(4)</a> information in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifconfig&sektion=8">ifconfig(8)</a>, accidentally broken when <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4">carp(4)</a> was added.
<li>Really fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a> insert-file.
<li>Safer region handling in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a>.
<li>Restore the terminal correctly when aborting out of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a>.
<li>Undo the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a> insert-file operation properly.
<!-- ^ 20031109 -->
<li>Unbreak the anchor rule number returned by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfsync&sektion=4">pfsync(4)</a>.
<li>Avoid a race condition when swapping in a process.
<li>On i386, fix a crash that occurred with a large number (>1500) of processes (PR#3528.)
<li>New 'no sync' state option to prevent state transitions for a particular rule appearing on the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfsync&sektion=4">pfsync(4)</a> interface.
<!-- ^ 20031108 -->
<li>Check that <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4">carp(4)</a> packets are received on a carp-enabled interface.
<li>Fix setting of the interface index for IPv6 link-local multicast joins.
<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4">carp(4)</a> responding to ARPs when the interface is down.
<li>Fix a buffer overflow in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sed&sektion=1">sed(1)</a> when doing regex substitutions. From FreeBSD.
<!-- ^ 20031107 -->
<li>Add non-portable extensions to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dc&sektion=1">dc(1)</a>: '#' (comment), 'n' (print without newline) and 'a' (byte to char).
<li>Better <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pkg_add&sektion=1">pkg_add(1)</a> dependency resolution.
<li>Don't call the post-install script of packages that didn't fully install, and allow such packages to be fully removed.
<li>Let <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pkg_add&sektion=1">pkg_add(1)</a> install packages coming from stdin.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pkg_delete&sektion=1">pkg_delete(1)</a> allows the path to an installed package on the command line, so e.g. 'pkg_delete /var/db/pkg/zsh-*' now works.
<li>The package tools now automatically use the target of the first @cwd in the packing list as the prefix.
<li>Temporarily back out the recent reordering of interface capability tests and pf_test(). <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> rdr rules are now generating some bogus checksums.
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>, require encrypted messages are soon as we have the keystate for it, require DELETE payloads to be accompanied by HASHes, and add validation for HASH payloads without active exchanges.
<li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> tags to use the same macros as labels (see <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a>.)
<li>Teach <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gdb&sektion=1">gdb(1)</a> about SIGINFO (PR#3173.)
<li>Add commented-out LoadModule config lines, along with a short description, for each <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> module in the standard build.
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newfs&sektion=8">newfs(8)</a> don't write the magic to the superblock until filesystem creation is completed.
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a>'s display of IPv6 link-local multicast addresses.
<!-- ^ 20031106 -->
<li>Redo the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wdc&sektion=4">wdc(4)</a> drive reset changes, more cautious this time.
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a>'s -x flag work for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfsync&sektion=4">pfsync(4)</a> devices.
<!-- ^ 20031105 -->
<li>Use hash tables where possible for listen socket lookup as well.
<li>Add a route when we're the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4">carp(4)</a> master host, so the local machine can use the common address.
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pkg_create&sektion=1">pkg_create(1)</a> spot duplicate packaging list entries and die noisily when it does so.
<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4">carp(4)</a> pretending that everything it sends to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bpf&sektion=4">bpf(4)</a> comes from AF_INET6.
<li>Add GNU-compatible 'r' operator (swaps the top two stack items) to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dc&sektion=1">dc(1)</a>.
<li>Kill an IPv4 pasto in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4">carp(4)</a> IPv6 support when setting the interface address.
<!-- ^ 20031104 -->
<li><font color="#e00000"><strong>RELIABILITY FIX: It is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header.</strong></font><br>
<a href="errata.html#exec">A source code patch is available</a>.<br>
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pkg_delete&sektion=1">pkg_delete(1)</a> handle dependencies properly when using package name stems.
<li>Don't try to free a static string when checking <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> host keys.
<li>In regular (non-<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>) IP output code, defer the interface tests for hardware IPsec and checksum capability until after pf_test(), since pf might drop the packet, or send it to a different interface.
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>-routed packets check the target interface for hardware IPsec and checksum capability.
<li>Fix a memory leak when <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4">carp(4)</a> fails to put the interface into promiscuous mode.
<li>Add a missing check in IPv6 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4">carp(4)</a> for an interface on its way down.
<!-- ^ 20031103 -->
<li>Preserve the debug flag when enabling <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
<!-- ^ 20031102 -->
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=top&sektion=1">top(1)</a>, check for signals at the right time and handle stdin failures better.
<!-- ^ 20031101 -->
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=patch&sektion=1">patch(1)</a> determine the filename in same manner as GNU patch.
<li>New --posix option for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=patch&sektion=1">patch(1)</a> for, uh, strict POSIX conformance.
<li>Set pkgpath in the correct order in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pkg_add&sektion=1">pkg_add(1)</a> etc.
<li>Re-add the SATA mode detection and reset-pause-IDENTIFY fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wdc&sektion=4">wdc(4)</a>. Drive reset fixes need further testing.
<li>Allocate the right number of elements in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hashinit&sektion=9">hashinit(9)</a> (PR#3537.)
<li>Look up the groupname (not the username) when getting the gid from a tarfile in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pkg_add&sektion=1">pkg_add(1)</a> and friends. Also set file ownership before the mode.
<li>Add IPv6 support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4">carp(4)</a>.
<li>Sync libedit to NetBSD as of 2003-10-01, with some local string cleaning and history bug fixes. There are some api changes as a result of this update.
<li>New port, <a href="http://www.openbsd.org/pegasos.html">OPENBSD/pegasos</a>.
<li>Fix insufficient length check in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=route6d&sektion=8">route6d(8)</a> (KAME PR#507.)
<!-- ^ 20031031 -->
<li>Try to deal with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strdup&sektion=3">strdup(3)</a> failures in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=init&sektion=8">init(8)</a>.
<li>More detective work from the spelling police, double-word branch.
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lc&sektion=4">lc(4)</a> multicast filter initialisation.
<!-- ^ 20031030 -->
<li>Backout recent <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wdc&sektion=4">wdc(4)</a> reset, identify and mode detection changes, they are breaking things.
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> binat for incoming connections when a netblock (not just a single address) is used as the rule source (PR#3535.)<br>
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
<li><font color="#e00000"><strong>RELIABILITY FIX: A user with write permission to httpd.conf or a .htaccess file can crash <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> or potentially run arbitrary code as the user</strong> www <strong> (although it is believed that ProPolice will prevent code execution.)</strong></font><br>
<a href="errata.html#httpd">A source code patch is available</a>.<br>
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
<!-- ^ 20031029 -->
<li>Do a better job of finding the proper partition in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=growfs&sektion=8">growfs(8)</a>.
<li>Evaluate dependencies earlier in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pkg_delete&sektion=1">pkg_delete(1)</a>, and if the check fails just give a list of the required removals and quit.
<li>Don't die if getsockopt(..., TCP_NODELAY, ...) fails in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>.
<!-- ^ 20031028 -->
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wdc&sektion=4">wdc(4)</a>, add a pause between a drive reset and an IDENTIFY command, to allow for units that are sick just after a reset.
<li>Don't do ATA mode detection for SATA drives, some drives really don't like it.
<li>Set the skew properly when rescheduling <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4">carp(4)</a> advertisements.
<li>Fix an <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a> startup crash.
<li>Don't schedule a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4">carp(4)</a> advertisement if the interface is on its way down and we run out of mbufs.
<li>Really stop sending advertisements if the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4">carp(4)</a> interface is downed.
<!-- ^ 20031027 -->
<li>Set the maximum value for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> kern.stackgap_random maximum to 256MB.
<li>Remove artificial limit on the number of partitions that may be stretched by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=growfs&sektion=8">growfs(8)</a>.
<li>Early support in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> for PRISM 2.5/3 USB adapters. Very limited for now.
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wdc&sektion=4">wdc(4)</a> reset code more like that in FreeBSD and NetBSD, fixing slave device detection when the master behaves strangely.
<!-- ^ 20031026 -->
<li>Reorganise <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> state searches for a 30% memory saving.
<li>Don't leak mbufs on carp_output() failures.
<li>Replace a linked list with a hash table for local IP port lookup, dramatically reducing the lookup time (in_pcblookup()) when there are many sockets.
<li>Precompute as much of the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4">carp(4)</a> sha1 hash as possible.
<!-- ^ 20031025 -->
<li>Prevent occasional <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslogd&sektion=8">syslogd(8)</a> hangs on receipt of a SIGHUP with a modified syslog.conf file.
<li>Remove a few comparisons of an int to NULL.
<li>Do <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=initgroups&sektion=3">initgroups(3)</a> before chrooting <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> instead of after, since /etc/group may be of use.
<li>Stop the new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bpf&sektion=4">bpf(4)</a> write filter blocking everything when no filter is set, and so unbreak DHCP.
<!-- ^ 20031024 -->
<li>Only try to remove a dependent package once in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pkg_delete&sektion=1">pkg_delete(1)</a>.
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4">carp(4)</a>, stir in the full inner hash instead of just sizeof(pointer) bytes of it.
<li>Finally, stop the long long pause for i386 laptop users with disconnected floppy drives.
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pkg_info&sektion=1">pkg_info(1)</a> do the right thing with multiple packages sharing a common stem, e.g. multiple responses for 'pkg_info autoconf'.
<li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pkg_delete&sektion=1">pkg_delete(1)</a> to work with package name stems. Oh yes.
<!-- ^ 20031023 -->
<li>Another missing <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strdup&sektion=3">strdup(3)</a> error check, this time in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tn3270&sektion=1">tn3270(1)</a>.
<li>Reduce the amount of logging <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&sektion=8">spamd(8)</a> does by default. The new -v option does verbose logging.
<li>Have privilege-separated <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslogd&sektion=8">syslogd(8)</a> call setgroups when changing dropping privileges, in line with the same change in newly-separated <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pflogd&sektion=8">pflogd(8)</a>.
<li>Fix a panic when traversing a corrupt msdos filesystem. From NetBSD.<br>
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
<li>Implement privilege separation in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pflogd&sektion=8">pflogd(8)</a>. Requires creation of _pflogd user and group.
<li>Add locking and write-filtering to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bpf&sektion=4">bpf(4)</a>, so programs running as non-root can hold bpf descriptors without being able to write whatever they like at the link layer or issue dangerous <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ioctl&sektion=2">ioctl(2)</a>s.
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dc&sektion=1">dc(1)</a>'s J operator with the new extended comparisons.
<li>Switch <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4">carp(4)</a> from keyed sha1 to hmac-sha1.
<li>Implement extended comparison operators in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dc&sektion=1">dc(1)</a>, to allow for an if ... else construct in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bc&sektion=1">bc(1)</a>.
<li>Make un-getting a character from a string work the same as from a file in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dc&sektion=1">dc(1)</a>.
<li>Fix a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a> file descriptor leak under libpthread.
<li>In libpthread, don't bother resetting O_NONBLOCK on descriptors that are not flagged to survive the imminent <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=execve&sektion=2">execve(2)</a>.
<!-- ^ 20031022 -->
<li>Add missing <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strdup&sektion=3">strdup(3)</a> error check in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tic&sektion=1">tic(1)</a>.
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a>, make undo work per-window instead of per-buffer.
<li>Fix late definition of enum XML_Status in <expat.h>. From expat CVS.
<li>A huge number of comment spelling fixes all over the tree.
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> choke on too-short GSSAPI OIDs.
<!-- ^ 20031021 -->
<li>Switch over to the new package tools.
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstart&sektion=8">netstart(8)</a>, don't try to initialise <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4">carp(4)</a> interfaces until after physical interfaces are configured.
<li>Fix an endianness bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4">carp(4)</a> sha1 code.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=realloc&sektion=3">realloc(3)</a> cleanup in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ppp&sektion=8">ppp(8)</a>.
<li>Stop all <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4">carp(4)</a> hosts advertising master status when preempt is disabled.
<li>When doing <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4">carp(4)</a>, Only give an error in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifconfig&sektion=8">ifconfig(8)</a> when the user tries to set both of advbase and advskew to zero.
<!-- ^ 20031020 -->
<li>Correct a missing <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strdup&sektion=3">strdup(3)</a> return value check in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nc&sektion=1">nc(1)</a>.
<li>Fix numfds==0 case in pthreads-optimised <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=select&sektion=2">select(2)</a>.
<li>Add functions to find package name 'stems' (package names without the version number) and use them in the soon-to-be-enabled new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pkg_info&sektion=1">pkg_info(1)</a>.
<li>Add direct support in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=named&sektion=8">named(8)</a> for SSHFP resource records.
<!-- ^ 20031019 -->
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bc&sektion=1">bc(1)</a>'s assignment operators (+=, -= etc.)
<li>Add J(jump) and M(mark) operators in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dc&sektion=1">dc(1)</a>, and use them to implement the continue statement in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bc&sektion=1">bc(1)</a>.
<li>Fix out-of-bounds reads in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=make&sektion=1">make(1)</a>, libfreetype and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xterm&sektion=1">xterm(1)</a>.
<!-- ^ 20031018 -->
<li>Make the recent <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vnd&sektion=4">vnd(4)</a> numbering change work the way it should.
<li>Enter <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4">carp(4)</a>, OpenBSD's Common Address Redundancy Protocol for IP high availability and load balancing.
<li>Unbreak <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> SHA1 code on 64-bit architectures.
<li>Make sure the inode generation number (obtained using arc4random()) is positive.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pciide&sektion=4">pciide(4)</a> DMA reliability fixes. From NetBSD.
<!-- ^ 20031017 -->
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strlcpy&sektion=3">strlcpy(3)</a> -> <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=memcpy&sektion=3">memcpy(3)</a> for non-string buffers in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vi&sektion=1">vi(1)</a>, along with some extra paranoia.
<li>Check for signals earlier in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mountd&sektion=8">mountd(8)</a>, so they can be handled before we <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=select&sektion=2">select(2)</a> until a mount request comes in.
<li>Import new package management tools under src/usr.sbin/pkg_add. Not built by default yet.
<li>New 'G' malloc.conf option to add a guard page after pagesize-or-larger chunks, and to return less-than-pagesize chunks in random order.
<li>Better SATA support in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wdc&sektion=4">wdc(4)</a>.
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=faithd&sektion=8">faithd(8)</a> args to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=poll&sektion=2">poll(2)</a>.
<!-- ^ 20031016 -->
<li>Fix a out-of-bounds read in libcurses.
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tip&sektion=1">tip(1)</a> return the terminal to a sensible state on fatal errors.
<li>Change <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=malloc&sektion=3">malloc(3)</a> so that it aborts the process on any error other than running out of memory. This is different to the 'A' malloc.conf switch that aborts on any error.
<!-- ^ 20031015 -->
<li>More randomness for temporary directories created by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>.
<li>Switch on the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> DNS fingerprint (sshfp) lookup code, previously not build by default. Still needs switched on in the config file.
<li>Make e.g. 'MAKEDEV tty08 - tty7f' work.
<li>Only endian-flip the fragment offset once on IPv6 input.
<!-- ^ 20031014 -->
<li>Do a hardware receive checksum in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sk&sektion=4">sk(4)</a> too, working around the fact that sometimes the hardware gets it wrong.
<li>On <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=em&sektion=4">em(4)</a> devices that support it, offload receive checksum calculation to the hardware. From FreeBSD.
<li>Update timezone files again, this time to tzcode2003d.
<li>Bring <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bge&sektion=4">bge(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=brgphy&sektion=4">brgphy(4)</a> more in line with updates in FreeBSD and NetBSD, both bug fixes and additional device support.
<li>Remember the filename given when using ^X^W in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a>.
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=shmat&sektion=2">shmat(2)</a> under Linux compat work as expected.
<li>Fix a buffer overflow in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=timedc&sektion=8">timedc(8)</a>. Found by FreeBSD, fixed differently here.
<!-- ^ 20031012 -->
<li>Add division and modulus operator '~' to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dc&sektion=1">dc(1)</a>.
<li>Remove GNU bc and dc from the tree.
<li>Merge in expat 1.95.6 from XFree86 4.3.99.14.
<li>Search for keys in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> agent in reverse order to solve duplicate key problems (OpenSSH bug #684.)
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> option ForwardX11 now has <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xauth&sektion=1">xauth(1)</a> generate untrusted keys by default. Option ForwardX11Trusted restores the old behaviour.
<li>Change <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vnd&sektion=4">vnd(4)</a> major/minor numbering to allow more devices. Requires a MAKEDEV.
<!-- ^ 20031011 -->
<li>Do nfs-specific 'test -x' stuff in the right order in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ksh&sektion=1">ksh(1)</a> (PR#3465.)
<li>More work on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vr&sektion=4">vr(4)</a>.
<li>Have the linker generate a warning when using 43compat's <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getwd&sektion=3">getwd(3)</a>.
<li>Better calibration code for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=auich&sektion=4">auich(4)</a>. From FreeBSD/NetBSD.
<!-- ^ 20031010 -->
<!-- ^ 20031009 -->
<li>Re-enable the random increment on the return value of uvm_map_hint() (called by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uvm_map&sektion=9">uvm_map(9)</a>.)
<li>Install a sample config file for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sensorsd&sektion=8">sensorsd(8)</a>.
<li>Prevent symlink races in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>.
<li>Have GSSAPI default to off in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> client as well as the server.
<li>Unbreak <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> on 64-bit architectures.
<li>Hack <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> so digest authentication works with IE, Safari, etc. From FreeBSD.
<li>Fix potential signedness bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fgets&sektion=3">fgets(3)</a> (PR#1709.)
<!-- ^ 20031008 -->
<li>Correct __bounded__ attributes for {MD4,MD5,RMD160,SHA1}DATA functions (PR#3505.)
<li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newfs&sektion=8">newfs(8)</a> to build small filesystems again by making sure ncyls >= 2.<br>
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
<li>Plug a memory leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a>.
<li>Add nfs attribute cache tuning parameters to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mount_nfs&sektion=8">mount_nfs(8)</a> (Inspired by PR#2567.)
<li>Kill a null deref in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=make&sektion=1">make(1)</a>.
<li>Allow a semicolon to terminate label strings in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sed&sektion=1">sed(1)</a>, so one-liners with labels can work.
<li>A few string and memory fixes in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rup&sektion=1">rup(1)</a>.
<li>Stability fixes for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vr&sektion=4">vr(4)</a>. From FreeBSD.
<li>Add arc4 support to the kernel, and have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> use it instead of rolling its own.
<li>Unbreak <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a>'s handling of quotes in pathnames.
<li>More propolice fixes and improvements.
<!-- ^ 20031007 -->
<li>Remove <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> addon-breaking <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newsyslog.conf&sektion=5">newsyslog.conf(5)</a> sample lines.
<li>Install <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sensorsd&sektion=8">sensorsd(8)</a> by default.
<li>Really really give xfs a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=poll&sektion=2">poll(2)</a> backend.
<li>Fix a badly broken <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc&sektion=1">gcc(1)</a> optimisation when calculating structure offsets under certain conditions. See the <a href="http://www.openbsd.org/cgi-bin/cvsweb/src/gnu/egcs/gcc/combine.c#rev1.5">commit log</a> for details.
<li>Unbreak <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lge&sektion=4">lge(4)</a> compile.
<li>Update timezone info files to tzcode2003c.
<!-- ^ 20031006 -->
<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=em&sektion=4">em(4)</a> stripping 802.1q headers from packets in a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a>.
<li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vlan&sektion=4">vlan(4)</a> support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=em&sektion=4">em(4)</a>.
<li>Avoid a division-by-zero panic when benchmarking the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pchb&sektion=4">pchb(4)</a> RNG device.
<li>A couple of read-from-device fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=an&sektion=4">an(4)</a>. From FreeBSD.
<!-- ^ 20031005 -->
<li>Remove non-free licensed <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xlock&sektion=1">xlock(1)</a> bitmaps.
<li>Properly free resources when ffs_mountroot() fails.
<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> crashing when the value for LIFE_DURATION is missing.
<li>Back out the new environment variable load in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a> due to sparc breakage.
<li>Unbreak the new xfs poll backend.
<li>Fix a long-standing memory leak in kernel libz (PR#2886.) From NetBSD.
<li>Print a more useful error message when a bad port number is given to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=whois&sektion=1">whois(1)</a>.
<li>Fix broken time parsing in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kadmin&sektion=8">kadmin(8)</a> (PR#3292.)
<!-- ^ 20031004 -->
<li>Initialise environment variables in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a> before calling constructors and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atexit&sektion=3">atexit(3)</a> functions
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inetd&sektion=8">inetd(8)</a> exit if no config file is found.
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a> submit.mc/cf, bind the msp to 127.0.0.1 instead of localhost just in case localhost doesn't resolve correctly.
<li>Teach <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a> how to deal with KAME embedded scope IDs for -f encap route dumps.
<li>Use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=arc4random&sektion=3">arc4random(3)</a> to generate cookies in the XSecurity extension.
<li>Fix a few off-by-ones in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gethostbyname&sektion=3">gethostbyname(3)</a> and friends.
<li>Allow multiple RCPTs in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&sektion=8">spamd(8)</a>, and stop looping on invalid commands.
<li>Bring in a number of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pipe&sektion=2">pipe(2)</a> stability fixes from FreeBSD.
<!-- ^ 20031003 -->
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a>'s handling of SSLCertificateChainFile under the chroot.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> usage output now dumps the OpenSSL version too.
<li>Don't try to send incomplete IPv4 fragments in the ENOBUFS case. Note that this is a behaviour change from 4.4BSD and applies to output from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> as well as vanilla IP output.
<li>A couple of endianness fixes when setting the IPv4 output fragment offset.
<li>A couple of minor <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=malloc&sektion=3">malloc(3)</a> fixes related to recursive calls and debugging.
<!-- ^ 20031002 -->
<li>Clean up IPv6 flowlabel handling.
<li>New IPv6 ID and flowlabel generation code using <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=arc4random&sektion=9">arc4random(9)</a>.
<li>Remove a bad <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=m_cat&sektion=9">m_cat(9)</a> call when fragmenting outbound IPv6 packets.
<li>Add a missing initialisation in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pflog&sektion=4">pflog(4)</a> that allowed kernel stack garbage to leak into .pcap files.
<li>Have the libc stack protector code use the kernel __sysctl() call directly instead of using the libc <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> interface.
<li>Stop reading ~/.signature to pre-fill the Organisation: field in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendbug&sektion=1">sendbug(1)</a> (PR#3499.)
<li>Fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=event&sektion=3">event(3)</a> poll code.
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftpd&sektion=8">ftpd(8)</a> listen on both IPv4 and IPv6 ports by default.
<li>Fix an out-of-bounds memory access in kernel <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=compat_ibcs2&sektion=8">compat_ibcs2(8)</a> code.
<li>Add missing check for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strdup&sektion=3">strdup(3)</a> error in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=talk&sektion=1">talk(1)</a>.
<li>Correct a couple of off-by-ones in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=banner&sektion=1">banner(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=3">ssl(3)</a> (src/ssl/ssl_ciph.c.)
<li>Fix the code that grows ifindex2ifnet in sys/net/if.c.
<li>Add a stack of missing switch break statements needed after the _dl_errno changes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a>.
<!-- ^ 20031001 -->
<li>Teach <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=size&sektion=1">size(1)</a> how to read ELF objects.
<li>POSIX and interoperability fixes for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bc&sektion=1">bc(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dc&sektion=1">dc(1)</a>,
<li><font color="#e00000"><strong>SECURITY FIX: The use of certain ASN.1 encodings or malformed public keys may allow an attacker to mount a denial of service attack against applications linked with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=3">ssl(3)</a>.</strong></font> This does not affect OpenSSH.<br>
<a href="errata.html#asn1">A source code patch is available</a>.<br>
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
<!-- ^ 20030930 -->
<li>Properly free resources on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fxp&sektion=4">fxp(4)</a> attach failures.
<li>Some reliability fixes in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ahc&sektion=4">ahc(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=siop&sektion=4">siop(4)</a>.
<li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sensorsd&sektion=8">sensorsd(8)</a> to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=daemon&sektion=3">daemon(3)</a>ize itself.
<li>Fix an unchecked <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strdup&sektion=3">strdup(3)</a> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getnetgrent&sektion=3">getnetgrent(3)</a>.
<!-- ^ 20030929 -->
<li>Fix several kernel networking off-by-ones w.r.t. PRC_NCMDS.
<li>Better error checking for new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bc&sektion=1">bc(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dc&sektion=1">dc(1)</a>.
<li>Make new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bc&sektion=1">bc(1)</a> compile on sparc64.
<!-- ^ 20030928 -->
<!-- ^ 20030927 -->
<li>Further <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=realloc&sektion=3">realloc(3)</a> cleanup.
<li>Fix bogus getutmp() error check in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=battlestar&sektion=6">battlestar(6)</a>.
<li>Change the xfs backend from select to poll.
<li>Introduce 64-bit <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=byteorder&sektion=3">byteorder(3)</a> macros.
<li>strdup -> strlcpy in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=apmd&sektion=8&arch=i386">apmd(8)</a>, and make sure the socket gets unlinked at exit.
<li>Better <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=malloc&sektion=3">malloc(3)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=realloc&sektion=3">realloc(3)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strdup&sektion=3">strdup(3)</a> error checks in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=config&sektion=8">config(8)</a>.
<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pflogd&sektion=8">pflogd(8)</a> shouting 'Reopened logfile' at syslog.
<li>Add a number of missing checks for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strdup&sektion=3">strdup(3)</a> failure.
<li>Add an <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sscanf&sektion=3">sscanf(3)</a> bounds check to the neighbour cache file code in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ndp&sektion=8">ndp(8)</a>.
<li>Reorder the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> statistics counter code and fix some miscount bugs.
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>, don't listen on INADDR_ANY if the Listen-on option is specified.
<li>Fix an off-by-one and a bad string bounds length in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atc&sektion=6">atc(6)</a>.
<li>Don't set <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>'s listen socket to non-blocking mode.
<li>Build the new BSD <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bc&sektion=1">bc(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dc&sektion=1">dc(1)</a> in favour of the GNU versions.
<li>Drop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=authpf&sektion=8">authpf(8)</a>'s 15-character username restriction, it's no longer necessary (PR#3491.)
<li>Allocate a buffer large enough to store a full IPX address in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipx_ntoa&sektion=3">ipx_ntoa(3)</a>.
<li>Unbreak <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a> -i display columns for interfaces with no address.
<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&sektion=8">spamd(8)</a> dying unceremoniously on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=accept&sektion=2">accept(2)</a> failures.
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=talk&sektion=1">talk(1)</a> retry if <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=accept&sektion=2">accept(2)</a> returns ECONNABORTED (the same as it does for EINTR.)
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=realloc&sektion=3">realloc(3)</a> fixes in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=brconfig&sektion=8">brconfig(8)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient&sektion=8">dhclient(8)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lpd&sektion=8">lpd(8)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pppd&sektion=8">pppd(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rwhod&sektion=8">rwhod(8)</a>.
<li>Add a 'recipe' datafile to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fortune&sektion=6">fortune(6)</a>, starting with some barbecue recipes from the hackathon.
<li>Use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=arc4random&sektion=3">arc4random(3)</a> instead of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=srand&sektion=3">srand(3)</a> to generate a more random salt for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=htpasswd&sektion=1">htpasswd(1)</a>.
<li>Start removing unnecessary null checks before doing <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=free&sektion=3">free(3)</a> on a possibly null pointer.
<!-- ^ 20030926 -->
<li>Fix scrambled display when resuming a suspended <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=less&sektion=1">less(1)</a> process.
<li>Use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strlcpy&sektion=3">strlcpy(3)</a> instead of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bcopy&sektion=3">bcopy(3)</a> to avoid overflowing the nodename and netname in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=an&sektion=4">an(4)</a>.
<li>Fix a couple of off-by-ones in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=adventure&sektion=6">adventure(6)</a>.
<li>Fix an out-of-bounds write in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> privsep monitor code.
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dlerror&sektion=3">dlerror(3)</a> clear _dl_errno as expected (PR#3441.)
<li>Correct a couple of off-by-ones in libc.
<li>Fix overflows in the X font server overflow fix. Sigh.
<li>Add a missing free in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1">cvs(1)</a>.
<li>New, BSD-licensed version of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bc&sektion=1">bc(1)</a>.
<li>Fix an off-by-one in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=csh&sektion=1">csh(1)</a> (PR#3163.)
<li>More <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=realloc&sektion=3">realloc(3)</a> fixes.
<li>Fix a bad bounds check that could crash <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sort&sektion=1">sort(1)</a>.
<!-- ^ 20030925 -->
<li>More paranoid privsep parent/child communication in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslogd&sektion=8">syslogd(8)</a>.
<li><font color="#e00000"><strong>SECURITY FIX: It is possible for a local user to cause a system panic by flooding it with spoofed ARP requests.</strong></font><br>
<a href="errata.html#arp">A source code patch is available</a>.<br>
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
<li>A number of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=realloc&sektion=3">realloc(3)</a> fixes (removing instances of the bad idiom described in the manpage) in several programs.
<li>New program <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sensorsd&sektion=8">sensorsd(8)</a> to monitor hardware sensors as exposed by the hw.sensors sysctl. Not installed yet.
<li>Unbreak <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tftp&sektion=1">tftp(1)</a> put command.
<li>Remove and re-add SHA2 support in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>, minus OpenSSL EVP-related fd leaks.
<li>Fix some realloc bugs in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> tables code.
<li>Initial HIFN 7955/7956 crypto accelerator support.
<li>Increase <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&sektion=8">spamd(8)</a> maximum connections from 200 to 800.
<!-- ^ 20030924 -->
<li>Install a more complete set of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a> empty config files under /etc/mail.
<li>Throttle 'proc: table is full' messages to once every ten seconds. From NetBSD.
<li>Further improvements to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>'s fatal exit handling.
<li>Use the much simpler <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getifaddrs&sektion=3">getifaddrs(3)</a> instead of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rtadvd&sektion=8">rtadvd(8)</a>.
<li>Use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getaddrinfo&sektion=3">getaddrinfo(3)</a> for name-to-address resolution in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>.
<li>Replace kernel <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=select&sektion=2">select(2)</a> backends with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=poll&sektion=2">poll(2)</a> backends. This allows for more complete poll() functionality. From NetBSD.
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mtrace&sektion=8">mtrace(8)</a> only do mask checks for AF_INET.
<li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=poll&sektion=2">poll(2)</a> support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=event&sektion=3">event(3)</a>.
<li>Fix a few suspect <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strlcpy&sektion=3">strlcpy(3)</a> calls in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifconfig&sektion=8">ifconfig(8)</a>.
<!-- ^ 20030923 -->
<li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getopt_long&sektion=3">getopt_long(3)</a> to accept an optional argument separated by whitespace, unlike GNU getopt_long.
<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tsort&sektion=1">tsort(1)</a> reading past the end of its buffer.
<li>Plug a realloc memory leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a>.
<li>Off-by-one fixes in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nc&sektion=1">nc(1)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pmdb&sektion=1">pmdb(1)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ppp&sektion=8">ppp(8)</a>, libssl, libpthread and a few in the kernel.
<li>Sync up <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=named&sektion=8">named(8)</a> with BIND 9.2.2-P3, with support for new zone type 'delegation-only'.
<li>In the new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dc&sektion=1">dc(1)</a>, Make all registers contain zero initially for compatibility.
<li>Fix, clean up and simplify the installer's handling of yes/no responses from the user.
<li>Use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=poll&sektion=2">poll(2)</a> instead of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=select&sektion=2">select(2)</a> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=skey_authenticate&sektion=3">skey_authenticate(3)</a>.
<li>Plug a memory leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rtadvd&sektion=8">rtadvd(8)</a>.
<li>Stop extraneous 'no disk label' warnings in the installer.
<!-- ^ 20030921 -->
<li>Implement hardwareflow (hf) option for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tip&sektion=1">tip(1)</a>. Off by default.
<li>Fix an out-of-order free() in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rpc&sektion=3">rpc(3)</a>.
<li>Don't leak memory if memory allocation fails in libc <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rpc&sektion=3">rpc(3)</a> code.
<!-- ^ 20030920 -->
<li>Change the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld&sektion=1">ld(1)</a> script to make contructors and destructors in dynamic binaries non-writable.
<li>Completely new BSD-licensed version of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dc&sektion=1">dc(1)</a> using the OpenSSL <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bn&sektion=3">bn(3)</a> routines.
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&sektion=1">scp(1)</a> check for an error code in remote->remote mode.
<li>When chrooting <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a>, use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=initgroups&sektion=3">initgroups(3)</a> so that supplementary group IDs are initialised as well.
<li>Temporarily disable soft interrupts support in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=usb&sektion=4">usb(4)</a> for stability reasons.<br>
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
<li>Several abnormal exit handler fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>.
<li>Better disk device probe on i386.
<li>Correct the signal number validity check in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=csh&sektion=1">csh(1)</a>'s kill command.
<!-- ^ 20030919 -->
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=grep&sektion=1">grep(1)</a>'s binary file test work for gzipped files the same as for other files, testing against <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isspace&sektion=3">isspace(3)</a> as well as <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isprint&sektion=3">isprint(3)</a>.
<li>Make sure <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=whois&sektion=1">whois(1)</a> can't zap straight past the beginning of the buffer when removing spaces from line endings.
<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> checking for a netmask if the address type being examined is a table.
<li>Fix a subtle use-after-free in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=modload&sektion=8">modload(8)</a>.
<li>Some int -> u_int paranoia in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>.
<li>More <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> buffer management fixes (CAN-2003-0682.)
<li>Further EDD detection improvements on i386.
<li>Properly flush the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> RSA1 public key from memory when its output file cannot be opened (OpenSSH PR#662.)
<li>Correct a double-free in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> buffer management code (OpenSSH PR#660.)
<li>Fix the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> ConnectTimeout option (OpenSSH PR#656.)
<li>On i386, try harder to boot from removable media by allowing for their removal and insertion.
<!-- 20030918 -->
<li>Updated and better-commented openbsd-proto.mc for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a>.
<li>Upgrade <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a> to version 8.12.10. The address parsing security fix went into 3.4 and -stable, but not the full version update.
<!-- ^ 20030917 -->
<!-- ^ 20030916 -->
<li>3.4 -> 3.4-current.
<!-- ^ 20030915 -->
</ul>
<p>
This list mentions mostly platform-independent changes. For a list of changes
made in a particular platform, please check the page for that platform. If you
find them not listed there, the changes are either (1) not being documented or
(2) are documented here.<br><br>
<hr>
<p>
<h3>
For changes in other releases, click below:<br>
<a href="plus20.html">2.0</a>,
<a href="plus21.html">2.1</a>,
<a href="plus22.html">2.2</a>,
<a href="plus23.html">2.3</a>,
<a href="plus24.html">2.4</a>,
<a href="plus25.html">2.5</a>,
<a href="plus26.html">2.6</a>,
<a href="plus27.html">2.7</a>,
<a href="plus28.html">2.8</a>,
<a href="plus29.html">2.9</a>,
<a href="plus30.html">3.0</a>,
<a href="plus31.html">3.1</a>,
<a href="plus32.html">3.2</a>,
<a href="plus33.html">3.3</a>,
<a href="plus34.html">3.4</a>.
<br>
</h3>
<hr>
<a href="index.html"><img height=24 width=24 src="back.gif" border=0 alt="OpenBSD"></a>
<a href="mailto:www@openbsd.org">www@openbsd.org</a>
<br><small>$OpenBSD: plus.html,v 1.893 2003/11/21 03:30:49 deraadt Exp $</small>
</body>
</html>
![[BACK]](/icons/back.gif){kind=icon}
Return to plus.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www