Annotation of www/plus25.html, Revision 1.76
1.65 bentley 1: <!doctype html>
2: <html lang=en id=plus>
3: <meta charset=utf-8>
1.57 tj 4: <title>OpenBSD 2.5 Changelog</title>
1.42 schwarze 5: <meta name="description" content="OpenBSD 2.5 changes">
1.56 deraadt 6: <meta name="viewport" content="width=device-width, initial-scale=1">
7: <link rel="stylesheet" type="text/css" href="openbsd.css">
1.59 tb 8: <link rel="canonical" href="https://www.openbsd.org/plus25.html">
1.65 bentley 9: <style>
10: strong {
11: color: var(--red);
12: }
13:
14: h3 {
15: color: var(--blue);
16: }
17:
18: p strong {
19: font-weight: normal;
20: }
21:
22: code {
23: font-family: serif;
24: font-weight: bolder;
25: }
26: </style>
1.1 deraadt 27:
1.65 bentley 28: <h2 id=OpenBSD>
1.56 deraadt 29: <a href="index.html">
1.65 bentley 30: <i>Open</i><b>BSD</b></a>
31: 2.5 Changelog
1.57 tj 32: </h2>
1.17 naddy 33: <hr>
1.1 deraadt 34:
35: <p>
36: This is a partial list of the major machine independent changes
1.35 sobrado 37: (i.e., these are the changes people ask about most often). Machine
1.1 deraadt 38: specific changes have also been made, and are sometimes mentioned
1.35 sobrado 39: in the pages for the specific <a href=plat.html>platforms</a> if you
1.1 deraadt 40: are interested in further port-specific details. Many ports
41: have had architecture-specific enhancements relative to NetBSD,
42: but when they do not they certainly have plenty of platform-independent
43: changes, starting with those listed below..
44:
45: <p>
1.65 bentley 46: Note: <strong>Problems for which patches exist are marked in red</strong>.
1.1 deraadt 47:
48: <p>
1.16 deraadt 49: For changes in other releases, click below:<br>
50: <a href="plus20.html">2.0</a>,
51: <a href="plus21.html">2.1</a>,
52: <a href="plus22.html">2.2</a>,
53: <a href="plus23.html">2.3</a>,
54: <a href="plus24.html">2.4</a>,
55: <a href="plus26.html">2.6</a>,
56: <a href="plus27.html">2.7</a>,
57: <a href="plus28.html">2.8</a>,
58: <a href="plus29.html">2.9</a>,
59: <a href="plus30.html">3.0</a>,
60: <a href="plus31.html">3.1</a>,
61: <a href="plus32.html">3.2</a>,
1.18 deraadt 62: <a href="plus33.html">3.3</a>,
1.19 david 63: <a href="plus34.html">3.4</a>,
1.22 deraadt 64: <a href="plus35.html">3.5</a>,
1.24 miod 65: <a href="plus36.html">3.6</a>,
1.48 deraadt 66: <a href="plus37.html">3.7</a>,
1.34 deraadt 67: <br>
1.27 deraadt 68: <a href="plus38.html">3.8</a>,
1.28 deraadt 69: <a href="plus39.html">3.9</a>,
1.29 deraadt 70: <a href="plus40.html">4.0</a>,
1.30 deraadt 71: <a href="plus41.html">4.1</a>,
1.31 deraadt 72: <a href="plus42.html">4.2</a>,
1.33 deraadt 73: <a href="plus43.html">4.3</a>,
1.34 deraadt 74: <a href="plus44.html">4.4</a>,
1.36 deraadt 75: <a href="plus45.html">4.5</a>,
1.37 deraadt 76: <a href="plus46.html">4.6</a>,
1.38 deraadt 77: <a href="plus47.html">4.7</a>,
1.39 deraadt 78: <a href="plus48.html">4.8</a>,
1.40 deraadt 79: <a href="plus49.html">4.9</a>,
1.41 nick 80: <a href="plus50.html">5.0</a>,
1.42 schwarze 81: <a href="plus51.html">5.1</a>,
1.43 nick 82: <a href="plus52.html">5.2</a>,
1.44 deraadt 83: <a href="plus53.html">5.3</a>,
1.45 deraadt 84: <a href="plus54.html">5.4</a>,
1.46 deraadt 85: <br>
1.48 deraadt 86: <a href="plus55.html">5.5</a>,
1.50 brett 87: <a href="plus56.html">5.6</a>,
1.51 deraadt 88: <a href="plus57.html">5.7</a>,
1.54 deraadt 89: <a href="plus58.html">5.8</a>,
1.55 deraadt 90: <a href="plus59.html">5.9</a>,
1.58 deraadt 91: <a href="plus60.html">6.0</a>,
1.60 deraadt 92: <a href="plus61.html">6.1</a>,
1.61 deraadt 93: <a href="plus62.html">6.2</a>,
1.62 deraadt 94: <a href="plus63.html">6.3</a>,
1.63 deraadt 95: <a href="plus64.html">6.4</a>,
1.64 pamela 96: <a href="plus65.html">6.5</a>,
1.67 pamela 97: <a href="plus66.html">6.6</a>,
1.68 deraadt 98: <a href="plus67.html">6.7</a>,
1.70 pamela 99: <a href="plus68.html">6.8</a>,
100: <a href="plus69.html">6.9</a>,
1.71 deraadt 101: <a href="plus70.html">7.0</a>,
1.72 deraadt 102: <a href="plus71.html">7.1</a>,
1.74 deraadt 103: <br>
1.73 deraadt 104: <a href="plus72.html">7.2</a>,
1.75 tj 105: <a href="plus73.html">7.3</a>,
1.76 ! tj 106: <a href="plus74.html">7.4</a>,
1.16 deraadt 107: <a href="plus.html">current</a>.
1.1 deraadt 108: <br>
109:
1.49 deraadt 110: <p>
1.65 bentley 111: <h3>Changes made between OpenBSD 2.4 and 2.5</h3>
1.49 deraadt 112: <p>
1.1 deraadt 113:
114: <ul>
115: <li>2.5 source tree frozen.
1.65 bentley 116: <li><strong>Fix ln kernel bug in vfs_lookup.c. <a href="errata24.html#lnpanic">A patch is available</a></strong>.
1.1 deraadt 117: <li>Fix ipf return-rst panic bug.
118: <li>Add a -q flag to newfs, so that it does not print out information about the superblock backups. This is used by the install process.
119: <li>Do not permit any IPSEC code unless the admin has enabled it using sysctl.
120: <li>More ISAPNP devices.
121: <li>Do not permit local address spoofing using ip4.
122: <li>Do not permit ip4 tunneling unless the admin has enabled it using sysctl.
123: <li>More man page and games fixes.
124: <li>Significant improvements to disklabel(8) and the install procedure.
125: <li>For CD support, if READ_CD_CAPACITY fails as it does on some units, provide nice defaults so that other things do not fail later.
126: <li>Rearrange default interrupt ordering for pcmcia somewhat more.
127: <li>Improve multicast handling in /etc/rc.
128: <li>Silence initgroups(3), it should not spew to stderr on failure.
129: <li>sudo 1.5.9
130: <li>Numerous ipsec changes, further making isakmpd useful, etc. etc.
131: <li>Support hostname.bridge* files.
132: <li>Support some 100Mbit ne2000-like pcmcia cards.
133: <li>Further Qlogic ISP support for PCI and sbus versions..
134: <li>Add ssl log rotation to newsyslog.conf
135:
1.26 david 136: <li>In sun4m trap handler stubs, rd %wim which makes viking CPUs much happier.
1.1 deraadt 137: <li>lifetime expiration notifications for the IPSEC stack.
138: <li>PF_KEYv2 support in isakmpd(8).
139: <li>In kvm_mkdb(8), better fallback from /dev/ksyms to /bsd if there are problems with nlist(3).
140: <li>Fix in6 dependence in various netinet header files.
141: <li>Tail anchor search in makewhatis.sed, so that overwritten titles are dealt with right.
142: <li>Fix a problem regarding "\r" translation in talk(1).
143: <li>Some more games fixes.
1.66 deraadt 144: <li>Workaround sun4m STP1020A errata #148494 regarding cache initialization.
1.1 deraadt 145: <li>In ipsend(8), do not crash if no options provided.
146: <li>Various powerpc fixes, including further PIC support, and fix a kernel pmap crash.
1.65 bentley 147: <li><strong>SECURITY ISSUE: In poll(2), constrain the <code>nfds</code> parameter better, so that kvm starvation is less likely. <a href="errata24.html#poll">A patch is available</a></strong>.
1.1 deraadt 148: <li>Make at(1) easier to use next year (ie. Y2K issue).
1.65 bentley 149: <li><strong>SECURITY ISSUE: Fix TSS fault handling. <a href="errata24.html#tss">A patch is available</a></strong>.
1.1 deraadt 150: <li>In the ncr(4) driver, disable tagged queuing by default. Our filesystems and vfs layer is not prepared for this play-it-loose behaviour.
1.65 bentley 151: <li>Repair <code>ypwhich -h</code> support; it was broken when running on non-server machines.
1.1 deraadt 152: <li>Add non-learning and non-discovery modes to the bridging code.
153: <li>Many more man page fixes.
154: <li>Do not allow users to mount umapfs, even if root chooses to permit kern.usermount activity.
155: <li>termtypes database version 10.2.7, with our local modifications.
156: <li>Many more non-standard isapnp devices.
157: <li>On various architectures, more default swapgeneric swap devices.
158: <li>If an MFS IO is successful, set b_resid to 0, so that vnd support works.
159: <li>Add find -W support for white-outs.
160: <li>Brand new version of the isp(4) driver for SBUS and PCI.
1.11 pvalchev 161: <li>Ensure that sb(4) devices have at least one drq; thus not falsely probing one particularly stupid isapnp sb-like device.
1.1 deraadt 162: <li>ncurses-4.2-990316
163: <li>A nice ssl(8) man page.
164: <li>Various changes to the ssl install, so that /etc/ssl contains nicer default files.
165: <li>Various disklabel(8) improvements and bug fixes, so that our 2.5 release will be easier to install.
166: <li>Bug fixes to the tx(4) driver.
1.65 bentley 167: <li>In /etc/daily, do /tmp pruning with a <code>find -x</code> so that sub-mounts do not get trashed.
1.1 deraadt 168: <li>Add a f.startwm function to twm(1), so that it can start other window managers.
169:
1.26 david 170: <li>On sparc cypress CPUs, do write-through instead of write-back caching.
1.1 deraadt 171: <li>In netstat(1), print subnets containing 0 octets correctly.
172: <li>Fix an NFS bug which previously caused free()'ing of negative lengths.
173: <li>ncurses-4.2-990314
174: <li>In disklabel(8), permit "delete *".
1.65 bentley 175: <li>Make <code>ifa_refcnt</code> a u_int, because of very large routing tables.
1.1 deraadt 176: <li>Kernel scheduler performance improvement.
177: <li>Numerous more man page repairs.
178: <li>A start at powerpc PIC support.
179: <li>Fix atapi cdrom driver bug where last entry in TOC had seconds and frame zeroed.
180: <li>Fix some more games.
181: <li>Numerous more bridge improvements.
182: <li>ncurses-4.2-990307
183: <li>Turns out the RAMDISK for the 2.4 i386 release had errors for the default NE2000 device driver locations.
184: <li>wb(4) PCI driver for Winbond W89C840F 100mbit cards.
185: <li>Fix some more pcidevs and pnpdevs entries -- a few more new devices work as a result.
186: <li>libpthread goes away, since libc_r now works really well.
187: <li>Many more man page fixups.
188: <li>For open(2) with O_TRUNC, both st_ctime and st_mtime are to be updated.
189: <li>On the P3, disable the processor serial number.
190: <li>Fix make depend in kerberosIV sub-tree.
191: <li>On i386, add support for cpuid level 2, permitting L2 cache size probing.
192: <li>In pkg_info(8), handle unterminated comments.
193: <li>sudo 1.5.8p2.
194: <li>Make sure httpd(8) works when the RSA SSL library is not installed.
195: <li>In mountd(8), fix a parsing error for the file /etc/exports.
196:
197: <li>Man page clarifications for strncpy(3) and strncat(3), which people continue to misuse.
198: <li>Fix another ipsec bug.
199: <li>More bridge(4) tweaks.
1.65 bentley 200: <li>Support <code>--</code> argument separator in less(1).
1.1 deraadt 201: <li>Merge cap_mkdb(1) and info_mkdb(1).
202: <li>Fix RAMDISK sizing problems on i386, alpha, and sparc.
203: <li>Fix a DNS stall problem in login(1), related to AFS.
204: <li>A couple of ipsec pfkey fixes.
205: <li>Handle bogus priority specifications in renice(1).
206: <li>Improve compress performance in compress(1).
207: <li>Handle cs4232 isapnp cards better.
208: <li>Fix various source-tree Makefile build-twice bugs
209: <li>Fix a bug in cvs(1).
210: <li>In calendar(1), correctly handle yearly events occurring on fixed weekdays in all cases.
211: <li>Make more ethernet drivers bridge-aware.
212: <li>In talk(1), print fatal errors to stderr after curses has terminated.
213: <li>De-inline vnode_if stubs. This saves 120K in kernel size.
214: <li>Fix another coredumping case in Kerberos kadm library.
215: <li>Fix uninitialized variable bug in install(1).
216: <li>Implement RFNOWAIT with the exact same semantics as Plan9.
217: <li>Track SATYPE regs per PFKEY socket.
1.65 bentley 218: <li>Fix skeyinit(1) <code>-n</code> without an argument.
1.1 deraadt 219: <li>Fix some panic cases in raidframe(4).
220: <li>Fix NFS3 NFS3ERR_JUKEBOX panic bug.
221: <li>Some ipsec error return patches.
222: <li>Other man page repairs..
223: <li>Add significant detailed information to select(2) manpage, which will help people not repeat mistakes others have made.
224: <li>Document timer{clear,add,sub,cmp,isset} in the getitimer(2) manpage.
225: <li>isapnp wss(4) support.
226: <li>curses 4.2-990301
227: <li>SIGINFO support in fsck_ffs(8). Try ^T during bootup.
228: <li>Support stand-alone "up" command in /etc/hostname.* files, for bridges and such.
229: <li>led driver support for Sun4 machines.
230: <li>Revamp some bridge(4) ioctls.
231: <li>Add mod_ssl 2.2.3 support to apache 1.3.4.
1.65 bentley 232: <li>Rename disklabel <code>-p</code> flag to <code>-d</code>, and document for the first time.
1.1 deraadt 233: <li>apache 1.3.4
234: <li>cvs 1.10.5
235: <li>Incorporate extensive configuration work done on egcs, into our gcc tools.
236: <li>Fix infinite recursion bug in libkafs, which hit during login(8) if DNS was dead.
237: <li>On boot media, if swapon(8) exists on the install floppy, attempt to add swap early during install.
1.65 bentley 238: <li>Rename OpenBSD 2.4 to OpenBSD 2.5 -- we are moving into 'release mode'.
1.1 deraadt 239: <li>Divide by zero bugfix to netstat(1).
240: <li>Some fixes to the pkg_*(8) tools.
241: <li>Add more isapnp card identifiers.
242: <li>Fixes to the rl(4), pn(4), mx(4), xl(4), and tl(4) PCI ethernet drivers.
243: <li>Many ethernet drivers were doing an packet ownership check which prevented bridging from working, and was better done in ether_input().
244: <li>network bridging support. The packets go through ipf(8) on their way to delivery. See bridge(4) and brconfig(8).
245: <li>Some nfsd(8) and nfsiod(8) changes.
246: <li>Support the PNIC2 PCI ethernet controller in pn(4).
247: <li>Many many man page fixes.
248: <li>In ipsecadm(8), warn if DES or skipjack are used.
249: <li>isakmpd(8) update.
250: <li>newhashinit() kernel interface replaces hashinit() interface, and permits non-blocking malloc operation.
251: <li>Begin uvm import.
252: <li>Some man page improvements.
253: <li>Move ls(1) into ftpd(8).. directly.
254: <li>In setproctitle(3), if sysctl(2) fails do not crash.
255: <li>Constify getcap(3) API.
1.65 bentley 256: <li><strong>For the i386, fix /boot argument mapping. <a href="errata24.html#bootargv">A patch is available</a></strong>.
1.1 deraadt 257: <li>Put skipjack in libc.
258: <li>Continue squishing new bugs in new ipsec PF_KEY code...
259: <li>Fix autosetting of d_type and _dtypename in wd(4).
1.65 bentley 260: <li><strong>SECURITY ISSUE: Fix the nlink overflow in FFS and EXT2FS. <a href="errata24.html#nlink">A patch is available</a></strong>.
1.1 deraadt 261: <li>Add zegrep(1) and zfgrep(1).
262: <li>Change IPSEC stack to support PFKEYv2.
263: <li>PentiumIII detection.
264: <li>Fix two bugs in ifconfig(8); do not configure an address if not specified, and complain if more than src and dst addresses are specified.
265: <li>Fix another ping bug regarding payload alignment.
266: <li>Fix -R option in inetd(8).
267: <li>Fix send file function in cu(1).
268: <li>Some man page fixes.
269: <li>ncurses 4.2-990220
270: <li>NRL netinet6 compiles now.
271: <li>Two new kinds of rl(4) and vr(4) ethernet cards.
272: <li>Better promisc and multicast handling in sparc hme(4).
273: <li>Fix an rdist(8) bug.
274: <li>Handle powered-down xl(4) cards better.
1.65 bentley 275: <li><strong>SECURITY ISSUE: Fix an overflow in ping(8). <a href="errata24.html#ping">A patch is available</a></strong>.
1.1 deraadt 276: <li>In fork(2), always spare 5 last processes for root.
277: <li>Better vis(3) support in savecore(8).
278: <li>Quiet apm(4) and add machdep.apmwarn sysctl.
279: <li>Fix endian-bug in the blowfish routines.
280: <li>Various vis(3) related overflows (by one char).
1.11 pvalchev 281: <li>First step at supporting >2G files in less(1).
1.1 deraadt 282: <li>Add -x, -p, and -m options to ls(1).
283: <li>In ld(1) and ld.so(1), do not optimize the search path when dealing with duplicate shared library names (even though both alternatives have problems).
284: <li>Fix an kernel ipf bug relating to out-going icmp.
1.65 bentley 285: <li><strong>SECURITY ISSUE: Fix an ipq race in ipintr(). <a href="errata24.html#ipqrace">A patch is available</a>, which must be applied after the <a href="errata24.html#maxqueue">maxqueue patch</a> has been installed.</strong>
1.1 deraadt 286: <li>Allocate u-area early in fork1(), instead of vm_fork().
287: <li>Fix msdosfs bug regarding corrupted FAT32 root directories.
288: <li>Improve vfs lkm interface.
289: <li>sudo 1.5.8
290: <li>Make vm_page_alloc_contig() a standard VM system function.
291: <li>Fix DES weak key checking in libdes (and netinet/libdeslite).
292: <li>Improve the ipsec(4) man page.
1.65 bentley 293: <li>Fix <code>netstat -A</code> header.
294: <li><strong>SECURITY ISSUE: Improved fragment flood protection in the IP layer. <a href="errata24.html#maxqueue">A patch is available</a></strong>.
1.1 deraadt 295: <li>IPSEC skipjack support (do not bother using this unless you are .gov or .mil).
296: <li>Check sub-regions better in subr_extent.c, which affects pcmcia.
1.65 bentley 297: <li>Add <code>-f</code> option to comm(1) for case folding.
1.1 deraadt 298: <li>Some more man page fixups.
299: <li>In traceroute(1), do not permit normal users to set the source address as non-local.
300: <li>Make quoted strings work in the interactive mode in restore(8).
301: <li>Fix a padding byte in ipsec esp new.
302: <li>Use new pipe code on all architectures.
303: <li>Some man page repairs.
304: <li>Fix SIOCGIFCONF code in ypbind(8).
305: <li>New raidframe code.
306: <li>Improgve promisc/multicast support in a few sparc drivers.
307: <li>Merge changes from db.1.86 (but do not merge new hash code, since it has an incompatible format)
308: <li>Handle kernel malloc() failing, for TCP SACK block allocation.
309: <li>Do more careful system call range-checking and introduce socklen_t.
1.65 bentley 310: <li><strong>Fix a bug we introduced before 2.4 shipped: readv(2) and writev(2) with iov_len == 0 is legal. <a href="errata24.html#uio">A patch is available</a></strong>.
1.1 deraadt 311: <li>Fix a pcmcia mapping bug regarding address space allocation.
312: <li>For wds(4) and ex(4) drivers, unmap address space if probing fails.
313: <li>In ipsecadm(8), verify that keys and IVs are specified in hex.
314: <li>Document that MD4 is pretty much broken, and MD5 is looking pretty bad too (so much for quality designs from RSA).
1.65 bentley 315: <li><strong>SECURITY ISSUE: i386 T_TRCTRAP DDB handling could cause a system crash. <a href="errata24.html#trctrap">A patch is available</a></strong>.
1.1 deraadt 316: <li>tcpdump(8) out-of-range access in LLC decoding.
317: <li>Flesh out the vpn(8) manpage.
318: <li>Add old dbm-compatible interface code, from db-1.86
319: <li>Support Return-Path: in vacation(1).
1.66 deraadt 320: <li>Network byte order for default lease time in dhclient(8).
1.1 deraadt 321: <li>Uninitialized memory in ktrace(2) system call.
322: <li>Fix 88k support in libgmp.
323: <li>Make types(5) more useful.
324: <li>ncurses-4.2-990206
325: <li>Correct various freebsd/linux emulation issues.
326: <li>Correct directory entry reads for numerous binary emulators.
1.65 bentley 327: <li><strong>SECURITY ISSUE: Better RST handling in tcp input. <a href="errata24.html#rst">A patch is available</a></strong>.
1.1 deraadt 328: <li>BeOS/i386 support in fdisk(8).
329: <li>Two more nop instructions in sparc locore.s for greater reliability on Viking CPUs.
330: <li>Pluralization fix in rup(1).
331: <li>Much more mvme88k support. The port is coming alive...
332: <li>In ftp(1), if http fetch returns less than Content-Length, error out.
333: <li>gcc/binutils/ld support for mvme88k.
334: <li>Fix cua device handling in com(4) and pccom(4).
335: <li>Handle MNT_NODEV in nullfs.
336: <li>Correct a tcp ISS bug.
337: <li>Support sparc bootpath handling in qe(4) and be(4).
1.65 bentley 338: <li><strong>hp300 X in the 2.4 release has an installation issue. <a href="errata24.html#hp300X">Further details available</a></strong>.
1.1 deraadt 339: <li>Fix isa_check_intr() support on the alpha.
1.65 bentley 340: <li>Fix breaking support in <code>fold -s</code>.
1.1 deraadt 341: <li>Improve long line support in hexdump(1).
342: <li>Improve some ipf-related man pages.
343: <li>Fix a server-side NFS issue for the alpha.
344: <li>Sendmail 8.9.3.
345: <li>ipf 3.2.10.
346: <li>Dynamically allocate some buffers in rdist to reduce memory footprint on directories that contain many hard-linked files.
347: <li>Some other random netinet fixes.
348: <li>Do not count ipsec related "route misses" as routing lookup failures.
349: <li>Support MSG_BCAST and MSG_MCAST in recvmsg(2).
350: <li>Allow higher uids in adduser(8).
351: <li>Make h2ph grok hex constants with suffixes, exponential floats, and the [fF] suffixes.
352: <li>Add '-p pattern' option to split for matching with a regexp.
353: <li>More man page fixes.
354: <li>Increase size of routing statistics variables.
355: <li>More info from rarpd in -d (debug) mode.
356: <li>${CC} and ${COPTS} were not always getting passed in Makefile.bsd-wrapper.
1.32 tobias 357: <li>tail(1) and wc(1) can now deal with files > 2gig.
1.1 deraadt 358: <li>xterm patchlevel 91.
359: <li>Permit non-root users to mkfifo onto NFS filesystems.
360: <li>Fix AFS on mips.
361: <li>sparc sbus spif driver (serial+parallel card).
362: <li>Update curses to ncurses-4.2-990130 and import infocmp(1).
1.65 bentley 363: <li>Correct handling of negative fields in <code>df -h</code>.
1.1 deraadt 364: <li>Fix i386 __asm clobber control, for egcs.
365: <li>Various fixes to the bt848 driver.
366: <li>Fix a multiple free patch in ipnat.
367: <li>preliminary powerpc PIC support.
368: <li>powerpc destructors were being called twice. Now only call them once.
369: <li>Add support for more pcmcia cards.
370: <li>Fix NEWRENO behaviour, which was buggy.
371: <li>tzdata1999a
1.65 bentley 372: <li>Add <code>-b</code> flag to install(1).
1.1 deraadt 373: <li>For the bootblocks, fix error returns when running in decompressing mode.
374: <li>Disable i386 bootblocks E801 memory probing test.
1.65 bentley 375: <li><strong>SECURITY ISSUE: Fix a select(2)/accept(2) race condition. <a href="errata24.html#accept">A patch is available</a></strong>.
1.6 rohee 376: <li>Support & username expansion in sendbug, and fix the /tmp race.
1.1 deraadt 377: <li>Avoid a sendmail DOS regarding huge numbers of header lines.
378: <li>rmdir(".") now returns EBUSY, as XPG2 says.
379: <li>pdksh 5.2.13.7
380: <li>In config(8), order probes according to device attachment, not device declaration.
381: <li>Many more games fixes.
382: <li>More man page fixes.
1.32 tobias 383: <li>Correct st_blocks for files > 2GB.
1.1 deraadt 384: <li>Fix mktemp(3) behaviour in gcc(1). It now handles files safely! (Took 2 years to get this security issue resolved).
385: <li>Many pid_t fixes to the source tree.
386: <li>PID_MAX has to be at most 32766, due to interactions with sys/compat.
387: <li>texinfo 3.12
388: <li>Addition of raidframe.
389: <li>PNIC ethernet driver.
390: <li>Kernel threads (ie. kthread).
391: <li>Fix a varargs related bug in patch(1).
392: <li>MNT_NOATIME support in msdosfs.
393: <li>VIA Rhine ethernet driver.
1.65 bentley 394: <li><strong>Fix an nfs v3 bug when talking to the pedantic solaris7 server. <a href="errata24.html#nfs3_solaris7">A patch is available</a></strong>.
1.1 deraadt 395: <li>Merge other fixes from ksh 5.2.13.6
396: <li>Add RFNOWAIT support to rfork(2).
397: <li>Careful strtol() use in make(1).
398: <li>Fix a vm cache trashing bug.
399: <li>XFree86 3.3.3.1
400: <li>More care in getmntinfo(3).
401: <li>Fix an msdosfs bug.
402: <li>Driver for Macronix 98713, 98713A, 98715 and 98725.
403: <li>Check for more possible divide-by-zero cases in disklabel handling.
404: <li>Fix a display bug in tetris(6).
1.3 deraadt 405: <li>Make lpt accept polled mode when its interrupt is unavailable.
1.1 deraadt 406: <li>uint*_t types from newer POSIX standards.
407: <li>Delay irq allocation for the i82365 pcmcia chipset -- we want better interrupts to be given to pcmcia cards.
408: <li>Import of NRL IPv6.
409: <li>new airports database.
1.65 bentley 410: <li>Fix an apm bug for <code>halt -p</code>.
1.1 deraadt 411: <li>Update CellServDB.
1.65 bentley 412: <li>In syslogd(8), be careful about <code>sun_path</code> termination.
1.1 deraadt 413: <li>Avoid kernel divide-by-zero panics in disklabel handling.
414: <li>newsyslog(8) no longer needs to care about MAX_PID.
1.66 deraadt 415: <li>In find(1), correct ! handling in parenthesis
1.1 deraadt 416: <li>In strftime(3), document what an ISO 8601 year is. It's not what you think it is..
417: <li>In rdump(8), use TCP_NODELAY for a significant performance enhancement.
418: <li>Fix nsphy(4) MII driver to work on finicky hme(4) driver.
419: <li>Put some named files in the right place (post-2.4 bug).
420: <li>For nfs booting, print addresses using kernel inet_ntoa().
421: <li>range overflow in edquota(8).
422: <li>Provide pcmcia IO bus mapper with a list of regions where it should preferentially map new devices.
423: <li>In patch(1), remove some local functions and use basename(3) and dirname(3) instead.
1.6 rohee 424: <li>Integration of NetBSD's MIDI & sequencer support.
1.1 deraadt 425: <li>Sendmail 8.9.2
1.65 bentley 426: <li>c++ does not permit a structure to have a member that is called the same name as the structure (ie. <code>netinet/in.h</code> had <code>struct ip_opts</code> containing a member called <code>ip_opts[]</code>. Fix that.
1.1 deraadt 427: <li>Fix ${PIPE} uses throughout the source tree (not kernel compiles though).
428: <li>A few htdocs were missing in our httpd(8) install. Add them.
429: <li>Some pcmcia fixes.
1.65 bentley 430: <li>Correct nested <code>ip_sum</code> in icmp packets.
431: <li>Correct the values of <code>ip_len</code>, <code>ip_off</code>, <code>ip_id</code>, and udp <code>uh_sum</code> fields for the embedded ip packet inside an icmp packet. (<code>ip_sum</code> is still wrong).
1.1 deraadt 432: <li>More locking fixes in the vfs layer.
1.65 bentley 433: <li><strong>Fix df(1) on NFS v3 filesystems. <a href="errata24.html#nfs3">A source code patch is available which solves this problem</a></strong>.
1.1 deraadt 434: <li>Crank PID_MAX to 65535.
435: <li>Do better pcmcia interrupt allocation.
1.65 bentley 436: <li>Make <code>ip_id</code> non-repeating random, like DNS id's.
1.1 deraadt 437: <li>range check signal conversions in the compat layer.
438: <li>make mount(2) return EOPNOTSUPP for filesystem missing in kernel.
439: <li>Fix a pcmcia com(4) driver panic.
440: <li>Many libc_r improvements.
441: <li>In xl(4), if no MII found, do not panic.
442: <li>Fix sh(1) and csh(1) builtin kill(1) clones so that they support -SIGXXX.
443: <li>Activate isakmpd in the build process.
1.66 deraadt 444: <li>Newer version of isakmpd.
1.1 deraadt 445: <li>In kgmon(8), let libkvm decide the default kernel name.
446: <li>Repeat open operations in cdio, in case of slow changers.
1.65 bentley 447: <li><strong>SECURITY ISSUE: Even more bootpd paranoia. Updated patches are available for <a href="errata23.html#bootpd">2.3</a> and <a href="errata24.html#bootpd">2.4</a></strong>.
1.1 deraadt 448: <li>Make sa(8) 64bit clean.
449: <li>In install(1), handle sparse files the same way pax(1) does.
1.65 bentley 450: <li><strong>Replace raw termcap/terminfo databases with new ones based on a common and shared termtypes database. <a href="errata24.html#terminfo">Since these databases had problems in the 2.4 release, updated versions are available</a></strong>.
1.1 deraadt 451: <li>Permit csh(1)-builtin printf function to have arguments.
452: <li>Fix a display problem in hexdump(1).
1.65 bentley 453: <li><strong>Fix an i386 installboot bug which prevents proper installation when the root partition (or the root partition end) are placed BEYOND the 4GB line. <a href="errata24.html#installboot">A source code patch is available which solves this problem</a></strong>.
1.1 deraadt 454: <li>Flesh mktemp(3) manpage out significantly.
455: <li>Working <a href=mvme88k.html>mvme88k</a> port.
1.65 bentley 456: <li>For IPHDRINCL, check <code>ip_hl</code> for validity, too.
1.1 deraadt 457: <li>Fix goal and max parameters in fmt(1).
458: <li>Do not believe SS20 machines that claim to have BURST64 support.
459: <li>In sparc le(3), be more careful about media handling and such.
460: <li>In ftp, if passive connections fail, try active.
461: <li>Morse decoding in morse(6).
462: <li>Numerous fixes to calendar(1), in particular it can now calculate Easter correctly.
463: <li>Various race/deadlock fixes to umount(2).
464: <li>More man page fixes.
465: <li>More isapnp devices.
466: <li>Fix rand(3) bug introduced into 2.4.
467: <li>Fix [:print:] in tr(1).
468: <li>Merge make(1) fixes and changes from other projects.
469: <li>Consider limits in fdavail().
470: <li>Fix layer in VFS layer function vinvalbuf().
471: <li>Fix a tl(4) bug which caused a particular IDE controller to look like an ethernet card...
472: <li>Increase sparc obio le driver memory to 8K, enhances performance.
473: <li>Remove itrunc3 panic case: It is invalid code.
474: <li>fast retransmit statistics in netstat(1).
475: <li>Many new ISA PNP devices.
476: <li>Make -ltermcap be -lcurses; and -lotermcap be -locurses, via links.
1.65 bentley 477: <li>For kerberosIV, install <code>prot.h</code> (some things require it).
1.1 deraadt 478: <li>XFree86 3.3.3
1.65 bentley 479: <li><strong>SECURITY ISSUE: Fix a remote exploit problem in bootpd (which noone runs anyways, without filtering, right?). This fixes a security problem. Patches are available for <a href="errata23.html#bootpd">2.3</a> and <a href="errata24.html#bootpd">2.4</a></strong>.
1.1 deraadt 480: <li>In cut(1), avoid an infinite loop.
481: <li>In top(1), skip disabled swap spaces.
482: <li>Even more man page fixes courtesy of our local man page repair fanatic.
483: <li>Fix a crash in ps(1).
484: <li>Make file(1) understand mp3 formats.
485: <li>Repair a recent bug introduced with the SACK/FACK changes (only affected the alpha).
1.65 bentley 486: <li>Add <code>-C</code> support to our patch(1).
1.1 deraadt 487: <li>Numerous IPSEC-related fixes inside the kernel and outside.
488: <li>Many more man page fixes.
489: <li>In ipf(8), do not crash for bad config file.
490: <li>Do not permit tapesize estimate overflows in dump(8).
491: <li>Fix memory leaks in yacc(1), lex(1).
492: <li>In nslookup(1), fix an bug in some previous overflow handling.
493: <li>Permit "Total" bar in "systat swap" to shrink.
494: <li>Fix /tmp race in ctm(1).
495: <li>Make /etc/security consistant to /etc/mtree for the /var/backups directory.
496: <li>Fix a gzip bug.
497: <li>More careful buffer handling in rpc library.
498: <li>Handle spaced-out arguments in lorder(1).
499: <li>Since some drivers occasionally return busted d_secpercyl fields to readdisklabel(), do more checking inside readdisklabel() for those ports that run into this issue.
500: <li>A couple of missing prototypes added.
501: <li>More man page fixes.
502: <li>sudo 1.5.7
503: <li>New getcat(1) manpage.
1.23 pedro 504: <li>Serious improvements to libc_r. This is becoming usable.
1.1 deraadt 505: <li>More careful mmap handling in various device drivers.
506: <li>Exponential space growth in v?asprintf(3).
507: <li>More manpage fixes.
508: <li>Fix a crash of ksh(1).
509: <li>Ignore out-of-range environment LINES and COLUMNS in libocurses.
510: <li>In libcurses in the issetugid(2) case, ignore $TERMINFO.
1.65 bentley 511: <li><strong>SECURITY ISSUE: In libocurses and libcurses in the issetugid(2) case, only ignore $TERMCAP if it is a path. <a href="errata24.html#termcap">A patch is available</a></strong>.
1.1 deraadt 512: <li>Support full set of pty devices in the MAKEDEV scripts.
513: <li>Make rl(4) match the Accton 1207D cards too.
514: <li>Prototype getpgid(2)
515: <li>Handle COMMENTS better in pkg_info(8).
516: <li>64-bit fixes in TCP SACK.
517: <li>Fix a bunch of strtol() range check errors.
518: <li>Improve tty permission checking in wall(1).
519: <li>NEWRENO, SACK, and FACK support in our TCP implementation. SACK and FACK are enabled by default.
520: <li>Added <i>adw</i>, the AdvanSys Ultra Wide PCI SCSI controller driver.
521: <li>Make yacc's skeleton file pass gcc -Wall.
522: <li>ncurses-4.2-981114
523: <li>Fix pcvt attribute handling
524: <li>Fix system() buffer mis-handlings in lynx(1)
525: <li>Use -lcurses in xterm(1)
526: <li>Preserve errno in a libutil/passwd.c function
527: <li>In libm, use write(2,...) instead of stdio code.
528: <li>Fix an IPSEC SPI mishandling bug.
529: <li>ncurses based tset(1).
530: <li>Fix an expression handling bug in as(1).
531: <li>Improve setregid() and setreuid() emulated behaviour.
532: <li>ftok() is now XPG compliant.
1.65 bentley 533: <li><strong>Put userdir support back into httpd(8). <a href="errata24.html#userdir">A patch is available</a></strong>.
1.1 deraadt 534: <li>Put userdir support back into httpd(8).
535: <li>New daemon: isakmpd (ISAKMP/Oakley ipsec daemon).
536: <li>Move /tmp/bootpd.dump to /var/run to avoid filesystem race.
537: <li>Fix some manpages
538: <li>sudo 1.5.6p6
1.65 bentley 539: <li><strong>Fix a remote lockup problem in the TCP packet decoding code. This fixes a security problem. Patches are available for <a href="errata23.html#tcpfix">2.3</a> and <a href="errata24.html#tcpfix">2.4</a></strong>.
1.1 deraadt 540: <li>Fix a deadlock in deadfs VOP_LOCK().
541: <li>Support -p option in ipmon(8).
542: <li>Change bpf to support full frame-grabbing for FDDI packets.
543: <li>Support more ISAPNP devices.
544: <li><a href=want.html>A new web page contains a list of hardware that the project could use for our development process.</a>
545: <li>Newer soft updates code.
546: <li>More manpage fixups.
547: <li>Driver for rl(4) PCI ethernet cards (rtl8129/8139).
548: <li>New phy drivers.
549: <li>Repair a bad strlcpy(3) manpage error.
550: <li>Support ftpd(8) running out of /etc/rc
551: <li>Fix fsck_ext2fs(8) for FIFOs.
552: <li>Detect and handle dma sbus cards in non-dma sbus slots.
553: <li>Handle scsi devices which terminate inquiry strings with 0xff.
554: <li>Fix append mode in freopen(3).
555: <li>Cache and hash hostnames in ipmon(8).
556: <li>Improvements to up-coming libc_r code.
557: <li>Minor possible security fix to xlock(1).
558: <li>Easter and Y2K leap year fix to calendar(1).
559: <li>Use optimal xfer blocksize in rm(1) instead of assuming 8K.
560: <li>Fix a bug in libocurses.
561: <li>curses 4.2-981017
562: <li>More man page fixes.
563: <li>Be sure to enable pci cards that the BIOS forgot about.
564: <li>Support hppa in rbootd(8)
565: <li>Merge bug fixes from pdksh 5.2.13.4
566: <li>Various new ppp(8) changes.
567: <li>Use correct ioctl for flushing in ipmon(8).
568: <li>Fix various tcp options bugs.
569: <li>Fix tcp timestamps.
1.65 bentley 570: <li><strong>Repair sparc kvm dump header problem. <a href="errata24.html#kvm_mkdb">A patch is available</a></strong>.
1.1 deraadt 571: <li>More carefully check /etc/hostname.* file contents before using it.
572: <li>Fix mktemp() problems in lynx(1).
573: </ul>