===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus29.html,v
retrieving revision 1.67
retrieving revision 1.68
diff -c -r1.67 -r1.68
*** www/plus29.html 2016/03/21 05:46:20 1.67
--- www/plus29.html 2016/03/22 10:54:42 1.68
***************
*** 78,96 ****
! - SECURITY FIX: Avoid DoS attack in ftpd using glob patch.
A patch is available.
[Applied to stable]
- ...
!
- SECURITY FIX: Fix ipf(8) fragment caching bug.
A patch is available.
[Applied to stable]
- ...
!
- SECURITY FIX: Fix buffer overflows contained in glob(3) function.
A patch is available.
[Applied to stable]
- ...
!
- Check for short packets and bad types sent to timed(8).
[Applied to stable]
- ...
- OpenSSH 2.5.2 released.
--- 78,96 ----
! - SECURITY FIX: Avoid DoS attack in ftpd using glob patch.
A patch is available.
[Applied to stable]
- ...
!
- SECURITY FIX: Fix ipf(8) fragment caching bug.
A patch is available.
[Applied to stable]
- ...
!
- SECURITY FIX: Fix buffer overflows contained in glob(3) function.
A patch is available.
[Applied to stable]
- ...
!
- Check for short packets and bad types sent to timed(8).
[Applied to stable]
- ...
- OpenSSH 2.5.2 released.
***************
*** 101,110 ****
[Applied to stable]
- ...
- Make buffer size 8k on NE1000, and 16k otherwise for
! ne.
[Applied to stable]
- ...
!
- Move bogus packet length test in udp packets to avoid being stuck at splsoftnet.
[Applied to stable]
- ...
- SECURITY FIX: on i386, check arguments to USER_LDT (not enabled by default) mappings.
--- 101,110 ----
[Applied to stable]
- ...
- Make buffer size 8k on NE1000, and 16k otherwise for
! ne.
[Applied to stable]
- ...
!
- Move bogus packet length test in udp packets to avoid being stuck at splsoftnet.
[Applied to stable]
- ...
- SECURITY FIX: on i386, check arguments to USER_LDT (not enabled by default) mappings.
***************
*** 118,827 ****
- Fix several copyin/copyout bugs in sys/compat.
- Provide a random start for tcp timestamps.
- Support sharing disks between MacOS and the PowerPC port.
!
- Add support for the SaramNcom NS-1100M in the wi(4) driver.
!
- Fix support for the D-Link DE660 pcmcia card in ne(4)
!
- In sis(4) add support for reading the MAC address from the APC CMOS RAM in SiS630E-based chipsets.
!
- In ne(4), changes in media type initializion on DP8390-compatibles.
!
- Implement read/write access to an IEEE 802.3u mii(4) bus using the bit-bang method.
- Add support for DOZE mode on powerpc processors that support it.
!
- Add support for the Symbios 53c1010 in the siop(4) driver.
!
- Implement mincore(2), mlockall(2) and munlockall(2).
!
- Added support for ami(4) MegaRAID Controllers.
!
- Fixed several occurrences of exit(-#); exit(3) only passes the lower 8 bits of status on to the parent.
- Fixed several occurrences of PATH_MAX+1 that should be PATH_MAX.
- Fix interrupt handler registration on the mvme88k port, remove 68k-isms and add UKC support.
- Add some non-US encodings to the USB keyboard driver.
!
- Disable bogus file check in cvs(1).
[Applied to stable]
! - Enable tag queuing and fix some wide/sync negotiation problems in the siop(4) driver.
!
- Add support for isapnp(4) i82365-based pcmcia(4) controllers.
- Many man page fixes.
!
- Fix checksum calculations in bridge(4) setups.
!
- Avoid reading some AC97 registers in neo(4) driver as needed by some devices.
- Avoid a deadlock condition in the syncer.
!
- wscons(4) support for powerpc adb keyboard.
!
- Plug many memory leaks in the libc rpc(3) code.
- Drop packets with 127.0.0.0/8 in header field, if the packet is from outside. RFC1122 dictates that 127.0.0.8 must not appear on the wire.
!
- In sudo(8), fix negation of path-type Defaults entries in a boolean context in sudoers(5).
- Add open hashing functions to libc.
!
- fsck(8) changes for soft updates support.
!
- Extend kqueue(2) down to the device layer for better device support.
- ncurses-5.2-20010224
!
- In the i386 bios(4) driver, add a check for ROMs mapped into memory and setup an extent for each one found. This fixes a problem with ISA cards using iomem space already claimed by a ROM.
!
- Update to sendmail(8) 8.11.3 which fixes potential data loss if a machine crashes.
- A number of filesystem races and locking problems have been fixed.
!
- In ne(4), add support for a D-Link DFE-650 model with a different vendor ID.
- Improved stability with soft updates.
!
- WEP support for the an(4) Aironet driver.
!
- Default SSID in the an(4) Aironet driver; now it will connect to any SSID.
- Better detection of the VAX VS4000/VLC and MV3100/{3,4}0.
- Improved S3 Savage X11 driver for XFree86 3.3.6.
!
- Add mii(4) support to the vr(4) Via Rhine network driver.
!
- Add support for the Dlink 530TX+ to the rl(4) RealTek 8129/8139 network driver.
!
- SECURITY FIX: for ipsec(4), handle AH packets with IP options more strictly.
A patch is available.
[Applied to stable]
- In the powerpc port, add edge/level sense detection capability to the interrupt controller.
!
- Add uftdi(4) driver for the FTDI USB->Serial converter device.
- Tone down the verbosity levels in many SCSI drivers.
- OpenSSH 2.5.1 released.
[Applied to stable]
! - Fix DMA memory allocations in twe(4).
!
- SECURITY FIX: update to sudo-1.6.3p6 which fixes a non-exploitable buffer overflow on very long argv components.
A patch is available.
[Applied to stable]
! - Correctly detect Daylight Saving Time changes in cron(8).
!
- Add bash-like double-tab completion support to ksh(1).
- Avoid losing RTC after suspend/resume on some laptops.
!
- Repair an integer conversion bug in pms(4) which fixes the mouse resolution setting in X.
!
- Fix non-TCP protocol mappings in ipnat(4).
!
- In isakmpd(8), encode X509 expirations into KeyNote credientials/policies.
!
- In pppoe(8), try every BPF device, not just even-numbered ones.
!
- Support -C flag in nm(1).
!
- Update ISC cron(8) to 4.0b1, maintaining our local changes, including signal handling fixes.
!
- Rename old mvme68k and mvme88k siop(4) driver to ssh(4) to avoid naming conflicts.
!
- Fix an uninitialized variable in wsmouse(4).
- Some games fixes.
!
- Nuke nlist(3) and kvm(3) usage in top(1).
!
- More careful buffer handling in rusers(1).
!
- Add MII support to the vr(4) driver.
!
- Several IPv6(4) improvements from KAME.
- OpenSSH 2.5.0 released.
[Applied to stable]
- Sync many parts of the alpha port with NetBSD.
!
- Fix 64-bit issues with the IPv6(4) multicast API.
- Rewrite libwrap RFC931 support to avoid stdio issues with sockets.
- Many man page fixes.
!
- Pull in latest faithd(8) daemon from KAME.
!
- In tcpdump(8), deobfuscate some IP protocols and improve IPsec(4) tunnelmode printing.
!
- Set the offset for SCSI chain B properly in the VAX ncr(4) driver.
- Import XFree86 4.0.3.
!
- Long username fixes to lpd(8) and lprm(1).
!
- Convert the powerpc port to UVM(9).
!
- Import siop(4), a replacement for the ncr(4) SCSI driver.
- Support more NE2000 PCMCIA devices.
- Avoid passing shared mbufs around the kernel to prevent accidental overwrites.
!
- Add pcscp(4), a driver which supports AMD Am53c974 SCSI controllers.
!
- Modify sliplogin(8) to handle long usernames.
- Add portsplus which tracks changes to the ports collection.
!
- Allow X to work without pcvt(4).
!
- Fix an authorizer removal problem in keynote(3).
- Deactivate function pointers upon interface detach to avoid crashes.
- Deal with the real time clock losing interrupts on i386.
- Bump maxusers to 32 in the alpha port.
!
- Avoid a theoretical buffer overflow in getpwent(3).
!
- Fix an uninitialized variable in bsd.port.mk(5).
!
- Disregard ospeed in tetris(6).
!
- Modify wall(1) to handle long usernames.
!
- Many isp(4) SCSI driver improvements and updates.
!
- Fix goto-line 0 case in mg(1).
!
- Fix PermitRootLogin option in ssh(1).
!
- In brconfig(8), skip empty lines in the rulefile.
- Fix HTTP installs, which were broken for quite awhile.
- Repair statclock on mvme88k.
- Ensure softupdates is enabled before performing softupdates-specific operations.
!
- Define a sendmail(8) variable to workaround broken name servers.
!
- Allow up to 12 virtual terminals in wscons(4).
- Correct VAX signal handling.
- Cleanup MAC support in SSH2.
- Support attachment of Cheetah devices to vsbus as well as ibus in the VAX port.
!
- Disable a bogus file check in cvs(1) to ease the pain of having replicated repositories.
!
- Ensure $RSH is set in the rcmd(3) functions.
!
- String table fixes to ddb(4) and modload(8).
!
- Update wscons(4) code.
!
- Pull in fixes for potential buffer overflows in xdm(1).
!
- Compatibility fixes to tar(1).
- Many OpenSSH cleanups and improvements.
!
- New ELF symbol handling in ddb(4).
!
- Enable wscons support in XFree86.
!
- Modify PCI power state for clct(4) devices so they work after warm reboots.
!
- Repair BPF support in gre(4).
!
- Fix an uninitialized variable in wsdisplay(4).
!
- Fix file attribute passing in sftp-server(8).
!
- Correct a memory usage error in ssh-keyscan(1).
- Add support to the powerpc for loading the bootloader and kernel from an HFS filesystem.
!
- Better failure handling in vr(4).
!
- Add support to dc(4) for parsing media blocks from Intel 21143 SROMs.
- Strengthen SSH1 to make traffic analysis more difficult.
!
- Updates to /etc/services from IANA.
!
- In ssh(1), enforce non-batch_mode if StrictHostKeyChecking is set to "ask".
- Backport a buffer overflow fix from XFree86 4.0.2 to in-tree XFree 3.3.6.
- Stricter prototypes, type fixes, and other cleanups in OpenSSH.
!
- Switch IPv6 raw socket code from NRL to KAME.
- Stricter checking in SSH2.
- OpenSSH 2.3.2 released.
[Applied to stable]
! - Implement an upper limit for icmp6(4) redirects.
!
- Fix rwhod(8) to work, and make debug code a flag option.
!
- Mark our tree such that we use wscons(4) as if it is vt220, instead of vt100.
!
- In wscons(4), when scrolled back, if a new key is pressed, reset us to our previous location, as pcvt(4) used to do.
!
- Permit sftp(1) over SSH1 protocol.
!
- In sftp(1), do not forward agent or X11 traffic.
!
- In tar(1), fix -T option and add support for -C option
!
- Honor TMPDIR variable in tar(1), cpio(1), and pax(1).
!
- perl(1) patch CHANGE6214.
!
- New route6d(8).
!
- Numerous more changes to sftp-server(8) and sftp(1).
!
- Changes to accept(2) to permit return of ECONNABORTED.
!
- Quieten IPv6 DN message reporting by default.
!
- Improve xmalloc() and friends in ssh(1) code..
- Remove dead architecture support from the tree.
!
- Remove support for #! from syslogd(8).
!
- cac(4) driver to support Compaq Smart ARRAY RAID controllers.
!
- Ignore blank lines in hostname.if(5) files.
!
- In ssh(1), add -1 option to force protocol 1.
!
- Enable sftp-server(8) by default.
!
- Numerous bug fixes to sftp-server(8) and sftp(1).
- Make scsi work on the vaxstation 4000/90.
!
- Same for tun(4), gif(4), and others..
!
- Change lo(4) initialization code so that boot -c pseudo-device editing code can affect it in the expected fashion.
!
- If kernel has ddb(4) support, add a ddb sub-command inside boot -c.
- Teach the bridge to deal with ARP alignment in the presence of numerous previous layers...
!
- EtherIP support in tcpdump(8).
!
- Fix a bug introduced a few weeks ago in yppush(8).
- A bit of a trawl through the source tree to please the alpha, since various problems occur in the absence of perfect weak symbols.
- libc_r works on the alpha now.
!
- Many new fixes to sort(1).
- Teach config -e and boot -c about pseudo-devices.
!
- Fix perl(1) h2ph scripts.
!
- More bridge(4) fixes for unicast learning.
!
- Add sftp(1) client.
!
- Fix an off-by-{1,2,4} error in i386_space_copy(). wscons(4) now works perfectly.
!
- More fixes to rtadvd(8).
!
- Fix bugs in atc(6), snake(6), battlestar(6), phantasia(6), and adventure(6).
- Enable scrollback from USB keyboards.
!
- Numerous improvements in ppp(8).
!
- At ELF execve(2) time, check for the OpenBSD note first, so that native binaries run best.
- Attempt to share crtbegin/crtend in ELF csu, including an OS note.
!
- Change powerpc ld.so(1) so all architectures use DT_INIT for ctors/init.
- Fix overlapping bus space copy operations on i386.
- Move EtherIP to version 3 (2 byte padded header).
!
- Art does battle with ksyms(4), gets wounded, but eventually wins.
!
- In sshd(8), S/Key is now called ChallengeResponse.
- Make ReverseMappingCheck optional in sshd_config.
- Mickey the madman goes on a new timeout crawl through pci and isa drivers.
!
- Fix nlist(3) emulation for cases where the ELF header does not exist; permits /dev/ksyms to work on ELF machines.
!
- Emulate some new freebsd signal(2) related things in compat_freebsd(8).
!
- In IPv6, avoid panic when packet to nonexistent link-local address is issued.
!
- xl(4) no longer needs to whine about tx underruns.
!
- Fix ELF support for compat_freebsd(8).
!
- Catch the alpha up to wscons(4) changes.
!
- Fix wscons(4) wsmux(4) attachment.
- Support mvme188 card in mvme88k port.
!
- If a pccbb(4) bridge does not have the right voltages, assume it is dead. Permits single connector adapters to work.
!
- Fix some bugs in the bridge(4), especially regarding gif(4).
!
- IMPLEMENTATION FIX: fix memory allocation in the PCI LANCE ethernet driver, le(4).
A patch is available.
[Applied to stable]
! - In config(8) -e and -u, do not write out a new kernel if nothing changed.
!
- Numerous fat utmp(5) changes to utilities.
!
- Move utmp(5) to large format.
!
- Fix some incorrect return values for mmap(2) functions.
[Applied to stable]
! - Make top(1) not setgid.
- Update X11 to support the new i386 changes.
!
- Configure wscons(4) defaults to be what our users expect.
!
- moused(8) is dead for now.
!
- Enable uhci(4) and ohci(4) devices by default in GENERIC.
!
- Range-check invalid .max fields in inetd(8).
!
- Various post-merge ipf(8) fixes. Some previous fixes got removed and had to be put back in.
- In ATAPI code, ignore PIOMODE errors.
- On many architectures, change console name to ttyC? instead of ttyE?.
!
- Add -U option to ELF ldconfig(8).
!
- Move i386 to wscons(4).
- Re-org the alpha boot floppies.
- More improvements against the Bleichenbacher pkcs#1 attack.
!
- Fix more select overflow issues in ssh(1).
- gcc 2.95.3, test 2.
!
- ises(4), start of a driver for the Pijnenburg PCC-ISES crypto chip. Does random entropy insertion.
- Permit many compat system calls to match to the same native call (was not permitted before).
- A bunch of people are doing a kernel trawl to update drivers to new timeouts.
- Support boot -c on the sparc.
- Fix an early timeout bug in wdc/ata support, which caused problems with atapi tape drives.
- Niklas runs through the tree doing commits in an attempt to keep up with Todd's much higher commit count.
!
- Receive random numbers from ubsec(4) cards.
- Make wdc mode printing more portable, so that the powerpc can use it too.
!
- adb(4) drivers in powerpc port.
!
- New upl(4) driver for Prolific PL2301/PL2302 USB host-to-host driver. This acts like a network device.
!
- Remove -Q flag from sshd(8).
- Change audio-driver interface so drivers can supply a minimum delta for mixer value changes.
- USB sync.
!
- SECURITY FIX: fix some buffer overflows in named(8).
A patch is available.
[Applied to stable]
- Support Cheetah vaxes.
!
- Improve MAKEDEV(8) manual pages on many architectures.
!
- Cause pcibios(4) to route interrupts via the pci router at the time interrupts are established for each driver, not before.
!
- Optimize pcidevs, usbdevs(8), and other tables in the kernel.
!
- Both wi(4) and awi(4) now support more models of cards.
!
- skey(1) SHA1 is supposed to be little endian.
!
- Improve ping6(8) signal handling further.
!
- Merge isakmpd(8) in. It is no longer separate.
!
- Many ppp(8) improvements.
- Handle binary data in install floppy dmesg.
!
- Improve ELF handling of nlist(3).
- Print CPU speed in GHz if it is that fast.
- Detect Transmeta CPUs.
- On powerpc, ensure that signal delivery fills in rval[1]; at least pthread was affected.
- Move powerpc to MACHINE_NEW_NONCONTIG.
!
- In mg(1), do not use rename(2) on the ~ file; make a new copy so that vipw(8) and crontab(1) do the right thing.
- Tweak alpha so it sends SIGBUS for unaligned access, and does NOT do a fixup. This encourages people to fix their code.
- KGDB support for the i386.
- Pack alpha definition of infinity properly, other architectures too.
- Recognize Intel P4 CPU.
- Various space optimizations for alpha boot floppies.
- Fix CF wdc, which was broken for a while.
!
- Add "enable" keyword in config(8) files.
- Merge and simplify emulation directory handling code.
!
- Support Initio INI-91xx cards via new iha(4) driver.
!
- In accept(2), when peer disconnects before accept is issued, do not return junk in mbuf by setting length to 0.
- Support Hardware RNG on i850 and i860 hubs.
!
- Fix sysctl(3) so that you can clear a string with it.
!
- In sshd(8), rename "skey" to "challenge response", since this mechanism is now more flexible.
- Reduce how long we wait for scsi devices to come ready; 50 seconds is enough.
!
- pcvt(4) keyboard LED update lockup patch.
- ncurses-5.2-20010114
!
- Fix many more sshd(8) memory leaks.
!
- Fix memory leak in isakmpd(8).
!
- In timed(8), do not accept packets with an unterminated hostname.
[Applied to stable]
- Alias map bios rom at both real address and it's own zero-relative address, because bios roms contain bugs.
!
- In rtadvd(8), sync router renumbering flag bit to conform to 2292bis-02 and RR RFC.
!
- Get rid of -R flag in ssh-keygen(1).
!
- Avoid memory leak in ndp(8).
!
- Establish pccbb(4), ohci(4), and uhci(4) interrupt handler much earlier, because of coming pcibios(4) changes.
!
- Numerous small fixes to sshd(8) and friends.
!
- In ssh(1), fix SIGSEGV for -o "".
- On i386, validate gate targets.
- The easy delete key always returns ^?, while the more difficult one returns ^H.
- Incorporate a set of post-4.4BSD changes to the kernel routing code.
- Support more than 256MB of ram on powerpc.
- Be more careful with assuming with VIA chips can handle U66.
!
- Document better how code using sigblock(3) and sigsetmask(3) would be converted to use sigprocmask(2).
!
- Get sshd(8) ready for auth-login.
!
- In ifconfig(8), permit prefixlen to work against ipv4 addresses.
!
- Change savecore(8) to deal with machines dumping 1GB or more..
- Attempt to deal with inverted signal races in terminal handlers better, throughout the source tree -- ie. main code is deep inside stdio, signal handler calls exit().
!
- Document rules that apply to signal handlers in signal(3) and sigaction(2).
- ipf 3.4.15
!
- Fix a vi(1) crash.
!
- SECURITY FIX: The rnd(4) device does not use all of its input when data is written to it.
A patch is available.
[Applied to stable]
! - Fix C sequence point issues in dd(1), monop(6), tail(1), and rbootd(8).
!
- Fix previous inetd(8) fix.
!
- Fix signal handler race in apmd(8), bootpd(8), syslogd(8).
!
- Constrain isp(4) openings to 128, since the vendor code lies, cheats, steals, and makes us cry.
!
- Fully support SSH2 RSA keys in sshd(8).
- Change alpha bootblocks to ELF.
!
- Fix fd_set overflows and signal races in pppoe(1).
- Important pthread fix.
!
- Large block of documentation and functionality changes to mail(1).
!
- fd_set overflow fix to routed(8).
!
- Signal handler fix to newfs(1).
!
- Cleanup various signal races and buffer overflows in ed(1).
!
- Fix signal race in mountd(8) by writing our own svc_run() routine.
!
- Fix uninitialized variable bug in config(8) UKC code that ignored first command sometimes.
!
- Various changes ensure that all known le(4) cards now work on sun4, sun4c, and sun4m machines.
- Tweak subr_extent code with respect to boundary cases.
!
- sftp-server(8) draft came out; convert our sftp-server(8) to be compliant.
- sendmail 8.11.2
!
- Signal race fixes to fsck_ffs(8), rcp(1), slattach(8), shutdown(8).
- Change asm and volatile to __asm__ and __volatile__ in any file which might be compiled using -ansi -pedantic or similar.
!
- Some signal handler cleanup in rcp(1).
!
- Cleanup timeout code in adw(4).
- Numerous alpha catchups.
!
- New rtadvd(8) code.
!
- Compute UDP checksum in dhcpd(8).
!
- Move mvme88k to UVM(9).
!
- clct(4) driver for Cirrus Logic CS4281 sound chips.
!
- Support {Allow,Deny}Groups in sshd(8).
!
- sshd(8) SSH2 protocol support for keepalives, IPTOS_LOWDELAY, TCP_NODELAY, and IPTOS_THROUGHPUT.
!
- Add kerberos(1) password handling in sshd(8) for kerberosIV.
!
- More memory leak fixes to sshd(8) and ssh(1).
!
- Tweak strlcat(3) to not crash for a certain "illegal pointers, length 0" situation.
!
- Clarify setjmp(3) variants in the manual pages.
!
- Correct fd_set and signals in ping6(8).
!
- Un-race three signal handlers, and fix select overflows in inetd(8).
!
- Fix signal race in route6d(8).
- Move mvme88k to MACHINE_NEW_NONCONTIG.
!
- Fix signal races in rwhod(8).
!
- Fix fd_set overflow in yppush(8).
!
- Fix closedown stub generated and hand-whacked by rpcgen(1) in ypserv(8).
!
- Audio driver for most ESS maestro(8) models.
!
- Signal race repairs in talkd(8) and comsat(8).
!
- Fix select overflow in ssh-agent(1).
!
- Fix rpcgen(1) to deal with large fd_set.
- Document various signal races in the source tree which are very difficult to fix, or which turn out to be safe even if they look flawed.
!
- Rename ich(4) to auich(4).
!
- Cleanup the sftp-server(8) implementation.
!
- Support !command feature in bridgename.if(5) files as well.
!
- Numerous other small changes to isakmpd(8).
!
- Handle memory failures in passwd(1).
!
- In finger(1), fail nicely if memory allocation fails.
!
- Handle DELETE payloads in isakmpd(8).
!
- Remove signal races from sshd(8).
!
- Ease support for road-warrior scenarios in isakmpd(8), by intuiting the Local-ID when possible.
- Change 802.11 DS drivers to operate in BSS mode by default.
!
- Create links for FD_SET(3) and such to point to the select(2) page.
!
- Support TCP_NDELAY on ipv6(4) in ssh(1).
- Numerous spelling error corrections in the system.
- Various other calendar updates.
!
- Ensure replydirname in ftpd(8) does not ever truncate names.
!
- Ensure ftpd(8) does not sometimes return a stray " at the end of a string.
!
- Various large updates to isp(4).
!
- In restore(8), do not skip TS_BITS or TS_CLRI are set.
- Change our own custom EtherIP protocol to the standard one (which is very badly designed, but we are trying to get them to fix that).
- Fix KerberosIV code to build better if src and obj are in strange places.
!
- Support Banner option in sshd(8).
- Make the openssh-p effort a bit easier by merging some simpler portability hacks.
!
- Various missing free(3) calls repaired in ssh(1).
- Attempt to support cardbus 3CXFEM656C 56k Global modem.
!
- In pciide(4), support U100 on ICH2, U66 on Via Apollo, and other repairs to Promise.
- Spelling changes to calendar files.
!
- Be more careful with stat(2) handling in mv(1).
!
- Fix %p handling in strptime(3).
!
- Fix various buffer overflows and other fixes in indent(1).
!
- Do not spit out icmp6 checksum messages if not a debug kernel.
- Permit stripped VAX kernels to load despite unexpected values from libsa.
!
- Simplify locking and a few more fixes to twe(4).
- Plug some memory leaks in OpenSSH.
!
- Fix -P in ftpd(8).
- Emulation fixes to the VAX code.
!
- Protect bits of dhclient(8) with a locking mechanism to prevent multiple instances from using the leases file simultaneously.
!
- Fix 3 cases in mv(1) relating to the moving of symlinks across filesystems.
!
- In ftpd(8), expand the tilde character in ftp-dir login.conf variable.
!
- Prohibit binding to an anycast, notready, or detached IPv6 address.
!
- Rename fsinfo(8) to xfsinfo in X11 to avoid naming conflict.
!
- Set the correct pfkeyv2 direction for KAME SPD entries in isakmpd(8).
!
- Save and restore errno properly in flex(1) since it may be whacked by isatty(3).
!
- Fix sending/receiving passwords in routed(8).
!
- Add an i386-specific sysctl(3) that modifies halt -p processing in APM to deal with some quirky machines.
- More sun3 fixes, mostly to conform better to other m68k architecture code.
!
- Handle login banners better in SSH2 instances of ssh(1).
- Various spelling and grammar fixes across the tree.
!
- Use new sysctl(3) interface for kernel memory bucket statistics and clock information.
!
- Correctly check for empty mailq(1) in /etc/daily.
- Y2K fix in the mvme68k NVRAM code.
!
- Extend sysctl(3) to support quad values.
!
- Improve SMB packet printing in tcpdump(8).
- Add common pidfile-writing code to DHCP so each program doesn't need to roll its own.
!
- To please cap_mkdb(1), make it an error to open a zero-length file for read-only access in hash(3).
- Some sun3 architecture fixes.
!
- Ignore environment variables in libssl if we're running setugid.
!
- In ssh(1), log the remote IP address on disconnect.
!
- Check for memory allocation failure in vmstat(8).
!
- Fix a buffer overflow in fsinfo(8).
!
- Handle another special case in apm(4).
!
- Fix a panic in the RAIDframe locking management code.
!
- Add setpid command to fdisk(8) for setting the partition ID.
!
- Change bridge(4) to use gif* instead of enc*.
!
- Set SO_REUSEPORT socket option in DHCP code, so multiple dhclients work.
!
- Allow printing of 8-bit ASCII characters in talk(1) through an option.
!
- Do not perform getnetbyname() in mountd(8) if the address is already in dot-notation.
!
- In ftpd(8), log the actual number of bytes transferred instead of the original file size.
- Fix ^C in termtype prompt.
!
- Prevent fsck_ffs(8) from marking a filesystem clean if fsck(8) needs to be rerun.
!
- Resolve scheduling conflict in newsyslog(8).
!
- In dhclient(8), set a reasonable default lease time if the server does not provide one.
!
- Suppress uninteresting PCI bus error messages in ahc(4).
!
- Add m88k support to gprof(1).
!
- Add HostKeyAlias option to ssh(1).
!
- Behave nicely with fixed-rate codecs in auvia(4).
!
- Fix a minor off-by-one error in gprof(1).
- In the ports infrastructure, take the old non-fake code out-of-line.
!
- Repair a disgusting rwhod(8) crash.
!
- Fix buffer overflow in csh(1) builtin printf(1) implementation.
!
- Convert atoi(3) to strtoul(3) in top(1).
- Emulate Linux truncate64, stat64, lstat64, and fstat64 syscalls.
!
- Revoke root privileges earlier in ping6(8) and traceroute6(8).
[Applied to stable]
- Many man page fixes.
!
- Use arc4random(3) in jot(1).
!
- Handle quotas over 4GB in edquota(8) and repquota(8).
!
- Fix IPv6 Path MTU Discovery.
!
- Give up euid more carefully in mrinfo(8) and mtrace(8).
- Various OpenSSH fixes.
- Add support for ActivCard, CRYPTOCard, and SNK-004 authentication for the BSD authentication framework.
!
- In ksh(1), remain in non-blocking mode if the shell is not interactive.
- SECURITY FIX: xlock now authenticates via a pipe.
A patch is available.
[Applied to stable]
! - IMPLEMENTATION FIX: PS/2 mouse driver, pms, lockup fix.
A patch is available.
[Applied to stable]
! - Implement a workaround in atapiscsi(4) for buggy Toshiba drivers.
!
- SECURITY FIX: Fix holes in procfs(8).
A patch is available.
[Applied to stable]
! - Put strlcat(3) and strlcpy(3) into libkern for kernel use.
!
- Fix setting of nwid for wi(4).
[Applied to stable]
- Change /etc/security to spit out unified diffs.
!
- Add driver for Compaq SMART Array RAID controllers, cac(4).
!
- Extend the i386 allowaperture sysctl(3) to allow access to the whole 1st MB of memory.
- Add some more sanity checking to the PCMCIA code to fix some obscure panics.
- Import Apache 1.3.14 + mod_ssl 2.7.1.
- Support multiple pfkeyv2 keying daemons.
!
- Compute diffie-hellman in parallel between server and client in OpenSSH.
- Support Amigas with more than 64MB of RAM.
- Ensure /etc/sudoers is created with a proper secure mode.
!
- Import OpenSSL 0.9.6.
!
- More photurisd(8) improvements.
- Update kernel pfkeyv2 code for better conformance to the RFC.
- Enable loading of ELF kernels for alpha.
!
- Add extraction support for shell archives to the bsd.port.mk infrastructure.
!
- In ipsec(4), look for TDB if gateway is unspecified.
[Applied to stable]
! - Fixes to patch(1) -f and -b.
!
- Convert some more drivers to the new timeout(9) interface.
!
- Add bytecounter statistics reporting to netstat(1).
- Instrument more random TCP sequence numbers.
!
- IMPLEMENTATION FIX: Compute crypto(9) session IDs correctly for kernel.
A patch is available.
[Applied to stable]
! - In sshd(8), permit logins with read-only root filesystems if the tty already has sane modes set.
!
- Source port < 1024 is no longer required for rhosts-rsa in sshd(8).
!
- Remove dead code in hifn(4) driver.
!
- Proper getopt(3) usage in compress(1).
!
- Fix a time specification in last(1).
- Do not disable PMTU for established TCP connections unless there is data to send.
!
- Add support for the 802.1D spanning tree protocol to bridge(4).
- New BSD authentication login scripts.
!
- Listen to pfkeyv2 acquire messages in photurisd(8), and setup SAs accordingly.
!
- isakmpd(8) update.
!
- apm(4) bug fix that helps a few laptops.
!
- Remove unnecessary code from photurisd(8) in preparation of new SPD framework.
!
- Repair a memory leak in ICMPv6 code.
!
- Turn off PMTU when ICMP needfrag messages get blocked.
- Finnish updates for inter.phone.
!
- Display number of successful IPv6 PMTU changes in netstat(1) -s output.
!
- Do not re-print ETA on completion in scp(1) when copying 0-sized files.
!
- Validate ICMPv6 "too big" messages based on PCB.
!
- Do not use already-freed memory in route(8).
!
- Avoid repeated host controller halted messages in uhci(4).
- Remove unused libgmp.
!
- Import KerberosIV v1.0.4.
!
- Always request a new challenge for skey/tis-auth in ssh(1).
!
- Support newer cy(4) communication cards.
!
- Provide new international keymaps for pcvt(4).
- Ignore filesystems marked "xx" in the install scripts.
!
- Document that pipe(2) is bidirectional, although this behavior is unportable.
!
- Move the default cvs(1) connection protocol from rsh(1) to ssh(1).
!
- Remove a bogus memory free in getnetgrent(3).
!
- Fix a buffer overflow in bad144(8).
- Revert back to the old rijndael implementation and solve byte ordering bugs there instead.
!
- Drop unneeded support for RTF_TUNNEL in route(8).
!
- Maintain count of routing table timer entries in route(8).
!
- In makewhatis(8), strip weird characters first, then sequences of spaces.
!
- Big improvements to adw(4).
!
- Teach tcpdump(8) about VRRP, SMB, and timed.
!
- Force calendar(1) to only accept real calendar files as input.
!
- Fix various perror(3) overflows in pcvt(4).
!
- Repair a tftp(1) argv parsing overflow.
!
- Conditionalize some BPF code in wx(4).
!
- Finally remove remaining references to extra RSA libs, since the patent has expired.
- New rijndael implementation which solves endian issues.
!
- Support Intel 82801BA pciide(4) controllers.
!
- Exercise more paranoia with passed KRB environment settings in telnetd(8).
!
- Convert some more drivers to the new timeout(9) interface.
!
- Many improvements and modernizations to isp(4).
!
- Update wx(4) with LIVENGOOD support.
!
- Recognize and support the IODATA USB-ET/T Ethernet adapter in kue(4).
!
- Implement asynchronous connections for ssh(1) -R and -L.
!
- Simplify atrun(8) tasks by using asprintf(3).
- Kill unused libtermlib.
!
- Import new pool(9) code.
!
- Fix RIPv0 packet printing and NFS port number parsing in tcpdump(8).
!
- Make pcap(3)-generated BPF filters work on the tun(4) interface.
!
- Import David Maziere's ssh-keyscan(1).
!
- SECURITY FIX: Fix buffer overflow in ftpd(8).
A patch is available.
[Applied to stable]
- IMPLEMENTATION FIX: Fix fastroute related panic.
A patch is available.
[Applied to stable]
- Teach OpenSSH about more version strings to improve interoperability.
!
- SECURITY FIX: Fix another security problem in the KerberosIV code.
A patch is available.
[Applied to stable]
! - SECURITY FIX: Fix two security problems in the KerberosIV code.
A patch is available.
[Applied to stable]
! - Permit ftpd(8) umask setting via both the command line and through a login class in login.conf(5).
!
- Prevent vlan(4) devices from emitting packets if the parent interface is not up and running.
!
- Better error checking in ping6(8).
[Applied to stable]
! - Some stability fixes to isakmpd(8).
!
- In ssh(1), disable agent/X11 port forwarding if the hostkey has changed.
!
- Fix a coredump in ssh-agent(1).
!
- Reset 16-bit PCMCIA during chip initialization in pccbb(4).
!
- Correct PCI interrupt setup for TI PCI113X CardBus bridges.
!
- Properly powerdown PC cards in pccbb(4) at shutdown time.
!
- Add -D option to sshd(8) to cause startup without a daemon.
!
- Show both the IP address and hostname when a new key is encountered in ssh(1).
!
- Fix a bug in MSChapv2 challenge hashing in ppp(8).
!
- More make(1) tweaks.
- Use -n to test for non-zero variables in /etc/netstart.
- Be more careful with ARP packets.
!
- Fix deletion of flows in pf_key_v2 handling of isakmpd(8)
[Applied to stable]
! - Prevent setusercontext(3) in ftpd(8) from setting the umask as this conflicts with any command-line umask specification.
!
- clock(3) fixes for the alpha architecture.
!
- Print select collisions in vmstat(8) -s output.
!
- Implement login_check_expire(3) for libutil.
!
- Add -u username support to pwd_mkdb(8).
- Properly implement errno handling for the threaded libc (libc_r) on powerpc.
!
- In adduser(8), get rid of a race condition and use /etc/ptmp as a lock file.
!
- Set reasonable defaults for RSA1, RSA, and DSA keys in ssh-keygen(1).
!
- Reorder check for illegal ciphers in ssh(1) protocol 1 connection code.
!
- Fix pciide(4) support on Alpha 164SX models.
- Support 16 slices per device on VAX machines.
!
- Considerable cleanups to make(1).
!
- Improve key repeat logic in wskbd(4).
!
- Changes from KAME to make ifm_data available in getifaddrs(3).
!
- Fix absolute path handling in crunchgen(1).
- Shorten /dev/ttyC* device names.
!
- Complain about invalid ciphers in ssh(1), falling back to reasonable defaults when necessary.
!
- Avoid tty races in wsdisplay(4) when switching virtual terminals.
!
- Update isakmpd(8).
!
- Repair lun support in umass(4).
- Zero pw_passwd before freeing its memory in the libc BSD authentication routines.
!
- Train makewhatis(8) to handle more special cases.
!
- Avoid double fclose(3) in getcap(3).
!
- Increase delay in RAM probe for hifn(4).
!
- Suffix list fix in make(1).
!
- Various bug fixes in ksh(1).
!
- When using the tail(1) -f flag on stdin, don't reopen a local file named stdin.
!
- Extend kqueue(2) to support kernel events on vnodes.
!
- Bring in BSD authentication support for sudo(8).
!
- Zap MULOG in inetd(8) to improve code readability.
!
- Avoid whacking errno in top(1) signal handlers.
!
- Do not include MFS partitions in quot(8) statistics output.
- Add support for the Acenic Copper and Netgear GA620T Gigabit Ethernet cards.
!
- Prevent a type overflow in recno(3).
- IMPLEMENTATION FIX: Imac DV reports the VGA device improperly.
A patch is available.
[Applied to stable]
- Import BSD authentication mechanisms from BSDI BSD/OS.
!
- Implement pw_dup(3), a function which copies struct passwd.
!
- Replace getpass(3) with a more flexible readpassphrase(3) interface.
!
- Add strnvis(3), a length-bounded version of the strvis(3) libc function.
- Better prompting logic in libskey.
- Resurrect binutils on alpha.
!
- Recognize newer Intel audio devices in auich(4).
!
- Stop amphy(4) from attaching to network devices it doesn't belong to.
!
- Enable support for pciide(4) found in newer Intel chipsets.
- Correct URL handling in the install scripts.
!
- Limit the number of SCSI luns in umass(4).
- Page size fixes to the alpha port.
- Import ssh-ask-pass support for X11.
!
- Fix a signal race in ypserv(8) SIGHUP handling.
!
- Enable uaudio(4) by default in GENERIC/i386.
!
- Reserve all-1s addresses in the IPsec code for future policy discovery features.
- Resolve HMAC nomenclature issues.
!
- Be sure to clear passwords out of memory after use in ppp(8).
- Support kernel event queues.
!
- Add support for USB scanners through the uscanner(4) driver.
!
- More fixes to qec(4).
- Recognize newer AMD CPUs.
!
- Repair incorrect buffer size logic in telnetd(8).
!
- Add a slew of devices to usbdevs(8).
!
- Do not use perror(3) in sshd(8) after forking a child.
!
- RELIABILITY FIX: The qec+qe ethernet cards should not generate NMIs.
A patch is available.
[Applied to stable]
! - Add ifmedia(4) support to qec(4), among other improvements.
!
- Extra sanity checking in skeyinit(1).
!
- Repair timeout computations in atapiscsi(4).
- Add initial support for DEC Alpha 21264 systems.
- Bring the alpha port a bit closer to a fully operational console.
- Support Accton EN2242 MiniPCI Ethernet adapters.
- Permit O_RDWR on FIFOs to handle legacy applications that depend on it.
!
- Add scrollback support to wscons(4) through the vga(4) driver.
!
- Color change in wscons(4) vt100 emulation to more closely imitate PCVT.
!
- Repair overriding of pseudo devices in config(8)
[Applied to stable]
! - Accept -inet and -inet6 as options for the show command in route(8).
!
- Don't reorder keys in ssh-agent(1) upon key removal.
!
- Avoid parsing options in ssh(1) if there is an RSA key mismatch.
!
- Various cleanups to ftpd(8).
- In many programs, sync usage() output with their respective man page SYNOPSIS.
!
- RELIABILITY FIX: The ThunderLAN driver, tl(4), should not claim all interrupts.
A patch is available.
[Applied to stable]
! - In pciide(4), do not map unsafe registers from controllers that require 16-bit I/O space.
!
- Import new pckbc(4), pckbd(4), vga(4), pcdisplay(4), and ega(4) drivers for wscons(4).
!
- In ftpd(8), assert check_login upon receipt of EPSV/LPSV.
!
- Make the aha(4) driver compile without UVM.
- Enforce non-cacheable device space on real 80386 machines.
!
- Add RSA authentication support for SSH2 to OpenSSH.
!
- Allow serial mice to work with moused(8) and XFree86 simultaneously.
!
- Repair an off-by-one error in ssh-agent(1).
!
- Convert some old drivers to the new timeout(9) interface.
- RELIABILITY FIX: repair AES (rijndael) kernel support.
A patch is available.
[Applied to stable]
- Import PCI support for Alpha EB164 machines.
- Add bus_space_barrier macros for the powerpc.
- Endian fixes to the USB code.
!
- Better command line parsing in encrypt(1).
- Numbering fixups in pfkeyv2 to match IANA assignments.
!
- Crank maximum mbuf size in ppp(8) in order to handle full-sized HDLC frames.
!
- Improve handling of IPv6 Node Information Query packets for better specification conformance.
!
- Fix a panic induced by assigning lo0 an IPv6 alias.
!
- IMPLEMENTATION FIX: In sshd(8), fix skey support in SSH1 protocol.
A patch is available.
[Applied to stable]
! - Deprecate pltime=0 in ifconfig(8).
!
- Modifications to the ktrace(2) interface to reduce redundancy.
!
- Do not advertise dynamic/cloned routes in route6d(8).
!
- Allow ping6(8) to send ICMP6 packets smaller than 8 bytes.
[Applied to stable]
! - Correct free-before-reference bugs in rshd(8) and rlogind(8).
!
- Improve queue handling in gdt(4).
!
- New Adaptec FSA RAID driver called aac(4).
!
- Fix DMA error problems in adw(4).
[Applied to stable]
- If MANPS environment variable is set, the system will also build and install postscript manual pages into /usr/share/man/ps[1-9]/.
!
- In date(1), fix an off-by-one error which would happen when changing time over DST.
!
- Permit -Tps in nroff(1).
- Make some pfkeyv2 interfaces conform to RFC 2367 numbering.
- New timeouts in a couple of network drivers.
!
- Prevent nfsd(8) from swapping out.
- Use PHOLD/PRELE in various kernel components.
!
- Buffer overflow fix to telnet(1).
- Many man page improvements.
!
- Permit handling more than 6 arguments in a hostname.if(5) file.
!
- kcore handling in kvm(3) for alpha.
!
- Update usb(4) code.
- Update alpha architecture support. A snapshot will come out soon.
!
- In pchb(4), for Intel random devices, do not busy wait for data.
!
- Switch amiga to uvm(9).
- Fix amiga pmap module submap allocations.
- Centralized netisr dispatching.
!
- ppp(8) updated.
!
- In aue(4), fix multicast filter programming.
!
- Repair an uninitialized variable bug in ipsec(4) output.
[Applied to stable]
! - Add pcibios(4) interrupt setup support for AMD750 chipset.
!
- RELIABILITY FIX: In sparc zs(4), when using serial console, the interrupt routine was unable to distinguish it's own interrupts.
A patch is available.
[Applied to stable]
! - Generate new hashkey every time a bridge(4) is brought up.
!
- Change bridge(4) code to use lower spl.
!
- Passive FTP support in lynx(1).
!
- In ssh(1), downgrade to SSH1.3 if server is SSH1.4.
!
- In sshd(8), do not disable rhosts(rsa) if server port greater 1024.
!
- In sshd(8) Agent forwarding and -R support for SSH2 protocol.
!
- ipsecadm(8) man page repairs.
[Applied to stable]
- In pfkeyv2, send the message to registered promiscuous listeners.
[Applied to stable]
! - Some minor bridge(4) fixes.
!
- ld.so(1) support for the pmax.
- On powerpc, print out the size of the L2 cache size on G3 and G4 machines.
- 2.8 release builds are running, but some of us are already working on post-release hacking.
--- 118,827 ----
- Fix several copyin/copyout bugs in sys/compat.
- Provide a random start for tcp timestamps.
- Support sharing disks between MacOS and the PowerPC port.
!
- Add support for the SaramNcom NS-1100M in the wi(4) driver.
!
- Fix support for the D-Link DE660 pcmcia card in ne(4)
!
- In sis(4) add support for reading the MAC address from the APC CMOS RAM in SiS630E-based chipsets.
!
- In ne(4), changes in media type initializion on DP8390-compatibles.
!
- Implement read/write access to an IEEE 802.3u mii(4) bus using the bit-bang method.
- Add support for DOZE mode on powerpc processors that support it.
!
- Add support for the Symbios 53c1010 in the siop(4) driver.
!
- Implement mincore(2), mlockall(2) and munlockall(2).
!
- Added support for ami(4) MegaRAID Controllers.
!
- Fixed several occurrences of exit(-#); exit(3) only passes the lower 8 bits of status on to the parent.
- Fixed several occurrences of PATH_MAX+1 that should be PATH_MAX.
- Fix interrupt handler registration on the mvme88k port, remove 68k-isms and add UKC support.
- Add some non-US encodings to the USB keyboard driver.
!
- Disable bogus file check in cvs(1).
[Applied to stable]
! - Enable tag queuing and fix some wide/sync negotiation problems in the siop(4) driver.
!
- Add support for isapnp(4) i82365-based pcmcia(4) controllers.
- Many man page fixes.
!
- Fix checksum calculations in bridge(4) setups.
!
- Avoid reading some AC97 registers in neo(4) driver as needed by some devices.
- Avoid a deadlock condition in the syncer.
!
- wscons(4) support for powerpc adb keyboard.
!
- Plug many memory leaks in the libc rpc(3) code.
- Drop packets with 127.0.0.0/8 in header field, if the packet is from outside. RFC1122 dictates that 127.0.0.8 must not appear on the wire.
!
- In sudo(8), fix negation of path-type Defaults entries in a boolean context in sudoers(5).
- Add open hashing functions to libc.
!
- fsck(8) changes for soft updates support.
!
- Extend kqueue(2) down to the device layer for better device support.
- ncurses-5.2-20010224
!
- In the i386 bios(4) driver, add a check for ROMs mapped into memory and setup an extent for each one found. This fixes a problem with ISA cards using iomem space already claimed by a ROM.
!
- Update to sendmail(8) 8.11.3 which fixes potential data loss if a machine crashes.
- A number of filesystem races and locking problems have been fixed.
!
- In ne(4), add support for a D-Link DFE-650 model with a different vendor ID.
- Improved stability with soft updates.
!
- WEP support for the an(4) Aironet driver.
!
- Default SSID in the an(4) Aironet driver; now it will connect to any SSID.
- Better detection of the VAX VS4000/VLC and MV3100/{3,4}0.
- Improved S3 Savage X11 driver for XFree86 3.3.6.
!
- Add mii(4) support to the vr(4) Via Rhine network driver.
!
- Add support for the Dlink 530TX+ to the rl(4) RealTek 8129/8139 network driver.
!
- SECURITY FIX: for ipsec(4), handle AH packets with IP options more strictly.
A patch is available.
[Applied to stable]
- In the powerpc port, add edge/level sense detection capability to the interrupt controller.
!
- Add uftdi(4) driver for the FTDI USB->Serial converter device.
- Tone down the verbosity levels in many SCSI drivers.
- OpenSSH 2.5.1 released.
[Applied to stable]
! - Fix DMA memory allocations in twe(4).
!
- SECURITY FIX: update to sudo-1.6.3p6 which fixes a non-exploitable buffer overflow on very long argv components.
A patch is available.
[Applied to stable]
! - Correctly detect Daylight Saving Time changes in cron(8).
!
- Add bash-like double-tab completion support to ksh(1).
- Avoid losing RTC after suspend/resume on some laptops.
!
- Repair an integer conversion bug in pms(4) which fixes the mouse resolution setting in X.
!
- Fix non-TCP protocol mappings in ipnat(4).
!
- In isakmpd(8), encode X509 expirations into KeyNote credientials/policies.
!
- In pppoe(8), try every BPF device, not just even-numbered ones.
!
- Support -C flag in nm(1).
!
- Update ISC cron(8) to 4.0b1, maintaining our local changes, including signal handling fixes.
!
- Rename old mvme68k and mvme88k siop(4) driver to ssh(4) to avoid naming conflicts.
!
- Fix an uninitialized variable in wsmouse(4).
- Some games fixes.
!
- Nuke nlist(3) and kvm(3) usage in top(1).
!
- More careful buffer handling in rusers(1).
!
- Add MII support to the vr(4) driver.
!
- Several IPv6(4) improvements from KAME.
- OpenSSH 2.5.0 released.
[Applied to stable]
- Sync many parts of the alpha port with NetBSD.
!
- Fix 64-bit issues with the IPv6(4) multicast API.
- Rewrite libwrap RFC931 support to avoid stdio issues with sockets.
- Many man page fixes.
!
- Pull in latest faithd(8) daemon from KAME.
!
- In tcpdump(8), deobfuscate some IP protocols and improve IPsec(4) tunnelmode printing.
!
- Set the offset for SCSI chain B properly in the VAX ncr(4) driver.
- Import XFree86 4.0.3.
!
- Long username fixes to lpd(8) and lprm(1).
!
- Convert the powerpc port to UVM(9).
!
- Import siop(4), a replacement for the ncr(4) SCSI driver.
- Support more NE2000 PCMCIA devices.
- Avoid passing shared mbufs around the kernel to prevent accidental overwrites.
!
- Add pcscp(4), a driver which supports AMD Am53c974 SCSI controllers.
!
- Modify sliplogin(8) to handle long usernames.
- Add portsplus which tracks changes to the ports collection.
!
- Allow X to work without pcvt(4).
!
- Fix an authorizer removal problem in keynote(3).
- Deactivate function pointers upon interface detach to avoid crashes.
- Deal with the real time clock losing interrupts on i386.
- Bump maxusers to 32 in the alpha port.
!
- Avoid a theoretical buffer overflow in getpwent(3).
!
- Fix an uninitialized variable in bsd.port.mk(5).
!
- Disregard ospeed in tetris(6).
!
- Modify wall(1) to handle long usernames.
!
- Many isp(4) SCSI driver improvements and updates.
!
- Fix goto-line 0 case in mg(1).
!
- Fix PermitRootLogin option in ssh(1).
!
- In brconfig(8), skip empty lines in the rulefile.
- Fix HTTP installs, which were broken for quite awhile.
- Repair statclock on mvme88k.
- Ensure softupdates is enabled before performing softupdates-specific operations.
!
- Define a sendmail(8) variable to workaround broken name servers.
!
- Allow up to 12 virtual terminals in wscons(4).
- Correct VAX signal handling.
- Cleanup MAC support in SSH2.
- Support attachment of Cheetah devices to vsbus as well as ibus in the VAX port.
!
- Disable a bogus file check in cvs(1) to ease the pain of having replicated repositories.
!
- Ensure $RSH is set in the rcmd(3) functions.
!
- String table fixes to ddb(4) and modload(8).
!
- Update wscons(4) code.
!
- Pull in fixes for potential buffer overflows in xdm(1).
!
- Compatibility fixes to tar(1).
- Many OpenSSH cleanups and improvements.
!
- New ELF symbol handling in ddb(4).
!
- Enable wscons support in XFree86.
!
- Modify PCI power state for clct(4) devices so they work after warm reboots.
!
- Repair BPF support in gre(4).
!
- Fix an uninitialized variable in wsdisplay(4).
!
- Fix file attribute passing in sftp-server(8).
!
- Correct a memory usage error in ssh-keyscan(1).
- Add support to the powerpc for loading the bootloader and kernel from an HFS filesystem.
!
- Better failure handling in vr(4).
!
- Add support to dc(4) for parsing media blocks from Intel 21143 SROMs.
- Strengthen SSH1 to make traffic analysis more difficult.
!
- Updates to /etc/services from IANA.
!
- In ssh(1), enforce non-batch_mode if StrictHostKeyChecking is set to "ask".
- Backport a buffer overflow fix from XFree86 4.0.2 to in-tree XFree 3.3.6.
- Stricter prototypes, type fixes, and other cleanups in OpenSSH.
!
- Switch IPv6 raw socket code from NRL to KAME.
- Stricter checking in SSH2.
- OpenSSH 2.3.2 released.
[Applied to stable]
! - Implement an upper limit for icmp6(4) redirects.
!
- Fix rwhod(8) to work, and make debug code a flag option.
!
- Mark our tree such that we use wscons(4) as if it is vt220, instead of vt100.
!
- In wscons(4), when scrolled back, if a new key is pressed, reset us to our previous location, as pcvt(4) used to do.
!
- Permit sftp(1) over SSH1 protocol.
!
- In sftp(1), do not forward agent or X11 traffic.
!
- In tar(1), fix -T option and add support for -C option
!
- Honor TMPDIR variable in tar(1), cpio(1), and pax(1).
!
- perl(1) patch CHANGE6214.
!
- New route6d(8).
!
- Numerous more changes to sftp-server(8) and sftp(1).
!
- Changes to accept(2) to permit return of ECONNABORTED.
!
- Quieten IPv6 DN message reporting by default.
!
- Improve xmalloc() and friends in ssh(1) code..
- Remove dead architecture support from the tree.
!
- Remove support for #! from syslogd(8).
!
- cac(4) driver to support Compaq Smart ARRAY RAID controllers.
!
- Ignore blank lines in hostname.if(5) files.
!
- In ssh(1), add -1 option to force protocol 1.
!
- Enable sftp-server(8) by default.
!
- Numerous bug fixes to sftp-server(8) and sftp(1).
- Make scsi work on the vaxstation 4000/90.
!
- Same for tun(4), gif(4), and others..
!
- Change lo(4) initialization code so that boot -c pseudo-device editing code can affect it in the expected fashion.
!
- If kernel has ddb(4) support, add a ddb sub-command inside boot -c.
- Teach the bridge to deal with ARP alignment in the presence of numerous previous layers...
!
- EtherIP support in tcpdump(8).
!
- Fix a bug introduced a few weeks ago in yppush(8).
- A bit of a trawl through the source tree to please the alpha, since various problems occur in the absence of perfect weak symbols.
- libc_r works on the alpha now.
!
- Many new fixes to sort(1).
- Teach config -e and boot -c about pseudo-devices.
!
- Fix perl(1) h2ph scripts.
!
- More bridge(4) fixes for unicast learning.
!
- Add sftp(1) client.
!
- Fix an off-by-{1,2,4} error in i386_space_copy(). wscons(4) now works perfectly.
!
- More fixes to rtadvd(8).
!
- Fix bugs in atc(6), snake(6), battlestar(6), phantasia(6), and adventure(6).
- Enable scrollback from USB keyboards.
!
- Numerous improvements in ppp(8).
!
- At ELF execve(2) time, check for the OpenBSD note first, so that native binaries run best.
- Attempt to share crtbegin/crtend in ELF csu, including an OS note.
!
- Change powerpc ld.so(1) so all architectures use DT_INIT for ctors/init.
- Fix overlapping bus space copy operations on i386.
- Move EtherIP to version 3 (2 byte padded header).
!
- Art does battle with ksyms(4), gets wounded, but eventually wins.
!
- In sshd(8), S/Key is now called ChallengeResponse.
- Make ReverseMappingCheck optional in sshd_config.
- Mickey the madman goes on a new timeout crawl through pci and isa drivers.
!
- Fix nlist(3) emulation for cases where the ELF header does not exist; permits /dev/ksyms to work on ELF machines.
!
- Emulate some new freebsd signal(2) related things in compat_freebsd(8).
!
- In IPv6, avoid panic when packet to nonexistent link-local address is issued.
!
- xl(4) no longer needs to whine about tx underruns.
!
- Fix ELF support for compat_freebsd(8).
!
- Catch the alpha up to wscons(4) changes.
!
- Fix wscons(4) wsmux(4) attachment.
- Support mvme188 card in mvme88k port.
!
- If a pccbb(4) bridge does not have the right voltages, assume it is dead. Permits single connector adapters to work.
!
- Fix some bugs in the bridge(4), especially regarding gif(4).
!
- IMPLEMENTATION FIX: fix memory allocation in the PCI LANCE ethernet driver, le(4).
A patch is available.
[Applied to stable]
! - In config(8) -e and -u, do not write out a new kernel if nothing changed.
!
- Numerous fat utmp(5) changes to utilities.
!
- Move utmp(5) to large format.
!
- Fix some incorrect return values for mmap(2) functions.
[Applied to stable]
! - Make top(1) not setgid.
- Update X11 to support the new i386 changes.
!
- Configure wscons(4) defaults to be what our users expect.
!
- moused(8) is dead for now.
!
- Enable uhci(4) and ohci(4) devices by default in GENERIC.
!
- Range-check invalid .max fields in inetd(8).
!
- Various post-merge ipf(8) fixes. Some previous fixes got removed and had to be put back in.
- In ATAPI code, ignore PIOMODE errors.
- On many architectures, change console name to ttyC? instead of ttyE?.
!
- Add -U option to ELF ldconfig(8).
!
- Move i386 to wscons(4).
- Re-org the alpha boot floppies.
- More improvements against the Bleichenbacher pkcs#1 attack.
!
- Fix more select overflow issues in ssh(1).
- gcc 2.95.3, test 2.
!
- ises(4), start of a driver for the Pijnenburg PCC-ISES crypto chip. Does random entropy insertion.
- Permit many compat system calls to match to the same native call (was not permitted before).
- A bunch of people are doing a kernel trawl to update drivers to new timeouts.
- Support boot -c on the sparc.
- Fix an early timeout bug in wdc/ata support, which caused problems with atapi tape drives.
- Niklas runs through the tree doing commits in an attempt to keep up with Todd's much higher commit count.
!
- Receive random numbers from ubsec(4) cards.
- Make wdc mode printing more portable, so that the powerpc can use it too.
!
- adb(4) drivers in powerpc port.
!
- New upl(4) driver for Prolific PL2301/PL2302 USB host-to-host driver. This acts like a network device.
!
- Remove -Q flag from sshd(8).
- Change audio-driver interface so drivers can supply a minimum delta for mixer value changes.
- USB sync.
!
- SECURITY FIX: fix some buffer overflows in named(8).
A patch is available.
[Applied to stable]
- Support Cheetah vaxes.
!
- Improve MAKEDEV(8) manual pages on many architectures.
!
- Cause pcibios(4) to route interrupts via the pci router at the time interrupts are established for each driver, not before.
!
- Optimize pcidevs, usbdevs(8), and other tables in the kernel.
!
- Both wi(4) and awi(4) now support more models of cards.
!
- skey(1) SHA1 is supposed to be little endian.
!
- Improve ping6(8) signal handling further.
!
- Merge isakmpd(8) in. It is no longer separate.
!
- Many ppp(8) improvements.
- Handle binary data in install floppy dmesg.
!
- Improve ELF handling of nlist(3).
- Print CPU speed in GHz if it is that fast.
- Detect Transmeta CPUs.
- On powerpc, ensure that signal delivery fills in rval[1]; at least pthread was affected.
- Move powerpc to MACHINE_NEW_NONCONTIG.
!
- In mg(1), do not use rename(2) on the ~ file; make a new copy so that vipw(8) and crontab(1) do the right thing.
- Tweak alpha so it sends SIGBUS for unaligned access, and does NOT do a fixup. This encourages people to fix their code.
- KGDB support for the i386.
- Pack alpha definition of infinity properly, other architectures too.
- Recognize Intel P4 CPU.
- Various space optimizations for alpha boot floppies.
- Fix CF wdc, which was broken for a while.
!
- Add "enable" keyword in config(8) files.
- Merge and simplify emulation directory handling code.
!
- Support Initio INI-91xx cards via new iha(4) driver.
!
- In accept(2), when peer disconnects before accept is issued, do not return junk in mbuf by setting length to 0.
- Support Hardware RNG on i850 and i860 hubs.
!
- Fix sysctl(3) so that you can clear a string with it.
!
- In sshd(8), rename "skey" to "challenge response", since this mechanism is now more flexible.
- Reduce how long we wait for scsi devices to come ready; 50 seconds is enough.
!
- pcvt(4) keyboard LED update lockup patch.
- ncurses-5.2-20010114
!
- Fix many more sshd(8) memory leaks.
!
- Fix memory leak in isakmpd(8).
!
- In timed(8), do not accept packets with an unterminated hostname.
[Applied to stable]
- Alias map bios rom at both real address and it's own zero-relative address, because bios roms contain bugs.
!
- In rtadvd(8), sync router renumbering flag bit to conform to 2292bis-02 and RR RFC.
!
- Get rid of -R flag in ssh-keygen(1).
!
- Avoid memory leak in ndp(8).
!
- Establish pccbb(4), ohci(4), and uhci(4) interrupt handler much earlier, because of coming pcibios(4) changes.
!
- Numerous small fixes to sshd(8) and friends.
!
- In ssh(1), fix SIGSEGV for -o "".
- On i386, validate gate targets.
- The easy delete key always returns ^?, while the more difficult one returns ^H.
- Incorporate a set of post-4.4BSD changes to the kernel routing code.
- Support more than 256MB of ram on powerpc.
- Be more careful with assuming with VIA chips can handle U66.
!
- Document better how code using sigblock(3) and sigsetmask(3) would be converted to use sigprocmask(2).
!
- Get sshd(8) ready for auth-login.
!
- In ifconfig(8), permit prefixlen to work against ipv4 addresses.
!
- Change savecore(8) to deal with machines dumping 1GB or more..
- Attempt to deal with inverted signal races in terminal handlers better, throughout the source tree -- ie. main code is deep inside stdio, signal handler calls exit().
!
- Document rules that apply to signal handlers in signal(3) and sigaction(2).
- ipf 3.4.15
!
- Fix a vi(1) crash.
!
- SECURITY FIX: The rnd(4) device does not use all of its input when data is written to it.
A patch is available.
[Applied to stable]
! - Fix C sequence point issues in dd(1), monop(6), tail(1), and rbootd(8).
!
- Fix previous inetd(8) fix.
!
- Fix signal handler race in apmd(8), bootpd(8), syslogd(8).
!
- Constrain isp(4) openings to 128, since the vendor code lies, cheats, steals, and makes us cry.
!
- Fully support SSH2 RSA keys in sshd(8).
- Change alpha bootblocks to ELF.
!
- Fix fd_set overflows and signal races in pppoe(1).
- Important pthread fix.
!
- Large block of documentation and functionality changes to mail(1).
!
- fd_set overflow fix to routed(8).
!
- Signal handler fix to newfs(1).
!
- Cleanup various signal races and buffer overflows in ed(1).
!
- Fix signal race in mountd(8) by writing our own svc_run() routine.
!
- Fix uninitialized variable bug in config(8) UKC code that ignored first command sometimes.
!
- Various changes ensure that all known le(4) cards now work on sun4, sun4c, and sun4m machines.
- Tweak subr_extent code with respect to boundary cases.
!
- sftp-server(8) draft came out; convert our sftp-server(8) to be compliant.
- sendmail 8.11.2
!
- Signal race fixes to fsck_ffs(8), rcp(1), slattach(8), shutdown(8).
- Change asm and volatile to __asm__ and __volatile__ in any file which might be compiled using -ansi -pedantic or similar.
!
- Some signal handler cleanup in rcp(1).
!
- Cleanup timeout code in adw(4).
- Numerous alpha catchups.
!
- New rtadvd(8) code.
!
- Compute UDP checksum in dhcpd(8).
!
- Move mvme88k to UVM(9).
!
- clct(4) driver for Cirrus Logic CS4281 sound chips.
!
- Support {Allow,Deny}Groups in sshd(8).
!
- sshd(8) SSH2 protocol support for keepalives, IPTOS_LOWDELAY, TCP_NODELAY, and IPTOS_THROUGHPUT.
!
- Add kerberos(1) password handling in sshd(8) for kerberosIV.
!
- More memory leak fixes to sshd(8) and ssh(1).
!
- Tweak strlcat(3) to not crash for a certain "illegal pointers, length 0" situation.
!
- Clarify setjmp(3) variants in the manual pages.
!
- Correct fd_set and signals in ping6(8).
!
- Un-race three signal handlers, and fix select overflows in inetd(8).
!
- Fix signal race in route6d(8).
- Move mvme88k to MACHINE_NEW_NONCONTIG.
!
- Fix signal races in rwhod(8).
!
- Fix fd_set overflow in yppush(8).
!
- Fix closedown stub generated and hand-whacked by rpcgen(1) in ypserv(8).
!
- Audio driver for most ESS maestro(8) models.
!
- Signal race repairs in talkd(8) and comsat(8).
!
- Fix select overflow in ssh-agent(1).
!
- Fix rpcgen(1) to deal with large fd_set.
- Document various signal races in the source tree which are very difficult to fix, or which turn out to be safe even if they look flawed.
!
- Rename ich(4) to auich(4).
!
- Cleanup the sftp-server(8) implementation.
!
- Support !command feature in bridgename.if(5) files as well.
!
- Numerous other small changes to isakmpd(8).
!
- Handle memory failures in passwd(1).
!
- In finger(1), fail nicely if memory allocation fails.
!
- Handle DELETE payloads in isakmpd(8).
!
- Remove signal races from sshd(8).
!
- Ease support for road-warrior scenarios in isakmpd(8), by intuiting the Local-ID when possible.
- Change 802.11 DS drivers to operate in BSS mode by default.
!
- Create links for FD_SET(3) and such to point to the select(2) page.
!
- Support TCP_NDELAY on ipv6(4) in ssh(1).
- Numerous spelling error corrections in the system.
- Various other calendar updates.
!
- Ensure replydirname in ftpd(8) does not ever truncate names.
!
- Ensure ftpd(8) does not sometimes return a stray " at the end of a string.
!
- Various large updates to isp(4).
!
- In restore(8), do not skip TS_BITS or TS_CLRI are set.
- Change our own custom EtherIP protocol to the standard one (which is very badly designed, but we are trying to get them to fix that).
- Fix KerberosIV code to build better if src and obj are in strange places.
!
- Support Banner option in sshd(8).
- Make the openssh-p effort a bit easier by merging some simpler portability hacks.
!
- Various missing free(3) calls repaired in ssh(1).
- Attempt to support cardbus 3CXFEM656C 56k Global modem.
!
- In pciide(4), support U100 on ICH2, U66 on Via Apollo, and other repairs to Promise.
- Spelling changes to calendar files.
!
- Be more careful with stat(2) handling in mv(1).
!
- Fix %p handling in strptime(3).
!
- Fix various buffer overflows and other fixes in indent(1).
!
- Do not spit out icmp6 checksum messages if not a debug kernel.
- Permit stripped VAX kernels to load despite unexpected values from libsa.
!
- Simplify locking and a few more fixes to twe(4).
- Plug some memory leaks in OpenSSH.
!
- Fix -P in ftpd(8).
- Emulation fixes to the VAX code.
!
- Protect bits of dhclient(8) with a locking mechanism to prevent multiple instances from using the leases file simultaneously.
!
- Fix 3 cases in mv(1) relating to the moving of symlinks across filesystems.
!
- In ftpd(8), expand the tilde character in ftp-dir login.conf variable.
!
- Prohibit binding to an anycast, notready, or detached IPv6 address.
!
- Rename fsinfo(8) to xfsinfo in X11 to avoid naming conflict.
!
- Set the correct pfkeyv2 direction for KAME SPD entries in isakmpd(8).
!
- Save and restore errno properly in flex(1) since it may be whacked by isatty(3).
!
- Fix sending/receiving passwords in routed(8).
!
- Add an i386-specific sysctl(3) that modifies halt -p processing in APM to deal with some quirky machines.
- More sun3 fixes, mostly to conform better to other m68k architecture code.
!
- Handle login banners better in SSH2 instances of ssh(1).
- Various spelling and grammar fixes across the tree.
!
- Use new sysctl(3) interface for kernel memory bucket statistics and clock information.
!
- Correctly check for empty mailq(1) in /etc/daily.
- Y2K fix in the mvme68k NVRAM code.
!
- Extend sysctl(3) to support quad values.
!
- Improve SMB packet printing in tcpdump(8).
- Add common pidfile-writing code to DHCP so each program doesn't need to roll its own.
!
- To please cap_mkdb(1), make it an error to open a zero-length file for read-only access in hash(3).
- Some sun3 architecture fixes.
!
- Ignore environment variables in libssl if we're running setugid.
!
- In ssh(1), log the remote IP address on disconnect.
!
- Check for memory allocation failure in vmstat(8).
!
- Fix a buffer overflow in fsinfo(8).
!
- Handle another special case in apm(4).
!
- Fix a panic in the RAIDframe locking management code.
!
- Add setpid command to fdisk(8) for setting the partition ID.
!
- Change bridge(4) to use gif* instead of enc*.
!
- Set SO_REUSEPORT socket option in DHCP code, so multiple dhclients work.
!
- Allow printing of 8-bit ASCII characters in talk(1) through an option.
!
- Do not perform getnetbyname() in mountd(8) if the address is already in dot-notation.
!
- In ftpd(8), log the actual number of bytes transferred instead of the original file size.
- Fix ^C in termtype prompt.
!
- Prevent fsck_ffs(8) from marking a filesystem clean if fsck(8) needs to be rerun.
!
- Resolve scheduling conflict in newsyslog(8).
!
- In dhclient(8), set a reasonable default lease time if the server does not provide one.
!
- Suppress uninteresting PCI bus error messages in ahc(4).
!
- Add m88k support to gprof(1).
!
- Add HostKeyAlias option to ssh(1).
!
- Behave nicely with fixed-rate codecs in auvia(4).
!
- Fix a minor off-by-one error in gprof(1).
- In the ports infrastructure, take the old non-fake code out-of-line.
!
- Repair a disgusting rwhod(8) crash.
!
- Fix buffer overflow in csh(1) builtin printf(1) implementation.
!
- Convert atoi(3) to strtoul(3) in top(1).
- Emulate Linux truncate64, stat64, lstat64, and fstat64 syscalls.
!
- Revoke root privileges earlier in ping6(8) and traceroute6(8).
[Applied to stable]
- Many man page fixes.
!
- Use arc4random(3) in jot(1).
!
- Handle quotas over 4GB in edquota(8) and repquota(8).
!
- Fix IPv6 Path MTU Discovery.
!
- Give up euid more carefully in mrinfo(8) and mtrace(8).
- Various OpenSSH fixes.
- Add support for ActivCard, CRYPTOCard, and SNK-004 authentication for the BSD authentication framework.
!
- In ksh(1), remain in non-blocking mode if the shell is not interactive.
- SECURITY FIX: xlock now authenticates via a pipe.
A patch is available.
[Applied to stable]
! - IMPLEMENTATION FIX: PS/2 mouse driver, pms, lockup fix.
A patch is available.
[Applied to stable]
! - Implement a workaround in atapiscsi(4) for buggy Toshiba drivers.
!
- SECURITY FIX: Fix holes in procfs(8).
A patch is available.
[Applied to stable]
! - Put strlcat(3) and strlcpy(3) into libkern for kernel use.
!
- Fix setting of nwid for wi(4).
[Applied to stable]
- Change /etc/security to spit out unified diffs.
!
- Add driver for Compaq SMART Array RAID controllers, cac(4).
!
- Extend the i386 allowaperture sysctl(3) to allow access to the whole 1st MB of memory.
- Add some more sanity checking to the PCMCIA code to fix some obscure panics.
- Import Apache 1.3.14 + mod_ssl 2.7.1.
- Support multiple pfkeyv2 keying daemons.
!
- Compute diffie-hellman in parallel between server and client in OpenSSH.
- Support Amigas with more than 64MB of RAM.
- Ensure /etc/sudoers is created with a proper secure mode.
!
- Import OpenSSL 0.9.6.
!
- More photurisd(8) improvements.
- Update kernel pfkeyv2 code for better conformance to the RFC.
- Enable loading of ELF kernels for alpha.
!
- Add extraction support for shell archives to the bsd.port.mk infrastructure.
!
- In ipsec(4), look for TDB if gateway is unspecified.
[Applied to stable]
! - Fixes to patch(1) -f and -b.
!
- Convert some more drivers to the new timeout(9) interface.
!
- Add bytecounter statistics reporting to netstat(1).
- Instrument more random TCP sequence numbers.
!
- IMPLEMENTATION FIX: Compute crypto(9) session IDs correctly for kernel.
A patch is available.
[Applied to stable]
! - In sshd(8), permit logins with read-only root filesystems if the tty already has sane modes set.
!
- Source port < 1024 is no longer required for rhosts-rsa in sshd(8).
!
- Remove dead code in hifn(4) driver.
!
- Proper getopt(3) usage in compress(1).
!
- Fix a time specification in last(1).
- Do not disable PMTU for established TCP connections unless there is data to send.
!
- Add support for the 802.1D spanning tree protocol to bridge(4).
- New BSD authentication login scripts.
!
- Listen to pfkeyv2 acquire messages in photurisd(8), and setup SAs accordingly.
!
- isakmpd(8) update.
!
- apm(4) bug fix that helps a few laptops.
!
- Remove unnecessary code from photurisd(8) in preparation of new SPD framework.
!
- Repair a memory leak in ICMPv6 code.
!
- Turn off PMTU when ICMP needfrag messages get blocked.
- Finnish updates for inter.phone.
!
- Display number of successful IPv6 PMTU changes in netstat(1) -s output.
!
- Do not re-print ETA on completion in scp(1) when copying 0-sized files.
!
- Validate ICMPv6 "too big" messages based on PCB.
!
- Do not use already-freed memory in route(8).
!
- Avoid repeated host controller halted messages in uhci(4).
- Remove unused libgmp.
!
- Import KerberosIV v1.0.4.
!
- Always request a new challenge for skey/tis-auth in ssh(1).
!
- Support newer cy(4) communication cards.
!
- Provide new international keymaps for pcvt(4).
- Ignore filesystems marked "xx" in the install scripts.
!
- Document that pipe(2) is bidirectional, although this behavior is unportable.
!
- Move the default cvs(1) connection protocol from rsh(1) to ssh(1).
!
- Remove a bogus memory free in getnetgrent(3).
!
- Fix a buffer overflow in bad144(8).
- Revert back to the old rijndael implementation and solve byte ordering bugs there instead.
!
- Drop unneeded support for RTF_TUNNEL in route(8).
!
- Maintain count of routing table timer entries in route(8).
!
- In makewhatis(8), strip weird characters first, then sequences of spaces.
!
- Big improvements to adw(4).
!
- Teach tcpdump(8) about VRRP, SMB, and timed.
!
- Force calendar(1) to only accept real calendar files as input.
!
- Fix various perror(3) overflows in pcvt(4).
!
- Repair a tftp(1) argv parsing overflow.
!
- Conditionalize some BPF code in wx(4).
!
- Finally remove remaining references to extra RSA libs, since the patent has expired.
- New rijndael implementation which solves endian issues.
!
- Support Intel 82801BA pciide(4) controllers.
!
- Exercise more paranoia with passed KRB environment settings in telnetd(8).
!
- Convert some more drivers to the new timeout(9) interface.
!
- Many improvements and modernizations to isp(4).
!
- Update wx(4) with LIVENGOOD support.
!
- Recognize and support the IODATA USB-ET/T Ethernet adapter in kue(4).
!
- Implement asynchronous connections for ssh(1) -R and -L.
!
- Simplify atrun(8) tasks by using asprintf(3).
- Kill unused libtermlib.
!
- Import new pool(9) code.
!
- Fix RIPv0 packet printing and NFS port number parsing in tcpdump(8).
!
- Make pcap(3)-generated BPF filters work on the tun(4) interface.
!
- Import David Maziere's ssh-keyscan(1).
!
- SECURITY FIX: Fix buffer overflow in ftpd(8).
A patch is available.
[Applied to stable]
- IMPLEMENTATION FIX: Fix fastroute related panic.
A patch is available.
[Applied to stable]
- Teach OpenSSH about more version strings to improve interoperability.
!
- SECURITY FIX: Fix another security problem in the KerberosIV code.
A patch is available.
[Applied to stable]
! - SECURITY FIX: Fix two security problems in the KerberosIV code.
A patch is available.
[Applied to stable]
! - Permit ftpd(8) umask setting via both the command line and through a login class in login.conf(5).
!
- Prevent vlan(4) devices from emitting packets if the parent interface is not up and running.
!
- Better error checking in ping6(8).
[Applied to stable]
! - Some stability fixes to isakmpd(8).
!
- In ssh(1), disable agent/X11 port forwarding if the hostkey has changed.
!
- Fix a coredump in ssh-agent(1).
!
- Reset 16-bit PCMCIA during chip initialization in pccbb(4).
!
- Correct PCI interrupt setup for TI PCI113X CardBus bridges.
!
- Properly powerdown PC cards in pccbb(4) at shutdown time.
!
- Add -D option to sshd(8) to cause startup without a daemon.
!
- Show both the IP address and hostname when a new key is encountered in ssh(1).
!
- Fix a bug in MSChapv2 challenge hashing in ppp(8).
!
- More make(1) tweaks.
- Use -n to test for non-zero variables in /etc/netstart.
- Be more careful with ARP packets.
!
- Fix deletion of flows in pf_key_v2 handling of isakmpd(8)
[Applied to stable]
! - Prevent setusercontext(3) in ftpd(8) from setting the umask as this conflicts with any command-line umask specification.
!
- clock(3) fixes for the alpha architecture.
!
- Print select collisions in vmstat(8) -s output.
!
- Implement login_check_expire(3) for libutil.
!
- Add -u username support to pwd_mkdb(8).
- Properly implement errno handling for the threaded libc (libc_r) on powerpc.
!
- In adduser(8), get rid of a race condition and use /etc/ptmp as a lock file.
!
- Set reasonable defaults for RSA1, RSA, and DSA keys in ssh-keygen(1).
!
- Reorder check for illegal ciphers in ssh(1) protocol 1 connection code.
!
- Fix pciide(4) support on Alpha 164SX models.
- Support 16 slices per device on VAX machines.
!
- Considerable cleanups to make(1).
!
- Improve key repeat logic in wskbd(4).
!
- Changes from KAME to make ifm_data available in getifaddrs(3).
!
- Fix absolute path handling in crunchgen(1).
- Shorten /dev/ttyC* device names.
!
- Complain about invalid ciphers in ssh(1), falling back to reasonable defaults when necessary.
!
- Avoid tty races in wsdisplay(4) when switching virtual terminals.
!
- Update isakmpd(8).
!
- Repair lun support in umass(4).
- Zero pw_passwd before freeing its memory in the libc BSD authentication routines.
!
- Train makewhatis(8) to handle more special cases.
!
- Avoid double fclose(3) in getcap(3).
!
- Increase delay in RAM probe for hifn(4).
!
- Suffix list fix in make(1).
!
- Various bug fixes in ksh(1).
!
- When using the tail(1) -f flag on stdin, don't reopen a local file named stdin.
!
- Extend kqueue(2) to support kernel events on vnodes.
!
- Bring in BSD authentication support for sudo(8).
!
- Zap MULOG in inetd(8) to improve code readability.
!
- Avoid whacking errno in top(1) signal handlers.
!
- Do not include MFS partitions in quot(8) statistics output.
- Add support for the Acenic Copper and Netgear GA620T Gigabit Ethernet cards.
!
- Prevent a type overflow in recno(3).
- IMPLEMENTATION FIX: Imac DV reports the VGA device improperly.
A patch is available.
[Applied to stable]
- Import BSD authentication mechanisms from BSDI BSD/OS.
!
- Implement pw_dup(3), a function which copies struct passwd.
!
- Replace getpass(3) with a more flexible readpassphrase(3) interface.
!
- Add strnvis(3), a length-bounded version of the strvis(3) libc function.
- Better prompting logic in libskey.
- Resurrect binutils on alpha.
!
- Recognize newer Intel audio devices in auich(4).
!
- Stop amphy(4) from attaching to network devices it doesn't belong to.
!
- Enable support for pciide(4) found in newer Intel chipsets.
- Correct URL handling in the install scripts.
!
- Limit the number of SCSI luns in umass(4).
- Page size fixes to the alpha port.
- Import ssh-ask-pass support for X11.
!
- Fix a signal race in ypserv(8) SIGHUP handling.
!
- Enable uaudio(4) by default in GENERIC/i386.
!
- Reserve all-1s addresses in the IPsec code for future policy discovery features.
- Resolve HMAC nomenclature issues.
!
- Be sure to clear passwords out of memory after use in ppp(8).
- Support kernel event queues.
!
- Add support for USB scanners through the uscanner(4) driver.
!
- More fixes to qec(4).
- Recognize newer AMD CPUs.
!
- Repair incorrect buffer size logic in telnetd(8).
!
- Add a slew of devices to usbdevs(8).
!
- Do not use perror(3) in sshd(8) after forking a child.
!
- RELIABILITY FIX: The qec+qe ethernet cards should not generate NMIs.
A patch is available.
[Applied to stable]
! - Add ifmedia(4) support to qec(4), among other improvements.
!
- Extra sanity checking in skeyinit(1).
!
- Repair timeout computations in atapiscsi(4).
- Add initial support for DEC Alpha 21264 systems.
- Bring the alpha port a bit closer to a fully operational console.
- Support Accton EN2242 MiniPCI Ethernet adapters.
- Permit O_RDWR on FIFOs to handle legacy applications that depend on it.
!
- Add scrollback support to wscons(4) through the vga(4) driver.
!
- Color change in wscons(4) vt100 emulation to more closely imitate PCVT.
!
- Repair overriding of pseudo devices in config(8)
[Applied to stable]
! - Accept -inet and -inet6 as options for the show command in route(8).
!
- Don't reorder keys in ssh-agent(1) upon key removal.
!
- Avoid parsing options in ssh(1) if there is an RSA key mismatch.
!
- Various cleanups to ftpd(8).
- In many programs, sync usage() output with their respective man page SYNOPSIS.
!
- RELIABILITY FIX: The ThunderLAN driver, tl(4), should not claim all interrupts.
A patch is available.
[Applied to stable]
! - In pciide(4), do not map unsafe registers from controllers that require 16-bit I/O space.
!
- Import new pckbc(4), pckbd(4), vga(4), pcdisplay(4), and ega(4) drivers for wscons(4).
!
- In ftpd(8), assert check_login upon receipt of EPSV/LPSV.
!
- Make the aha(4) driver compile without UVM.
- Enforce non-cacheable device space on real 80386 machines.
!
- Add RSA authentication support for SSH2 to OpenSSH.
!
- Allow serial mice to work with moused(8) and XFree86 simultaneously.
!
- Repair an off-by-one error in ssh-agent(1).
!
- Convert some old drivers to the new timeout(9) interface.
- RELIABILITY FIX: repair AES (rijndael) kernel support.
A patch is available.
[Applied to stable]
- Import PCI support for Alpha EB164 machines.
- Add bus_space_barrier macros for the powerpc.
- Endian fixes to the USB code.
!
- Better command line parsing in encrypt(1).
- Numbering fixups in pfkeyv2 to match IANA assignments.
!
- Crank maximum mbuf size in ppp(8) in order to handle full-sized HDLC frames.
!
- Improve handling of IPv6 Node Information Query packets for better specification conformance.
!
- Fix a panic induced by assigning lo0 an IPv6 alias.
!
- IMPLEMENTATION FIX: In sshd(8), fix skey support in SSH1 protocol.
A patch is available.
[Applied to stable]
! - Deprecate pltime=0 in ifconfig(8).
!
- Modifications to the ktrace(2) interface to reduce redundancy.
!
- Do not advertise dynamic/cloned routes in route6d(8).
!
- Allow ping6(8) to send ICMP6 packets smaller than 8 bytes.
[Applied to stable]
! - Correct free-before-reference bugs in rshd(8) and rlogind(8).
!
- Improve queue handling in gdt(4).
!
- New Adaptec FSA RAID driver called aac(4).
!
- Fix DMA error problems in adw(4).
[Applied to stable]
- If MANPS environment variable is set, the system will also build and install postscript manual pages into /usr/share/man/ps[1-9]/.
!
- In date(1), fix an off-by-one error which would happen when changing time over DST.
!
- Permit -Tps in nroff(1).
- Make some pfkeyv2 interfaces conform to RFC 2367 numbering.
- New timeouts in a couple of network drivers.
!
- Prevent nfsd(8) from swapping out.
- Use PHOLD/PRELE in various kernel components.
!
- Buffer overflow fix to telnet(1).
- Many man page improvements.
!
- Permit handling more than 6 arguments in a hostname.if(5) file.
!
- kcore handling in kvm(3) for alpha.
!
- Update usb(4) code.
- Update alpha architecture support. A snapshot will come out soon.
!
- In pchb(4), for Intel random devices, do not busy wait for data.
!
- Switch amiga to uvm(9).
- Fix amiga pmap module submap allocations.
- Centralized netisr dispatching.
!
- ppp(8) updated.
!
- In aue(4), fix multicast filter programming.
!
- Repair an uninitialized variable bug in ipsec(4) output.
[Applied to stable]
! - Add pcibios(4) interrupt setup support for AMD750 chipset.
!
- RELIABILITY FIX: In sparc zs(4), when using serial console, the interrupt routine was unable to distinguish it's own interrupts.
A patch is available.
[Applied to stable]
! - Generate new hashkey every time a bridge(4) is brought up.
!
- Change bridge(4) code to use lower spl.
!
- Passive FTP support in lynx(1).
!
- In ssh(1), downgrade to SSH1.3 if server is SSH1.4.
!
- In sshd(8), do not disable rhosts(rsa) if server port greater 1024.
!
- In sshd(8) Agent forwarding and -R support for SSH2 protocol.
!
- ipsecadm(8) man page repairs.
[Applied to stable]
- In pfkeyv2, send the message to registered promiscuous listeners.
[Applied to stable]
! - Some minor bridge(4) fixes.
!
- ld.so(1) support for the pmax.
- On powerpc, print out the size of the L2 cache size on G3 and G4 machines.
- 2.8 release builds are running, but some of us are already working on post-release hacking.