===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus30.html,v
retrieving revision 1.47
retrieving revision 1.48
diff -c -r1.47 -r1.48
*** www/plus30.html 2016/03/21 05:46:20 1.47
--- www/plus30.html 2016/03/22 10:54:42 1.48
***************
*** 78,606 ****
! - In pf(4), block packets that have IP options set by default.
!
- Disable fd(4) sharing.
!
- Repair a umask(2) in pflogd(8).
!
- Fiddle with channel handling in ssh(8) and ssh(1).
!
- Add interface name to address translation to pfctl(8).
!
- Avoid /tmp races in cvs(1) by utilizing mktemp(1).
!
- Handle illegal whois(1) server output that lacks a trailing newline.
!
- Bring in FM radio(9) driver support; configuration through radioctl(1).
- Work around buggy HTTP servers that need the Host: field to only contain the port number.
!
- Use bpf_timeval instead of timeval in pcap(3), isakmpd(8), bpf(4), and tcpdump(8), improving portability.
!
- Fix a network/host order bug in pf(4) that broke state searching on icmp(4) packets with the DF flag set.
!
- New ssh(1) configuration option NoHostAuthenticationForLocalhost.
!
- Import a new rmd160(1) implementation.
!
- Upgrade to sendmail(8) 8.12.1, fixing a potential local security hole.
!
- New -t and -d flags for mktemp(1) to account for the TMPDIR environment variable.
!
- Add a -l flag to mtree(8) to do loose permissions checks.
!
- Report error when the -N and -R flags of pfctl(8) can't open the specified file.
!
- Have rcp(1) and scp(1) skip filenames containing newlines.
- Big install documentation overhaul.
!
- Support selectable preset FSM optimizations in pf(4).
- Lots of RAIDFrame work.
!
- Filter forwarded ip6(4) packets with pf(4).
!
- Upgrade cvs(1).
!
- New pidfile(3) call to write a daemon PID file.
!
- Read user configuration first in ssh(1).
!
- Allow macro names to contain underscores in pf.conf(5).
!
- Overhaul /tmp handling in gzip(1).
!
- Improve string handling in rwho(1).
!
- Fix handling of icmp(4) packets in pf(4).
!
- Plug memory leak in ssh(1)'s compression.
!
- Connect usb(4) keyboards to the display after attach.
!
- Correctly free mbuf when dropping a packet in the ip6(4) subsystem.
!
- Default to 9600 baud in cu(1).
!
- Many repairs to getcap(3), including an off-by-one malloc(3) error and a buffer overflow.
!
- Import a new grep(1).
!
- Update popa3d(8) to 0.4.9.4, adding support for selectable stand-alone or inetd use and tcpd(8).
!
- Start pflogd(8) differently so it doesn't block NFS in diskless situations.
!
- Avoid a memory leak in uvm(9).
!
- Remove signal race from rpc.rstatd(8).
!
- Re-order shlib_dirs in rc(8), prioritizing X11R6/lib over local/lib.
!
- Speedup m4(1) by using inlines for common operations.
!
- Cleanup the set of user(8) tools.
- Implement a buffer flushing daemon, solving problems related to the syncer and improving performance with large numbers of buffers.
!
- Remove buggy STATIC memory optimization from m4(1).
!
- Have vi(1) abort if it can't create a temporary file.
- Improve cross building support.
!
- Repair some buffer handling in mail(1).
- Add many more length checks when passing data from userland to kernel.
!
- In pf(4), don't ignore the inner protocol of ip(4) icmp(4) packets, thus unbreaking traceroute(8), etc.
!
- Support insecure1 and insecure2 options in resolv.conf(5).
!
- SECURITY FIX: be careful with long commandline options in uuxqt and run uucp as non-root in daily.
A source code patch is available.
[Applied to stable]
! - Replace ru_SU with ru_RU in vi(1).
!
- Import sendmail(8) 8.12.0, requiring a new smmsp user and group.
!
- Mark buffers with dependencies as B_DEFERRED and skip them one time when doing sync(2).
- Banish uucp to the ports tree.
!
- Upgrade awk(1).
!
- Cleanup adduser(8); clean up variables, clear hashes correctly, unlock ptmp before closing, etc.
!
- Support 1:1 bi-directional Network Address Translation in pf(4).
!
- proxy user required for ftp-proxy(8).
!
- Add a stereo jitter suppressor to the maestro(4) audio driver.
!
- Fix erroneous select(2) FD_SETSIZE uses.
!
- Repair wall(1)'s -g flag.
!
- pckbd(4) supports Ukranian keyboard layouts.
!
- Better Russian calendar(1) support.
!
- Implement skip steps and parameter lists for interfaces in pf(4).
!
- Update username length limit in rmuser(8).
- New src compilation target: cross-env; prints all environment variables that need to be set for cross-building.
!
- Import usbhidctl(1), a userland program to manipulate USB HID devices.
!
- Import usb(3) library libusb for USB HID processing.
- Rename powerpc port to macppc, allowing for code sharing between different powerpc-based platforms.
!
- Inherit vlan(4) baudrate from parent.
!
- Various lpd(8) improvements and fixes.
!
- SECURITY FIX: fix buffer overflow reading queue file in lpd.
A source code patch is available.
[Applied to stable]
! - Plug memory leak in scp(1) and rcp(1).
!
- Avoid segfault in dhclient(8) when the server specifies its name.
!
- Support the ! operator in host parameter lists in pfctl(8).
!
- Send a reset request for every packet received by ppp(8) when the encryption dictionaries are out of sync.
!
- Make pf(4) support ISN randomization (aka. phase modulation).
- Store argc as a long on the stack as opposed to an int.
- Switch rijndael code to the optimized AES reference release.
!
- Have isakmpd(8) send DELETE notifications for all active SAs when shutting down.
!
- In sudo(8), apply default login class if unable to look one up.
!
- Support macro expansion in pf.conf(5).
- Work some magic on the installation scripts for floppies, shrinking them.
!
- Correct the setup of the initial tcp(4) state window in pf(4).
!
- Import pflogd(8), logging daemon that writes pf(4) logs in tcpdump(8) binary format.
!
- SECURITY FIX: fix out of bounds handling in sendmail debug handling
A source code patch is available.
[Applied to stable]
! - Repair ppp(8)'s iface-alias option.
!
- Fix rule flushing code in bridge(4) devices.
!
- Support ip6(4) in ppp(8); crude IPV6CP support; many other smaller changes.
!
- Enhance file-change detection in vipw(8) and crontab(1).
!
- Add per-rule statistics and byte counter to pf(4).
!
- Don't reset xl(1)'s Rx/Tx without first turning them back on after a suspend.
!
- Support parameter lists in pfctl(8).
!
- Be sure to pass the interface to ipip_input() in the net subsystem so it can be used in bpf(4).
!
- Import ftp-proxy(8), a transparent ftp proxy.
!
- Loosen tcp(4) state code in pf(4), allowing "stupid stacks to shotgun their SYNs and provide better handling for pre-existing connections".
- Initial import of sparc64 port; much subsequent development, too much to list.
!
- Add the possibility to add a random offset to the stack on exec(3).
!
- Make the siop(4) driver pay attention to quirks table, eliminating INQUIRY snooping and ifdef toggling.
!
- New -s switch for pwd_mkdb(8) to only update the secure .db file.
!
- -e switch for nm(1) to show extra symbol information.
- Delay locking the passwd file until we have gotten a new password from the user. Also play with the file locking routine.
!
- Attempt to recover from PCI aborts in the hifn(4) driver.
!
- Import keyconv, a small utility to convert between openssl(1) and DNSSEC key formats.
!
- Support trusted public RSA keys as files in isakmpd(8).
- Fix lengths for PFKEYv2 and KAME messages in IPv4-in-IPv6 and IPv6-in-IPv4 flows.
!
- Import popa3d(8), Solar Designer's POP3 daemon.
- The valiant vm_extern.h, vm_inherit.h, vm_map.h, and vm_pager.h files ride off into the sunset.
!
- pf(4) support for icmp(4) errors referring to icmp(4) queries/replies.
!
- Allow file flags in mtree(8).
!
- Don't compare the source address on packets to the one in SA when doing ipsec(4) processing.
- Repair rijndael block alignment.
!
- Unshare sigaction(2) signal handlers on exec(3).
!
- Merge altq(9) options into just "altq" for base + red + cbq, and enable it by default.
!
- Support the -h flag for ln(1) that prevents following a symlink to a directory.
- Many new timeouts for a wide variety of devices.
- Remove the IPCOMP option as it's now part of the IPSEC option.
!
- Rewrite signal(3) handlers in altqd(8) to be race-safe.
!
- Add support for RC4 operations in the hifn(4) driver.
!
- Don't free(3) unallocated memory in mailwrapper(8).
!
- Change tsleep(9) into an ltsleep wrapper. ltsleep takes one more argument than tsleep(9), a simplelock that it unlocks when safe.
- Let kerberosV compile entirely on platforms without shared libraries.
!
- Avoid /tmp race in rcs2log by using mktemp(1).
!
- Tweak timekeeping code in dd(1) to produce a sane bandwidth measure for a short runs.
!
- Enable the ESP and AH ipsec(4) protocols by default.
!
- Make kernel crash(8) dumps work under mvme68k.
- No longer drop packets when using an ACQUIRE policy and an error occurs when notifying key management.
!
- New getrrsetbyname(3) function to retrieve arbitrary DNS records.
!
- Support protocol version 2 in ssh-keyscan(1).
!
- Move xdm(1)'s PID file from xdm-pid to xdm.pid in /var/run, maintaining consistancy.
!
- Delay decision to make a new hash(3) table or not until after calling open(2), clearing up problems with file locking.
!
- vlan(4) changes: utilize IFCAP_VLAN_MTU and IFCAP_VLAN_HWTAGGING capabilities; LINK0 and MTU ambiguity are no more; MTU's can only be changed within the scope of the parent's MTU.
!
- Repair non-blocking mode issues in syslogd(8), avoiding grief with locked terminals.
- Make all cases of .Sh AUTHOR and .Sh EXAMPLE plural in manual pages.
!
- New sysctl(3) nkmempages that reports how many pages are in kmem_map.
!
- Support stateless tcp(4) normalization in pf(4).
!
- Import x99token(1), a software x99 token calculator.
!
- Add support for EDNS0 extended flag DNSSEC OK to the resolver(3) routines.
!
- Don't send a NUL on the end of CHAP SUCCESS packets in ppp(8) so that WindowsME and Windows98 won't mysteriously fail when encryption is enabled.
!
- Allocate uvm(9) page buckets from kernel_map, saving kmem_map space on machines with lots of physical memory.
!
- In ppp(8), compensate for a Windows 98 bug when sending a CHAP81 challenge response.
!
- Support the SmartcardDevice option in ssh(1) to specify which smartcard device to use.
- Step down only one Ultra DMA mode at a time when downgrading.
- On DMA timeouts, stop busmaster PCIIDE and reset channel.
!
- Don't malloc(3) too much and choke in ELF execution.
!
- Support rule skipping in pf(4).
!
- Allow negative lock length with lockf(3), making it compliant to specification.
!
- In top(1), abort if stdout(4) ever produces EOF; prevents spinning output if controlling tty disappears.
!
- Implement startup and shutdown hooks via dohooks(9) and family.
- SECURITY FIX: check filehandle size copied from userland
A source code patch is available.
[Applied to stable]
- Nuke edlabel.
!
- Add support for disabling swap devices via swapctl(8)'s -d option.
!
- Support sshd(8) configuration file and key testing via the -t option.
- Change vop_symlink and vop_mknod so that they return the created node in a way that the caller can actually utilize it.
!
- Use vfork(2) safely in sup(1).
- New flag PMAP_CANFAIL that tells pmap_enter that it can fail if there aren't enough resources instead of panicing.
!
- Make non-stateful and stateful pf(4) filtering work on bridge(4) devices.
- Initialize arpcom later; it could be incorrectly initialized if done before bridge_input().
!
- Enable challenge-response authentication by default in ssh(1).
!
- Fix/complete pf(4) binary operators.
!
- Repair signal race in m4(1).
!
- Ensure make(1) doesn't dump core when reporting open conditionals.
- Promote PMAP_NEW option to mandatory status.
- In the netinet subsystem, zero the TCP checksum field before calculating the new value; fixes problem with bad checksums on keepalives.
!
- Use 64-bit integers for some ipcomp byte counts, fixing strange results with netstat(1).
!
- Support Addonics FlexPort 8S via addcom(4).
!
- Ignore O_TRUNC on open(2) when not opening a regular file.
- On ext2fs, ffs, and ufs partitions, don't truncate anything except for symlinks, directories, and regular files.
- Repair kern_msgbuf under sparc.
!
- Support DEC EtherWorks cards via lc(4).
- Bring na.phone up to date.
!
- The iha(4) driver wasn't able to update the EEPROM, so don't even bother.
!
- Rework ata and wdc(4) probing code; deal better with floating buses and supress spurious interrupts.
- Plug memory leak in pw_copy() found in libutil.
- Put Kerberos 5 things in libkrb5, out of libkafs.
!
- Allow sshd(8) to be compatible in all 4 combinations of Kerberos 4 and Kerberos 5 settings.
!
- When ssh(1) is reading a password, don't panic if fork(2) or pipe(2) fail; just return an empty password.
!
- Sync rtsold(8) to latest KAME, fixing a memory leak and a timer value.
!
- Change quad types on alpha to "long long" as opposed to "long", allowing printf(3)'s "%lld" format to be used without a bogus cast.
!
- In the iha(4) driver, allow sync to be negotiated even if wide is not.
!
- Modify nv(4) XFree86(1) driver as to avoid the dimming text mode problem.
- Add a BSD authentication module for radius authentication.
!
- Make sure that ld(1) references all aliases to avoid them being only partially resolved.
!
- Ensure ppp(8) calculates the number of key changes correctly.
- Repair the NFS server's request tracking during write-gathering, thus avoiding client hangs.
!
- Use login.conf(5) for passwd(1) variables as opposed to passwd.conf(5).
!
- Yank PF_ENCAP support out of isakmpd(8).
!
- Fix-up multicast settings in netstart(8).
- Bump MSIZE up to 256.
!
- IP/TCP/UDP hardware checksumming for nge(4); limited by MTU.
!
- Avoid segmentation fault when mg(1) can't read an init file.
!
- Support for ipcomp(4); disabled by default.
- Show kern_fthread to the door.
!
- Userland iopctl(8) control utility for iop(4).
!
- In passwd(1), lock the passwd(5) file after having gotten a new password from the user; also change the actual locking procedure.
- Support for /etc/wsconsctl.conf.
!
- Handle descriptors 0, 1, or 2 being closed when ppp(8) is invoked.
!
- Reduce MTU by 2 after MPPE has been negotiated in ppp(8).
!
- Merge pdksh patch into ksh(1), fixing some problems with propagated return values in multi-command lines.
!
- Utilize the welcome variable from login.conf(5), in ftpd(8), instead of hard-coding /etc/motd.
!
- Discipline the audio(4) device so it gets along with revoke(2).
- Repair NFS-related problem with diskless clients by getting the root filehandle via nfs_root.
!
- Add support for screen switching to wsconsctl(8).
!
- Change wsconsctl(8)'s interface to be more sysctl(8)-like.
- Shuffle around maxlen setting inside the net subsystem to avoid potential problems.
!
- Make icmp(4) error checking saner.
!
- Initial ip6(9) support for isakmpd(8).
!
- Packet normalization support for pf(4).
!
- Userland sectok(1) control program.
- Repair kern_fork brain-damage.
!
- uvm(9) and MNN are no longer optional.
!
- Import altq(9): alternate queuing support.
- Poof! The old vm disappears.
- No more M_COPY_* macros; use M_MOVE_* or M_DUP_*.
!
- Add dmesg(8), wicontrol(8), and ancontrol(8) to powerpc's ramdisk.
- New mvmeppc port.
!
- Many mvme68k improvements including: switching to uvm(9), repairing system trace, cleanup of locore.s, KNF, etc.
!
- pciide(4) support for powerpc.
!
- Change icmp6(4) packet header length computation so it works with both 4.4BSD's M_COPY_PKTHDR and OpenBSD 2.9+'s M_COPY_PKTHDR.
!
- Implement getpeereid(2), allowing local-domain servers to determine client credentials.
!
- Support generic BSD authentication in xdm(1).
!
- Disable usb(4) on alpha by default.
- Kerberos v5 support for SSH1.
!
- Hardware RNG support in lofn(4).
!
- Smartcard support in ssh-agent(1) and ssh(1).
- Large -Wall/-Werror/-W... ongoing cleanup throughout tree.
- Nuke mips port.
!
- Initial import of iop(4) (I2O) framework.
!
- Rewrite nc(1), adding ip6(4) support.
!
- In su(1), offload root instances for Kerberos to the auth program.
!
- Disable SMB decoding in tcpdump(8).
- Enable audio on alpha by default.
!
- Endian fixes in the wi(4) driver.
- Adios NQNFS.
- Nuke the pmax port.
- Don't perform TCP/UDP hardware checksumming when doing IP fragmentation.
- Delayed checksum support in the netinet subsystem.
!
- Support setting the Ethernet address through ifconfig(8) for vr(4) cards.
!
- Bypass ipsec(4) for all dhcp(8) traffic, avoiding potential problems with newly booted clients.
- Modify timeouts for IP spd expirations.
!
- Internal fiddling of nfsd(8)'s handling of its root vnode.
!
- Import pf(4), an ipf-compatible packet filter.
- Avoid panics under i386 if bus/dev/func numbers for PCI are not valid.
!
- New sysctl(3) KERN_POOLS to retrieve pool information from the kernel.
!
- Cleanup and update dhcp(8) to 2.0pl5.
!
- Utilize readpassphrase(3) in ssh(1).
- Allow access to /dev/pci.
!
- Repair multiple key handling in wicontrol(8).
- New ether_input_mbuf to ease transition from ether_header in ether_input; drivers will migrate to this.
- Wave goodbye to kernfs.
!
- Replace existing telnetd(8) with the one from heimdal-0.3f.
!
- Assorted modifications to uvm(9).
- RELIABILITY FIX: link XF86Setup
against the right version of libXxf86vm.a.
Fix the
problem of corrupted XF86Config file produced by XF86Setup.
A source code patch is available.
[Applied to stable]
! - Avoid a pidfile/sigterm race in sshd(8).
- Merge the system's crypto.h into crptodev.h, avoiding name conflicts with OpenSSL.
!
- Various pool(9) improvements including a new pool_cache() function and cleaner locking.
- Spelling audit throughout the manual pages.
!
- Try to have ssh-keygen(1) decode ssh-3.0.0 private RSA keys.
!
- New mg(1) feature: M-x theo.
- Support PCI bus configuration from userland.
- Add TCP, UDP, and IPv4 hardware checksum processing, excluding outbound TCP/UDP.
!
- Internal shuffling of vnode(9) operations in some filesystems.
!
- Disable interrupts in the wi(4) driver before mapping and establishing the interrupt, thereby avoiding a race condition.
- MI loadfile support; currently only used on powerpc.
!
- Obsolete *known_hosts2 in ssh(1).
!
- Some hifn(4) fixes, largely related to descriptor lengths.
!
- Don't let ssh(1) overwrite argv.
!
- Shrink dmesg(8).
!
- Merge authorized_keys2 into authorized_keys in ssh(1).
!
- Provide a sysctl(3) interface to msgbuf; handy for dmesg(8), allowing it to run without setgid.
- Upgrade to heimdal-0.3f.
!
- Use moduli(5) instead of the deprecated primes.
!
- Add RNG support in hifn(4) for the 7951.
!
- In isakmpd(8), fallback to stat(2) when readdir(3) doesn't return d_type.
- Apply KNF to many kernel sources.
!
- Don't forward ip6(4) packets back into point-to-point link if the packet's destination address matches said p2p link's interface.
- Lots of manual page cleanups.
- Upgrade to openssl-engine-0.9.6a.
!
- Many fixes in the kernel's lockf(3) code including avoiding livelocks on ptrace-related scenarios.
!
- Modify file locking routine in the skey(3) library, preventing a race condition, plus other modifications; integrate.
!
- Document physio(9).
!
- More variables in login.conf(5): login-timeout, login-tries, and login-backoff.
!
- Improve ppp(8): handle hardware-imposed MTU/MRU limitations; support stateful MPPE (Microsoft encryption).
!
- Repair vi(1) to avoid spinouts when creating temporary files.
!
- Make ftp(1) use binary for transfers as opposed to ascii.
!
- Merge passwd.conf(5) into login.conf(5) and add passwordtime and minpasswordlen variables.
- Move microcode includes around to avoid erroneously installing them, among other reasons.
- Overhaul some kern_exec internals, cleaning up the setuid/setgid-checking code.
!
- Adapt skeyinfo(1) to use BSD authentication and removal of the suid root bit.
- Improve powerpc's awacs driver; many interrupt fixes.
!
- Allow the use of ^T in passphrases read by readpassphrase(3).
!
- SECURITY FIX: avoid race in execve(2) when checking flags for ptrace(2).
A source code patch is available.
[Applied to stable]
- Update if_lastchange when IFF_UP is changed instead of on every packet transmission and receipt.
- VM renovations on mvme88k.
!
- Use va_start(3) and va_end(3) for every call to vfprintf(3) and associates.
!
- Replace commonly used static lists with persistent growable arrays in make(1).
!
- Have slstats(8) use an ioctl(2) so it doesn't need to be setgid.
- Ensure *chi doesn't receive interrupts before being initialized.
- Let pci_mapreg_map() take an extra argument to limit the size of the PCI region to map so we can still work with things publishing too much PCI memory.
!
- Use lpd_flags in rc(8), allowing flags to be passed to lpd(8).
- Support EDNS0 (RFC2671) buffer size notification for DNS queries.
- Upgrade to binutils 2.10.1.
- Protect include files in /usr/include/net against multiple inclusion.
- Fix unmapped interrupt problems on some VIA-based boards.
!
- New options, improvements, and fixes for wicontrol(8).
- Palm support in libsectok.
!
- Rewrite ldd(1).
!
- RELIABILITY FIX: use correct db(3) pointers in pwd_mkdb(8), and don't star out empty passwords
A source code patch is available.
[Applied to stable]
! - Assorted ppp(8) alterations.
!
- Correct initialization of the policy_id field for SA structures in isakmpd(8).
!
- PCI shim for wi(4).
!
- Repair preservation option in cp(1).
!
- Allow the number of gre(4) devices to be changed in boot_config(8).
!
- rc(8) no longer starts netatalk -- if installed -- by default.
!
- RELIABILITY FIX: compute length correctly on certificates in isakmpd(8).
A source code patch is available.
[Applied to stable]
! - Ensure kqueue(2) works on ext2fs(8).
- More pipe fiddling.
!
- Enforce Remote-ID specified in Phase 1 peer section in isakmpd(8).
- Ongoing license audit and copyright notice cleanup.
- Extend pfkeyv2's RFC2367 compliance and fix backward compatibility problems.
- Adjust routing socket message to the right size.
!
- Switch UID when sshd(8) cleans up temporary files and sockets.
!
- Speed up arc4random(3) in some net subsystems.
- Upgrade to XFree86 4.1.0.
- Use default hoplimit when icmp6_error doesn't know about the incoming interface.
!
- Create sysctl(3) parameters for ccpu, diskstats, fscale, nprocs, and physmem.
!
- New md5(1) implementation with a BSD copyright and other improvements; includes regression test.
!
- Improve swapctl(8).
!
- Don't allow packets that need IPsec(4) processing to be bridge-broadcast.
!
- Expand handling of X509 and KeyNote certificates in isakmpd(8).
!
- Fix some tcp(4) behaviour with connections in the CLOSING state.
!
- Some ld.so(1) renovations.
!
- Repair kqueue(2) related panic.
!
- SECURITY FIX: verify location when using fts(3) to pop up directories.
A source code patch is available.
[Applied to stable]
- Update root device selection routines for sun3.
!
- Miscellaneous fxp(4) improvements.
!
- Remove ipf(4) from the tree.
!
- Remove pcvt(4) from the tree.
!
- Add BSD authentication support to userland programs; authorization defaults in login.conf(5).
!
- SECURITY FIX: Update to sendmail(8) 8.11.4 which addresses signal race conditions.
A source code patch is available.
[Applied to stable]
- Hardware clock support on powerpc.
!
- Fix directory state tracking in fsck(8).
!
- New BIOCGHDRCMPLT and BIOCSHDRCMPLT ioctls for bpf(4) to disable overwriting of the link-level source address.
- Support interface capabilities.
- Repair cluster_rbuild() in vfs_cluster.
!
- Twiddle with the atapiscsi(4) driver.
!
- fxp(4) bug fixes.
!
- Bring back the old (no ECONNABORTED) accept(2) behaviour for Unix domain sockets.
!
- Support Heimdal's Kerberos 5.
!
- Upgrade to Perl 5.6.1.
!
- Allow arbitrary atime/mtime setting on ext2fs(8) volumes.
!
- Fix lookup code in procfs(8).
!
- Many assorted mg(1) fixes and improvements.
!
- Clean up and shrink make(1).
!
- Various improvements to the ubsec(4) driver.
!
- Fix panics in the ep(4) driver by initializing packet tags.
- New PCMCIA products from NetBSD.
- Utilize packet tags in the net subsystems.
!
- Diversify time parameter parsing in sshd(8).
!
- Better keyboard-interactive support for ssh(1).
!
- Convert lseek(2) read(2)/write(2) to pread(2)/pwrite(2) in kvm(3).
- Import libsectok, used for ISO 7816 smart cards and iButtons.
- Tweak delays in the i82365 PCMCIA controller driver to avoid momentary freezes.
!
- Improve rate support in auich(4).
!
- Make vax use wscons(4) and enable the smg framebuffer.
!
- More select(2) fixes in ssh(1).
!
- Fix X11 client bug in ssh(1).
- PMAP_NEW support on the vax and hp300.
- Create COMPAT_23 and COMPAT_25 options.
!
- In vr(4), handle suspend mode better on the VT6102.
!
- Do not check return values for malloc(9) calls with M_WAIT or M_WAITOK.
- New option: SMALL_KERNEL, subtly changes some kernel semantics to change the kernel size significantly. Use *only* for boot floppies.
- Change ip_sum semantics in ip_output().
!
- Compress ac97(4) vendor tables.
!
- ac97(4) now knows about rev 2.2.
- Squish compatopts to a more sensible set, killing COMPAT_09, COMPAT_10, COMPAT_11.
- Shrink the alpha boot blocks a bit.
- We no longer support ECOFF kernel loading in the alpha boot block.
!
- Teach ac97(4) about more CODEC models.
!
- At boot time, swapon(8) before fsck(8) is run.
!
- Fix fts(3) to handle very long paths.
!
- Repair various signal handler bugs in pppd(8).
!
- Handle memory allocation failures in fsck_ffs(8) and fsck_ext2fs(8) better.
!
- Fix a recently introduced bug in supfilsrv(8).
!
- Correct acceptance of ARP packets coming in on non-IP bridge(4) interfaces.
[Applied to stable]
! - txp(4) now works on the alpha.
!
- More fixes to make(1).
!
- Check a calloc(3) in fsck_ffs(8).
- Add a temporary DTYPE_CRYPTO until device cloning support shows up.
- Fixes to fdescfs.
!
- busdma changes to txp(4), preparing for the alpha.
!
- Split wi(4) into bus dependent and independent parts.
- On hp300, splhigh() in cpu_exit().
- Misc cleanup of the shared m68k codebase.
!
- More bus_dmamap_sync(9) in hifn(4).
!
- Initial non-working alpha ld.so(1) support.
!
- Support newer versions of the lmc(4) cards.
!
- Kill a debug message in ubsec(4).
!
- Add swiss german keyboard layout to wscons(4).
- Smoke out the OLD_PIPE code.
- krb4-1.0.8
!
- Bug fix to make(1).
- Speed up top-level tree Makefiles by doing exec for subshells in new directories.
- Artful fiddling of the kernel pipe stat code.
!
- No need for setgid kmem on iostat(8) anymore.
!
- Add more sysctl(3) support in the kernel.
- Make the alpha floppies fit again...
!
- Make hifn(4) use bus_dma(9). Now works on the alpha.
!
- Initial cut at userland hardware crypto(4) support.
!
- In ubsec(4), initial support for the Broadcom 5820.
- Honour ddb.console on sun3.
- On the pmax, fix a curproc misuse.
!
- In pcibios(4), deal with buggy BIOSs which incorrectly leave the router as 000:00:0.
- hp300 cleanup in progress...
!
- Solve a problem of Lilliputan proportions in powerpc isinf(3).
!
- Mickey goes mad and does a strlcpy(3) whack on src/bin.
!
- Unify rdsetroot and rd(4) support between almost all architectures.
- Man page cleanups galore.
!
- In hifn(4) attempt to support the Hifn 7951.
!
- Do stdout/stderr flushing in sshd(8) using non-blocking mode.
- Fix kerberosIV versioning link problem.
- Cleanup MAP_COPY flags in the tree.
- Use genassym.cf on alpha.
!
- Unify the rd(4) support.
!
- Update sysctl(8) and vmstat(8) to use the new interfaces.
!
- Make more data available via the sysctl(3) interface.
!
- Handle fastroute in the bridge(4).
- hp300 man page cleanup.
!
- Fix a resource leak in twe(4).
[Applied to stable]
! - Use madvise(2) option with MADV_FREE for malloc(3) 'h' flag.
!
- Support MADV_DONTNEED and MADV_FREE in madvise(2).
- Switch sparc to UVM and PMAP_NEW.
- Support HP425e.
!
- Refill txp(4) receive ring only when empty -- performance enhancement.
!
- Fix SSH2 -R support in ssh(1).
- More pmap/uvm interface changes.
!
- Correct signal handling in ping6(8).
!
- Implement screen blanker in wscons(4).
!
- Attempt to support hifn7951 in hifn(4).
!
- realloc(3) fixes to ipf(8).
- ipf 3.4.17
- Fix kernel extent code to be more careful about ranges.
- UVM support for mac68k.
!
- Change i386 in_cksum failure to a printf(9), instead of a panic(9).
[Applied to stable]
! - In txp(4), add support for hardware vlan(4).
!
- Fix a bug in make(1) exposed by the recent jumbo patch.
!
- Fix ti(4) to handle vlan(4) properly.
- vsunlock fixes to UVM.
!
- Signal ignore bug fix to ssh(1).
- Kill i386 VM & pmap_old support.
!
- Fix process priority bug in atrun(8).
!
- Enable vlan(4) by default in GENERIC kernels.
!
- Fix pread(3), preadv(3), pwrite(3), and pwritev(3) on big endian architectures.
!
- In sendmail(8), use FAST_PID_RECYCLE.
- Remove excess (vaddr_t) casts.
- Get rid of CLSIZE and friends.
!
- Increase strlcpy(3) in parts of the tree.
!
- Some minor changes to isakmpd(8).
- Cleanup M_* malloc types in the kernel.
- UVM for the hp300.
!
- Numerous cleanups to sup(1).
!
- In systat(8), handle kvm_nlist(3) failing.
!
- Fix a channel race in sshd(8).
!
- Document that nc(1) no longer has a -e option.
!
- Fix localhost handling bug in httpd(8).
!
- Jumbo patch to make(1) that has been brewing for a while.
!
- Various improvements to mg(1).
- Big USB code update.
!
- Fix a signed vs unsigned error in the gm(4) Ethernet driver.
!
- In wump(6), improve our cave topology algorithm. Don't ask.
!
- Force -h to override the BLOCKSIZE environment in du(1).
!
- Substantial updates to sup(1).
!
- Fix a register save/restore bug in clcs(4) so that suspend/resume works better.
!
- Allow the right CTRL+ALT keys to work as the left ones do in wskbd(4).
!
- Continue to hack our new txp(4) driver into shape.
!
- In ifconfig(8), implement support for removing tunnel outer IP address pair.
!
- Revert a buggy optimization in tsort(1).
!
- Use pread(2) in nlist(3) instead of abusing lseek(2) with read(2).
- Remove cruft leftover from the old PCVT console driver.
!
- Fix filename tab-completion in mg(1).
!
- Convert some more drivers to the new timeout(9) interface.
- Whack dtom() in the kernel. Fo'get about it.
!
- Avoid a NULL pointer dereference in faithd(8).
!
- Various reset and delay fixes in wdc(4) to help certain ATAPI devices.
!
- Deal with suspend/resume more cleanly in pccbb(4).
!
- Better hints handling and memory allocation in tsort(1).
- Correct an error condition in /etc/ksh.kshrc.
!
- Add a koi8-r keyboard layout for wskbd(4).
- Allow interoperability between OpenSSH and older ssh-2.0.x variants with weaker key generation.
!
- Instrument improved locking and rework SCSI a bit in ami(4).
!
- Cleanups to ancontrol(8).
!
- Add a -b option to ssh(1), similar to telnet(1)'s equivalent.
!
- Fix a memory handling bug in telnet(1).
!
- Use pool(9) interface for the VFS cache.
- Improve OpenSSH interoperability with ssh.com-2.0.x clients.
- In the mvme88k port, replace resource maps with extents.
!
- Numerous fixes and updates to sup(1).
--- 78,606 ----
! - In pf(4), block packets that have IP options set by default.
!
- Disable fd(4) sharing.
!
- Repair a umask(2) in pflogd(8).
!
- Fiddle with channel handling in ssh(8) and ssh(1).
!
- Add interface name to address translation to pfctl(8).
!
- Avoid /tmp races in cvs(1) by utilizing mktemp(1).
!
- Handle illegal whois(1) server output that lacks a trailing newline.
!
- Bring in FM radio(9) driver support; configuration through radioctl(1).
- Work around buggy HTTP servers that need the Host: field to only contain the port number.
!
- Use bpf_timeval instead of timeval in pcap(3), isakmpd(8), bpf(4), and tcpdump(8), improving portability.
!
- Fix a network/host order bug in pf(4) that broke state searching on icmp(4) packets with the DF flag set.
!
- New ssh(1) configuration option NoHostAuthenticationForLocalhost.
!
- Import a new rmd160(1) implementation.
!
- Upgrade to sendmail(8) 8.12.1, fixing a potential local security hole.
!
- New -t and -d flags for mktemp(1) to account for the TMPDIR environment variable.
!
- Add a -l flag to mtree(8) to do loose permissions checks.
!
- Report error when the -N and -R flags of pfctl(8) can't open the specified file.
!
- Have rcp(1) and scp(1) skip filenames containing newlines.
- Big install documentation overhaul.
!
- Support selectable preset FSM optimizations in pf(4).
- Lots of RAIDFrame work.
!
- Filter forwarded ip6(4) packets with pf(4).
!
- Upgrade cvs(1).
!
- New pidfile(3) call to write a daemon PID file.
!
- Read user configuration first in ssh(1).
!
- Allow macro names to contain underscores in pf.conf(5).
!
- Overhaul /tmp handling in gzip(1).
!
- Improve string handling in rwho(1).
!
- Fix handling of icmp(4) packets in pf(4).
!
- Plug memory leak in ssh(1)'s compression.
!
- Connect usb(4) keyboards to the display after attach.
!
- Correctly free mbuf when dropping a packet in the ip6(4) subsystem.
!
- Default to 9600 baud in cu(1).
!
- Many repairs to getcap(3), including an off-by-one malloc(3) error and a buffer overflow.
!
- Import a new grep(1).
!
- Update popa3d(8) to 0.4.9.4, adding support for selectable stand-alone or inetd use and tcpd(8).
!
- Start pflogd(8) differently so it doesn't block NFS in diskless situations.
!
- Avoid a memory leak in uvm(9).
!
- Remove signal race from rpc.rstatd(8).
!
- Re-order shlib_dirs in rc(8), prioritizing X11R6/lib over local/lib.
!
- Speedup m4(1) by using inlines for common operations.
!
- Cleanup the set of user(8) tools.
- Implement a buffer flushing daemon, solving problems related to the syncer and improving performance with large numbers of buffers.
!
- Remove buggy STATIC memory optimization from m4(1).
!
- Have vi(1) abort if it can't create a temporary file.
- Improve cross building support.
!
- Repair some buffer handling in mail(1).
- Add many more length checks when passing data from userland to kernel.
!
- In pf(4), don't ignore the inner protocol of ip(4) icmp(4) packets, thus unbreaking traceroute(8), etc.
!
- Support insecure1 and insecure2 options in resolv.conf(5).
!
- SECURITY FIX: be careful with long commandline options in uuxqt and run uucp as non-root in daily.
A source code patch is available.
[Applied to stable]
! - Replace ru_SU with ru_RU in vi(1).
!
- Import sendmail(8) 8.12.0, requiring a new smmsp user and group.
!
- Mark buffers with dependencies as B_DEFERRED and skip them one time when doing sync(2).
- Banish uucp to the ports tree.
!
- Upgrade awk(1).
!
- Cleanup adduser(8); clean up variables, clear hashes correctly, unlock ptmp before closing, etc.
!
- Support 1:1 bi-directional Network Address Translation in pf(4).
!
- proxy user required for ftp-proxy(8).
!
- Add a stereo jitter suppressor to the maestro(4) audio driver.
!
- Fix erroneous select(2) FD_SETSIZE uses.
!
- Repair wall(1)'s -g flag.
!
- pckbd(4) supports Ukranian keyboard layouts.
!
- Better Russian calendar(1) support.
!
- Implement skip steps and parameter lists for interfaces in pf(4).
!
- Update username length limit in rmuser(8).
- New src compilation target: cross-env; prints all environment variables that need to be set for cross-building.
!
- Import usbhidctl(1), a userland program to manipulate USB HID devices.
!
- Import usb(3) library libusb for USB HID processing.
- Rename powerpc port to macppc, allowing for code sharing between different powerpc-based platforms.
!
- Inherit vlan(4) baudrate from parent.
!
- Various lpd(8) improvements and fixes.
!
- SECURITY FIX: fix buffer overflow reading queue file in lpd.
A source code patch is available.
[Applied to stable]
! - Plug memory leak in scp(1) and rcp(1).
!
- Avoid segfault in dhclient(8) when the server specifies its name.
!
- Support the ! operator in host parameter lists in pfctl(8).
!
- Send a reset request for every packet received by ppp(8) when the encryption dictionaries are out of sync.
!
- Make pf(4) support ISN randomization (aka. phase modulation).
- Store argc as a long on the stack as opposed to an int.
- Switch rijndael code to the optimized AES reference release.
!
- Have isakmpd(8) send DELETE notifications for all active SAs when shutting down.
!
- In sudo(8), apply default login class if unable to look one up.
!
- Support macro expansion in pf.conf(5).
- Work some magic on the installation scripts for floppies, shrinking them.
!
- Correct the setup of the initial tcp(4) state window in pf(4).
!
- Import pflogd(8), logging daemon that writes pf(4) logs in tcpdump(8) binary format.
!
- SECURITY FIX: fix out of bounds handling in sendmail debug handling
A source code patch is available.
[Applied to stable]
! - Repair ppp(8)'s iface-alias option.
!
- Fix rule flushing code in bridge(4) devices.
!
- Support ip6(4) in ppp(8); crude IPV6CP support; many other smaller changes.
!
- Enhance file-change detection in vipw(8) and crontab(1).
!
- Add per-rule statistics and byte counter to pf(4).
!
- Don't reset xl(1)'s Rx/Tx without first turning them back on after a suspend.
!
- Support parameter lists in pfctl(8).
!
- Be sure to pass the interface to ipip_input() in the net subsystem so it can be used in bpf(4).
!
- Import ftp-proxy(8), a transparent ftp proxy.
!
- Loosen tcp(4) state code in pf(4), allowing "stupid stacks to shotgun their SYNs and provide better handling for pre-existing connections".
- Initial import of sparc64 port; much subsequent development, too much to list.
!
- Add the possibility to add a random offset to the stack on exec(3).
!
- Make the siop(4) driver pay attention to quirks table, eliminating INQUIRY snooping and ifdef toggling.
!
- New -s switch for pwd_mkdb(8) to only update the secure .db file.
!
- -e switch for nm(1) to show extra symbol information.
- Delay locking the passwd file until we have gotten a new password from the user. Also play with the file locking routine.
!
- Attempt to recover from PCI aborts in the hifn(4) driver.
!
- Import keyconv, a small utility to convert between openssl(1) and DNSSEC key formats.
!
- Support trusted public RSA keys as files in isakmpd(8).
- Fix lengths for PFKEYv2 and KAME messages in IPv4-in-IPv6 and IPv6-in-IPv4 flows.
!
- Import popa3d(8), Solar Designer's POP3 daemon.
- The valiant vm_extern.h, vm_inherit.h, vm_map.h, and vm_pager.h files ride off into the sunset.
!
- pf(4) support for icmp(4) errors referring to icmp(4) queries/replies.
!
- Allow file flags in mtree(8).
!
- Don't compare the source address on packets to the one in SA when doing ipsec(4) processing.
- Repair rijndael block alignment.
!
- Unshare sigaction(2) signal handlers on exec(3).
!
- Merge altq(9) options into just "altq" for base + red + cbq, and enable it by default.
!
- Support the -h flag for ln(1) that prevents following a symlink to a directory.
- Many new timeouts for a wide variety of devices.
- Remove the IPCOMP option as it's now part of the IPSEC option.
!
- Rewrite signal(3) handlers in altqd(8) to be race-safe.
!
- Add support for RC4 operations in the hifn(4) driver.
!
- Don't free(3) unallocated memory in mailwrapper(8).
!
- Change tsleep(9) into an ltsleep wrapper. ltsleep takes one more argument than tsleep(9), a simplelock that it unlocks when safe.
- Let kerberosV compile entirely on platforms without shared libraries.
!
- Avoid /tmp race in rcs2log by using mktemp(1).
!
- Tweak timekeeping code in dd(1) to produce a sane bandwidth measure for a short runs.
!
- Enable the ESP and AH ipsec(4) protocols by default.
!
- Make kernel crash(8) dumps work under mvme68k.
- No longer drop packets when using an ACQUIRE policy and an error occurs when notifying key management.
!
- New getrrsetbyname(3) function to retrieve arbitrary DNS records.
!
- Support protocol version 2 in ssh-keyscan(1).
!
- Move xdm(1)'s PID file from xdm-pid to xdm.pid in /var/run, maintaining consistancy.
!
- Delay decision to make a new hash(3) table or not until after calling open(2), clearing up problems with file locking.
!
- vlan(4) changes: utilize IFCAP_VLAN_MTU and IFCAP_VLAN_HWTAGGING capabilities; LINK0 and MTU ambiguity are no more; MTU's can only be changed within the scope of the parent's MTU.
!
- Repair non-blocking mode issues in syslogd(8), avoiding grief with locked terminals.
- Make all cases of .Sh AUTHOR and .Sh EXAMPLE plural in manual pages.
!
- New sysctl(3) nkmempages that reports how many pages are in kmem_map.
!
- Support stateless tcp(4) normalization in pf(4).
!
- Import x99token(1), a software x99 token calculator.
!
- Add support for EDNS0 extended flag DNSSEC OK to the resolver(3) routines.
!
- Don't send a NUL on the end of CHAP SUCCESS packets in ppp(8) so that WindowsME and Windows98 won't mysteriously fail when encryption is enabled.
!
- Allocate uvm(9) page buckets from kernel_map, saving kmem_map space on machines with lots of physical memory.
!
- In ppp(8), compensate for a Windows 98 bug when sending a CHAP81 challenge response.
!
- Support the SmartcardDevice option in ssh(1) to specify which smartcard device to use.
- Step down only one Ultra DMA mode at a time when downgrading.
- On DMA timeouts, stop busmaster PCIIDE and reset channel.
!
- Don't malloc(3) too much and choke in ELF execution.
!
- Support rule skipping in pf(4).
!
- Allow negative lock length with lockf(3), making it compliant to specification.
!
- In top(1), abort if stdout(4) ever produces EOF; prevents spinning output if controlling tty disappears.
!
- Implement startup and shutdown hooks via dohooks(9) and family.
- SECURITY FIX: check filehandle size copied from userland
A source code patch is available.
[Applied to stable]
- Nuke edlabel.
!
- Add support for disabling swap devices via swapctl(8)'s -d option.
!
- Support sshd(8) configuration file and key testing via the -t option.
- Change vop_symlink and vop_mknod so that they return the created node in a way that the caller can actually utilize it.
!
- Use vfork(2) safely in sup(1).
- New flag PMAP_CANFAIL that tells pmap_enter that it can fail if there aren't enough resources instead of panicing.
!
- Make non-stateful and stateful pf(4) filtering work on bridge(4) devices.
- Initialize arpcom later; it could be incorrectly initialized if done before bridge_input().
!
- Enable challenge-response authentication by default in ssh(1).
!
- Fix/complete pf(4) binary operators.
!
- Repair signal race in m4(1).
!
- Ensure make(1) doesn't dump core when reporting open conditionals.
- Promote PMAP_NEW option to mandatory status.
- In the netinet subsystem, zero the TCP checksum field before calculating the new value; fixes problem with bad checksums on keepalives.
!
- Use 64-bit integers for some ipcomp byte counts, fixing strange results with netstat(1).
!
- Support Addonics FlexPort 8S via addcom(4).
!
- Ignore O_TRUNC on open(2) when not opening a regular file.
- On ext2fs, ffs, and ufs partitions, don't truncate anything except for symlinks, directories, and regular files.
- Repair kern_msgbuf under sparc.
!
- Support DEC EtherWorks cards via lc(4).
- Bring na.phone up to date.
!
- The iha(4) driver wasn't able to update the EEPROM, so don't even bother.
!
- Rework ata and wdc(4) probing code; deal better with floating buses and supress spurious interrupts.
- Plug memory leak in pw_copy() found in libutil.
- Put Kerberos 5 things in libkrb5, out of libkafs.
!
- Allow sshd(8) to be compatible in all 4 combinations of Kerberos 4 and Kerberos 5 settings.
!
- When ssh(1) is reading a password, don't panic if fork(2) or pipe(2) fail; just return an empty password.
!
- Sync rtsold(8) to latest KAME, fixing a memory leak and a timer value.
!
- Change quad types on alpha to "long long" as opposed to "long", allowing printf(3)'s "%lld" format to be used without a bogus cast.
!
- In the iha(4) driver, allow sync to be negotiated even if wide is not.
!
- Modify nv(4) XFree86(1) driver as to avoid the dimming text mode problem.
- Add a BSD authentication module for radius authentication.
!
- Make sure that ld(1) references all aliases to avoid them being only partially resolved.
!
- Ensure ppp(8) calculates the number of key changes correctly.
- Repair the NFS server's request tracking during write-gathering, thus avoiding client hangs.
!
- Use login.conf(5) for passwd(1) variables as opposed to passwd.conf(5).
!
- Yank PF_ENCAP support out of isakmpd(8).
!
- Fix-up multicast settings in netstart(8).
- Bump MSIZE up to 256.
!
- IP/TCP/UDP hardware checksumming for nge(4); limited by MTU.
!
- Avoid segmentation fault when mg(1) can't read an init file.
!
- Support for ipcomp(4); disabled by default.
- Show kern_fthread to the door.
!
- Userland iopctl(8) control utility for iop(4).
!
- In passwd(1), lock the passwd(5) file after having gotten a new password from the user; also change the actual locking procedure.
- Support for /etc/wsconsctl.conf.
!
- Handle descriptors 0, 1, or 2 being closed when ppp(8) is invoked.
!
- Reduce MTU by 2 after MPPE has been negotiated in ppp(8).
!
- Merge pdksh patch into ksh(1), fixing some problems with propagated return values in multi-command lines.
!
- Utilize the welcome variable from login.conf(5), in ftpd(8), instead of hard-coding /etc/motd.
!
- Discipline the audio(4) device so it gets along with revoke(2).
- Repair NFS-related problem with diskless clients by getting the root filehandle via nfs_root.
!
- Add support for screen switching to wsconsctl(8).
!
- Change wsconsctl(8)'s interface to be more sysctl(8)-like.
- Shuffle around maxlen setting inside the net subsystem to avoid potential problems.
!
- Make icmp(4) error checking saner.
!
- Initial ip6(9) support for isakmpd(8).
!
- Packet normalization support for pf(4).
!
- Userland sectok(1) control program.
- Repair kern_fork brain-damage.
!
- uvm(9) and MNN are no longer optional.
!
- Import altq(9): alternate queuing support.
- Poof! The old vm disappears.
- No more M_COPY_* macros; use M_MOVE_* or M_DUP_*.
!
- Add dmesg(8), wicontrol(8), and ancontrol(8) to powerpc's ramdisk.
- New mvmeppc port.
!
- Many mvme68k improvements including: switching to uvm(9), repairing system trace, cleanup of locore.s, KNF, etc.
!
- pciide(4) support for powerpc.
!
- Change icmp6(4) packet header length computation so it works with both 4.4BSD's M_COPY_PKTHDR and OpenBSD 2.9+'s M_COPY_PKTHDR.
!
- Implement getpeereid(2), allowing local-domain servers to determine client credentials.
!
- Support generic BSD authentication in xdm(1).
!
- Disable usb(4) on alpha by default.
- Kerberos v5 support for SSH1.
!
- Hardware RNG support in lofn(4).
!
- Smartcard support in ssh-agent(1) and ssh(1).
- Large -Wall/-Werror/-W... ongoing cleanup throughout tree.
- Nuke mips port.
!
- Initial import of iop(4) (I2O) framework.
!
- Rewrite nc(1), adding ip6(4) support.
!
- In su(1), offload root instances for Kerberos to the auth program.
!
- Disable SMB decoding in tcpdump(8).
- Enable audio on alpha by default.
!
- Endian fixes in the wi(4) driver.
- Adios NQNFS.
- Nuke the pmax port.
- Don't perform TCP/UDP hardware checksumming when doing IP fragmentation.
- Delayed checksum support in the netinet subsystem.
!
- Support setting the Ethernet address through ifconfig(8) for vr(4) cards.
!
- Bypass ipsec(4) for all dhcp(8) traffic, avoiding potential problems with newly booted clients.
- Modify timeouts for IP spd expirations.
!
- Internal fiddling of nfsd(8)'s handling of its root vnode.
!
- Import pf(4), an ipf-compatible packet filter.
- Avoid panics under i386 if bus/dev/func numbers for PCI are not valid.
!
- New sysctl(3) KERN_POOLS to retrieve pool information from the kernel.
!
- Cleanup and update dhcp(8) to 2.0pl5.
!
- Utilize readpassphrase(3) in ssh(1).
- Allow access to /dev/pci.
!
- Repair multiple key handling in wicontrol(8).
- New ether_input_mbuf to ease transition from ether_header in ether_input; drivers will migrate to this.
- Wave goodbye to kernfs.
!
- Replace existing telnetd(8) with the one from heimdal-0.3f.
!
- Assorted modifications to uvm(9).
- RELIABILITY FIX: link XF86Setup
against the right version of libXxf86vm.a.
Fix the
problem of corrupted XF86Config file produced by XF86Setup.
A source code patch is available.
[Applied to stable]
! - Avoid a pidfile/sigterm race in sshd(8).
- Merge the system's crypto.h into crptodev.h, avoiding name conflicts with OpenSSL.
!
- Various pool(9) improvements including a new pool_cache() function and cleaner locking.
- Spelling audit throughout the manual pages.
!
- Try to have ssh-keygen(1) decode ssh-3.0.0 private RSA keys.
!
- New mg(1) feature: M-x theo.
- Support PCI bus configuration from userland.
- Add TCP, UDP, and IPv4 hardware checksum processing, excluding outbound TCP/UDP.
!
- Internal shuffling of vnode(9) operations in some filesystems.
!
- Disable interrupts in the wi(4) driver before mapping and establishing the interrupt, thereby avoiding a race condition.
- MI loadfile support; currently only used on powerpc.
!
- Obsolete *known_hosts2 in ssh(1).
!
- Some hifn(4) fixes, largely related to descriptor lengths.
!
- Don't let ssh(1) overwrite argv.
!
- Shrink dmesg(8).
!
- Merge authorized_keys2 into authorized_keys in ssh(1).
!
- Provide a sysctl(3) interface to msgbuf; handy for dmesg(8), allowing it to run without setgid.
- Upgrade to heimdal-0.3f.
!
- Use moduli(5) instead of the deprecated primes.
!
- Add RNG support in hifn(4) for the 7951.
!
- In isakmpd(8), fallback to stat(2) when readdir(3) doesn't return d_type.
- Apply KNF to many kernel sources.
!
- Don't forward ip6(4) packets back into point-to-point link if the packet's destination address matches said p2p link's interface.
- Lots of manual page cleanups.
- Upgrade to openssl-engine-0.9.6a.
!
- Many fixes in the kernel's lockf(3) code including avoiding livelocks on ptrace-related scenarios.
!
- Modify file locking routine in the skey(3) library, preventing a race condition, plus other modifications; integrate.
!
- Document physio(9).
!
- More variables in login.conf(5): login-timeout, login-tries, and login-backoff.
!
- Improve ppp(8): handle hardware-imposed MTU/MRU limitations; support stateful MPPE (Microsoft encryption).
!
- Repair vi(1) to avoid spinouts when creating temporary files.
!
- Make ftp(1) use binary for transfers as opposed to ascii.
!
- Merge passwd.conf(5) into login.conf(5) and add passwordtime and minpasswordlen variables.
- Move microcode includes around to avoid erroneously installing them, among other reasons.
- Overhaul some kern_exec internals, cleaning up the setuid/setgid-checking code.
!
- Adapt skeyinfo(1) to use BSD authentication and removal of the suid root bit.
- Improve powerpc's awacs driver; many interrupt fixes.
!
- Allow the use of ^T in passphrases read by readpassphrase(3).
!
- SECURITY FIX: avoid race in execve(2) when checking flags for ptrace(2).
A source code patch is available.
[Applied to stable]
- Update if_lastchange when IFF_UP is changed instead of on every packet transmission and receipt.
- VM renovations on mvme88k.
!
- Use va_start(3) and va_end(3) for every call to vfprintf(3) and associates.
!
- Replace commonly used static lists with persistent growable arrays in make(1).
!
- Have slstats(8) use an ioctl(2) so it doesn't need to be setgid.
- Ensure *chi doesn't receive interrupts before being initialized.
- Let pci_mapreg_map() take an extra argument to limit the size of the PCI region to map so we can still work with things publishing too much PCI memory.
!
- Use lpd_flags in rc(8), allowing flags to be passed to lpd(8).
- Support EDNS0 (RFC2671) buffer size notification for DNS queries.
- Upgrade to binutils 2.10.1.
- Protect include files in /usr/include/net against multiple inclusion.
- Fix unmapped interrupt problems on some VIA-based boards.
!
- New options, improvements, and fixes for wicontrol(8).
- Palm support in libsectok.
!
- Rewrite ldd(1).
!
- RELIABILITY FIX: use correct db(3) pointers in pwd_mkdb(8), and don't star out empty passwords
A source code patch is available.
[Applied to stable]
! - Assorted ppp(8) alterations.
!
- Correct initialization of the policy_id field for SA structures in isakmpd(8).
!
- PCI shim for wi(4).
!
- Repair preservation option in cp(1).
!
- Allow the number of gre(4) devices to be changed in boot_config(8).
!
- rc(8) no longer starts netatalk -- if installed -- by default.
!
- RELIABILITY FIX: compute length correctly on certificates in isakmpd(8).
A source code patch is available.
[Applied to stable]
! - Ensure kqueue(2) works on ext2fs(8).
- More pipe fiddling.
!
- Enforce Remote-ID specified in Phase 1 peer section in isakmpd(8).
- Ongoing license audit and copyright notice cleanup.
- Extend pfkeyv2's RFC2367 compliance and fix backward compatibility problems.
- Adjust routing socket message to the right size.
!
- Switch UID when sshd(8) cleans up temporary files and sockets.
!
- Speed up arc4random(3) in some net subsystems.
- Upgrade to XFree86 4.1.0.
- Use default hoplimit when icmp6_error doesn't know about the incoming interface.
!
- Create sysctl(3) parameters for ccpu, diskstats, fscale, nprocs, and physmem.
!
- New md5(1) implementation with a BSD copyright and other improvements; includes regression test.
!
- Improve swapctl(8).
!
- Don't allow packets that need IPsec(4) processing to be bridge-broadcast.
!
- Expand handling of X509 and KeyNote certificates in isakmpd(8).
!
- Fix some tcp(4) behaviour with connections in the CLOSING state.
!
- Some ld.so(1) renovations.
!
- Repair kqueue(2) related panic.
!
- SECURITY FIX: verify location when using fts(3) to pop up directories.
A source code patch is available.
[Applied to stable]
- Update root device selection routines for sun3.
!
- Miscellaneous fxp(4) improvements.
!
- Remove ipf(4) from the tree.
!
- Remove pcvt(4) from the tree.
!
- Add BSD authentication support to userland programs; authorization defaults in login.conf(5).
!
- SECURITY FIX: Update to sendmail(8) 8.11.4 which addresses signal race conditions.
A source code patch is available.
[Applied to stable]
- Hardware clock support on powerpc.
!
- Fix directory state tracking in fsck(8).
!
- New BIOCGHDRCMPLT and BIOCSHDRCMPLT ioctls for bpf(4) to disable overwriting of the link-level source address.
- Support interface capabilities.
- Repair cluster_rbuild() in vfs_cluster.
!
- Twiddle with the atapiscsi(4) driver.
!
- fxp(4) bug fixes.
!
- Bring back the old (no ECONNABORTED) accept(2) behaviour for Unix domain sockets.
!
- Support Heimdal's Kerberos 5.
!
- Upgrade to Perl 5.6.1.
!
- Allow arbitrary atime/mtime setting on ext2fs(8) volumes.
!
- Fix lookup code in procfs(8).
!
- Many assorted mg(1) fixes and improvements.
!
- Clean up and shrink make(1).
!
- Various improvements to the ubsec(4) driver.
!
- Fix panics in the ep(4) driver by initializing packet tags.
- New PCMCIA products from NetBSD.
- Utilize packet tags in the net subsystems.
!
- Diversify time parameter parsing in sshd(8).
!
- Better keyboard-interactive support for ssh(1).
!
- Convert lseek(2) read(2)/write(2) to pread(2)/pwrite(2) in kvm(3).
- Import libsectok, used for ISO 7816 smart cards and iButtons.
- Tweak delays in the i82365 PCMCIA controller driver to avoid momentary freezes.
!
- Improve rate support in auich(4).
!
- Make vax use wscons(4) and enable the smg framebuffer.
!
- More select(2) fixes in ssh(1).
!
- Fix X11 client bug in ssh(1).
- PMAP_NEW support on the vax and hp300.
- Create COMPAT_23 and COMPAT_25 options.
!
- In vr(4), handle suspend mode better on the VT6102.
!
- Do not check return values for malloc(9) calls with M_WAIT or M_WAITOK.
- New option: SMALL_KERNEL, subtly changes some kernel semantics to change the kernel size significantly. Use *only* for boot floppies.
- Change ip_sum semantics in ip_output().
!
- Compress ac97(4) vendor tables.
!
- ac97(4) now knows about rev 2.2.
- Squish compatopts to a more sensible set, killing COMPAT_09, COMPAT_10, COMPAT_11.
- Shrink the alpha boot blocks a bit.
- We no longer support ECOFF kernel loading in the alpha boot block.
!
- Teach ac97(4) about more CODEC models.
!
- At boot time, swapon(8) before fsck(8) is run.
!
- Fix fts(3) to handle very long paths.
!
- Repair various signal handler bugs in pppd(8).
!
- Handle memory allocation failures in fsck_ffs(8) and fsck_ext2fs(8) better.
!
- Fix a recently introduced bug in supfilsrv(8).
!
- Correct acceptance of ARP packets coming in on non-IP bridge(4) interfaces.
[Applied to stable]
! - txp(4) now works on the alpha.
!
- More fixes to make(1).
!
- Check a calloc(3) in fsck_ffs(8).
- Add a temporary DTYPE_CRYPTO until device cloning support shows up.
- Fixes to fdescfs.
!
- busdma changes to txp(4), preparing for the alpha.
!
- Split wi(4) into bus dependent and independent parts.
- On hp300, splhigh() in cpu_exit().
- Misc cleanup of the shared m68k codebase.
!
- More bus_dmamap_sync(9) in hifn(4).
!
- Initial non-working alpha ld.so(1) support.
!
- Support newer versions of the lmc(4) cards.
!
- Kill a debug message in ubsec(4).
!
- Add swiss german keyboard layout to wscons(4).
- Smoke out the OLD_PIPE code.
- krb4-1.0.8
!
- Bug fix to make(1).
- Speed up top-level tree Makefiles by doing exec for subshells in new directories.
- Artful fiddling of the kernel pipe stat code.
!
- No need for setgid kmem on iostat(8) anymore.
!
- Add more sysctl(3) support in the kernel.
- Make the alpha floppies fit again...
!
- Make hifn(4) use bus_dma(9). Now works on the alpha.
!
- Initial cut at userland hardware crypto(4) support.
!
- In ubsec(4), initial support for the Broadcom 5820.
- Honour ddb.console on sun3.
- On the pmax, fix a curproc misuse.
!
- In pcibios(4), deal with buggy BIOSs which incorrectly leave the router as 000:00:0.
- hp300 cleanup in progress...
!
- Solve a problem of Lilliputan proportions in powerpc isinf(3).
!
- Mickey goes mad and does a strlcpy(3) whack on src/bin.
!
- Unify rdsetroot and rd(4) support between almost all architectures.
- Man page cleanups galore.
!
- In hifn(4) attempt to support the Hifn 7951.
!
- Do stdout/stderr flushing in sshd(8) using non-blocking mode.
- Fix kerberosIV versioning link problem.
- Cleanup MAP_COPY flags in the tree.
- Use genassym.cf on alpha.
!
- Unify the rd(4) support.
!
- Update sysctl(8) and vmstat(8) to use the new interfaces.
!
- Make more data available via the sysctl(3) interface.
!
- Handle fastroute in the bridge(4).
- hp300 man page cleanup.
!
- Fix a resource leak in twe(4).
[Applied to stable]
! - Use madvise(2) option with MADV_FREE for malloc(3) 'h' flag.
!
- Support MADV_DONTNEED and MADV_FREE in madvise(2).
- Switch sparc to UVM and PMAP_NEW.
- Support HP425e.
!
- Refill txp(4) receive ring only when empty -- performance enhancement.
!
- Fix SSH2 -R support in ssh(1).
- More pmap/uvm interface changes.
!
- Correct signal handling in ping6(8).
!
- Implement screen blanker in wscons(4).
!
- Attempt to support hifn7951 in hifn(4).
!
- realloc(3) fixes to ipf(8).
- ipf 3.4.17
- Fix kernel extent code to be more careful about ranges.
- UVM support for mac68k.
!
- Change i386 in_cksum failure to a printf(9), instead of a panic(9).
[Applied to stable]
! - In txp(4), add support for hardware vlan(4).
!
- Fix a bug in make(1) exposed by the recent jumbo patch.
!
- Fix ti(4) to handle vlan(4) properly.
- vsunlock fixes to UVM.
!
- Signal ignore bug fix to ssh(1).
- Kill i386 VM & pmap_old support.
!
- Fix process priority bug in atrun(8).
!
- Enable vlan(4) by default in GENERIC kernels.
!
- Fix pread(3), preadv(3), pwrite(3), and pwritev(3) on big endian architectures.
!
- In sendmail(8), use FAST_PID_RECYCLE.
- Remove excess (vaddr_t) casts.
- Get rid of CLSIZE and friends.
!
- Increase strlcpy(3) in parts of the tree.
!
- Some minor changes to isakmpd(8).
- Cleanup M_* malloc types in the kernel.
- UVM for the hp300.
!
- Numerous cleanups to sup(1).
!
- In systat(8), handle kvm_nlist(3) failing.
!
- Fix a channel race in sshd(8).
!
- Document that nc(1) no longer has a -e option.
!
- Fix localhost handling bug in httpd(8).
!
- Jumbo patch to make(1) that has been brewing for a while.
!
- Various improvements to mg(1).
- Big USB code update.
!
- Fix a signed vs unsigned error in the gm(4) Ethernet driver.
!
- In wump(6), improve our cave topology algorithm. Don't ask.
!
- Force -h to override the BLOCKSIZE environment in du(1).
!
- Substantial updates to sup(1).
!
- Fix a register save/restore bug in clcs(4) so that suspend/resume works better.
!
- Allow the right CTRL+ALT keys to work as the left ones do in wskbd(4).
!
- Continue to hack our new txp(4) driver into shape.
!
- In ifconfig(8), implement support for removing tunnel outer IP address pair.
!
- Revert a buggy optimization in tsort(1).
!
- Use pread(2) in nlist(3) instead of abusing lseek(2) with read(2).
- Remove cruft leftover from the old PCVT console driver.
!
- Fix filename tab-completion in mg(1).
!
- Convert some more drivers to the new timeout(9) interface.
- Whack dtom() in the kernel. Fo'get about it.
!
- Avoid a NULL pointer dereference in faithd(8).
!
- Various reset and delay fixes in wdc(4) to help certain ATAPI devices.
!
- Deal with suspend/resume more cleanly in pccbb(4).
!
- Better hints handling and memory allocation in tsort(1).
- Correct an error condition in /etc/ksh.kshrc.
!
- Add a koi8-r keyboard layout for wskbd(4).
- Allow interoperability between OpenSSH and older ssh-2.0.x variants with weaker key generation.
!
- Instrument improved locking and rework SCSI a bit in ami(4).
!
- Cleanups to ancontrol(8).
!
- Add a -b option to ssh(1), similar to telnet(1)'s equivalent.
!
- Fix a memory handling bug in telnet(1).
!
- Use pool(9) interface for the VFS cache.
- Improve OpenSSH interoperability with ssh.com-2.0.x clients.
- In the mvme88k port, replace resource maps with extents.
!
- Numerous fixes and updates to sup(1).