=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/plus30.html,v retrieving revision 1.47 retrieving revision 1.48 diff -c -r1.47 -r1.48 *** www/plus30.html 2016/03/21 05:46:20 1.47 --- www/plus30.html 2016/03/22 10:54:42 1.48 *************** *** 78,606 ****

In pf(4), block packets that have IP options set by default. !
Disable fd(4) sharing. !
Repair a umask(2) in pflogd(8). !
Fiddle with channel handling in ssh(8) and ssh(1). !
Add interface name to address translation to pfctl(8). !
Avoid /tmp races in cvs(1) by utilizing mktemp(1). !
Handle illegal whois(1) server output that lacks a trailing newline. !
Bring in FM radio(9) driver support; configuration through radioctl(1).
Work around buggy HTTP servers that need the Host: field to only contain the port number. !
Use bpf_timeval instead of timeval in pcap(3), isakmpd(8), bpf(4), and tcpdump(8), improving portability. !
Fix a network/host order bug in pf(4) that broke state searching on icmp(4) packets with the DF flag set. !
New ssh(1) configuration option NoHostAuthenticationForLocalhost. !
Import a new rmd160(1) implementation. !
Upgrade to sendmail(8) 8.12.1, fixing a potential local security hole. !
New -t and -d flags for mktemp(1) to account for the TMPDIR environment variable. !
Add a -l flag to mtree(8) to do loose permissions checks. !
Report error when the -N and -R flags of pfctl(8) can't open the specified file. !
Have rcp(1) and scp(1) skip filenames containing newlines.
Big install documentation overhaul. !
Support selectable preset FSM optimizations in pf(4).
Lots of RAIDFrame work. !
Filter forwarded ip6(4) packets with pf(4). !
Upgrade cvs(1). !
New pidfile(3) call to write a daemon PID file. !
Read user configuration first in ssh(1). !
Allow macro names to contain underscores in pf.conf(5). !
Overhaul /tmp handling in gzip(1). !
Improve string handling in rwho(1). !
Fix handling of icmp(4) packets in pf(4). !
Plug memory leak in ssh(1)'s compression. !
Connect usb(4) keyboards to the display after attach. !
Correctly free mbuf when dropping a packet in the ip6(4) subsystem. !
Default to 9600 baud in cu(1). !
Many repairs to getcap(3), including an off-by-one malloc(3) error and a buffer overflow. !
Import a new grep(1). !
Update popa3d(8) to 0.4.9.4, adding support for selectable stand-alone or inetd use and tcpd(8). !
Start pflogd(8) differently so it doesn't block NFS in diskless situations. !
Avoid a memory leak in uvm(9). !
Remove signal race from rpc.rstatd(8). !
Re-order shlib_dirs in rc(8), prioritizing X11R6/lib over local/lib. !
Speedup m4(1) by using inlines for common operations. !
Cleanup the set of user(8) tools.
Implement a buffer flushing daemon, solving problems related to the syncer and improving performance with large numbers of buffers. !
Remove buggy STATIC memory optimization from m4(1). !
Have vi(1) abort if it can't create a temporary file.
Improve cross building support. !
Repair some buffer handling in mail(1).
Add many more length checks when passing data from userland to kernel. !
In pf(4), don't ignore the inner protocol of ip(4) icmp(4) packets, thus unbreaking traceroute(8), etc. !
Support insecure1 and insecure2 options in resolv.conf(5). !
SECURITY FIX: be careful with long commandline options in uuxqt and run uucp as non-root in daily.
A source code patch is available.
[Applied to stable] !
Replace ru_SU with ru_RU in vi(1). !
Import sendmail(8) 8.12.0, requiring a new smmsp user and group. !
Mark buffers with dependencies as B_DEFERRED and skip them one time when doing sync(2).
Banish uucp to the ports tree. !
Upgrade awk(1). !
Cleanup adduser(8); clean up variables, clear hashes correctly, unlock ptmp before closing, etc. !
Support 1:1 bi-directional Network Address Translation in pf(4). !
proxy user required for ftp-proxy(8). !
Add a stereo jitter suppressor to the maestro(4) audio driver. !
Fix erroneous select(2) FD_SETSIZE uses. !
Repair wall(1)'s -g flag. !
pckbd(4) supports Ukranian keyboard layouts. !
Better Russian calendar(1) support. !
Implement skip steps and parameter lists for interfaces in pf(4). !
Update username length limit in rmuser(8).
New src compilation target: cross-env; prints all environment variables that need to be set for cross-building. !
Import usbhidctl(1), a userland program to manipulate USB HID devices. !
Import usb(3) library libusb for USB HID processing.
Rename powerpc port to macppc, allowing for code sharing between different powerpc-based platforms. !
Inherit vlan(4) baudrate from parent. !
Various lpd(8) improvements and fixes. !
SECURITY FIX: fix buffer overflow reading queue file in lpd.
A source code patch is available.
[Applied to stable] !
Plug memory leak in scp(1) and rcp(1). !
Avoid segfault in dhclient(8) when the server specifies its name. !
Support the ! operator in host parameter lists in pfctl(8). !
Send a reset request for every packet received by ppp(8) when the encryption dictionaries are out of sync. !
Make pf(4) support ISN randomization (aka. phase modulation).
Store argc as a long on the stack as opposed to an int.
Switch rijndael code to the optimized AES reference release. !
Have isakmpd(8) send DELETE notifications for all active SAs when shutting down. !
In sudo(8), apply default login class if unable to look one up. !
Support macro expansion in pf.conf(5).
Work some magic on the installation scripts for floppies, shrinking them. !
Correct the setup of the initial tcp(4) state window in pf(4). !
Import pflogd(8), logging daemon that writes pf(4) logs in tcpdump(8) binary format. !
SECURITY FIX: fix out of bounds handling in sendmail debug handling
A source code patch is available.
[Applied to stable] !
Repair ppp(8)'s iface-alias option. !
Fix rule flushing code in bridge(4) devices. !
Support ip6(4) in ppp(8); crude IPV6CP support; many other smaller changes. !
Enhance file-change detection in vipw(8) and crontab(1). !
Add per-rule statistics and byte counter to pf(4). !
Don't reset xl(1)'s Rx/Tx without first turning them back on after a suspend. !
Support parameter lists in pfctl(8). !
Be sure to pass the interface to ipip_input() in the net subsystem so it can be used in bpf(4). !
Import ftp-proxy(8), a transparent ftp proxy. !
Loosen tcp(4) state code in pf(4), allowing "stupid stacks to shotgun their SYNs and provide better handling for pre-existing connections".
Initial import of sparc64 port; much subsequent development, too much to list. !
Add the possibility to add a random offset to the stack on exec(3). !
Make the siop(4) driver pay attention to quirks table, eliminating INQUIRY snooping and ifdef toggling. !
New -s switch for pwd_mkdb(8) to only update the secure .db file. !
-e switch for nm(1) to show extra symbol information.
Delay locking the passwd file until we have gotten a new password from the user. Also play with the file locking routine. !
Attempt to recover from PCI aborts in the hifn(4) driver. !
Import keyconv, a small utility to convert between openssl(1) and DNSSEC key formats. !
Support trusted public RSA keys as files in isakmpd(8).
Fix lengths for PFKEYv2 and KAME messages in IPv4-in-IPv6 and IPv6-in-IPv4 flows. !
Import popa3d(8), Solar Designer's POP3 daemon.
The valiant vm_extern.h, vm_inherit.h, vm_map.h, and vm_pager.h files ride off into the sunset. !
pf(4) support for icmp(4) errors referring to icmp(4) queries/replies. !
Allow file flags in mtree(8). !
Don't compare the source address on packets to the one in SA when doing ipsec(4) processing.
Repair rijndael block alignment. !
Unshare sigaction(2) signal handlers on exec(3). !
Merge altq(9) options into just "altq" for base + red + cbq, and enable it by default. !
Support the -h flag for ln(1) that prevents following a symlink to a directory.
Many new timeouts for a wide variety of devices.
Remove the IPCOMP option as it's now part of the IPSEC option. !
Rewrite signal(3) handlers in altqd(8) to be race-safe. !
Add support for RC4 operations in the hifn(4) driver. !
Don't free(3) unallocated memory in mailwrapper(8). !
Change tsleep(9) into an ltsleep wrapper. ltsleep takes one more argument than tsleep(9), a simplelock that it unlocks when safe.
Let kerberosV compile entirely on platforms without shared libraries. !
Avoid /tmp race in rcs2log by using mktemp(1). !
Tweak timekeeping code in dd(1) to produce a sane bandwidth measure for a short runs. !
Enable the ESP and AH ipsec(4) protocols by default. !
Make kernel crash(8) dumps work under mvme68k.
No longer drop packets when using an ACQUIRE policy and an error occurs when notifying key management. !
New getrrsetbyname(3) function to retrieve arbitrary DNS records. !
Support protocol version 2 in ssh-keyscan(1). !
Move xdm(1)'s PID file from xdm-pid to xdm.pid in /var/run, maintaining consistancy. !
Delay decision to make a new hash(3) table or not until after calling open(2), clearing up problems with file locking. !
vlan(4) changes: utilize IFCAP_VLAN_MTU and IFCAP_VLAN_HWTAGGING capabilities; LINK0 and MTU ambiguity are no more; MTU's can only be changed within the scope of the parent's MTU. !
Repair non-blocking mode issues in syslogd(8), avoiding grief with locked terminals.
Make all cases of .Sh AUTHOR and .Sh EXAMPLE plural in manual pages. !
New sysctl(3) nkmempages that reports how many pages are in kmem_map. !
Support stateless tcp(4) normalization in pf(4). !
Import x99token(1), a software x99 token calculator. !
Add support for EDNS0 extended flag DNSSEC OK to the resolver(3) routines. !
Don't send a NUL on the end of CHAP SUCCESS packets in ppp(8) so that WindowsME and Windows98 won't mysteriously fail when encryption is enabled. !
Allocate uvm(9) page buckets from kernel_map, saving kmem_map space on machines with lots of physical memory. !
In ppp(8), compensate for a Windows 98 bug when sending a CHAP81 challenge response. !
Support the SmartcardDevice option in ssh(1) to specify which smartcard device to use.
Step down only one Ultra DMA mode at a time when downgrading.
On DMA timeouts, stop busmaster PCIIDE and reset channel. !
Don't malloc(3) too much and choke in ELF execution. !
Support rule skipping in pf(4). !
Allow negative lock length with lockf(3), making it compliant to specification. !
In top(1), abort if stdout(4) ever produces EOF; prevents spinning output if controlling tty disappears. !
Implement startup and shutdown hooks via dohooks(9) and family.
SECURITY FIX: check filehandle size copied from userland
A source code patch is available.
[Applied to stable]
Nuke edlabel. !
Add support for disabling swap devices via swapctl(8)'s -d option. !
Support sshd(8) configuration file and key testing via the -t option.
Change vop_symlink and vop_mknod so that they return the created node in a way that the caller can actually utilize it. !
Use vfork(2) safely in sup(1).
New flag PMAP_CANFAIL that tells pmap_enter that it can fail if there aren't enough resources instead of panicing. !
Make non-stateful and stateful pf(4) filtering work on bridge(4) devices.
Initialize arpcom later; it could be incorrectly initialized if done before bridge_input(). !
Enable challenge-response authentication by default in ssh(1). !
Fix/complete pf(4) binary operators. !
Repair signal race in m4(1). !
Ensure make(1) doesn't dump core when reporting open conditionals.
Promote PMAP_NEW option to mandatory status.
In the netinet subsystem, zero the TCP checksum field before calculating the new value; fixes problem with bad checksums on keepalives. !
Use 64-bit integers for some ipcomp byte counts, fixing strange results with netstat(1). !
Support Addonics FlexPort 8S via addcom(4). !
Ignore O_TRUNC on open(2) when not opening a regular file.
On ext2fs, ffs, and ufs partitions, don't truncate anything except for symlinks, directories, and regular files.
Repair kern_msgbuf under sparc. !
Support DEC EtherWorks cards via lc(4).
Bring na.phone up to date. !
The iha(4) driver wasn't able to update the EEPROM, so don't even bother. !
Rework ata and wdc(4) probing code; deal better with floating buses and supress spurious interrupts.
Plug memory leak in pw_copy() found in libutil.
Put Kerberos 5 things in libkrb5, out of libkafs. !
Allow sshd(8) to be compatible in all 4 combinations of Kerberos 4 and Kerberos 5 settings. !
When ssh(1) is reading a password, don't panic if fork(2) or pipe(2) fail; just return an empty password. !
Sync rtsold(8) to latest KAME, fixing a memory leak and a timer value. !
Change quad types on alpha to "long long" as opposed to "long", allowing printf(3)'s "%lld" format to be used without a bogus cast. !
In the iha(4) driver, allow sync to be negotiated even if wide is not. !
Modify nv(4) XFree86(1) driver as to avoid the dimming text mode problem.
Add a BSD authentication module for radius authentication. !
Make sure that ld(1) references all aliases to avoid them being only partially resolved. !
Ensure ppp(8) calculates the number of key changes correctly.
Repair the NFS server's request tracking during write-gathering, thus avoiding client hangs. !
Use login.conf(5) for passwd(1) variables as opposed to passwd.conf(5). !
Yank PF_ENCAP support out of isakmpd(8). !
Fix-up multicast settings in netstart(8).
Bump MSIZE up to 256. !
IP/TCP/UDP hardware checksumming for nge(4); limited by MTU. !
Avoid segmentation fault when mg(1) can't read an init file. !
Support for ipcomp(4); disabled by default.
Show kern_fthread to the door. !
Userland iopctl(8) control utility for iop(4). !
In passwd(1), lock the passwd(5) file after having gotten a new password from the user; also change the actual locking procedure.
Support for /etc/wsconsctl.conf. !
Handle descriptors 0, 1, or 2 being closed when ppp(8) is invoked. !
Reduce MTU by 2 after MPPE has been negotiated in ppp(8). !
Merge pdksh patch into ksh(1), fixing some problems with propagated return values in multi-command lines. !
Utilize the welcome variable from login.conf(5), in ftpd(8), instead of hard-coding /etc/motd. !
Discipline the audio(4) device so it gets along with revoke(2).
Repair NFS-related problem with diskless clients by getting the root filehandle via nfs_root. !
Add support for screen switching to wsconsctl(8). !
Change wsconsctl(8)'s interface to be more sysctl(8)-like.
Shuffle around maxlen setting inside the net subsystem to avoid potential problems. !
Make icmp(4) error checking saner. !
Initial ip6(9) support for isakmpd(8). !
Packet normalization support for pf(4). !
Userland sectok(1) control program.
Repair kern_fork brain-damage. !
uvm(9) and MNN are no longer optional. !
Import altq(9): alternate queuing support.
Poof! The old vm disappears.
No more M_COPY_* macros; use M_MOVE_* or M_DUP_*. !
Add dmesg(8), wicontrol(8), and ancontrol(8) to powerpc's ramdisk.
New mvmeppc port. !
Many mvme68k improvements including: switching to uvm(9), repairing system trace, cleanup of locore.s, KNF, etc. !
pciide(4) support for powerpc. !
Change icmp6(4) packet header length computation so it works with both 4.4BSD's M_COPY_PKTHDR and OpenBSD 2.9+'s M_COPY_PKTHDR. !
Implement getpeereid(2), allowing local-domain servers to determine client credentials. !
Support generic BSD authentication in xdm(1). !
Disable usb(4) on alpha by default.
Kerberos v5 support for SSH1. !
Hardware RNG support in lofn(4). !
Smartcard support in ssh-agent(1) and ssh(1).
Large -Wall/-Werror/-W... ongoing cleanup throughout tree.
Nuke mips port. !
Initial import of iop(4) (I2O) framework. !
Rewrite nc(1), adding ip6(4) support. !
In su(1), offload root instances for Kerberos to the auth program. !
Disable SMB decoding in tcpdump(8).
Enable audio on alpha by default. !
Endian fixes in the wi(4) driver.
Adios NQNFS.
Nuke the pmax port.
Don't perform TCP/UDP hardware checksumming when doing IP fragmentation.
Delayed checksum support in the netinet subsystem. !
Support setting the Ethernet address through ifconfig(8) for vr(4) cards. !
Bypass ipsec(4) for all dhcp(8) traffic, avoiding potential problems with newly booted clients.
Modify timeouts for IP spd expirations. !
Internal fiddling of nfsd(8)'s handling of its root vnode. !
Import pf(4), an ipf-compatible packet filter.
Avoid panics under i386 if bus/dev/func numbers for PCI are not valid. !
New sysctl(3) KERN_POOLS to retrieve pool information from the kernel. !
Cleanup and update dhcp(8) to 2.0pl5. !
Utilize readpassphrase(3) in ssh(1).
Allow access to /dev/pci. !
Repair multiple key handling in wicontrol(8).
New ether_input_mbuf to ease transition from ether_header in ether_input; drivers will migrate to this.
Wave goodbye to kernfs. !
Replace existing telnetd(8) with the one from heimdal-0.3f. !
Assorted modifications to uvm(9).
RELIABILITY FIX: link XF86Setup against the right version of libXxf86vm.a.
Fix the problem of corrupted XF86Config file produced by XF86Setup.
A source code patch is available.
[Applied to stable] !
Avoid a pidfile/sigterm race in sshd(8).
Merge the system's crypto.h into crptodev.h, avoiding name conflicts with OpenSSL. !
Various pool(9) improvements including a new pool_cache() function and cleaner locking.
Spelling audit throughout the manual pages. !
Try to have ssh-keygen(1) decode ssh-3.0.0 private RSA keys. !
New mg(1) feature: M-x theo.
Support PCI bus configuration from userland.
Add TCP, UDP, and IPv4 hardware checksum processing, excluding outbound TCP/UDP. !
Internal shuffling of vnode(9) operations in some filesystems. !
Disable interrupts in the wi(4) driver before mapping and establishing the interrupt, thereby avoiding a race condition.
MI loadfile support; currently only used on powerpc. !
Obsolete *known_hosts2 in ssh(1). !
Some hifn(4) fixes, largely related to descriptor lengths. !
Don't let ssh(1) overwrite argv. !
Shrink dmesg(8). !
Merge authorized_keys2 into authorized_keys in ssh(1). !
Provide a sysctl(3) interface to msgbuf; handy for dmesg(8), allowing it to run without setgid.
Upgrade to heimdal-0.3f. !
Use moduli(5) instead of the deprecated primes. !
Add RNG support in hifn(4) for the 7951. !
In isakmpd(8), fallback to stat(2) when readdir(3) doesn't return d_type.
Apply KNF to many kernel sources. !
Don't forward ip6(4) packets back into point-to-point link if the packet's destination address matches said p2p link's interface.
Lots of manual page cleanups.
Upgrade to openssl-engine-0.9.6a. !
Many fixes in the kernel's lockf(3) code including avoiding livelocks on ptrace-related scenarios. !
Modify file locking routine in the skey(3) library, preventing a race condition, plus other modifications; integrate. !
Document physio(9). !
More variables in login.conf(5): login-timeout, login-tries, and login-backoff. !
Improve ppp(8): handle hardware-imposed MTU/MRU limitations; support stateful MPPE (Microsoft encryption). !
Repair vi(1) to avoid spinouts when creating temporary files. !
Make ftp(1) use binary for transfers as opposed to ascii. !
Merge passwd.conf(5) into login.conf(5) and add passwordtime and minpasswordlen variables.
Move microcode includes around to avoid erroneously installing them, among other reasons.
Overhaul some kern_exec internals, cleaning up the setuid/setgid-checking code. !
Adapt skeyinfo(1) to use BSD authentication and removal of the suid root bit.
Improve powerpc's awacs driver; many interrupt fixes. !
Allow the use of ^T in passphrases read by readpassphrase(3). !
SECURITY FIX: avoid race in execve(2) when checking flags for ptrace(2).
A source code patch is available.
[Applied to stable]
Update if_lastchange when IFF_UP is changed instead of on every packet transmission and receipt.
VM renovations on mvme88k. !
Use va_start(3) and va_end(3) for every call to vfprintf(3) and associates. !
Replace commonly used static lists with persistent growable arrays in make(1). !
Have slstats(8) use an ioctl(2) so it doesn't need to be setgid.
Ensure *chi doesn't receive interrupts before being initialized.
Let pci_mapreg_map() take an extra argument to limit the size of the PCI region to map so we can still work with things publishing too much PCI memory. !
Use lpd_flags in rc(8), allowing flags to be passed to lpd(8).
Support EDNS0 (RFC2671) buffer size notification for DNS queries.
Upgrade to binutils 2.10.1.
Protect include files in /usr/include/net against multiple inclusion.
Fix unmapped interrupt problems on some VIA-based boards. !
New options, improvements, and fixes for wicontrol(8).
Palm support in libsectok. !
Rewrite ldd(1). !
RELIABILITY FIX: use correct db(3) pointers in pwd_mkdb(8), and don't star out empty passwords
A source code patch is available.
[Applied to stable] !
Assorted ppp(8) alterations. !
Correct initialization of the policy_id field for SA structures in isakmpd(8). !
PCI shim for wi(4). !
Repair preservation option in cp(1). !
Allow the number of gre(4) devices to be changed in boot_config(8). !
rc(8) no longer starts netatalk -- if installed -- by default. !
RELIABILITY FIX: compute length correctly on certificates in isakmpd(8).
A source code patch is available.
[Applied to stable] !
Ensure kqueue(2) works on ext2fs(8).
More pipe fiddling. !
Enforce Remote-ID specified in Phase 1 peer section in isakmpd(8).
Ongoing license audit and copyright notice cleanup.
Extend pfkeyv2's RFC2367 compliance and fix backward compatibility problems.
Adjust routing socket message to the right size. !
Switch UID when sshd(8) cleans up temporary files and sockets. !
Speed up arc4random(3) in some net subsystems.
Upgrade to XFree86 4.1.0.
Use default hoplimit when icmp6_error doesn't know about the incoming interface. !
Create sysctl(3) parameters for ccpu, diskstats, fscale, nprocs, and physmem. !
New md5(1) implementation with a BSD copyright and other improvements; includes regression test. !
Improve swapctl(8). !
Don't allow packets that need IPsec(4) processing to be bridge-broadcast. !
Expand handling of X509 and KeyNote certificates in isakmpd(8). !
Fix some tcp(4) behaviour with connections in the CLOSING state. !
Some ld.so(1) renovations. !
Repair kqueue(2) related panic. !
SECURITY FIX: verify location when using fts(3) to pop up directories.
A source code patch is available.
[Applied to stable]
Update root device selection routines for sun3. !
Miscellaneous fxp(4) improvements. !
Remove ipf(4) from the tree. !
Remove pcvt(4) from the tree. !
Add BSD authentication support to userland programs; authorization defaults in login.conf(5). !
SECURITY FIX: Update to sendmail(8) 8.11.4 which addresses signal race conditions.
A source code patch is available.
[Applied to stable]
Hardware clock support on powerpc. !
Fix directory state tracking in fsck(8). !
New BIOCGHDRCMPLT and BIOCSHDRCMPLT ioctls for bpf(4) to disable overwriting of the link-level source address.
Support interface capabilities.
Repair cluster_rbuild() in vfs_cluster. !
Twiddle with the atapiscsi(4) driver. !
fxp(4) bug fixes. !
Bring back the old (no ECONNABORTED) accept(2) behaviour for Unix domain sockets. !
Support Heimdal's Kerberos 5. !
Upgrade to Perl 5.6.1. !
Allow arbitrary atime/mtime setting on ext2fs(8) volumes. !
Fix lookup code in procfs(8). !
Many assorted mg(1) fixes and improvements. !
Clean up and shrink make(1). !
Various improvements to the ubsec(4) driver. !
Fix panics in the ep(4) driver by initializing packet tags.
New PCMCIA products from NetBSD.
Utilize packet tags in the net subsystems. !
Diversify time parameter parsing in sshd(8). !
Better keyboard-interactive support for ssh(1). !
Convert lseek(2) read(2)/write(2) to pread(2)/pwrite(2) in kvm(3).
Import libsectok, used for ISO 7816 smart cards and iButtons.
Tweak delays in the i82365 PCMCIA controller driver to avoid momentary freezes. !
Improve rate support in auich(4). !
Make vax use wscons(4) and enable the smg framebuffer. !
More select(2) fixes in ssh(1). !
Fix X11 client bug in ssh(1).
PMAP_NEW support on the vax and hp300.
Create COMPAT_23 and COMPAT_25 options. !
In vr(4), handle suspend mode better on the VT6102. !
Do not check return values for malloc(9) calls with M_WAIT or M_WAITOK.
New option: SMALL_KERNEL, subtly changes some kernel semantics to change the kernel size significantly. Use *only* for boot floppies.
Change ip_sum semantics in ip_output(). !
Compress ac97(4) vendor tables. !
ac97(4) now knows about rev 2.2.
Squish compatopts to a more sensible set, killing COMPAT_09, COMPAT_10, COMPAT_11.
Shrink the alpha boot blocks a bit.
We no longer support ECOFF kernel loading in the alpha boot block. !
Teach ac97(4) about more CODEC models. !
At boot time, swapon(8) before fsck(8) is run. !
Fix fts(3) to handle very long paths. !
Repair various signal handler bugs in pppd(8). !
Handle memory allocation failures in fsck_ffs(8) and fsck_ext2fs(8) better. !
Fix a recently introduced bug in supfilsrv(8). !
Correct acceptance of ARP packets coming in on non-IP bridge(4) interfaces.
[Applied to stable] !
txp(4) now works on the alpha. !
More fixes to make(1). !
Check a calloc(3) in fsck_ffs(8).
Add a temporary DTYPE_CRYPTO until device cloning support shows up.
Fixes to fdescfs. !
busdma changes to txp(4), preparing for the alpha. !
Split wi(4) into bus dependent and independent parts.
On hp300, splhigh() in cpu_exit().
Misc cleanup of the shared m68k codebase. !
More bus_dmamap_sync(9) in hifn(4). !
Initial non-working alpha ld.so(1) support. !
Support newer versions of the lmc(4) cards. !
Kill a debug message in ubsec(4). !
Add swiss german keyboard layout to wscons(4).
Smoke out the OLD_PIPE code.
krb4-1.0.8 !
Bug fix to make(1).
Speed up top-level tree Makefiles by doing exec for subshells in new directories.
Artful fiddling of the kernel pipe stat code. !
No need for setgid kmem on iostat(8) anymore. !
Add more sysctl(3) support in the kernel.
Make the alpha floppies fit again... !
Make hifn(4) use bus_dma(9). Now works on the alpha. !
Initial cut at userland hardware crypto(4) support. !
In ubsec(4), initial support for the Broadcom 5820.
Honour ddb.console on sun3.
On the pmax, fix a curproc misuse. !
In pcibios(4), deal with buggy BIOSs which incorrectly leave the router as 000:00:0.
hp300 cleanup in progress... !
Solve a problem of Lilliputan proportions in powerpc isinf(3). !
Mickey goes mad and does a strlcpy(3) whack on src/bin. !
Unify rdsetroot and rd(4) support between almost all architectures.
Man page cleanups galore. !
In hifn(4) attempt to support the Hifn 7951. !
Do stdout/stderr flushing in sshd(8) using non-blocking mode.
Fix kerberosIV versioning link problem.
Cleanup MAP_COPY flags in the tree.
Use genassym.cf on alpha. !
Unify the rd(4) support. !
Update sysctl(8) and vmstat(8) to use the new interfaces. !
Make more data available via the sysctl(3) interface. !
Handle fastroute in the bridge(4).
hp300 man page cleanup. !
Fix a resource leak in twe(4).
[Applied to stable] !
Use madvise(2) option with MADV_FREE for malloc(3) 'h' flag. !
Support MADV_DONTNEED and MADV_FREE in madvise(2).
Switch sparc to UVM and PMAP_NEW.
Support HP425e. !
Refill txp(4) receive ring only when empty -- performance enhancement. !
Fix SSH2 -R support in ssh(1).
More pmap/uvm interface changes. !
Correct signal handling in ping6(8). !
Implement screen blanker in wscons(4). !
Attempt to support hifn7951 in hifn(4). !
realloc(3) fixes to ipf(8).
ipf 3.4.17
Fix kernel extent code to be more careful about ranges.
UVM support for mac68k. !
Change i386 in_cksum failure to a printf(9), instead of a panic(9).
[Applied to stable] !
In txp(4), add support for hardware vlan(4). !
Fix a bug in make(1) exposed by the recent jumbo patch. !
Fix ti(4) to handle vlan(4) properly.
vsunlock fixes to UVM. !
Signal ignore bug fix to ssh(1).
Kill i386 VM & pmap_old support. !
Fix process priority bug in atrun(8). !
Enable vlan(4) by default in GENERIC kernels. !
Fix pread(3), preadv(3), pwrite(3), and pwritev(3) on big endian architectures. !
In sendmail(8), use FAST_PID_RECYCLE.
Remove excess (vaddr_t) casts.
Get rid of CLSIZE and friends. !
Increase strlcpy(3) in parts of the tree. !
Some minor changes to isakmpd(8).
Cleanup M_* malloc types in the kernel.
UVM for the hp300. !
Numerous cleanups to sup(1). !
In systat(8), handle kvm_nlist(3) failing. !
Fix a channel race in sshd(8). !
Document that nc(1) no longer has a -e option. !
Fix localhost handling bug in httpd(8). !
Jumbo patch to make(1) that has been brewing for a while. !
Various improvements to mg(1).
Big USB code update. !
Fix a signed vs unsigned error in the gm(4) Ethernet driver. !
In wump(6), improve our cave topology algorithm. Don't ask. !
Force -h to override the BLOCKSIZE environment in du(1). !
Substantial updates to sup(1). !
Fix a register save/restore bug in clcs(4) so that suspend/resume works better. !
Allow the right CTRL+ALT keys to work as the left ones do in wskbd(4). !
Continue to hack our new txp(4) driver into shape. !
In ifconfig(8), implement support for removing tunnel outer IP address pair. !
Revert a buggy optimization in tsort(1). !
Use pread(2) in nlist(3) instead of abusing lseek(2) with read(2).
Remove cruft leftover from the old PCVT console driver. !
Fix filename tab-completion in mg(1). !
Convert some more drivers to the new timeout(9) interface.
Whack dtom() in the kernel. Fo'get about it. !
Avoid a NULL pointer dereference in faithd(8). !
Various reset and delay fixes in wdc(4) to help certain ATAPI devices. !
Deal with suspend/resume more cleanly in pccbb(4). !
Better hints handling and memory allocation in tsort(1).
Correct an error condition in /etc/ksh.kshrc. !
Add a koi8-r keyboard layout for wskbd(4).
Allow interoperability between OpenSSH and older ssh-2.0.x variants with weaker key generation. !
Instrument improved locking and rework SCSI a bit in ami(4). !
Cleanups to ancontrol(8). !
Add a -b option to ssh(1), similar to telnet(1)'s equivalent. !
Fix a memory handling bug in telnet(1). !
Use pool(9) interface for the VFS cache.
Improve OpenSSH interoperability with ssh.com-2.0.x clients.
In the mvme88k port, replace resource maps with extents. !
Numerous fixes and updates to sup(1).

--- 78,606 ----

In pf(4), block packets that have IP options set by default. !
Disable fd(4) sharing. !
Repair a umask(2) in pflogd(8). !
Fiddle with channel handling in ssh(8) and ssh(1). !
Add interface name to address translation to pfctl(8). !
Avoid /tmp races in cvs(1) by utilizing mktemp(1). !
Handle illegal whois(1) server output that lacks a trailing newline. !
Bring in FM radio(9) driver support; configuration through radioctl(1).
Work around buggy HTTP servers that need the Host: field to only contain the port number. !
Use bpf_timeval instead of timeval in pcap(3), isakmpd(8), bpf(4), and tcpdump(8), improving portability. !
Fix a network/host order bug in pf(4) that broke state searching on icmp(4) packets with the DF flag set. !
New ssh(1) configuration option NoHostAuthenticationForLocalhost. !
Import a new rmd160(1) implementation. !
Upgrade to sendmail(8) 8.12.1, fixing a potential local security hole. !
New -t and -d flags for mktemp(1) to account for the TMPDIR environment variable. !
Add a -l flag to mtree(8) to do loose permissions checks. !
Report error when the -N and -R flags of pfctl(8) can't open the specified file. !
Have rcp(1) and scp(1) skip filenames containing newlines.
Big install documentation overhaul. !
Support selectable preset FSM optimizations in pf(4).
Lots of RAIDFrame work. !
Filter forwarded ip6(4) packets with pf(4). !
Upgrade cvs(1). !
New pidfile(3) call to write a daemon PID file. !
Read user configuration first in ssh(1). !
Allow macro names to contain underscores in pf.conf(5). !
Overhaul /tmp handling in gzip(1). !
Improve string handling in rwho(1). !
Fix handling of icmp(4) packets in pf(4). !
Plug memory leak in ssh(1)'s compression. !
Connect usb(4) keyboards to the display after attach. !
Correctly free mbuf when dropping a packet in the ip6(4) subsystem. !
Default to 9600 baud in cu(1). !
Many repairs to getcap(3), including an off-by-one malloc(3) error and a buffer overflow. !
Import a new grep(1). !
Update popa3d(8) to 0.4.9.4, adding support for selectable stand-alone or inetd use and tcpd(8). !
Start pflogd(8) differently so it doesn't block NFS in diskless situations. !
Avoid a memory leak in uvm(9). !
Remove signal race from rpc.rstatd(8). !
Re-order shlib_dirs in rc(8), prioritizing X11R6/lib over local/lib. !
Speedup m4(1) by using inlines for common operations. !
Cleanup the set of user(8) tools.
Implement a buffer flushing daemon, solving problems related to the syncer and improving performance with large numbers of buffers. !
Remove buggy STATIC memory optimization from m4(1). !
Have vi(1) abort if it can't create a temporary file.
Improve cross building support. !
Repair some buffer handling in mail(1).
Add many more length checks when passing data from userland to kernel. !
In pf(4), don't ignore the inner protocol of ip(4) icmp(4) packets, thus unbreaking traceroute(8), etc. !
Support insecure1 and insecure2 options in resolv.conf(5). !
SECURITY FIX: be careful with long commandline options in uuxqt and run uucp as non-root in daily.
A source code patch is available.
[Applied to stable] !
Replace ru_SU with ru_RU in vi(1). !
Import sendmail(8) 8.12.0, requiring a new smmsp user and group. !
Mark buffers with dependencies as B_DEFERRED and skip them one time when doing sync(2).
Banish uucp to the ports tree. !
Upgrade awk(1). !
Cleanup adduser(8); clean up variables, clear hashes correctly, unlock ptmp before closing, etc. !
Support 1:1 bi-directional Network Address Translation in pf(4). !
proxy user required for ftp-proxy(8). !
Add a stereo jitter suppressor to the maestro(4) audio driver. !
Fix erroneous select(2) FD_SETSIZE uses. !
Repair wall(1)'s -g flag. !
pckbd(4) supports Ukranian keyboard layouts. !
Better Russian calendar(1) support. !
Implement skip steps and parameter lists for interfaces in pf(4). !
Update username length limit in rmuser(8).
New src compilation target: cross-env; prints all environment variables that need to be set for cross-building. !
Import usbhidctl(1), a userland program to manipulate USB HID devices. !
Import usb(3) library libusb for USB HID processing.
Rename powerpc port to macppc, allowing for code sharing between different powerpc-based platforms. !
Inherit vlan(4) baudrate from parent. !
Various lpd(8) improvements and fixes. !
SECURITY FIX: fix buffer overflow reading queue file in lpd.
A source code patch is available.
[Applied to stable] !
Plug memory leak in scp(1) and rcp(1). !
Avoid segfault in dhclient(8) when the server specifies its name. !
Support the ! operator in host parameter lists in pfctl(8). !
Send a reset request for every packet received by ppp(8) when the encryption dictionaries are out of sync. !
Make pf(4) support ISN randomization (aka. phase modulation).
Store argc as a long on the stack as opposed to an int.
Switch rijndael code to the optimized AES reference release. !
Have isakmpd(8) send DELETE notifications for all active SAs when shutting down. !
In sudo(8), apply default login class if unable to look one up. !
Support macro expansion in pf.conf(5).
Work some magic on the installation scripts for floppies, shrinking them. !
Correct the setup of the initial tcp(4) state window in pf(4). !
Import pflogd(8), logging daemon that writes pf(4) logs in tcpdump(8) binary format. !
SECURITY FIX: fix out of bounds handling in sendmail debug handling
A source code patch is available.
[Applied to stable] !
Repair ppp(8)'s iface-alias option. !
Fix rule flushing code in bridge(4) devices. !
Support ip6(4) in ppp(8); crude IPV6CP support; many other smaller changes. !
Enhance file-change detection in vipw(8) and crontab(1). !
Add per-rule statistics and byte counter to pf(4). !
Don't reset xl(1)'s Rx/Tx without first turning them back on after a suspend. !
Support parameter lists in pfctl(8). !
Be sure to pass the interface to ipip_input() in the net subsystem so it can be used in bpf(4). !
Import ftp-proxy(8), a transparent ftp proxy. !
Loosen tcp(4) state code in pf(4), allowing "stupid stacks to shotgun their SYNs and provide better handling for pre-existing connections".
Initial import of sparc64 port; much subsequent development, too much to list. !
Add the possibility to add a random offset to the stack on exec(3). !
Make the siop(4) driver pay attention to quirks table, eliminating INQUIRY snooping and ifdef toggling. !
New -s switch for pwd_mkdb(8) to only update the secure .db file. !
-e switch for nm(1) to show extra symbol information.
Delay locking the passwd file until we have gotten a new password from the user. Also play with the file locking routine. !
Attempt to recover from PCI aborts in the hifn(4) driver. !
Import keyconv, a small utility to convert between openssl(1) and DNSSEC key formats. !
Support trusted public RSA keys as files in isakmpd(8).
Fix lengths for PFKEYv2 and KAME messages in IPv4-in-IPv6 and IPv6-in-IPv4 flows. !
Import popa3d(8), Solar Designer's POP3 daemon.
The valiant vm_extern.h, vm_inherit.h, vm_map.h, and vm_pager.h files ride off into the sunset. !
pf(4) support for icmp(4) errors referring to icmp(4) queries/replies. !
Allow file flags in mtree(8). !
Don't compare the source address on packets to the one in SA when doing ipsec(4) processing.
Repair rijndael block alignment. !
Unshare sigaction(2) signal handlers on exec(3). !
Merge altq(9) options into just "altq" for base + red + cbq, and enable it by default. !
Support the -h flag for ln(1) that prevents following a symlink to a directory.
Many new timeouts for a wide variety of devices.
Remove the IPCOMP option as it's now part of the IPSEC option. !
Rewrite signal(3) handlers in altqd(8) to be race-safe. !
Add support for RC4 operations in the hifn(4) driver. !
Don't free(3) unallocated memory in mailwrapper(8). !
Change tsleep(9) into an ltsleep wrapper. ltsleep takes one more argument than tsleep(9), a simplelock that it unlocks when safe.
Let kerberosV compile entirely on platforms without shared libraries. !
Avoid /tmp race in rcs2log by using mktemp(1). !
Tweak timekeeping code in dd(1) to produce a sane bandwidth measure for a short runs. !
Enable the ESP and AH ipsec(4) protocols by default. !
Make kernel crash(8) dumps work under mvme68k.
No longer drop packets when using an ACQUIRE policy and an error occurs when notifying key management. !
New getrrsetbyname(3) function to retrieve arbitrary DNS records. !
Support protocol version 2 in ssh-keyscan(1). !
Move xdm(1)'s PID file from xdm-pid to xdm.pid in /var/run, maintaining consistancy. !
Delay decision to make a new hash(3) table or not until after calling open(2), clearing up problems with file locking. !
vlan(4) changes: utilize IFCAP_VLAN_MTU and IFCAP_VLAN_HWTAGGING capabilities; LINK0 and MTU ambiguity are no more; MTU's can only be changed within the scope of the parent's MTU. !
Repair non-blocking mode issues in syslogd(8), avoiding grief with locked terminals.
Make all cases of .Sh AUTHOR and .Sh EXAMPLE plural in manual pages. !
New sysctl(3) nkmempages that reports how many pages are in kmem_map. !
Support stateless tcp(4) normalization in pf(4). !
Import x99token(1), a software x99 token calculator. !
Add support for EDNS0 extended flag DNSSEC OK to the resolver(3) routines. !
Don't send a NUL on the end of CHAP SUCCESS packets in ppp(8) so that WindowsME and Windows98 won't mysteriously fail when encryption is enabled. !
Allocate uvm(9) page buckets from kernel_map, saving kmem_map space on machines with lots of physical memory. !
In ppp(8), compensate for a Windows 98 bug when sending a CHAP81 challenge response. !
Support the SmartcardDevice option in ssh(1) to specify which smartcard device to use.
Step down only one Ultra DMA mode at a time when downgrading.
On DMA timeouts, stop busmaster PCIIDE and reset channel. !
Don't malloc(3) too much and choke in ELF execution. !
Support rule skipping in pf(4). !
Allow negative lock length with lockf(3), making it compliant to specification. !
In top(1), abort if stdout(4) ever produces EOF; prevents spinning output if controlling tty disappears. !
Implement startup and shutdown hooks via dohooks(9) and family.
SECURITY FIX: check filehandle size copied from userland
A source code patch is available.
[Applied to stable]
Nuke edlabel. !
Add support for disabling swap devices via swapctl(8)'s -d option. !
Support sshd(8) configuration file and key testing via the -t option.
Change vop_symlink and vop_mknod so that they return the created node in a way that the caller can actually utilize it. !
Use vfork(2) safely in sup(1).
New flag PMAP_CANFAIL that tells pmap_enter that it can fail if there aren't enough resources instead of panicing. !
Make non-stateful and stateful pf(4) filtering work on bridge(4) devices.
Initialize arpcom later; it could be incorrectly initialized if done before bridge_input(). !
Enable challenge-response authentication by default in ssh(1). !
Fix/complete pf(4) binary operators. !
Repair signal race in m4(1). !
Ensure make(1) doesn't dump core when reporting open conditionals.
Promote PMAP_NEW option to mandatory status.
In the netinet subsystem, zero the TCP checksum field before calculating the new value; fixes problem with bad checksums on keepalives. !
Use 64-bit integers for some ipcomp byte counts, fixing strange results with netstat(1). !
Support Addonics FlexPort 8S via addcom(4). !
Ignore O_TRUNC on open(2) when not opening a regular file.
On ext2fs, ffs, and ufs partitions, don't truncate anything except for symlinks, directories, and regular files.
Repair kern_msgbuf under sparc. !
Support DEC EtherWorks cards via lc(4).
Bring na.phone up to date. !
The iha(4) driver wasn't able to update the EEPROM, so don't even bother. !
Rework ata and wdc(4) probing code; deal better with floating buses and supress spurious interrupts.
Plug memory leak in pw_copy() found in libutil.
Put Kerberos 5 things in libkrb5, out of libkafs. !
Allow sshd(8) to be compatible in all 4 combinations of Kerberos 4 and Kerberos 5 settings. !
When ssh(1) is reading a password, don't panic if fork(2) or pipe(2) fail; just return an empty password. !
Sync rtsold(8) to latest KAME, fixing a memory leak and a timer value. !
Change quad types on alpha to "long long" as opposed to "long", allowing printf(3)'s "%lld" format to be used without a bogus cast. !
In the iha(4) driver, allow sync to be negotiated even if wide is not. !
Modify nv(4) XFree86(1) driver as to avoid the dimming text mode problem.
Add a BSD authentication module for radius authentication. !
Make sure that ld(1) references all aliases to avoid them being only partially resolved. !
Ensure ppp(8) calculates the number of key changes correctly.
Repair the NFS server's request tracking during write-gathering, thus avoiding client hangs. !
Use login.conf(5) for passwd(1) variables as opposed to passwd.conf(5). !
Yank PF_ENCAP support out of isakmpd(8). !
Fix-up multicast settings in netstart(8).
Bump MSIZE up to 256. !
IP/TCP/UDP hardware checksumming for nge(4); limited by MTU. !
Avoid segmentation fault when mg(1) can't read an init file. !
Support for ipcomp(4); disabled by default.
Show kern_fthread to the door. !
Userland iopctl(8) control utility for iop(4). !
In passwd(1), lock the passwd(5) file after having gotten a new password from the user; also change the actual locking procedure.
Support for /etc/wsconsctl.conf. !
Handle descriptors 0, 1, or 2 being closed when ppp(8) is invoked. !
Reduce MTU by 2 after MPPE has been negotiated in ppp(8). !
Merge pdksh patch into ksh(1), fixing some problems with propagated return values in multi-command lines. !
Utilize the welcome variable from login.conf(5), in ftpd(8), instead of hard-coding /etc/motd. !
Discipline the audio(4) device so it gets along with revoke(2).
Repair NFS-related problem with diskless clients by getting the root filehandle via nfs_root. !
Add support for screen switching to wsconsctl(8). !
Change wsconsctl(8)'s interface to be more sysctl(8)-like.
Shuffle around maxlen setting inside the net subsystem to avoid potential problems. !
Make icmp(4) error checking saner. !
Initial ip6(9) support for isakmpd(8). !
Packet normalization support for pf(4). !
Userland sectok(1) control program.
Repair kern_fork brain-damage. !
uvm(9) and MNN are no longer optional. !
Import altq(9): alternate queuing support.
Poof! The old vm disappears.
No more M_COPY_* macros; use M_MOVE_* or M_DUP_*. !
Add dmesg(8), wicontrol(8), and ancontrol(8) to powerpc's ramdisk.
New mvmeppc port. !
Many mvme68k improvements including: switching to uvm(9), repairing system trace, cleanup of locore.s, KNF, etc. !
pciide(4) support for powerpc. !
Change icmp6(4) packet header length computation so it works with both 4.4BSD's M_COPY_PKTHDR and OpenBSD 2.9+'s M_COPY_PKTHDR. !
Implement getpeereid(2), allowing local-domain servers to determine client credentials. !
Support generic BSD authentication in xdm(1). !
Disable usb(4) on alpha by default.
Kerberos v5 support for SSH1. !
Hardware RNG support in lofn(4). !
Smartcard support in ssh-agent(1) and ssh(1).
Large -Wall/-Werror/-W... ongoing cleanup throughout tree.
Nuke mips port. !
Initial import of iop(4) (I2O) framework. !
Rewrite nc(1), adding ip6(4) support. !
In su(1), offload root instances for Kerberos to the auth program. !
Disable SMB decoding in tcpdump(8).
Enable audio on alpha by default. !
Endian fixes in the wi(4) driver.
Adios NQNFS.
Nuke the pmax port.
Don't perform TCP/UDP hardware checksumming when doing IP fragmentation.
Delayed checksum support in the netinet subsystem. !
Support setting the Ethernet address through ifconfig(8) for vr(4) cards. !
Bypass ipsec(4) for all dhcp(8) traffic, avoiding potential problems with newly booted clients.
Modify timeouts for IP spd expirations. !
Internal fiddling of nfsd(8)'s handling of its root vnode. !
Import pf(4), an ipf-compatible packet filter.
Avoid panics under i386 if bus/dev/func numbers for PCI are not valid. !
New sysctl(3) KERN_POOLS to retrieve pool information from the kernel. !
Cleanup and update dhcp(8) to 2.0pl5. !
Utilize readpassphrase(3) in ssh(1).
Allow access to /dev/pci. !
Repair multiple key handling in wicontrol(8).
New ether_input_mbuf to ease transition from ether_header in ether_input; drivers will migrate to this.
Wave goodbye to kernfs. !
Replace existing telnetd(8) with the one from heimdal-0.3f. !
Assorted modifications to uvm(9).
RELIABILITY FIX: link XF86Setup against the right version of libXxf86vm.a.
Fix the problem of corrupted XF86Config file produced by XF86Setup.
A source code patch is available.
[Applied to stable] !
Avoid a pidfile/sigterm race in sshd(8).
Merge the system's crypto.h into crptodev.h, avoiding name conflicts with OpenSSL. !
Various pool(9) improvements including a new pool_cache() function and cleaner locking.
Spelling audit throughout the manual pages. !
Try to have ssh-keygen(1) decode ssh-3.0.0 private RSA keys. !
New mg(1) feature: M-x theo.
Support PCI bus configuration from userland.
Add TCP, UDP, and IPv4 hardware checksum processing, excluding outbound TCP/UDP. !
Internal shuffling of vnode(9) operations in some filesystems. !
Disable interrupts in the wi(4) driver before mapping and establishing the interrupt, thereby avoiding a race condition.
MI loadfile support; currently only used on powerpc. !
Obsolete *known_hosts2 in ssh(1). !
Some hifn(4) fixes, largely related to descriptor lengths. !
Don't let ssh(1) overwrite argv. !
Shrink dmesg(8). !
Merge authorized_keys2 into authorized_keys in ssh(1). !
Provide a sysctl(3) interface to msgbuf; handy for dmesg(8), allowing it to run without setgid.
Upgrade to heimdal-0.3f. !
Use moduli(5) instead of the deprecated primes. !
Add RNG support in hifn(4) for the 7951. !
In isakmpd(8), fallback to stat(2) when readdir(3) doesn't return d_type.
Apply KNF to many kernel sources. !
Don't forward ip6(4) packets back into point-to-point link if the packet's destination address matches said p2p link's interface.
Lots of manual page cleanups.
Upgrade to openssl-engine-0.9.6a. !
Many fixes in the kernel's lockf(3) code including avoiding livelocks on ptrace-related scenarios. !
Modify file locking routine in the skey(3) library, preventing a race condition, plus other modifications; integrate. !
Document physio(9). !
More variables in login.conf(5): login-timeout, login-tries, and login-backoff. !
Improve ppp(8): handle hardware-imposed MTU/MRU limitations; support stateful MPPE (Microsoft encryption). !
Repair vi(1) to avoid spinouts when creating temporary files. !
Make ftp(1) use binary for transfers as opposed to ascii. !
Merge passwd.conf(5) into login.conf(5) and add passwordtime and minpasswordlen variables.
Move microcode includes around to avoid erroneously installing them, among other reasons.
Overhaul some kern_exec internals, cleaning up the setuid/setgid-checking code. !
Adapt skeyinfo(1) to use BSD authentication and removal of the suid root bit.
Improve powerpc's awacs driver; many interrupt fixes. !
Allow the use of ^T in passphrases read by readpassphrase(3). !
SECURITY FIX: avoid race in execve(2) when checking flags for ptrace(2).
A source code patch is available.
[Applied to stable]
Update if_lastchange when IFF_UP is changed instead of on every packet transmission and receipt.
VM renovations on mvme88k. !
Use va_start(3) and va_end(3) for every call to vfprintf(3) and associates. !
Replace commonly used static lists with persistent growable arrays in make(1). !
Have slstats(8) use an ioctl(2) so it doesn't need to be setgid.
Ensure *chi doesn't receive interrupts before being initialized.
Let pci_mapreg_map() take an extra argument to limit the size of the PCI region to map so we can still work with things publishing too much PCI memory. !
Use lpd_flags in rc(8), allowing flags to be passed to lpd(8).
Support EDNS0 (RFC2671) buffer size notification for DNS queries.
Upgrade to binutils 2.10.1.
Protect include files in /usr/include/net against multiple inclusion.
Fix unmapped interrupt problems on some VIA-based boards. !
New options, improvements, and fixes for wicontrol(8).
Palm support in libsectok. !
Rewrite ldd(1). !
RELIABILITY FIX: use correct db(3) pointers in pwd_mkdb(8), and don't star out empty passwords
A source code patch is available.
[Applied to stable] !
Assorted ppp(8) alterations. !
Correct initialization of the policy_id field for SA structures in isakmpd(8). !
PCI shim for wi(4). !
Repair preservation option in cp(1). !
Allow the number of gre(4) devices to be changed in boot_config(8). !
rc(8) no longer starts netatalk -- if installed -- by default. !
RELIABILITY FIX: compute length correctly on certificates in isakmpd(8).
A source code patch is available.
[Applied to stable] !
Ensure kqueue(2) works on ext2fs(8).
More pipe fiddling. !
Enforce Remote-ID specified in Phase 1 peer section in isakmpd(8).
Ongoing license audit and copyright notice cleanup.
Extend pfkeyv2's RFC2367 compliance and fix backward compatibility problems.
Adjust routing socket message to the right size. !
Switch UID when sshd(8) cleans up temporary files and sockets. !
Speed up arc4random(3) in some net subsystems.
Upgrade to XFree86 4.1.0.
Use default hoplimit when icmp6_error doesn't know about the incoming interface. !
Create sysctl(3) parameters for ccpu, diskstats, fscale, nprocs, and physmem. !
New md5(1) implementation with a BSD copyright and other improvements; includes regression test. !
Improve swapctl(8). !
Don't allow packets that need IPsec(4) processing to be bridge-broadcast. !
Expand handling of X509 and KeyNote certificates in isakmpd(8). !
Fix some tcp(4) behaviour with connections in the CLOSING state. !
Some ld.so(1) renovations. !
Repair kqueue(2) related panic. !
SECURITY FIX: verify location when using fts(3) to pop up directories.
A source code patch is available.
[Applied to stable]
Update root device selection routines for sun3. !
Miscellaneous fxp(4) improvements. !
Remove ipf(4) from the tree. !
Remove pcvt(4) from the tree. !
Add BSD authentication support to userland programs; authorization defaults in login.conf(5). !
SECURITY FIX: Update to sendmail(8) 8.11.4 which addresses signal race conditions.
A source code patch is available.
[Applied to stable]
Hardware clock support on powerpc. !
Fix directory state tracking in fsck(8). !
New BIOCGHDRCMPLT and BIOCSHDRCMPLT ioctls for bpf(4) to disable overwriting of the link-level source address.
Support interface capabilities.
Repair cluster_rbuild() in vfs_cluster. !
Twiddle with the atapiscsi(4) driver. !
fxp(4) bug fixes. !
Bring back the old (no ECONNABORTED) accept(2) behaviour for Unix domain sockets. !
Support Heimdal's Kerberos 5. !
Upgrade to Perl 5.6.1. !
Allow arbitrary atime/mtime setting on ext2fs(8) volumes. !
Fix lookup code in procfs(8). !
Many assorted mg(1) fixes and improvements. !
Clean up and shrink make(1). !
Various improvements to the ubsec(4) driver. !
Fix panics in the ep(4) driver by initializing packet tags.
New PCMCIA products from NetBSD.
Utilize packet tags in the net subsystems. !
Diversify time parameter parsing in sshd(8). !
Better keyboard-interactive support for ssh(1). !
Convert lseek(2) read(2)/write(2) to pread(2)/pwrite(2) in kvm(3).
Import libsectok, used for ISO 7816 smart cards and iButtons.
Tweak delays in the i82365 PCMCIA controller driver to avoid momentary freezes. !
Improve rate support in auich(4). !
Make vax use wscons(4) and enable the smg framebuffer. !
More select(2) fixes in ssh(1). !
Fix X11 client bug in ssh(1).
PMAP_NEW support on the vax and hp300.
Create COMPAT_23 and COMPAT_25 options. !
In vr(4), handle suspend mode better on the VT6102. !
Do not check return values for malloc(9) calls with M_WAIT or M_WAITOK.
New option: SMALL_KERNEL, subtly changes some kernel semantics to change the kernel size significantly. Use *only* for boot floppies.
Change ip_sum semantics in ip_output(). !
Compress ac97(4) vendor tables. !
ac97(4) now knows about rev 2.2.
Squish compatopts to a more sensible set, killing COMPAT_09, COMPAT_10, COMPAT_11.
Shrink the alpha boot blocks a bit.
We no longer support ECOFF kernel loading in the alpha boot block. !
Teach ac97(4) about more CODEC models. !
At boot time, swapon(8) before fsck(8) is run. !
Fix fts(3) to handle very long paths. !
Repair various signal handler bugs in pppd(8). !
Handle memory allocation failures in fsck_ffs(8) and fsck_ext2fs(8) better. !
Fix a recently introduced bug in supfilsrv(8). !
Correct acceptance of ARP packets coming in on non-IP bridge(4) interfaces.
[Applied to stable] !
txp(4) now works on the alpha. !
More fixes to make(1). !
Check a calloc(3) in fsck_ffs(8).
Add a temporary DTYPE_CRYPTO until device cloning support shows up.
Fixes to fdescfs. !
busdma changes to txp(4), preparing for the alpha. !
Split wi(4) into bus dependent and independent parts.
On hp300, splhigh() in cpu_exit().
Misc cleanup of the shared m68k codebase. !
More bus_dmamap_sync(9) in hifn(4). !
Initial non-working alpha ld.so(1) support. !
Support newer versions of the lmc(4) cards. !
Kill a debug message in ubsec(4). !
Add swiss german keyboard layout to wscons(4).
Smoke out the OLD_PIPE code.
krb4-1.0.8 !
Bug fix to make(1).
Speed up top-level tree Makefiles by doing exec for subshells in new directories.
Artful fiddling of the kernel pipe stat code. !
No need for setgid kmem on iostat(8) anymore. !
Add more sysctl(3) support in the kernel.
Make the alpha floppies fit again... !
Make hifn(4) use bus_dma(9). Now works on the alpha. !
Initial cut at userland hardware crypto(4) support. !
In ubsec(4), initial support for the Broadcom 5820.
Honour ddb.console on sun3.
On the pmax, fix a curproc misuse. !
In pcibios(4), deal with buggy BIOSs which incorrectly leave the router as 000:00:0.
hp300 cleanup in progress... !
Solve a problem of Lilliputan proportions in powerpc isinf(3). !
Mickey goes mad and does a strlcpy(3) whack on src/bin. !
Unify rdsetroot and rd(4) support between almost all architectures.
Man page cleanups galore. !
In hifn(4) attempt to support the Hifn 7951. !
Do stdout/stderr flushing in sshd(8) using non-blocking mode.
Fix kerberosIV versioning link problem.
Cleanup MAP_COPY flags in the tree.
Use genassym.cf on alpha. !
Unify the rd(4) support. !
Update sysctl(8) and vmstat(8) to use the new interfaces. !
Make more data available via the sysctl(3) interface. !
Handle fastroute in the bridge(4).
hp300 man page cleanup. !
Fix a resource leak in twe(4).
[Applied to stable] !
Use madvise(2) option with MADV_FREE for malloc(3) 'h' flag. !
Support MADV_DONTNEED and MADV_FREE in madvise(2).
Switch sparc to UVM and PMAP_NEW.
Support HP425e. !
Refill txp(4) receive ring only when empty -- performance enhancement. !
Fix SSH2 -R support in ssh(1).
More pmap/uvm interface changes. !
Correct signal handling in ping6(8). !
Implement screen blanker in wscons(4). !
Attempt to support hifn7951 in hifn(4). !
realloc(3) fixes to ipf(8).
ipf 3.4.17
Fix kernel extent code to be more careful about ranges.
UVM support for mac68k. !
Change i386 in_cksum failure to a printf(9), instead of a panic(9).
[Applied to stable] !
In txp(4), add support for hardware vlan(4). !
Fix a bug in make(1) exposed by the recent jumbo patch. !
Fix ti(4) to handle vlan(4) properly.
vsunlock fixes to UVM. !
Signal ignore bug fix to ssh(1).
Kill i386 VM & pmap_old support. !
Fix process priority bug in atrun(8). !
Enable vlan(4) by default in GENERIC kernels. !
Fix pread(3), preadv(3), pwrite(3), and pwritev(3) on big endian architectures. !
In sendmail(8), use FAST_PID_RECYCLE.
Remove excess (vaddr_t) casts.
Get rid of CLSIZE and friends. !
Increase strlcpy(3) in parts of the tree. !
Some minor changes to isakmpd(8).
Cleanup M_* malloc types in the kernel.
UVM for the hp300. !
Numerous cleanups to sup(1). !
In systat(8), handle kvm_nlist(3) failing. !
Fix a channel race in sshd(8). !
Document that nc(1) no longer has a -e option. !
Fix localhost handling bug in httpd(8). !
Jumbo patch to make(1) that has been brewing for a while. !
Various improvements to mg(1).
Big USB code update. !
Fix a signed vs unsigned error in the gm(4) Ethernet driver. !
In wump(6), improve our cave topology algorithm. Don't ask. !
Force -h to override the BLOCKSIZE environment in du(1). !
Substantial updates to sup(1). !
Fix a register save/restore bug in clcs(4) so that suspend/resume works better. !
Allow the right CTRL+ALT keys to work as the left ones do in wskbd(4). !
Continue to hack our new txp(4) driver into shape. !
In ifconfig(8), implement support for removing tunnel outer IP address pair. !
Revert a buggy optimization in tsort(1). !
Use pread(2) in nlist(3) instead of abusing lseek(2) with read(2).
Remove cruft leftover from the old PCVT console driver. !
Fix filename tab-completion in mg(1). !
Convert some more drivers to the new timeout(9) interface.
Whack dtom() in the kernel. Fo'get about it. !
Avoid a NULL pointer dereference in faithd(8). !
Various reset and delay fixes in wdc(4) to help certain ATAPI devices. !
Deal with suspend/resume more cleanly in pccbb(4). !
Better hints handling and memory allocation in tsort(1).
Correct an error condition in /etc/ksh.kshrc. !
Add a koi8-r keyboard layout for wskbd(4).
Allow interoperability between OpenSSH and older ssh-2.0.x variants with weaker key generation. !
Instrument improved locking and rework SCSI a bit in ami(4). !
Cleanups to ancontrol(8). !
Add a -b option to ssh(1), similar to telnet(1)'s equivalent. !
Fix a memory handling bug in telnet(1). !
Use pool(9) interface for the VFS cache.
Improve OpenSSH interoperability with ssh.com-2.0.x clients.
In the mvme88k port, replace resource maps with extents. !
Numerous fixes and updates to sup(1).