===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus31.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -c -r1.6 -r1.7
*** www/plus31.html 2002/10/17 08:47:59 1.6
--- www/plus31.html 2003/03/06 16:27:11 1.7
***************
*** 1,4 ****
!
OpenBSD-3.1 changes
--- 1,4 ----
!
OpenBSD-3.1 changes
***************
*** 14,20 ****
!
Changes made between OpenBSD 3.0 and OpenBSD 3.1
This is a partial list of the major machine independent changes
--- 14,21 ----
!
Changes made between OpenBSD 3.0 and OpenBSD 3.1
!
This is a partial list of the major machine independent changes
***************
*** 27,33 ****
here.
! Note: Problems for which patches exist are marked in red.
--- 28,34 ----
here.
! Note: Problems for which patches exist are marked in red.
***************
*** 50,349 ****
!
Changes made between OpenBSD 3.0 and OpenBSD 3.1
! - Fix xim problems with zh_CN locale in xf86(4).
!
- Enable Apache httpd(8) modules on ELF-based architectures.
!
- Disallow ftpd(8) logins to accounts lacking passwords.
!
- Log control signals on the IDE bus in wdc(4), obtainable through atactl(8).
!
- Move xautolock(l) into the ports(7) system.
!
- Import pmdb(1).
- Improve ALTIVEC support in OpenBSD/macppc and powerpc.
!
- Begin to split authorization in sshd(8).
- Protect against overflows and null dereferences in OpenBSD/i386 CPU probing.
!
- Morph ptrace(2) into one of the kernel config(8) options(4).
!
- Repair some of the problems in the new ahc(4) driver.
!
- Prefer the MAC address found in the local-mac-address property of hme(4), falling back on myetheraddr().
- Rewrite the powerpc pmap handling.
!
- Realize that suffixes given to gzip(1) may be longer than 3 characters and account for this in buffer sanity checks.
!
- Permit user and group names to start with a numeral in identd(8).
!
- Enable altq(9) support in more drivers.
- Update to zlib 1.1.4, fixing a security hole.
!
- Support reverse lookups when displaying states in pfctl(8).
!
- Add the PT_IO API for reading and writing traced processes memory with ptrace(2).
!
- Don't listen(2) on a port nc(1) really doesn't have.
!
- Ensure tcp(4) code doesn't operate on freed memory.
!
- Schedule tcp(4) timers with timeout(9) instead of tcp_slowtimo.
!
- Phase in use of red-black tree(3) algorithms for uvm(9).
!
- Implement a shutdown hook for raid(4) devices, allowing safe use of swap.
!
- Export sha1(3) and md5(3) interfaces through crypto(4).
!
- General crypto(4) and openssl(1) related work.
!
- Recognize a preserve flag in mtree(8) to disable attribute modification.
!
- Repair an off by one error in sshd(8).
!
- Differentiate a closing connection from a bad greeting during read of the protocol version string in ssh(1).
- Many improvements and cleanups to the trap handling in the installation system.
- Implement machine specific commands to the bootblocks on OpenBSD/hppa.
!
- Provide a toggle for immediate ack behaviour on tcp(4) TH_PUSH segments.
!
- Use timeout(9) instead of tcp_fasttimo for delayed acks in the tcp(4) subsystem.
!
- Vanquish a race condition in pciide(4) interrupt sharing.
!
- Avoid rejecting valid leases in dhclient(8).
!
- Add SOCKS4 support to nc(1).
!
- Import the 4.4BSD deroff(1) and spell(1) programs.
!
- Enhance the handling of quirky scsi(4) devices.
!
- Improve debugability of unloaded pf(4) rules by printing meaningful rule numbers.
!
- Safen SPLAY_MIN and SPLAY_MAX on an empty tree(3).
!
- Support an optional pool(9) memory hard limit in pf(4).
!
- Guard against pool_sethardlimit() decreasing the limit below the current size of the pool(9).
!
- Disable Nagle in ssh(1) port forwarding.
!
- Implement the splay and red-black tree(3) algorithms.
!
- nwkey and powersave support in ifconfig(8).
!
- Deal with groups in adduser(8) more thoroughly.
- Optimize OpenBSD/vax sources with -O2.
- Support an aperture driver on OpenBSD/macppc.
!
- Add a sysctl(3) interface kern.usercrypto that allows userland programs to utilize hardware crypto(4) devices.
!
- Send kind regards to the pool(9) option POOL_EXPOSE, as it's no longer with us.
!
- Add extattr(9) (Extended Attribute) support.
!
- Include a siginfo_t structure with ktrace(2) containing the fault address among other useful information.
- Clean up and debug the iommu driver.
- Remove flawed assumptions about memory layout in the stack sharing code in FORK_VMNOSTACK.
!
- Account for process signal masks when dealing with signals in pthreads(3).
!
- Reorder the network components initialization in netstart(8).
!
- Fix some signal races in rbootd(8).
!
- Improve mg(1) in many ways, including lots of buffer cleanups and undo support.
!
- Enable beeper(4) on OpenBSD/sparc64 when pckbd(4) is enabled.
!
- Silence the raid(4) subsystem a bit.
!
- Include support for generic 802.11 ioctl(2) calls in the wi(4) driver.
!
- Repair a fcntl(2) F_GETOWN issue on LP64 BE architectures.
!
- Install "right" zoneinfo timezone(3) files in addition to the "posix" ones.
- Remove xebec code.
!
- Enable echo(1) in adduser(8) signal(3) handlers.
!
- Don't require -n in conjunction with -x in xargs(1).
!
- Use mktemp(1) in security(8).
!
- Switch ssh(1) cipher operations to use the openssl(1) EVP API.
- Allocate some in-kernel memory from a kmem_map-backed pool to avoid deadlocks and MAX_KMAPENT panics.
!
- Avoid a possible panic on reboot(8) with mfs(8) file systems.
!
- New trm(4) driver.
!
- Remove a permissions loosening chmod(2) in pkg_install.
!
- open(2) the console with O_NONBLOCK in syslog(3) to avoid blocking on a locked console.
!
- Provide config(8) accessible hooks for modifying the NMBCLUSTERS, BUFCACHEPERCENT, and NKMEMPAGES options(4).
!
- Calculate ip(4) checksums and copy back modified headers before logging a packet in pf(4) to ensure the integrity of logging.
!
- Enable vnode(9) caching in the kernfs(8) code.
!
- Support for nc(1) connecting to and listening on an AF_UNIX socket(2).
!
- Treat the pound symbol (#) as an escaped character during vi/emacs filename completion in ksh(1).
!
- New port of the ahc(4) driver.
!
- Remove the getpw(3), vlimit(3), and vtimes(3) functions.
- Simplify PID selection algorithm.
!
- Immunize nanosleep(2) against system time changes.
!
- Minimize time spent doing time management in pf(4).
!
- New tvtohz(9) function.
!
- Add skip steps for rule action and direction in pf(4), considerably hastening rule set evaluation.
!
- altq(9) fixes and improvements through a sync with KAME.
!
- Implement multiple overlapping read/write requests in sftp(1) file transfers.
!
- Update to apache httpd(8) 1.3.23 with mod_ssl 2.8.6.
!
- Relocate ssh(1) configuration files to /etc/ssh.
- Remove dangerous agressiveness in NFS optimizations with symbolic links.
!
- Improve the sis(4) driver a bit.
- Update to heimdal-0.4e.
- Fix a possible FIN retransmission mishap.
!
- Account for temporary references to a struct file to avoid races in shared fd(4) situations.
!
- Allow specification of the copy buffer length in ssh(1) via -B.
!
- Some ssh(1) channels cleanup.
- A potpourri of multi-faceted hppa improvements.
!
- Double check the byte ordering in mpool(3).
- Introduce many new and fruitful regression tests.
- Add a driver to get a performance counters on sparc64.
!
- Make ddb(4) understand "boot reboot" and "boot poweroff".
!
- Include a bha(4) driver.
!
- Improve support for header byte swapping in tcpdump(8).
!
- Use "aes" in place of "rijndael" in ssh(1).
!
- Mark execing processes with a flag to indicate to ptrace(2) and similar not to fiddle.
!
- Handle DMA errors and big-endian systems in the ubsec(4) driver.
- Upgrade to XFree86 4.2.0
! - Plug memory leaks in zlib, ftpd(8), and the login_getcap(3) family.
!
- Support disklabel(8) style size/offset values (ala "300k", "500M", "2G") in fdisk(8).
- Enable the serial console driver and keyboards found on some sparc64 systems.
!
- Use more pool(9) based allocations throughout the system.
- Update to sendmail-8.12.2.
!
- Add magma(4) and spif(4) support to sparc64.
!
- Don't let wdc(4) try UDMA modes if the controller doesn't support them.
!
- Pay attention to direction with the fastroute and route-to options in pf(4).
!
- Implement net.inet.icmp.rediraccept and net.inet.icmp.redirtimeout via sysctl(8), configuring an icmp(4) redirect ignore and timeout.
!
- Use and support the UNIMPLEMENTED message in the ssh(1) protocol.
!
- Prevent file descriptor close mistakes in faithd(8), route6d(8), rtadvd(8), and rtsold(8).
!
- Remove requirement for reserved ports in the NFS server by using the vfs.nfs.norsvport sysctl(8).
- Handle playback interrupts nicely in the cs4321 driver.
!
- Correctly differentiate between reading and writing operations on a number of devices, including radio(4)
!
- Allow port 0 to be used in pf(4) rules.
!
- Improve tty(4) resizing support in mg(1).
!
- In mixerctl(1), only open the mixer with RDWR when really needed.
!
- Enforce sane port ranges in the pfctl(8) rule parsing logic.
!
- Obey POSIX and don't update the modification time of the file if a write(2) is done with a length of zero bytes.
!
- Allow pf(4) rules to be identified by arbitrary labels.
!
- Support the HiFn 7811 in the hifn(4) driver.
!
- Add ELF support to modload(8), among other improvements.
!
- Support flags for savecore(8) in rc(8).
!
- Recognize a "no" keyword in the nat/rdr/binat syntax of nat.conf(5) to avoid translation.
!
- Allow a cvs(1) tagname to be expanded during checkout, export, and
update to be specified on the command line.
!
- Repair behaviour of ip(4) over ip6(4) tunneling when using gif(4).
!
- Clean up the lkm(4) subsystem.
!
- Consistently use SIG_DFL instead of SIG_IGN to disable a SIGCHLD signal(3) handler.
!
- Do not allow root to login(1) via an insecure tty even if the auth method does not use plaintext passwords.
!
- Don't let root change its password via login_chpass(8) and
! login_lchpass(8).
!
- Add usbtablet(4), input support in XF4 for usb(3) devices.
!
- Avoid hanging x11 channels in ssh(1) with rejected cookies.
!
- ssh(1) protocol 2 HostKey default becomes /etc/ssh_host_rsa_key and /etc/ssh_host_dsa_key.
!
- Enable usb(3) devices for sparc64.
!
- Add a new m4(1) based makedev(8) generation system.
!
- Have fdisk(8) remove references to the NT serial number when writing to the MBR.
- Handle truncation to the middle of a file hole in FFS.
!
- Update sudo(8) to 1.6.4.
!
- Add more commands to ddb(4).
- Fix PT_{READ,WRITE}_{I,D} on sparc64.
- Migrate regression tests to a new, unified framework.
!
- Ensure correct alignment in some bridge(4) code.
!
- Many pthreads(3) fixes: only poll file descriptors when needed
use scheduling ticks for better timing, and avoid a polling related overflow.
!
- Only require write permission in pf(4) and pfctl(8) when modifying.
!
- Various od(1) and hexdump(1) fixes and POSIXification.
!
- Rename libusb to libusbhid(3).
- Enable RAIDFrame auto-configuration.
!
- Ignore the RSH environment variable in rdist(1) if it is empty.
!
- Correctly retain yp(8) bindings in ypbind(8) when using more than two domains.
!
- Plug a memory leak in the EPRT command of ftpd(8).
!
- Repair hex mode output in skey(1).
!
- Default to using the non-blocking behaviour on new accept(2) sockets.
!
- Repair tty(1) related panics caused by the session pointer code.
!
- Have ssh(1) and family exit on openssl(1) allocation failures.
!
- Only require the -t option when using ssh-keygen(1) to generate keys.
!
- Don't examine the tcp(4) header of non-tcp packets in PPP.
- Strengthen permissions on ppp.conf.sample.
- Use constant bitmasks as opposed to bitfields in the mmu segment and page table structure for mvme88k.
!
- Correctly print the payload string of tcp(4) RST segments when tcpdump(8) is verbose.
!
- Implement a scalable timeout(9) mechanism with constant-time add and delete.
- Let mvme68k systems lacking a configured pcc device compile.
!
- Don't default to generate rsa1 keys in ssh-keygen(1), and try all standard key files when invoked without arguments.
!
- Have crontab(1) send SIGUSR1 to cron(8) when a crontab file has changed, making changes take effect sooner.
!
- Send failing packet sequence number when sshd(8) is responding with an SSH_MSG_UNIMPLEMENTED.
- Ensure that user and system times increase monotonically.
!
- Add powerhook support to yds(4) to handle apm(8) resumes correctly.
!
- Repair memory leak in pcap(3) associated with compiled bpf(4) programs.
- Support span ports so that one can snoop a bridge from another interface/machine/network.
!
- Disestablish the xl(4) powerhook on detach.
!
- Add a -u flag to fdisk(8) which updates the MBR code but leaves the partition table intact.
!
- Big isp(4) overhaul.
!
- Improve signal handling in cron(8) so that processes run by cron(8) can't zombify until cron(8) wakes up.
!
- Add a pf(4) DIOCADDSTATE ioctl(2) that adds state entries.
!
- Support primitive stateful pf(4) filtering for other non-TCP/UDP/ICMP protocols.
!
- Fix icmp6(4) MIB counter.
!
- Better signal handling in login_skey(8) to avoid a possible race condition.
!
- Update signal handlers in passwd(1) to complement new catching getpass(3) call.
!
- Allow vnd(4) to create things larger than 2G.
- Perform a sanity check on the inner IP header of IP-in-IP encapsulated packets.
!
- Support -o for sshd(8), like ssh(1).
!
- Catch -- don't block -- SIGINT and SIGTSTP in readpassphrase(3) and getpass(3).
- Enable rootdev auto-configuration by device drivers during boot and add support for raid devices.
!
- Parse hex numbers in pf(4) correctly.
!
- Curtail the use of regex(3) in ssh(1).
- Make NKMEMPAGES dynamic based on memory size, deprecating NKMEMCLUSTERS in favour of NKMEMPAGES, NKMEMPAGES_MIN, and NKMEMPAGES_MAX.
!
- Forbid the coupling of different address families in pf(4) nat, binat, and rdr rules.
!
- Release the right descriptors when pipe(2) fails.
!
- Use pidfile(3) throughout the tree instead of hand-rolled imitations.
!
- Don't let sshd(8) pass user-defined variables to login(1).
- Nuke smartkey(1).
!
- Remove pipe based interface to photurisd(8), leaving only PF_KEY.
!
- Issue a "failed" message instead of a 2nd challenge if sshd(8) sees the same key in authorized_keys twice.
!
- Let the sshd(8) fake X11 server listen on localhost by default.
!
- Use ip6(4) in sendmail(1) when possible.
!
- Fix an alignment bug on alpha by using getifaddrs(3) instead of various ioctl(2) calls in named(8).
!
- Conform to historic behaviour in fmt(1); don't format lines that start with a dot.
!
- Avoid a "thundering herd" problem in accept(2), and fix an infinite loop on 64-bit systems.
!
- Use pool(9) for socket allocations.
!
- Correctly signal an error condition in newsyslog(8) so we don't send a signal to PID 0.
- Repair an error in uipc_socket that could make a transient error permanent.
- Perform a pf_route() before logging in case the logging created a bogus rule, avoiding a panic.
!
- Have socket connection queues use a tailq queue(3).
!
- Add fastroute option to pf(4).
!
- Support pasting characters with codes above 127 using the mouse via wscons(4).
!
- Handle PID files terminated with newlines correctly in newsyslog(8).
!
- Among other improvements, don't leak memory in ppp(8).
- During installation, preserve blank space in responses.
- Centralize the mount list, unifying locking, and add vfs_isbusy to help verify that a mount point is locked.
!
- Strengthen the mbuf traversal code in pf(4), avoiding potential crashes on ip6(4) packets with options.
!
- Make dummies for aclocal and the auto* family in cvs(1), hopefully mitigating upgrade hassles.
!
- Don't allow the pf(4) CHANGEBINAT ioctl(2) when securelevel > 1.
- Include stub dl* function definitions in libc on ELF, making libdl unneeded.
- Enhance network handling during installations.
!
- Block signals in find(1) when running fts_read().
!
- Move NFS creds out of the standard buf structure and into the nfs node, and use pool(9) for NFS node allocation.
!
- Fix the password length check in user(8).
!
- Use lockmgr in procfs (mount_procfs(8)) instead of a home-made version.
- Correctly mark items on the syncer worklist with VBIOONSYNCLIST, ensuring items not on the list don't have this mark.
- Convert to using the vn_marktext() function instead of VTEXT to mark a vnode as executing a text image.
!
- Enable the NI_WITHSCOPEID getnameinfo(3) flag by default.
!
- sendmail(8) should listen on port 587 for ip(6), like ip4(6).
!
- Add sanity to the apmd(8) battery alert when the battery is charging.
!
- Let chdir(2) errors in rwhod(8) be seen.
!
- SECURITY FIX: update ssh to OpenSSH-3.0.1.
A source code patch is available.
! [Applied to stable]
! - Repair ipx frame-type handling in ifconfig(8).
!
- SECURITY FIX: don't let pf wander off the end of ipv6 icmp packets.
A source code patch is available.
! [Applied to stable]
! - Fix a recursive mutex problem in pthreads(3).
!
- RELIABILITY FIX: quiet bogus interrupt messages on sparc64 pciide cdroms.
A source code patch is available.
! [Applied to stable]
! - Support the "S" command in interactive mode in top(1) to toggle display of system processes.
- Prepare for UBC by adding a daemon that processes async I/O and repairing some other things.
!
- Don't memset(3) too much memory in ssh(1) or sshd(8).
!
- Be much more sure that software cannot be used in crypto(9) stuff.
!
- Fix behaviour of system(3) in phtreads(3) so it doesn't hang forever.
!
- Use select(2) instead of unsafe SIGIO method for handling wscons(4) events in X11.
!
- Increase buffer sizes in tcpd(8) and ssh(1) so they can hold a full hostname.
!
- Add uscanner(4) device node to i386 and macppc.
!
- SECURITY FIX: be more careful with file permissions in vi.recover
A source code patch is available.
! [Applied to stable]
! - RELIABILITY FIX: provide illegal instruction trap handling for Altivec instructions on macppc.
A source code patch is available.
! [Applied to stable]
- Take advantage of the bus_dmamap_sync API.
!
- RELIABILITY FIX: finally address the PCI abort problem on hifn7751.
A source code patch is available.
! [Applied to stable]
- Move accounting disk space watcher into a kernel thread, fixing accounting on NFS.
- Fix many signal handlers throughout the tree.
!
- Avoid overruning mbuf length in ip6(4) handling.
!
- Big rusers(1) update, including protocol version 3 support, avoidance of duplicate issues on multihomed machines, and timeout tweaking.
!
- Support mmap(2) past 4GB offsets.
!
- Repair creation of the hosts(5) file during installation.
!
- Size mprotect(2) allocations from malloc(3) to 0 bytes, resulting in a fault on access.
!
- Handle autorepeat delays better in wskbd(4).
!
- Send the User-Agent header when using ftp(1) to WWW servers and proxies.
!
- Overhaul some fd(4) handling within the kernel.
!
- Ensure isakmpd(8) dies promptly on reciept of the SIGTERM signal(3).
!
- Fix a problem with bsd_auth(3) and passwords containing colons.
!
- Make -h and -L in pax(4) and tar(1) follow symlinks on extraction of directories.
!
- Support ddb(4) entry with usb keyboards using uskbd(4).
- Enhance handling of console keyboard attaches and deattaches.
!
- Allow the SCSI cd(4) driver to eject empty drives.
!
- Repair backgrounding (~&) in ssh(1) for v1 and add support for v2.
!
- Spiff up the isp(4) driver; protect against deranged fabric name servers and correctly handle the ISP_QUEUES_FULL status.
!
- Cleanup wx(4), getting rid of a bogus pullup on small mbufs and setting a txint delay.
!
- Polish wsconsctl(8): better usage output, print nice output when changing display.* settings, and prefer warn(3) over err(3).
!
- Handle standard file handles better in cron(8), and change an unsafe vfork(2) call to fork(2).
- Import xc-mit to build XhpBSD for hp300.
!
- Don't let tcpdump(8) segfault on some radius traffic.
!
- Fix some bugs in ppp(8), including a PASV bug, a set reconnect bug, and allowing for looser MRU handling.
!
- Use a more specific error message when pfctl(8) is given a bad interface name.
!
- Correct printing of RDR rules in pfctl(8) when using ! with destination rules.
!
- Reset state counter when clearing states in pf(4).
!
- Ignore SIGPIPE early in ssh(1), allowing operation to continue even if the agent dies.
!
- Implement syslog_r(3).
!
- Support the Creative Labs SB Live! sound card with emu(4).
- Repair __PSEUDO_NOERROR on hppa.
--- 51,350 ----
!
Changes made between OpenBSD 3.0 and OpenBSD 3.1
! - Fix xim problems with zh_CN locale in xf86(4).
!
- Enable Apache httpd(8) modules on ELF-based architectures.
!
- Disallow ftpd(8) logins to accounts lacking passwords.
!
- Log control signals on the IDE bus in wdc(4), obtainable through atactl(8).
!
- Move xautolock(l) into the ports(7) system.
!
- Import pmdb(1).
- Improve ALTIVEC support in OpenBSD/macppc and powerpc.
!
- Begin to split authorization in sshd(8).
- Protect against overflows and null dereferences in OpenBSD/i386 CPU probing.
!
- Morph ptrace(2) into one of the kernel config(8) options(4).
!
- Repair some of the problems in the new ahc(4) driver.
!
- Prefer the MAC address found in the local-mac-address property of hme(4), falling back on myetheraddr().
- Rewrite the powerpc pmap handling.
!
- Realize that suffixes given to gzip(1) may be longer than 3 characters and account for this in buffer sanity checks.
!
- Permit user and group names to start with a numeral in identd(8).
!
- Enable altq(9) support in more drivers.
- Update to zlib 1.1.4, fixing a security hole.
!
- Support reverse lookups when displaying states in pfctl(8).
!
- Add the PT_IO API for reading and writing traced processes memory with ptrace(2).
!
- Don't listen(2) on a port nc(1) really doesn't have.
!
- Ensure tcp(4) code doesn't operate on freed memory.
!
- Schedule tcp(4) timers with timeout(9) instead of tcp_slowtimo.
!
- Phase in use of red-black tree(3) algorithms for uvm(9).
!
- Implement a shutdown hook for raid(4) devices, allowing safe use of swap.
!
- Export sha1(3) and md5(3) interfaces through crypto(4).
!
- General crypto(4) and openssl(1) related work.
!
- Recognize a preserve flag in mtree(8) to disable attribute modification.
!
- Repair an off by one error in sshd(8).
!
- Differentiate a closing connection from a bad greeting during read of the protocol version string in ssh(1).
- Many improvements and cleanups to the trap handling in the installation system.
- Implement machine specific commands to the bootblocks on OpenBSD/hppa.
!
- Provide a toggle for immediate ack behaviour on tcp(4) TH_PUSH segments.
!
- Use timeout(9) instead of tcp_fasttimo for delayed acks in the tcp(4) subsystem.
!
- Vanquish a race condition in pciide(4) interrupt sharing.
!
- Avoid rejecting valid leases in dhclient(8).
!
- Add SOCKS4 support to nc(1).
!
- Import the 4.4BSD deroff(1) and spell(1) programs.
!
- Enhance the handling of quirky scsi(4) devices.
!
- Improve debugability of unloaded pf(4) rules by printing meaningful rule numbers.
!
- Safen SPLAY_MIN and SPLAY_MAX on an empty tree(3).
!
- Support an optional pool(9) memory hard limit in pf(4).
!
- Guard against pool_sethardlimit() decreasing the limit below the current size of the pool(9).
!
- Disable Nagle in ssh(1) port forwarding.
!
- Implement the splay and red-black tree(3) algorithms.
!
- nwkey and powersave support in ifconfig(8).
!
- Deal with groups in adduser(8) more thoroughly.
- Optimize OpenBSD/vax sources with -O2.
- Support an aperture driver on OpenBSD/macppc.
!
- Add a sysctl(3) interface kern.usercrypto that allows userland programs to utilize hardware crypto(4) devices.
!
- Send kind regards to the pool(9) option POOL_EXPOSE, as it's no longer with us.
!
- Add extattr(9) (Extended Attribute) support.
!
- Include a siginfo_t structure with ktrace(2) containing the fault address among other useful information.
- Clean up and debug the iommu driver.
- Remove flawed assumptions about memory layout in the stack sharing code in FORK_VMNOSTACK.
!
- Account for process signal masks when dealing with signals in pthreads(3).
!
- Reorder the network components initialization in netstart(8).
!
- Fix some signal races in rbootd(8).
!
- Improve mg(1) in many ways, including lots of buffer cleanups and undo support.
!
- Enable beeper(4) on OpenBSD/sparc64 when pckbd(4) is enabled.
!
- Silence the raid(4) subsystem a bit.
!
- Include support for generic 802.11 ioctl(2) calls in the wi(4) driver.
!
- Repair a fcntl(2) F_GETOWN issue on LP64 BE architectures.
!
- Install "right" zoneinfo timezone(3) files in addition to the "posix" ones.
- Remove xebec code.
!
- Enable echo(1) in adduser(8) signal(3) handlers.
!
- Don't require -n in conjunction with -x in xargs(1).
!
- Use mktemp(1) in security(8).
!
- Switch ssh(1) cipher operations to use the openssl(1) EVP API.
- Allocate some in-kernel memory from a kmem_map-backed pool to avoid deadlocks and MAX_KMAPENT panics.
!
- Avoid a possible panic on reboot(8) with mfs(8) file systems.
!
- New trm(4) driver.
!
- Remove a permissions loosening chmod(2) in pkg_install.
!
- open(2) the console with O_NONBLOCK in syslog(3) to avoid blocking on a locked console.
!
- Provide config(8) accessible hooks for modifying the NMBCLUSTERS, BUFCACHEPERCENT, and NKMEMPAGES options(4).
!
- Calculate ip(4) checksums and copy back modified headers before logging a packet in pf(4) to ensure the integrity of logging.
!
- Enable vnode(9) caching in the kernfs(8) code.
!
- Support for nc(1) connecting to and listening on an AF_UNIX socket(2).
!
- Treat the pound symbol (#) as an escaped character during vi/emacs filename completion in ksh(1).
!
- New port of the ahc(4) driver.
!
- Remove the getpw(3), vlimit(3), and vtimes(3) functions.
- Simplify PID selection algorithm.
!
- Immunize nanosleep(2) against system time changes.
!
- Minimize time spent doing time management in pf(4).
!
- New tvtohz(9) function.
!
- Add skip steps for rule action and direction in pf(4), considerably hastening rule set evaluation.
!
- altq(9) fixes and improvements through a sync with KAME.
!
- Implement multiple overlapping read/write requests in sftp(1) file transfers.
!
- Update to apache httpd(8) 1.3.23 with mod_ssl 2.8.6.
!
- Relocate ssh(1) configuration files to /etc/ssh.
- Remove dangerous agressiveness in NFS optimizations with symbolic links.
!
- Improve the sis(4) driver a bit.
- Update to heimdal-0.4e.
- Fix a possible FIN retransmission mishap.
!
- Account for temporary references to a struct file to avoid races in shared fd(4) situations.
!
- Allow specification of the copy buffer length in ssh(1) via -B.
!
- Some ssh(1) channels cleanup.
- A potpourri of multi-faceted hppa improvements.
!
- Double check the byte ordering in mpool(3).
- Introduce many new and fruitful regression tests.
- Add a driver to get a performance counters on sparc64.
!
- Make ddb(4) understand "boot reboot" and "boot poweroff".
!
- Include a bha(4) driver.
!
- Improve support for header byte swapping in tcpdump(8).
!
- Use "aes" in place of "rijndael" in ssh(1).
!
- Mark execing processes with a flag to indicate to ptrace(2) and similar not to fiddle.
!
- Handle DMA errors and big-endian systems in the ubsec(4) driver.
- Upgrade to XFree86 4.2.0
! - Plug memory leaks in zlib, ftpd(8), and the login_getcap(3) family.
!
- Support disklabel(8) style size/offset values (ala "300k", "500M", "2G") in fdisk(8).
- Enable the serial console driver and keyboards found on some sparc64 systems.
!
- Use more pool(9) based allocations throughout the system.
- Update to sendmail-8.12.2.
!
- Add magma(4) and spif(4) support to sparc64.
!
- Don't let wdc(4) try UDMA modes if the controller doesn't support them.
!
- Pay attention to direction with the fastroute and route-to options in pf(4).
!
- Implement net.inet.icmp.rediraccept and net.inet.icmp.redirtimeout via sysctl(8), configuring an icmp(4) redirect ignore and timeout.
!
- Use and support the UNIMPLEMENTED message in the ssh(1) protocol.
!
- Prevent file descriptor close mistakes in faithd(8), route6d(8), rtadvd(8), and rtsold(8).
!
- Remove requirement for reserved ports in the NFS server by using the vfs.nfs.norsvport sysctl(8).
- Handle playback interrupts nicely in the cs4321 driver.
!
- Correctly differentiate between reading and writing operations on a number of devices, including radio(4)
!
- Allow port 0 to be used in pf(4) rules.
!
- Improve tty(4) resizing support in mg(1).
!
- In mixerctl(1), only open the mixer with RDWR when really needed.
!
- Enforce sane port ranges in the pfctl(8) rule parsing logic.
!
- Obey POSIX and don't update the modification time of the file if a write(2) is done with a length of zero bytes.
!
- Allow pf(4) rules to be identified by arbitrary labels.
!
- Support the HiFn 7811 in the hifn(4) driver.
!
- Add ELF support to modload(8), among other improvements.
!
- Support flags for savecore(8) in rc(8).
!
- Recognize a "no" keyword in the nat/rdr/binat syntax of nat.conf(5) to avoid translation.
!
- Allow a cvs(1) tagname to be expanded during checkout, export, and
update to be specified on the command line.
!
- Repair behaviour of ip(4) over ip6(4) tunneling when using gif(4).
!
- Clean up the lkm(4) subsystem.
!
- Consistently use SIG_DFL instead of SIG_IGN to disable a SIGCHLD signal(3) handler.
!
- Do not allow root to login(1) via an insecure tty even if the auth method does not use plaintext passwords.
!
- Don't let root change its password via login_chpass(8) and
! login_lchpass(8).
!
- Add usbtablet(4), input support in XF4 for usb(3) devices.
!
- Avoid hanging x11 channels in ssh(1) with rejected cookies.
!
- ssh(1) protocol 2 HostKey default becomes /etc/ssh_host_rsa_key and /etc/ssh_host_dsa_key.
!
- Enable usb(3) devices for sparc64.
!
- Add a new m4(1) based makedev(8) generation system.
!
- Have fdisk(8) remove references to the NT serial number when writing to the MBR.
- Handle truncation to the middle of a file hole in FFS.
!
- Update sudo(8) to 1.6.4.
!
- Add more commands to ddb(4).
- Fix PT_{READ,WRITE}_{I,D} on sparc64.
- Migrate regression tests to a new, unified framework.
!
- Ensure correct alignment in some bridge(4) code.
!
- Many pthreads(3) fixes: only poll file descriptors when needed
use scheduling ticks for better timing, and avoid a polling related overflow.
!
- Only require write permission in pf(4) and pfctl(8) when modifying.
!
- Various od(1) and hexdump(1) fixes and POSIXification.
!
- Rename libusb to libusbhid(3).
- Enable RAIDFrame auto-configuration.
!
- Ignore the RSH environment variable in rdist(1) if it is empty.
!
- Correctly retain yp(8) bindings in ypbind(8) when using more than two domains.
!
- Plug a memory leak in the EPRT command of ftpd(8).
!
- Repair hex mode output in skey(1).
!
- Default to using the non-blocking behaviour on new accept(2) sockets.
!
- Repair tty(1) related panics caused by the session pointer code.
!
- Have ssh(1) and family exit on openssl(1) allocation failures.
!
- Only require the -t option when using ssh-keygen(1) to generate keys.
!
- Don't examine the tcp(4) header of non-tcp packets in PPP.
- Strengthen permissions on ppp.conf.sample.
- Use constant bitmasks as opposed to bitfields in the mmu segment and page table structure for mvme88k.
!
- Correctly print the payload string of tcp(4) RST segments when tcpdump(8) is verbose.
!
- Implement a scalable timeout(9) mechanism with constant-time add and delete.
- Let mvme68k systems lacking a configured pcc device compile.
!
- Don't default to generate rsa1 keys in ssh-keygen(1), and try all standard key files when invoked without arguments.
!
- Have crontab(1) send SIGUSR1 to cron(8) when a crontab file has changed, making changes take effect sooner.
!
- Send failing packet sequence number when sshd(8) is responding with an SSH_MSG_UNIMPLEMENTED.
- Ensure that user and system times increase monotonically.
!
- Add powerhook support to yds(4) to handle apm(8) resumes correctly.
!
- Repair memory leak in pcap(3) associated with compiled bpf(4) programs.
- Support span ports so that one can snoop a bridge from another interface/machine/network.
!
- Disestablish the xl(4) powerhook on detach.
!
- Add a -u flag to fdisk(8) which updates the MBR code but leaves the partition table intact.
!
- Big isp(4) overhaul.
!
- Improve signal handling in cron(8) so that processes run by cron(8) can't zombify until cron(8) wakes up.
!
- Add a pf(4) DIOCADDSTATE ioctl(2) that adds state entries.
!
- Support primitive stateful pf(4) filtering for other non-TCP/UDP/ICMP protocols.
!
- Fix icmp6(4) MIB counter.
!
- Better signal handling in login_skey(8) to avoid a possible race condition.
!
- Update signal handlers in passwd(1) to complement new catching getpass(3) call.
!
- Allow vnd(4) to create things larger than 2G.
- Perform a sanity check on the inner IP header of IP-in-IP encapsulated packets.
!
- Support -o for sshd(8), like ssh(1).
!
- Catch -- don't block -- SIGINT and SIGTSTP in readpassphrase(3) and getpass(3).
- Enable rootdev auto-configuration by device drivers during boot and add support for raid devices.
!
- Parse hex numbers in pf(4) correctly.
!
- Curtail the use of regex(3) in ssh(1).
- Make NKMEMPAGES dynamic based on memory size, deprecating NKMEMCLUSTERS in favour of NKMEMPAGES, NKMEMPAGES_MIN, and NKMEMPAGES_MAX.
!
- Forbid the coupling of different address families in pf(4) nat, binat, and rdr rules.
!
- Release the right descriptors when pipe(2) fails.
!
- Use pidfile(3) throughout the tree instead of hand-rolled imitations.
!
- Don't let sshd(8) pass user-defined variables to login(1).
- Nuke smartkey(1).
!
- Remove pipe based interface to photurisd(8), leaving only PF_KEY.
!
- Issue a "failed" message instead of a 2nd challenge if sshd(8) sees the same key in authorized_keys twice.
!
- Let the sshd(8) fake X11 server listen on localhost by default.
!
- Use ip6(4) in sendmail(1) when possible.
!
- Fix an alignment bug on alpha by using getifaddrs(3) instead of various ioctl(2) calls in named(8).
!
- Conform to historic behaviour in fmt(1); don't format lines that start with a dot.
!
- Avoid a "thundering herd" problem in accept(2), and fix an infinite loop on 64-bit systems.
!
- Use pool(9) for socket allocations.
!
- Correctly signal an error condition in newsyslog(8) so we don't send a signal to PID 0.
- Repair an error in uipc_socket that could make a transient error permanent.
- Perform a pf_route() before logging in case the logging created a bogus rule, avoiding a panic.
!
- Have socket connection queues use a tailq queue(3).
!
- Add fastroute option to pf(4).
!
- Support pasting characters with codes above 127 using the mouse via wscons(4).
!
- Handle PID files terminated with newlines correctly in newsyslog(8).
!
- Among other improvements, don't leak memory in ppp(8).
- During installation, preserve blank space in responses.
- Centralize the mount list, unifying locking, and add vfs_isbusy to help verify that a mount point is locked.
!
- Strengthen the mbuf traversal code in pf(4), avoiding potential crashes on ip6(4) packets with options.
!
- Make dummies for aclocal and the auto* family in cvs(1), hopefully mitigating upgrade hassles.
!
- Don't allow the pf(4) CHANGEBINAT ioctl(2) when securelevel > 1.
- Include stub dl* function definitions in libc on ELF, making libdl unneeded.
- Enhance network handling during installations.
!
- Block signals in find(1) when running fts_read().
!
- Move NFS creds out of the standard buf structure and into the nfs node, and use pool(9) for NFS node allocation.
!
- Fix the password length check in user(8).
!
- Use lockmgr in procfs (mount_procfs(8)) instead of a home-made version.
- Correctly mark items on the syncer worklist with VBIOONSYNCLIST, ensuring items not on the list don't have this mark.
- Convert to using the vn_marktext() function instead of VTEXT to mark a vnode as executing a text image.
!
- Enable the NI_WITHSCOPEID getnameinfo(3) flag by default.
!
- sendmail(8) should listen on port 587 for ip(6), like ip4(6).
!
- Add sanity to the apmd(8) battery alert when the battery is charging.
!
- Let chdir(2) errors in rwhod(8) be seen.
!
- SECURITY FIX: update ssh to OpenSSH-3.0.1.
A source code patch is available.
! [Applied to stable]
! - Repair ipx frame-type handling in ifconfig(8).
!
- SECURITY FIX: don't let pf wander off the end of ipv6 icmp packets.
A source code patch is available.
! [Applied to stable]
! - Fix a recursive mutex problem in pthreads(3).
!
- RELIABILITY FIX: quiet bogus interrupt messages on sparc64 pciide cdroms.
A source code patch is available.
! [Applied to stable]
! - Support the "S" command in interactive mode in top(1) to toggle display of system processes.
- Prepare for UBC by adding a daemon that processes async I/O and repairing some other things.
!
- Don't memset(3) too much memory in ssh(1) or sshd(8).
!
- Be much more sure that software cannot be used in crypto(9) stuff.
!
- Fix behaviour of system(3) in phtreads(3) so it doesn't hang forever.
!
- Use select(2) instead of unsafe SIGIO method for handling wscons(4) events in X11.
!
- Increase buffer sizes in tcpd(8) and ssh(1) so they can hold a full hostname.
!
- Add uscanner(4) device node to i386 and macppc.
!
- SECURITY FIX: be more careful with file permissions in vi.recover
A source code patch is available.
! [Applied to stable]
! - RELIABILITY FIX: provide illegal instruction trap handling for Altivec instructions on macppc.
A source code patch is available.
! [Applied to stable]
- Take advantage of the bus_dmamap_sync API.
!
- RELIABILITY FIX: finally address the PCI abort problem on hifn7751.
A source code patch is available.
! [Applied to stable]
- Move accounting disk space watcher into a kernel thread, fixing accounting on NFS.
- Fix many signal handlers throughout the tree.
!
- Avoid overruning mbuf length in ip6(4) handling.
!
- Big rusers(1) update, including protocol version 3 support, avoidance of duplicate issues on multihomed machines, and timeout tweaking.
!
- Support mmap(2) past 4GB offsets.
!
- Repair creation of the hosts(5) file during installation.
!
- Size mprotect(2) allocations from malloc(3) to 0 bytes, resulting in a fault on access.
!
- Handle autorepeat delays better in wskbd(4).
!
- Send the User-Agent header when using ftp(1) to WWW servers and proxies.
!
- Overhaul some fd(4) handling within the kernel.
!
- Ensure isakmpd(8) dies promptly on reciept of the SIGTERM signal(3).
!
- Fix a problem with bsd_auth(3) and passwords containing colons.
!
- Make -h and -L in pax(4) and tar(1) follow symlinks on extraction of directories.
!
- Support ddb(4) entry with usb keyboards using uskbd(4).
- Enhance handling of console keyboard attaches and deattaches.
!
- Allow the SCSI cd(4) driver to eject empty drives.
!
- Repair backgrounding (~&) in ssh(1) for v1 and add support for v2.
!
- Spiff up the isp(4) driver; protect against deranged fabric name servers and correctly handle the ISP_QUEUES_FULL status.
!
- Cleanup wx(4), getting rid of a bogus pullup on small mbufs and setting a txint delay.
!
- Polish wsconsctl(8): better usage output, print nice output when changing display.* settings, and prefer warn(3) over err(3).
!
- Handle standard file handles better in cron(8), and change an unsafe vfork(2) call to fork(2).
- Import xc-mit to build XhpBSD for hp300.
!
- Don't let tcpdump(8) segfault on some radius traffic.
!
- Fix some bugs in ppp(8), including a PASV bug, a set reconnect bug, and allowing for looser MRU handling.
!
- Use a more specific error message when pfctl(8) is given a bad interface name.
!
- Correct printing of RDR rules in pfctl(8) when using ! with destination rules.
!
- Reset state counter when clearing states in pf(4).
!
- Ignore SIGPIPE early in ssh(1), allowing operation to continue even if the agent dies.
!
- Implement syslog_r(3).
!
- Support the Creative Labs SB Live! sound card with emu(4).
- Repair __PSEUDO_NOERROR on hppa.
***************
*** 377,383 ****
www@openbsd.org
!
$OpenBSD: plus31.html,v 1.6 2002/10/17 08:47:59 deraadt Exp $
--- 378,384 ----
www@openbsd.org
!
$OpenBSD: plus31.html,v 1.7 2003/03/06 16:27:11 naddy Exp $