version 1.12, 2004/03/25 02:41:50 |
version 1.13, 2004/03/28 09:44:05 |
|
|
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newsyslog&sektion=8">newsyslog(8)</a>'s handling of empty lines. |
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newsyslog&sektion=8">newsyslog(8)</a>'s handling of empty lines. |
<li>Remove the obsolete access.conf and srm.conf files from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a>. |
<li>Remove the obsolete access.conf and srm.conf files from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a>. |
<!-- ^^^ 20020919 --> |
<!-- ^^^ 20020919 --> |
<li>Make sure <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> ProxyCommand programs get killed on exit (portable OpenSSH <a href="http://bugzilla.mindrot.org/show_bug.cgi?id=223">bug #223</a>.) |
<li>Make sure <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> ProxyCommand programs get killed on exit (portable OpenSSH <a href="http://bugzilla.mindrot.org/show_bug.cgi?id=223">bug #223</a>). |
<li>Fix a potential FREE() of an uninitialised pointer in the kernel (sys/exec_script.c) |
<li>Fix a potential FREE() of an uninitialised pointer in the kernel (sys/exec_script.c) |
<li>Rewrite <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a>'s GRE decoder. |
<li>Rewrite <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a>'s GRE decoder. |
<li>Fix signal trampoline problems with non-exec stack. |
<li>Fix signal trampoline problems with non-exec stack. |
|
|
<li>Fix DMA-related panics in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=twe&sektion=4">twe(4)</a> driver. |
<li>Fix DMA-related panics in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=twe&sektion=4">twe(4)</a> driver. |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>, try harder to create the X11 forwarding listener socket. |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>, try harder to create the X11 forwarding listener socket. |
<!-- ^^^ 20020917 --> |
<!-- ^^^ 20020917 --> |
<li>Fix a potential buffer overrun in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=setlocale&sektion=3">setlocale(3)</a> (NetBSD-<a href="ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2002-012.txt.asc">SA2002-012</a>.) |
<li>Fix a potential buffer overrun in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=setlocale&sektion=3">setlocale(3)</a> (NetBSD-<a href="ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2002-012.txt.asc">SA2002-012</a>). |
<li>Don't chdir to / when <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> goes daemon. |
<li>Don't chdir to / when <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> goes daemon. |
<li>Add __syslog__ string formatting attribute to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc&sektion=1">gcc(1)</a>. |
<li>Add __syslog__ string formatting attribute to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc&sektion=1">gcc(1)</a>. |
<!-- ^^^ 20020916 --> |
<!-- ^^^ 20020916 --> |
|
|
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> now supports Kerberos authentication in PrivSep mode. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> now supports Kerberos authentication in PrivSep mode. |
<!-- ^^^ 20020909 --> |
<!-- ^^^ 20020909 --> |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>'s parser takes more care parsing address families in NAT rules. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>'s parser takes more care parsing address families in NAT rules. |
<li>Add leap second support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rdate&sektion=8">rdate(8)</a> running in RFC868 mode (it already supports this in NTP mode with the -N option.) |
<li>Add leap second support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rdate&sektion=8">rdate(8)</a> running in RFC868 mode (it already supports this in NTP mode with the -N option). |
<li>Correct <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=altq&sektion=9">altq(9)</a>'s representation of positive infinity. |
<li>Correct <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=altq&sektion=9">altq(9)</a>'s representation of positive infinity. |
<!-- ^^^ 20020908 --> |
<!-- ^^^ 20020908 --> |
<li>Signal handler fixes in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bootpd&sektion=8">bootpd(8)</a><!-- on 20020908 -->, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rtadvd&sektion=8">rtadvd(8)</a><!-- on 20020909 --> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rtsold&sektion=8">rtsold(8)</a><!-- on 20020907 -->. |
<li>Signal handler fixes in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bootpd&sektion=8">bootpd(8)</a><!-- on 20020908 -->, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rtadvd&sektion=8">rtadvd(8)</a><!-- on 20020909 --> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rtsold&sektion=8">rtsold(8)</a><!-- on 20020907 -->. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=faithd&sektion=8">faithd(8)</a> dies on FD_SET overruns. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=faithd&sektion=8">faithd(8)</a> dies on FD_SET overruns. |
<li>Fix a couple of off-by-ones in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mopd&sektion=8">mopd(8)</a>. |
<li>Fix a couple of off-by-ones in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mopd&sektion=8">mopd(8)</a>. |
<!-- ^^^ 20020907 --> |
<!-- ^^^ 20020907 --> |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fsck&sektion=8">fsck(8)</a> work properly with long block device filenames (handle MAXPATHLEN chars instead of 32.) |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fsck&sektion=8">fsck(8)</a> work properly with long block device filenames (handle MAXPATHLEN chars instead of 32). |
<li>Don't build the somewhat less than ubiquitous <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=photurisd&sektion=8&release=OpenBSD+3.1">photurisd(8)</a> by default any more. |
<li>Don't build the somewhat less than ubiquitous <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=photurisd&sektion=8&release=OpenBSD+3.1">photurisd(8)</a> by default any more. |
<li>Lots and lots of ANSIfication. |
<li>Lots and lots of ANSIfication. |
<li>Lots of int -> socklen_t. |
<li>Lots of int -> socklen_t. |
|
|
<!-- ^^^ 20020906 --> |
<!-- ^^^ 20020906 --> |
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ahc&sektion=4">ahc(4)</a>'s interrupt sharing. |
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ahc&sektion=4">ahc(4)</a>'s interrupt sharing. |
<li>lib<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=usbhid&sektion=3">usbhid(3)</a> now available in the shared variety. |
<li>lib<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=usbhid&sektion=3">usbhid(3)</a> now available in the shared variety. |
<li>Don't allow data to be appended to the receive buffer of a socket that's been shut down (see NetBSD <a href="http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=18185">PR#18185</a>.) |
<li>Don't allow data to be appended to the receive buffer of a socket that's been shut down (see NetBSD <a href="http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=18185">PR#18185</a>). |
<li>Merge in OpenSSL 0.9.7beta1. To be continued. |
<li>Merge in OpenSSL 0.9.7beta1. To be continued. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> interoperability fixes for FreeS/WAN and SSH Sentinel. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> interoperability fixes for FreeS/WAN and SSH Sentinel. |
<!-- ^^^ 20020905 --> |
<!-- ^^^ 20020905 --> |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rwalld&sektion=8">rwalld(8)</a> revoke its group privileges as well as user privs. |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rwalld&sektion=8">rwalld(8)</a> revoke its group privileges as well as user privs. |
<li>Don't install safe_finger any more. |
<li>Don't install safe_finger any more. |
<li>Add support for the SCSI Reduced Block Command Set (RBC.) |
<li>Add support for the SCSI Reduced Block Command Set (RBC). |
<li>Bump <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>'s LoginGraceTime from one minute to two. |
<li>Bump <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>'s LoginGraceTime from one minute to two. |
<li>Various compatibility fixes and additions to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ubsec&sektion=4">ubsec(4)</a>. |
<li>Various compatibility fixes and additions to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ubsec&sektion=4">ubsec(4)</a>. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifconfig&sektion=8">ifconfig(8)</a> can now set whether or not use of IPv6 deprecated addresses are allowed. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifconfig&sektion=8">ifconfig(8)</a> can now set whether or not use of IPv6 deprecated addresses are allowed. |
<!-- ^^^ 20020904 --> |
<!-- ^^^ 20020904 --> |
<li>_x11 user and group added for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xdm&sektion=1">xdm(1)</a> to use. |
<li>_x11 user and group added for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xdm&sektion=1">xdm(1)</a> to use. |
<li>Pull in XFree86's fix for a serious Xlib security bug (which didn't affect OpenBSD.) |
<li>Pull in XFree86's fix for a serious Xlib security bug (which didn't affect OpenBSD). |
<li>Fix parsing of NAT port ranges. |
<li>Fix parsing of NAT port ranges. |
<li>Check the interface specified with route-to/dup-to/fastroute actually exists. If it does, null terminate its name before moving on. |
<li>Check the interface specified with route-to/dup-to/fastroute actually exists. If it does, null terminate its name before moving on. |
<!-- ^^^ 20020902 --> |
<!-- ^^^ 20020902 --> |
|
|
<li>Fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gem&sektion=4">gem(4)</a>. |
<li>Fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gem&sektion=4">gem(4)</a>. |
<li>Properly limit EDNS0 size to 0xffff. |
<li>Properly limit EDNS0 size to 0xffff. |
<li>Fix a signedness problem in SSH so that <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=RSA_public_decrypt&sektion=3">RSA_public_decrypt(3)</a> errors can be detected. |
<li>Fix a signedness problem in SSH so that <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=RSA_public_decrypt&sektion=3">RSA_public_decrypt(3)</a> errors can be detected. |
<li>Make X's module loader set PROT_EXEC using <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mprotect&sektion=2">mprotect(2)</a> on malloc'd pages containing code (needed since the heap is now mapped without PROT_EXEC.) |
<li>Make X's module loader set PROT_EXEC using <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mprotect&sektion=2">mprotect(2)</a> on malloc'd pages containing code (needed since the heap is now mapped without PROT_EXEC). |
<li>DNS responses from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getaddrinfo&sektion=3">getaddrinfo(3)</a>, gethostby*() and getnetby*() now get a 64K receive buffer.<br> |
<li>DNS responses from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getaddrinfo&sektion=3">getaddrinfo(3)</a>, gethostby*() and getnetby*() now get a 64K receive buffer.<br> |
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> |
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> |
<!-- ^^^ 20020827 --> |
<!-- ^^^ 20020827 --> |
|
|
<!-- ^^^ 20020809 --> |
<!-- ^^^ 20020809 --> |
<li>Fix raw socket translation for Linux compatibility mode. |
<li>Fix raw socket translation for Linux compatibility mode. |
<li>Properly clear the argument list in pmdb. |
<li>Properly clear the argument list in pmdb. |
<li>Die on fd_set overrun in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mtrace&sektion=8">mtrace(8)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=map-mbone&sektion=8">map-mbone(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mrouted&sektion=8">mrouted(8)</a> (not built by default.) |
<li>Die on fd_set overrun in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mtrace&sektion=8">mtrace(8)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=map-mbone&sektion=8">map-mbone(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mrouted&sektion=8">mrouted(8)</a> (not built by default). |
<li>When emulating Linux, don't have accept()ed sockets inherit flags from the listen socket.<br> |
<li>When emulating Linux, don't have accept()ed sockets inherit flags from the listen socket.<br> |
<a href="stable.html">[Applied to 3.1-stable]</a> |
<a href="stable.html">[Applied to 3.1-stable]</a> |
<li>Fix snprintf length in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslogd&sektion=8">syslogd(8)</a>. |
<li>Fix snprintf length in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslogd&sektion=8">syslogd(8)</a>. |
|
|
<li>Add a couple of missing <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=open&sektion=2">open(2)</a> mode args in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=afsd&sektion=8">afsd(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=msgs&sektion=1">msgs(1)</a>. |
<li>Add a couple of missing <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=open&sektion=2">open(2)</a> mode args in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=afsd&sektion=8">afsd(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=msgs&sektion=1">msgs(1)</a>. |
<!-- ^^^ 20020808 --> |
<!-- ^^^ 20020808 --> |
<li>Improve TX interrupt handing in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=be&sektion=4&arch=sparc">be(4/SPARC,4/SPARC64)</a>. |
<li>Improve TX interrupt handing in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=be&sektion=4&arch=sparc">be(4/SPARC,4/SPARC64)</a>. |
<li>Fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mrinfo&sektion=8">mrinfo(8)</a> (this isn't built by default.) |
<li>Fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mrinfo&sektion=8">mrinfo(8)</a> (this isn't built by default). |
<li>Improve <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>'s handling of interrupted system calls. |
<li>Improve <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>'s handling of interrupted system calls. |
<li>Fix a free-in-caught-alloc-failure-block (!) in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ohci&sektion=4">ohci(4)</a>. |
<li>Fix a free-in-caught-alloc-failure-block (!) in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ohci&sektion=4">ohci(4)</a>. |
<li>Rewrite the CRL support in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>. Check for OpenSSL >= 0.9.7, the earliest supported version for now. |
<li>Rewrite the CRL support in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>. Check for OpenSSL >= 0.9.7, the earliest supported version for now. |
<!-- ^^^ 20020807 --> |
<!-- ^^^ 20020807 --> |
<li>Retrofit the new early privilege revocation code to the old X servers. |
<li>Retrofit the new early privilege revocation code to the old X servers. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xlock&sektion=1">xlock(1)</a> defaults to blank mode (rather than random mode.) Also remove bomb mode altogether, to the annoyance of noone. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xlock&sektion=1">xlock(1)</a> defaults to blank mode (rather than random mode). Also remove bomb mode altogether, to the annoyance of noone. |
<li>Several fixes to the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hme&sektion=4&arch=sparc">hme(4/SPARC, 4/SPARC64)</a> driver. |
<li>Several fixes to the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hme&sektion=4&arch=sparc">hme(4/SPARC, 4/SPARC64)</a> driver. |
<li>Restore struct link_map ABI compatibility between ld.so and gdb, broken by the split of link.h into separate MI, ELF and a.out files. |
<li>Restore struct link_map ABI compatibility between ld.so and gdb, broken by the split of link.h into separate MI, ELF and a.out files. |
<!-- ^^^ 20020806 --> |
<!-- ^^^ 20020806 --> |
<li>Move AGP chipset support out of machine-independent section (AGP support is per-arch.) |
<li>Move AGP chipset support out of machine-independent section (AGP support is per-arch). |
<li><strong><font color="#e00000">REVISED SECURITY FIX</font></strong> for the OpenSSL ASN.1 buffer overflows, see the <a href="errata31.html#ssl">erratum</a>.<br> |
<li><strong><font color="#e00000">REVISED SECURITY FIX</font></strong> for the OpenSSL ASN.1 buffer overflows, see the <a href="errata31.html#ssl">erratum</a>.<br> |
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> |
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> |
<!-- ^^^ 20020805 --> |
<!-- ^^^ 20020805 --> |
|
|
<!-- ^^^ 20020804 --> |
<!-- ^^^ 20020804 --> |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> can log matching rules to syslog. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> can log matching rules to syslog. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=write&sektion=1">write(1)</a> drops privileges after opening the tty. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=write&sektion=1">write(1)</a> drops privileges after opening the tty. |
<li>Refactor <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vmstat&sektion=8">vmstat(8)</a> slightly so <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kvm&sektion=3">kvm(3)</a> is only ever opened once (it could be opened a second time by dkstats.c before.) |
<li>Refactor <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vmstat&sektion=8">vmstat(8)</a> slightly so <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kvm&sektion=3">kvm(3)</a> is only ever opened once (it could be opened a second time by dkstats.c before). |
<li>Open the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kvm&sektion=3">kvm(3)</a> library earlier in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fstat&sektion=1">fstat(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systat&sektion=1">systat(1)</a>, and so drop privs earlier. |
<li>Open the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kvm&sektion=3">kvm(3)</a> library earlier in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fstat&sektion=1">fstat(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systat&sektion=1">systat(1)</a>, and so drop privs earlier. |
<li>Test for a previously unchecked malloc() return value in the RPC library, and die unceremoniously on failure. |
<li>Test for a previously unchecked malloc() return value in the RPC library, and die unceremoniously on failure. |
<li>Catch file read errors in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rdate&sektion=8">rdate(8)</a>'s leapsecond handler. |
<li>Catch file read errors in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rdate&sektion=8">rdate(8)</a>'s leapsecond handler. |
<li>Cleanup of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=amd&sektion=8">amd(8)</a>. |
<li>Cleanup of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=amd&sektion=8">amd(8)</a>. |
<!-- ^^^ 20020803 --> |
<!-- ^^^ 20020803 --> |
<li>Remove Kerberos support from the default <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login.conf&sektion=5">login.conf</a> (and its hardwired defaults for when login.conf is absent.) See <a href="http://www.openbsd.org/cgi-bin/cvsweb/src/etc/login.conf?rev=1.12&content-type=text/x-cvsweb-markup">the log</a> for why. |
<li>Remove Kerberos support from the default <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login.conf&sektion=5">login.conf</a> (and its hardwired defaults for when login.conf is absent). See <a href="http://www.openbsd.org/cgi-bin/cvsweb/src/etc/login.conf?rev=1.12&content-type=text/x-cvsweb-markup">the log</a> for why. |
<li>No more RPC by default. Expect a lot of 'NFS is broken' email to misc@ when 3.2 is released. |
<li>No more RPC by default. Expect a lot of 'NFS is broken' email to misc@ when 3.2 is released. |
<li>Rework some aspects of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crontab&sektion=1">crontab(1)</a>'s file checks. |
<li>Rework some aspects of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crontab&sektion=1">crontab(1)</a>'s file checks. |
<li>Provide our own <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=RSA_verify&sektion=3">RSA_verify(3)</a> implementation for OpenSSH. |
<li>Provide our own <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=RSA_verify&sektion=3">RSA_verify(3)</a> implementation for OpenSSH. |
|
|
<li>Fix some more potential null pointer dereferences, this time in pfkey and netiso. |
<li>Fix some more potential null pointer dereferences, this time in pfkey and netiso. |
<li>Plug a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a> file descriptor leak in the X server. |
<li>Plug a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a> file descriptor leak in the X server. |
<li>Have libc <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=opendir&sektion=3">opendir(3)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scandir&sektion=3">scandir(3)</a> check for size_t overflows like the new calloc(). |
<li>Have libc <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=opendir&sektion=3">opendir(3)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scandir&sektion=3">scandir(3)</a> check for size_t overflows like the new calloc(). |
<li>Like in libc, fix the calloc() implementation in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=named&sektion=8">named(8)</a> (only used by a feature disabled in OpenBSD.) |
<li>Like in libc, fix the calloc() implementation in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=named&sektion=8">named(8)</a> (only used by a feature disabled in OpenBSD). |
<li>Lots of work on the sparc and sparc64 console drivers. |
<li>Lots of work on the sparc and sparc64 console drivers. |
<li>Kernel IPsec was only doing ESP integrity checks on NICs that had already done so in hardware... |
<li>Kernel IPsec was only doing ESP integrity checks on NICs that had already done so in hardware... |
<li>Fix a typo that caused a potential null pointer dereference in kernel NFS. |
<li>Fix a typo that caused a potential null pointer dereference in kernel NFS. |
|
|
<li><font color="#e00000"><strong>SECURITY FIX: Several remote buffer overflows can occur in the SSL2 server and SSL3 client of the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=8">ssl(8)</a> library, as in the ASN.1 parser code in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=3">crypto(3)</a> library, all of them being potentially remotely exploitable.</strong></font><br> |
<li><font color="#e00000"><strong>SECURITY FIX: Several remote buffer overflows can occur in the SSL2 server and SSL3 client of the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=8">ssl(8)</a> library, as in the ASN.1 parser code in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=3">crypto(3)</a> library, all of them being potentially remotely exploitable.</strong></font><br> |
<a href="errata31.html#ssl">A source code patch is available</a>.<br> |
<a href="errata31.html#ssl">A source code patch is available</a>.<br> |
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> |
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>, allow TCP flags to be specified in all rules that include TCP (before the rules had to be exclusively TCP.) |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>, allow TCP flags to be specified in all rules that include TCP (before the rules had to be exclusively TCP). |
<!-- ^^^ 20020730 --> |
<!-- ^^^ 20020730 --> |
<li>Fix a buffer overflow in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=backgammon&sektion=6">backgammon(6)</a>, and replace its gameplay algorithm. |
<li>Fix a buffer overflow in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=backgammon&sektion=6">backgammon(6)</a>, and replace its gameplay algorithm. |
<li>Kill a kernel tty memory leak.<br> |
<li>Kill a kernel tty memory leak.<br> |
|
|
<li>Fix a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> double free(). |
<li>Fix a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> double free(). |
<li>Cardbus support for macppc. |
<li>Cardbus support for macppc. |
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dc&sektion=4">dc(4)</a> cardbus reads. |
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dc&sektion=4">dc(4)</a> cardbus reads. |
<li>Remove a signedness bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>'s handling of utmp_len (-u option.) |
<li>Remove a signedness bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>'s handling of utmp_len (-u option). |
<li>Fix some bugs in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pool&sektion=9">pool(9)</a>. |
<li>Fix some bugs in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pool&sektion=9">pool(9)</a>. |
<!-- ^^^ 20020723 --> |
<!-- ^^^ 20020723 --> |
<li>More additions to GNU <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=as&sektion=1">as(1)</a>, this time to make Ogle compile. |
<li>More additions to GNU <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=as&sektion=1">as(1)</a>, this time to make Ogle compile. |
|
|
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atrun&sektion=8">atrun(8)</a> part of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cron&sektion=8">cron(8)</a>, removing the need for the atrun cronjob. |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atrun&sektion=8">atrun(8)</a> part of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cron&sektion=8">cron(8)</a>, removing the need for the atrun cronjob. |
<li>More <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>: accept !<interface> syntax. Oh yes. |
<li>More <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>: accept !<interface> syntax. Oh yes. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=top&sektion=1">top(1)</a> now has a BSD license. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=top&sektion=1">top(1)</a> now has a BSD license. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> parser spots more silly combinations (return-rst on non-TCP rules, keep-state on block rules.) |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> parser spots more silly combinations (return-rst on non-TCP rules, keep-state on block rules). |
<!-- ^^^ 20020715 --> |
<!-- ^^^ 20020715 --> |
<li>Fix a double free in BSD authentication. |
<li>Fix a double free in BSD authentication. |
<!-- XXX sendmail SuperSafe=... thing ? --> |
<!-- XXX sendmail SuperSafe=... thing ? --> |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftpd&sektion=8">ftpd(8)</a> always use high port numbers for passive data connections (no more -h option.) |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftpd&sektion=8">ftpd(8)</a> always use high port numbers for passive data connections (no more -h option). |
<!-- ^^^ 20020714 --> |
<!-- ^^^ 20020714 --> |
<li>Add SIGALRM to the list of signals that can be sent (after uid/euid checks) to set[ug]id child processes. |
<li>Add SIGALRM to the list of signals that can be sent (after uid/euid checks) to set[ug]id child processes. |
<li>Enable list expansion for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT rules, broken since the pf.conf/nat.conf merge. |
<li>Enable list expansion for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT rules, broken since the pf.conf/nat.conf merge. |
|
|
<li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=radio&sektion=4">radio(4)</a> device attachment for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bktr&sektion=4&arch=i386">bktr(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fms&sektion=4">fms(4)</a>. |
<li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=radio&sektion=4">radio(4)</a> device attachment for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bktr&sektion=4&arch=i386">bktr(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fms&sektion=4">fms(4)</a>. |
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pcibios&sektion=4&arch=i386">pcibios(4)</a> detect and ignore a too-short PCI IRQ routing table header. |
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pcibios&sektion=4&arch=i386">pcibios(4)</a> detect and ignore a too-short PCI IRQ routing table header. |
<li>Changes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a>: Search order now always looks like a.out, destructors are called on dlclose(), move some libc-like functions into private namespace. |
<li>Changes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a>: Search order now always looks like a.out, destructors are called on dlclose(), move some libc-like functions into private namespace. |
<li>Add support for AGP GART on some i386 AGP chipsets (see <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vga&sektion=4">vga(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=options&sektion=4">options(4)</a>.) |
<li>Add support for AGP GART on some i386 AGP chipsets (see <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vga&sektion=4">vga(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=options&sektion=4">options(4)</a>). |
<li>Remove '\\' -> '\' translation in crontabs to keep the shell happy. |
<li>Remove '\\' -> '\' translation in crontabs to keep the shell happy. |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xterm&sektion=1">xterm(1)</a> revoke its root privileges. |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xterm&sektion=1">xterm(1)</a> revoke its root privileges. |
<li>Remove a race and some other bugs from the mountpoint locking code. <!-- ok art@ --> |
<li>Remove a race and some other bugs from the mountpoint locking code. <!-- ok art@ --> |
|
|
<li>Fix ni6_nametodns() pointer bug in icmp6; NetBSD PR17540. |
<li>Fix ni6_nametodns() pointer bug in icmp6; NetBSD PR17540. |
<li>Add support in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uftdi&sektion=4">uftdi(4)</a> for FT8U232AM-based USB serial adapters, likewise add more devices to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uplcom&sektion=4">uplcom(4)</a>. |
<li>Add support in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uftdi&sektion=4">uftdi(4)</a> for FT8U232AM-based USB serial adapters, likewise add more devices to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uplcom&sektion=4">uplcom(4)</a>. |
<li>Fix miniroot typo that was breaking FTP installs. |
<li>Fix miniroot typo that was breaking FTP installs. |
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sed&sektion=1">sed(1)</a>'s r command (PR2755.) |
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sed&sektion=1">sed(1)</a>'s r command (PR2755). |
<li>Add a daemon mode to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>. |
<li>Add a daemon mode to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=udsbr&sektion=4">udbsr(4)</a> driver for D-Link radio cards added. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=udsbr&sektion=4">udbsr(4)</a> driver for D-Link radio cards added. |
<li>Add a timeout value to USB I/O calls, rather than having a systemwide timeout. |
<li>Add a timeout value to USB I/O calls, rather than having a systemwide timeout. |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> chroot() and drop root privileges by default. A lot module chroot fixes to come. |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> chroot() and drop root privileges by default. A lot module chroot fixes to come. |
<li>Add syscall aliasing to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> (e.g. stat/fstat/readlink/access/... become 'fsread'.) |
<li>Add syscall aliasing to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> (e.g. stat/fstat/readlink/access/... become 'fsread'). |
<li>Some fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=umidi&sektion=4">umidi(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uscanner&sektion=4">uscanner(4)</a>. |
<li>Some fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=umidi&sektion=4">umidi(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uscanner&sektion=4">uscanner(4)</a>. |
<li>Add SMC 2206 support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=aue&sektion=4">aue(4)</a>. |
<li>Add SMC 2206 support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=aue&sektion=4">aue(4)</a>. |
<li>Fix a potential off-by-five error in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>. |
<li>Fix a potential off-by-five error in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>. |
|
|
<li>Enable DMA on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xl&sektion=4">xl(4)</a>. |
<li>Enable DMA on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xl&sektion=4">xl(4)</a>. |
<li>Allow transparent (statically keyed) <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> processing on a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a>. |
<li>Allow transparent (statically keyed) <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> processing on a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a>. |
<li>Help <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ppp&sektion=8">ppp(8)</a> to cope with yet more Microsoft PPP attributes. |
<li>Help <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ppp&sektion=8">ppp(8)</a> to cope with yet more Microsoft PPP attributes. |
<li>Extend <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a> key lifetime constraints more flexible (i.e. more than just key lifetime.) |
<li>Extend <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a> key lifetime constraints more flexible (i.e. more than just key lifetime). |
<li>Teach ECN attributes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>. |
<li>Teach ECN attributes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>. |
<li>Add eui64 option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifconfig&sektion=8">ifconfig(8)</a> for configuring the IPv6 interface index. |
<li>Add eui64 option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifconfig&sektion=8">ifconfig(8)</a> for configuring the IPv6 interface index. |
<li>Add a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> to get the CPU type on sparc and sparc64. |
<li>Add a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> to get the CPU type on sparc and sparc64. |
|
|
<li>New scrub(fragcache) ... syntax for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>. |
<li>New scrub(fragcache) ... syntax for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT proxy port ranges can be specified per-rule. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT proxy port ranges can be specified per-rule. |
<li>Don't <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=panic&sektion=9">panic(9)</a> if <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> tries to insert a duplicate key. |
<li>Don't <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=panic&sektion=9">panic(9)</a> if <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> tries to insert a duplicate key. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT and filter rules now all go in the one file (normally <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a>.) New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> file syntax. Oh yes. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT and filter rules now all go in the one file (normally <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a>). New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> file syntax. Oh yes. |
<li>Clean up semantics of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gre&sektion=4">gre(4)</a> a bit. |
<li>Clean up semantics of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gre&sektion=4">gre(4)</a> a bit. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifconfig&sektion=8">ifconfig(8)</a> prints the Ethernet address. Yippee! |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifconfig&sektion=8">ifconfig(8)</a> prints the Ethernet address. Yippee! |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=route&sektion=8">route(8)</a> now accepts DNS names (and naturally enough treats them as host routes.) |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=route&sektion=8">route(8)</a> now accepts DNS names (and naturally enough treats them as host routes). |
<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> using the same range for SPIs and CPIs. |
<li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> using the same range for SPIs and CPIs. |
<li>Ports can now be specified in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT rules. |
<li>Ports can now be specified in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT rules. |
<li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a> to attach to a running process. |
<li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a> to attach to a running process. |
|
|
<li>Remove KerberosIV startup code from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rc&sektion=8">rc(8)</a> files. |
<li>Remove KerberosIV startup code from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rc&sektion=8">rc(8)</a> files. |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT rules work more like normal filter rules. |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT rules work more like normal filter rules. |
<li>Add SIO*PHYADDR to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gif&sektion=4">gif(4)</a> so <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifconfig&sektion=8">ifconfig(8)</a> can set the outer address. |
<li>Add SIO*PHYADDR to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gif&sektion=4">gif(4)</a> so <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifconfig&sektion=8">ifconfig(8)</a> can set the outer address. |
<li>Make published <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=arp&sektion=8">arp(8)</a> entries work again (PR2635.) |
<li>Make published <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=arp&sektion=8">arp(8)</a> entries work again (PR2635). |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcp&sektion=8">dhcp(8)</a> build faster (PR2715.) |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcp&sektion=8">dhcp(8)</a> build faster (PR2715). |
<li>Start converting <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systat&sektion=1">systat(1)</a> to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> instead of kvm. |
<li>Start converting <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systat&sektion=1">systat(1)</a> to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> instead of kvm. |
<li>Set FDDI link MTU the same as IPv4 MTU, fixes PR2714. |
<li>Set FDDI link MTU the same as IPv4 MTU, fixes PR2714. |
<li>Allow numeric group IDs in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>. |
<li>Allow numeric group IDs in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>. |
|
|
<li>Make more use of splsoftnet() (instead of splnet()) in IPv6 code. |
<li>Make more use of splsoftnet() (instead of splnet()) in IPv6 code. |
<li>lo0 now only gets ::1 when it's brought up. |
<li>lo0 now only gets ::1 when it's brought up. |
<li>Merge <a href="http://www.pdc.kth.se/kth-krb/">kth-krb</a> 1.1.1. |
<li>Merge <a href="http://www.pdc.kth.se/kth-krb/">kth-krb</a> 1.1.1. |
<li>Enable weak aliases in libc for powerpc, sparc and alpha (already enabled on i386.) |
<li>Enable weak aliases in libc for powerpc, sparc and alpha (already enabled on i386). |
<li>Add new splusb() to prevent USB initialisation lossage. |
<li>Add new splusb() to prevent USB initialisation lossage. |
<li>Improve SMART support in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atactl&sektion=8">atactl(8)</a>. |
<li>Improve SMART support in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atactl&sektion=8">atactl(8)</a>. |
<li>Silently ignore deprecated options to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> since they may be passed in for a remote scp command. |
<li>Silently ignore deprecated options to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> since they may be passed in for a remote scp command. |
|
|
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bpf&sektion=4">bpf(4)</a> support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a> |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bpf&sektion=4">bpf(4)</a> support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a> |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>, add netmask, subnet and DHCP server request support to IKECFG. |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>, add netmask, subnet and DHCP server request support to IKECFG. |
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bktr&sektion=4&arch=i386">bktr(4)</a> stereo. |
<li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bktr&sektion=4&arch=i386">bktr(4)</a> stereo. |
<li>Support the RNG of AMD-768 southbridge (device <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=amdpm&sektion=4">amdpm(4)</a>.) |
<li>Support the RNG of AMD-768 southbridge (device <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=amdpm&sektion=4">amdpm(4)</a>). |
<li>Fix DMA handing of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hme&sektion=4&arch=sparc">hme(4)</a> (SPARC and SPARC64.) |
<li>Fix DMA handing of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hme&sektion=4&arch=sparc">hme(4)</a> (SPARC and SPARC64). |
<li>Pull in libcsu change from NetBSD to allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dlopen&sektion=3">dlopen(3)</a> to be used much earlier. |
<li>Pull in libcsu change from NetBSD to allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dlopen&sektion=3">dlopen(3)</a> to be used much earlier. |
<li>Add -t key lifetime option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-add&sektion=1">ssh-add(1)</a>. |
<li>Add -t key lifetime option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-add&sektion=1">ssh-add(1)</a>. |
<li>Use IPv4/IPv6 addresses in /etc/inetd.conf instead of 'localhost' to avoid DNS lookups. |
<li>Use IPv4/IPv6 addresses in /etc/inetd.conf instead of 'localhost' to avoid DNS lookups. |
|
|
<li>Don't automagically set -prefixlen 128 on IPv6 host route. |
<li>Don't automagically set -prefixlen 128 on IPv6 host route. |
<li>rasops instead of rcons for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vgafb&sektion=4&arch=sparc64">vgafb(4/SPARC64)</a>. |
<li>rasops instead of rcons for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vgafb&sektion=4&arch=sparc64">vgafb(4/SPARC64)</a>. |
<li>Add xsystrace(1) [no manpage yet] UI for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a>. |
<li>Add xsystrace(1) [no manpage yet] UI for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a>. |
<li> Add sbus <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bwtwo&sektion=4&arch=sparc">bwtwo(4)</a> mono framebuffer support (untested.) |
<li> Add sbus <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bwtwo&sektion=4&arch=sparc">bwtwo(4)</a> mono framebuffer support (untested). |
<li>PrivSep'd <a href="http://www.openssh.com/">ssh</a> monitor processes check each authentication method is enabled before use. |
<li>PrivSep'd <a href="http://www.openssh.com/">ssh</a> monitor processes check each authentication method is enabled before use. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> userland import. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> userland import. |
<li>Use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=arc4random&sektion=3">arc4random(3)</a> for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rtadvd&sektion=8">rtadvd(8)</a>. |
<li>Use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=arc4random&sektion=3">arc4random(3)</a> for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rtadvd&sektion=8">rtadvd(8)</a>. |