Annotation of www/plus32.html, Revision 1.1
1.1 ! deraadt 1: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML Strict//EN">
! 2: <html>
! 3: <head>
! 4: <title>OpenBSD-3.2 changes</title>
! 5: <link rev="made" href="mailto:www@openbsd.org">
! 6: <meta name="resource-type" content="document">
! 7: <meta name="description" content="OpenBSD-current changes">
! 8: <meta name="keywords" content="openbsd,current,changes">
! 9: <meta name="distribution" content="global">
! 10: <meta name="copyright" content="This document copyright 1996-2002 by OpenBSD.">
! 11: </head>
! 12:
! 13: <body bgcolor="#ffffff" text="#000000" link="#23238e">
! 14:
! 15: <a href="index.html"><img alt="[OpenBSD]" height="30" width="141" src="images/smalltitle.gif" border="0"></a>
! 16: <p>
! 17: <h2><font color=#e00000>Changes made between OpenBSD 3.1 and OpenBSD 3.2</font><hr></h2>
! 18:
! 19: <p>
! 20: This is a partial list of the major machine-independent changes
! 21: (i.e., these are the changes people ask about most often). Port
! 22: specific changes have also been made, and are sometimes mentioned
! 23: in the pages for the specific <a href="plat.html">platforms</a>.
! 24:
! 25: <p>
! 26: Changes to the <a href="ports.html">ports</a> collection are documented
! 27: <a href="portsplus/index.html">here</a>.
! 28:
! 29: <p>
! 30: Note: <font color=#e00000>Problems for which patches exist are marked in red</font>.
! 31:
! 32: <p>
! 33: <h3>
! 34: <a href="plus20.html">For changes leading up to OpenBSD 2.0, click here</a>.<br>
! 35: <a href="plus21.html">For changes leading up to OpenBSD 2.1, click here</a>.<br>
! 36: <a href="plus22.html">For changes leading up to OpenBSD 2.2, click here</a>.<br>
! 37: <a href="plus23.html">For changes leading up to OpenBSD 2.3, click here</a>.<br>
! 38: <a href="plus24.html">For changes leading up to OpenBSD 2.4, click here</a>.<br>
! 39: <a href="plus25.html">For changes leading up to OpenBSD 2.5, click here</a>.<br>
! 40: <a href="plus26.html">For changes leading up to OpenBSD 2.6, click here</a>.<br>
! 41: <a href="plus27.html">For changes leading up to OpenBSD 2.7, click here</a>.<br>
! 42: <a href="plus28.html">For changes leading up to OpenBSD 2.8, click here</a>.<br>
! 43: <a href="plus29.html">For changes leading up to OpenBSD 2.9, click here</a>.<br>
! 44: <a href="plus30.html">For changes leading up to OpenBSD 3.0, click here</a>.<br>
! 45: <a href="plus31.html">For changes leading up to OpenBSD 3.1, click here</a>.<br>
! 46: <a href="plus.html">For changes in OpenBSD-current, click here</a>.
! 47: <br>
! 48: </h3>
! 49:
! 50: <p>
! 51: <h3><font color=#0000e0>Changes made between OpenBSD 3.1 and OpenBSD 3.2</font></h3><p>
! 52: <ul>
! 53:
! 54: <li>Release branch created.
! 55: <!-- ^^^ 20021003 -->
! 56: <li>Cool new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xdm&sektion=8">xdm(8)</a> images for 3.2.
! 57: <li><font color="#e00000"><strong>SECURITY FIX: Incorrect argument checking in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=setitimer&sektion=2">setitimer(2)</a> system call may allow an attacker to write to kernel memory.</strong></font><br>
! 58: <a href="errata.html#kerntime">A source code patch is available</a>.<br>
! 59: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
! 60: <!-- ^^^ 20021002 -->
! 61: <li>Retrofit the SIGUSR1->SIGUSR2 console switching change to the old X server.
! 62: <li>Fix a couple of crashers in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kevent&sektion=2">kevent(2)</a>.
! 63: <li>OpenBSD 3.2-beta -> 3.2, OpenSSH -> 3.5.
! 64: <!-- ^^^ 20021001 -->
! 65: <li>Try to initialise AGP GART in the privileged startup portion of the X server.
! 66: <!-- ^^^ 20020930 -->
! 67: <li>Plug a memory leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=url&sektion=4">url(4)</a>.
! 68: <!-- ^^^ 20020929 -->
! 69: <li>login_radius returns, complete with fixed license.
! 70: <li>Still more cleanup and output trimming in the installer script.
! 71: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xf86cfg&sektion=1">xf86cfg(1)</a> now runs the server with '-nolisten tcp'.
! 72: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xdm&sektion=8">xdm(8)</a> now drops privileges to run as user _x11 after starting as root.
! 73: <!-- ^^^ 20020928 -->
! 74: <li>daddr -> saddr in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> binat code. Oops.<br>
! 75: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
! 76: <li>Add a wildcard client string match against "probe-*" for SSH probes to use.
! 77: <!-- ^^^ 20020927 -->
! 78: <li>Disable login_radius, pesky licensing problems again.<br>
! 79: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
! 80: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sppp&sektion=4">sppp(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lmc&sektion=4">lmc(4)</a> are back, with better licenses.
! 81: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> can now do privsep and krb4 together.
! 82: <!-- ^^^ 20020926 -->
! 83: <li>Remove RC5 and MDC2 from libcrypto.
! 84: <li>Have the installer set the nosuid flag for mount points that shouldn't contain setuid programs.
! 85: <!-- ^^^ 20020925 -->
! 86: <li>Fix a sizeof bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a> spanning tree protocol support.
! 87: <li>New driver <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=em&sektion=4">em(4)</a>, supporting Intel Gigibit Ethernet adapters and replacing <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gx&sektion=4&release=OpenBSD+3.1">gx(4)</a>
! 88: <li>Some memory allocation and other tweaks to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=talkd&sektion=8">talkd(8)</a>.
! 89: <!-- ^^^ 20020924 -->
! 90: <li>Better handling of IPv6 deprecated addresses.
! 91: <li>Fix the padding length for an IPv6 PADN option before a jumbo payload option.
! 92: <li>Allow SSL session IDs of any length up to 32, removing the non-standard 16-char minimum imposed before.
! 93: <li>Add a /dev/X0 entry for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xdm&sektion=8">xdm(8)</a>, allowing the mouse to work with the upcoming xdm privilege drop. One for the Upgrading Mini-faq.
! 94: <li>Properly dump radix tree nodes in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a>.
! 95: <!-- ^^^ 20020923 -->
! 96: <li>Template policy support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>.
! 97: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sppp&sektion=4">sppp(4)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lmc&sektion=4">lmc(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cz&sektion=4">cz(4)</a> drivers removed from release kernels due to license problems.
! 98: <li>A bunch of gcc3 tweaks.
! 99: <li>Don't build Kerberos ticket forwarding programs <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kf&sektion=1&release=OpenBSD+3.1">kf(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kfd&sektion=8">kfd(8)</a> because of security issues. (Will come back when Heimdal 0.5 gets merged, after 3.2 release.)
! 100: <li>Add support for ELF sections loaded relative to a base section.
! 101: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>'s antispoof command also block incoming packets with the source set to one of the host's IP addresses.
! 102: <li>Make the VT switching code use SIGUSR2 instead of SIGUSR1. The latter is also used by the X server to synchronise with xinit.
! 103: <!-- ^^^ 20020922 -->
! 104: <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newsyslog&sektion=8">newsyslog(8)</a> handle with more grace situations where some archived logfiles have been uncompressed in-place.
! 105: <li>Continue to reduce the amount of output the installer generates, so we won't need a magnifier to read the installation instructions in the CD gatefold.
! 106: <li>Add TBI (Ten-Bit Interface) mode support for fibre-based <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nge&sektion=4">nge(4)</a> cards, as well as some other bug fixes.
! 107: <!-- ^^^ 20020921 -->
! 108: <!-- ^^^ 20020920 -->
! 109: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newsyslog&sektion=8">newsyslog(8)</a> actually run the command it's asked to run. Also, add new interpretation of a null command.
! 110: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newsyslog&sektion=8">newsyslog(8)</a>'s handling of empty lines.
! 111: <li>Remove the obsolete access.conf and srm.conf files from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a>.
! 112: <!-- ^^^ 20020919 -->
! 113: <li>Make sure <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> ProxyCommand programs get killed on exit (portable OpenSSH <a href="http://bugzilla.mindrot.org/show_bug.cgi?id=223">bug #223</a>.)
! 114: <li>Fix a potential FREE() of an uninitialised pointer in the kernel (sys/exec_script.c)
! 115: <li>Rewrite <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a>'s GRE decoder.
! 116: <li>Fix signal trampoline problems with non-exec stack.
! 117: <li>Remove EGP decode support from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a> due to a duff license and apathy.
! 118: <!-- ^^^ 20020918 -->
! 119: <li>So farewell, then, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=trsp&sektion=8&release=OpenBSD+3.1">trsp(8)</a>.
! 120: <li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newsyslog&sektion=8">newsyslog(8)</a> to rotate only specific logfiles.
! 121: <li>Make RAND_poll use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=arc4random&sektion=3">arc4random(3)</a> instead of /dev/arandom, so it works in under a chroot.
! 122: <li>New -a flag to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newsyslog&sektion=8">newsyslog(8)</a> allows a directory to be specified for archived logs.
! 123: <li>Set the close-on-exec flag for file descriptors created by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kvm_open&sektion=3">kvm_open(3)</a>.
! 124: <li>Fix DMA-related panics in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=twe&sektion=4">twe(4)</a> driver.
! 125: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>, try harder to create the X11 forwarding listener socket.
! 126: <!-- ^^^ 20020917 -->
! 127: <li>Fix a potential buffer overrun in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=setlocale&sektion=3">setlocale(3)</a> (NetBSD-<a href="ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2002-012.txt.asc">SA2002-012</a>.)
! 128: <li>Don't chdir to / when <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> goes daemon.
! 129: <li>Add __syslog__ string formatting attribute to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc&sektion=1">gcc(1)</a>.
! 130: <!-- ^^^ 20020916 -->
! 131: <li>Periodically save changes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> policies.
! 132: <li>Various fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newsyslog&sektion=8">newsyslog(8)</a>.
! 133: <li>Re-sync the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=siop&sektion=4">siop(4)</a> driver with NetBSD.
! 134: <li>Signal fixes in libevent.
! 135: <!-- ^^^ 20020915 -->
! 136: <li>Merge in Sendmail 8.12.6.
! 137: <li>Give stdio's __cleanup handlers the same mprotect() treatment as <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atexit&sektion=3">atexit(3)</a> now receives.
! 138: <li>Further tweaks to handling of address families in NAT rules. Try to infer the AF from the rule, if that fails then require the user to specify it.
! 139: <li>Various fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cy&sektion=4">cy(4)</a>.
! 140: <li>Merge in OpenSSL-0.9.7-stable-SNAP-20020911, bump libcrypto minor version.
! 141: <!-- ^^^ 20020914 -->
! 142: <li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newsyslog&sektion=8">newsyslog(8)</a> rotating logfiles that only contain logfile rotation messages.
! 143: <!-- ^^^ 20020913 -->
! 144: <li>License fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pppd&sektion=8">pppd(8)</a>, nearly there now.
! 145: <li>Add -H option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=identd&sektion=8">identd(8)</a> which hides info for non-existent users as well as existing ones. Useful when NATing.
! 146: <li>Remove the need for /dev/null and /etc/localtime in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=named&sektion=8">named(8)</a>'s chroot jail.
! 147: <li>Add 'antispoof' keyword to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>. Oh yes.
! 148: <li>Improvements to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>'s netmask handling.
! 149: <!-- ^^^ 20020912 -->
! 150: <li>Add a missing pointer initialisation in in6_ifdetach().
! 151: <li>Make the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a> client's ls command useful, with globbing and short/long listings.
! 152: <li>Fix initialisation of Broadcom 582x chips by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ubsec&sektion=4">ubsec(4)</a>.
! 153: <!-- ^^^ 20020911 -->
! 154: <li>Various signedness fixes.
! 155: <li>Versioning info moves to 3.2-beta.
! 156: <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a> check the peer using <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getpeereid&sektion=2">getpeereid(2)</a>.
! 157: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pmap&sektion=9">pmap</a>_{copy,zero}_page API changes.
! 158: <li>Merge in OpenSSL 0.9.7beta3.
! 159: <!-- ^^^ 20020910 -->
! 160: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=amd&sektion=8">amd(8)</a> now creates a socket listening on 127.0.0.1 as well as one on *, and only responds to amq requests on the former.
! 161: <li>Add support for the Silicon Image 680 ATA133 chip to the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pciide&sektion=4">pciide(4)</a> driver.
! 162: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> now supports Kerberos authentication in PrivSep mode.
! 163: <!-- ^^^ 20020909 -->
! 164: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>'s parser takes more care parsing address families in NAT rules.
! 165: <li>Add leap second support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rdate&sektion=8">rdate(8)</a> running in RFC868 mode (it already supports this in NTP mode with the -N option.)
! 166: <li>Correct <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=altq&sektion=9">altq(9)</a>'s representation of positive infinity.
! 167: <!-- ^^^ 20020908 -->
! 168: <li>Signal handler fixes in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bootpd&sektion-8">bootpd(8)</a><!-- on 20020908 -->, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rtadvd&sektion-8">rtadvd(8)</a><!-- on 20020909 --> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rtsold&sektion=8">rtsold(8)</a><!-- on 20020907 -->.
! 169: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=faithd&sektion=8">faithd(8)</a> dies on FD_SET overruns.
! 170: <li>Fix a couple of off-by-ones in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mopd&sektion=8">mopd(8)</a>.
! 171: <!-- ^^^ 20020907 -->
! 172: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fsck&sektion=8">fsck(8)</a> work properly with long block device filenames (handle MAXPATHLEN chars instead of 32.)
! 173: <li>Don't build the somewhat less than ubiquitous <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=photurisd&sektion=8&release=OpenBSD+3.1">photurisd(8)</a> by default any more.
! 174: <li>Lots and lots of ANSIfication.
! 175: <li>Lots of int -> socklen_t.
! 176: <li>Some signedness fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=arp&sektion=8">arp(8)</a>.
! 177: <li>Repair a missing msglog() arg in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=routed&sektion=8">routed(8)</a>.
! 178: <!-- ^^^ 20020906 -->
! 179: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ahc&sektion=4">ahc(4)</a>'s interrupt sharing.
! 180: <li>lib<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=usbhid&sektion=3">usbhid(3)</a> now available in the shared variety.
! 181: <li>Don't allow data to be appended to the receive buffer of a socket that's been shut down (see NetBSD <a href="http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=18185">PR#18185</a>.)
! 182: <li>Merge in OpenSSL 0.9.7beta1. To be continued.
! 183: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> interoperability fixes for FreeS/WAN and SSH Sentinel.
! 184: <!-- ^^^ 20020905 -->
! 185: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rwalld&sektion=8">rwalld(8)</a> revoke its group privileges as well as user privs.
! 186: <li>Don't install safe_finger any more.
! 187: <li>Add support for the SCSI Reduced Block Command Set (RBC.)
! 188: <li>Bump <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>'s LoginGraceTime from one minute to two.
! 189: <li>Various compatibility fixes and additions to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ubsec&sektion=4">ubsec(4)</a>.
! 190: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifconfig&sektion=8">ifconfig(8)</a> can now set whether or not use of IPv6 deprecated addresses are allowed.
! 191: <!-- ^^^ 20020904 -->
! 192: <li>_x11 user and group added for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xdm&sektion=1">xdm(1</a> to use.
! 193: <li>Pull in XFree86's fix for a serious Xlib security bug (which didn't affect OpenBSD.)
! 194: <li>Fix parsing of NAT port ranges.
! 195: <li>Check the interface specified with route-to/dup-to/fastroute actually exists. If it does, null terminate its name before moving on.
! 196: <!-- ^^^ 20020902 -->
! 197: <li>Fix an uninitialised pointer bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a>.
! 198: <li>The X server now tries to open the aperture driver before trying /dev/mem. Re-enable early privilege drop on i386.
! 199: <!-- ^^^ 20020901 -->
! 200: <!-- ^^^ 20020831 -->
! 201: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=traceroute&sektion=8">traceroute(8)</a> now warns if DNS returns multiple addresses, like traceroute6.
! 202: <li>Add support for the Promise Ultra133 TX2 EIDE controller.
! 203: <li>Fix an mbuf leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a>.
! 204: <li>Reenable the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atexit&sektion=3">atexit(3)</a> handler improvements backed out on 31 July.
! 205: <li>Add -I option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=traceroute6&sektion=8">traceroute6(8)</a> to get ICMP probes instead of UDP.
! 206: <!-- ^^^ 20020830 -->
! 207: <li>Further reduce the amount of time <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> runs as root when installed setuid.
! 208: <li>Fudge <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> so it only honours the requirement to check against a CRL if there is a CRL loaded...
! 209: <!-- ^^^ 20020829 -->
! 210: <li>Update the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rt&sektion=4">rt(4)</a> Radiotrack driver, add isapnp support.
! 211: <li>Some casts to make 64-bit kernel work with varargs calls.
! 212: <!-- ^^^ 20020828 -->
! 213: <li>Fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gem&sektion=4">gem(4)</a>.
! 214: <li>Properly limit EDNS0 size to 0xffff.
! 215: <li>Fix a signedness problem in SSH so that <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=RSA_public_decrypt&sektion=3">RSA_public_decrypt(3)</a> errors can be detected.
! 216: <li>Make X's module loader set PROT_EXEC using <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mprotect&sektion=2">mprotect(2)</a> on malloc'd pages containing code (needed since the heap is now mapped without PROT_EXEC.)
! 217: <li>DNS responses from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getaddrinfo&sektion=3">getaddrinfo(3)</a>, gethostby*() and getnetby*() now get a 64K receive buffer.<br>
! 218: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
! 219: <!-- ^^^ 20020827 -->
! 220: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=traceroute6&sektion=8">traceroute6(8)</a> warns if DNS returns multiple IP addresses for the target.
! 221: <li>Do a yyrestart() after a longjmp in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pcap&sektion-3">pcap(3)</a>.
! 222: <li>Fix a dangling pointer bug in sbcompress().
! 223: <li>Make the X server option NoSilkenMouse work again.
! 224: <!-- ^^^ 20020826 -->
! 225: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=portmap&sektion=8">portmap(8)</a> detect failure of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=svc_register&sektion=3">svc_register</a> and die nicely.
! 226: <li>X aperture driver for Alpha, works like i386.
! 227: <!-- ^^^ 20020824 -->
! 228: <li>Skeleton <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a> support for ELF in i386. Not enabled, nor is it promised anytime soon.
! 229: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a> warns about symbol size mismatches.
! 230: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inet_ntop&sektion=3">inet_ntop(3)</a> handles snprintf errors properly.
! 231: <li>Map the heap non-executable.
! 232: <!-- ^^^ 20020823 -->
! 233: <li>Change the way FREF() and FRELE() are called w.r.t. getvnode() and getsock().
! 234: <li>Fix a locking problem that can occur when an executable tries to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=exec&sektion=3">exec(3)</a> itself.
! 235: <li>Avoid a potential int overflow in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=comsat&sektion=8">comsat(8)</a>
! 236: <li>Make the resolver ignore DNS AAAA replies containing IPv4-mapped addresses.
! 237: <!-- ^^^ 20020822 -->
! 238: <li>Bump the listen() backlog from 5 to 128 (!) in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a>.
! 239: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>'s default LoginGraceTime reduced from 600 to 60 seconds.
! 240: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wscons&sektion=4">wscons(4)</a> now attaches to each wsdisplay device by default.
! 241: <li>Fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strip&sektion=1">strip(1)</a>. -x now works.
! 242: <!-- ^^^ 20020821 -->
! 243: <li>net.inet6.ip6_use_deprecated is on by default again...
! 244: <li>Fix some (but not all) signal races in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fsck_ffs&sektion=8">fsck_ffs(8)</a>.
! 245: <li>New -n option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftpd&sektion=8">ftpd(8)</a> that disallows anonymous access even if the ftp user exists.
! 246: <li>Perform /tmp/.{X11,ICE}-unix fixups before the system goes multiuser.
! 247: <!-- ^^^ 20020820 -->
! 248: <li>Fix sysctl <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=copyout&sektion=9">copyout(9)</a>s in IPv6 neigbour discovery.
! 249: <!-- ^^^ 20020819 -->
! 250: <li>Audit and cleanup of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inet_net_ntop&sektion=3">inet_net_ntop(3)</a>, inet_neta() and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inet_ntop&sektion=3">inet_ntop(3)</a>.
! 251: <li>TCP now tries to act appropriately w.r.t. net.inet6.ip6_use_deprecated.
! 252: <!-- ^^^ 20020818 -->
! 253: <li>Use of IPv6 deprecated addresses switched off by default. (See <a href="http://www.ietf.org/rfc/rfc2462.txt">RFC2462</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=8">sysctl(8)</a> variable net.inet6.ip6_use_deprecated.)
! 254: <li>Fixes to the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isp&sektion=4">isp(4)</a> SCSI driver.
! 255: <!-- ^^^ 20020817 -->
! 256: <li>Correct two sizeof bugs in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=9">crypto(9)</a>.
! 257: <li>Allow a raw IP socket to see a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gre&sektion=4">gre(4)</a> packets for tunnels we haven't configured.
! 258: <!-- ^^^ 20020816 -->
! 259: <li>Add some more cross-compilation targets in /usr/src/Makefile.
! 260: <li>Backfit Perl 5.80's File::Glob implementation (based on OpenBSD's code) to our <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=perl&sektion=1">perl(1)</a>.
! 261: <li>Fix a null pointer dereference in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
! 262: <!-- ^^^ 20020815 -->
! 263: <!-- ^^^ 20020814 -->
! 264: <!-- ^^^ some CVS breakage around here -->
! 265: <!-- ^^^ 20020813 -->
! 266: <li>Using the state table instead of a special-purpose list, allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT to use the same proxy port for multiple external peers.
! 267: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a> setgid(_sshagnt). setuid/setgid processes can't be <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ptrace&sektion=2">ptrace(2)</a>ed.
! 268: <li>SPARC consoles now use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wscons&sektion=4">wscons(4)</a>.
! 269: <!-- ^^^ 20020812 -->
! 270: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=traceroute&sektion=8">traceroute(8)</a> now displays '!X' when packets come back as ICMP administratively prohibited by filter.
! 271: <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rsh&sektion=1">rsh(1)</a> die on fd_set overruns.
! 272: <li>In a number of places, switch the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=calloc&sektion=3">calloc(3)</a> round the right way.
! 273: <li>Switch SPARC to ELF.
! 274: <li>Fix an XFree runtime loader problem seen on Alpha, PowerPC, SPARC and SPARC64.
! 275: <!-- ^^^ 20020811 -->
! 276: <li><font color="#e00000"><strong>SECURITY FIX: An insufficient boundary check in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=select&sektion=2">select(2)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=poll&sektion=2">poll(2)</a> system calls allows an attacker to overwrite kernel memory and execute arbitrary code in kernel context.</strong></font><br>
! 277: <a href="errata.html#scarg">A source code patch is available</a>.<br>
! 278: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
! 279: <!-- ^^^ 20020810 -->
! 280: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=raid&sektion=4">raid(4)</a> no longer gets loud at boot time unless option RAIDDEBUG is used.
! 281: <li>Sink a few bugs in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bs&sektion=6">bs(6)</a>.
! 282: <!-- ^^^ 20020809 -->
! 283: <li>Fix raw socket translation for Linux compatibility mode.
! 284: <li>Properly clear the argument list in pmdb.
! 285: <li>Die on fd_set overrun in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mtrace&sektion=8">mtrace(8)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=map-mbone&sektion=8">map-mbone(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mrouted&sektion=8">mrouted(8)</a> (not built by default.)
! 286: <li>When emulating Linux, don't have accept()ed sockets inherit flags from the listen socket.<br>
! 287: <a href="stable.html">[Applied to 3.1-stable]</a>
! 288: <li>Fix snprintf length in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslogd&sektion=8">syslogd(8)</a>.
! 289: <li>Correct a sizeof bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=photurisd&sektion=8">photurisd(8)</a>.
! 290: <li>Tweak IFF_PROMISC handling in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> to avoid some unnecessary initialisations.
! 291: <li>Fix a potential off-by-one in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a> that could cause mmap breakage on some architectures.
! 292: <li>Make insertion of data into socket buffers run in constant time, a huge win especially with large buffers.
! 293: <li>Relax slightly the conditions under which a TCP SYN packet will trigger the sequence number modulator. Handy for systems with ECN stacks.
! 294: <li>Fix a number of && -> & bit-test typos in OpenSSH (v1 RSA key use,) <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=routed&sektion=8">routed(8)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pic&sektion=1">pic(1)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fvwm&sektion=1">fvwm(1)</a> and a few in the kernel.
! 295: <li>Add a couple of missing <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=open&sektion=2">open(2)</a> mode args in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=afsd&sektion=8">afsd(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=msgs&sektion=1">msgs(1)</a>.
! 296: <!-- ^^^ 20020808 -->
! 297: <li>Improve TX interrupt handing in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=be&sektion=4&arch=sparc">be(4/SPARC,4/SPARC64)</a>.
! 298: <li>Fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mrinfo&sektion=8">mrinfo(8)</a> (this isn't built by default.)
! 299: <li>Improve <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>'s handling of interrupted system calls.
! 300: <li>Fix a free-in-caught-alloc-failure-block (!) in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ohci&sektion=4">ohci(4)</a>.
! 301: <li>Rewrite the CRL support in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>. Check for OpenSSL >= 0.9.7, the earliest supported version for now.
! 302: <!-- ^^^ 20020807 -->
! 303: <li>Retrofit the new early privilege revocation code to the old X servers.
! 304: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xlock&sektion=1">xlock(1)</a> defaults to blank mode (rather than random mode.) Also remove bomb mode altogether, to the annoyance of noone.
! 305: <li>Several fixes to the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hme&sektion=4&arch=sparc">hme(4/SPARC, 4/SPARC64)</a> driver.
! 306: <li>Restore struct link_map ABI compatibility between ld.so and gdb, broken by the split of link.h into separate MI, ELF and a.out files.
! 307: <!-- ^^^ 20020806 -->
! 308: <li>Move AGP chipset support out of machine-independent section (AGP support is per-arch.)
! 309: <li><strong><font color="#e00000">REVISED SECURITY FIX</font></strong> for the OpenSSL ASN.1 buffer overflows, see the <a href="errata.html#ssl">erratum</a>.<br>
! 310: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
! 311: <!-- ^^^ 20020805 -->
! 312: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=auth_call&sektion=3">auth_call(3)</a>'s error logging.
! 313: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cron&sektion=8">cron(8)</a> cross-checks the crontab filename against the system username.
! 314: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a> drops its privileges earlier.
! 315: <!-- ^^^ 20020804 -->
! 316: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> can log matching rules to syslog.
! 317: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=write&sektion=1">write(1)</a> drops privileges after opening the tty.
! 318: <li>Refactor <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vmstat&sektion=8">vmstat(8)</a> slightly so <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kvm&sektion=3">kvm(3)</a> is only ever opened once (it could be opened a second time by dkstats.c before.)
! 319: <li>Open the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kvm&sektion=3">kvm(3)</a> library earlier in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fstat&sektion=1">fstat(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systat&sektion=1">systat(1)</a>, and so drop privs earlier.
! 320: <li>Test for a previously unchecked malloc() return value in the RPC library, and die unceremoniously on failure.
! 321: <li>Catch file read errors in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rdate&sektion=8">rdate(8)</a>'s leapsecond handler.
! 322: <li>Cleanup of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=amd&sektion=8">amd(8)</a>.
! 323: <!-- ^^^ 20020803 -->
! 324: <li>Remove Kerberos support from the default <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login.conf&sektion=5">login.conf</a> (and its hardwired defaults for when login.conf is absent.) See <a href="http://www.openbsd.org/cgi-bin/cvsweb/src/etc/login.conf?rev=1.12&content-type=text/x-cvsweb-markup">the log</a> for why.
! 325: <li>No more RPC by default. Expect a lot of 'NFS is broken' email to misc@ when 3.2 is released.
! 326: <li>Rework some aspects of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crontab&sektion=1">crontab(1)</a>'s file checks.
! 327: <li>Provide our own <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=RSA_verify&sektion=3">RSA_verify(3)</a> implementation for OpenSSH.
! 328: <li>Add the _sshagnt group for use by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a>.
! 329: <li>Correct a pointer comparison typo in libssl's ASN.1 parser library.
! 330: <li>Check for correct return value of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inet_aton&sektion=3">inet_aton(3)</a> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>.
! 331: <li>Add some overflow checks similar to the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=calloc&sektion=3">calloc(3)</a> patch to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>.
! 332: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> support for certificate revocation lists.
! 333: <!-- ^^^ 20020802 -->
! 334: <li>Prevent integer overflow in i386 USER_LDT code.
! 335: <li>Fix NFS's handling of zero-length RPC fragments.
! 336: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> handles unlinking of a symlink correctly.
! 337: <li>Limit file size to 2^31 * PAGE_SIZE in FFS code.
! 338: <li>u_short -> u_int16_t in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mrouted&sektion=8">mtrouted(8)</a>.
! 339: <!-- ^^^ 20020801 -->
! 340: <li><strong><font color="#e00000">REVISED SECURITY FIX</font></strong> for the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xdr_array&sektion=3">xdr_array(3)</a> buffer overflow, see the <a href="errata.html#xdr">erratum</a>.<br>
! 341: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
! 342: <li>Spot zero-length keys or values in ypmatch_add(), and exit early.
! 343: <li>Broken by the removal of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atexit&sektion=3">atexit(3)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chpass&sektion=1">chpass(1)</a> now cleans up after itself properly again.
! 344: <li>Use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fork&sektion=2">fork(2)</a> instead of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vfork&sektion=2">vfork(2)</a> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=make&sektion=1">make(1)</a>. Fixes hppa breakage.
! 345: <li>Back out the new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atexit&sektion=3">atexit(3)</a> handler changes which appear to break Perl somehow. Bugger.
! 346: <li>Get <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=calloc&sektion=3">calloc(3)</a> semantics right, while still not allowing the size_t overflow.<br>
! 347: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
! 348: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> compilation without mod_ssl.
! 349: <!-- ^^^ 20020731 -->
! 350: <li>On i386, allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mprotect&sektion=2">mprotect(2)</a> to alter the execution protection of the stack.
! 351: <li>Fix some more potential null pointer dereferences, this time in pfkey and netiso.
! 352: <li>Plug a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a> file descriptor leak in the X server.
! 353: <li>Have libc <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=opendir&sektion=3">opendir(3)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scandir&sektion=3">scandir(3)</a> check for size_t overflows like the new calloc().
! 354: <li>Like in libc, fix the calloc() implementation in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=named&sektion=8">named(8)</a> (only used by a feature disabled in OpenBSD.)
! 355: <li>Lots of work on the sparc and sparc64 console drivers.
! 356: <li>Kernel IPsec was only doing ESP integrity checks on NICs that had already done so in hardware...
! 357: <li>Fix a typo that caused a potential null pointer dereference in kernel NFS.
! 358: <li>New 'PermitUserEnvironment' option for SSH. Off by default.
! 359: <li>Add 'with or without modification' clause to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gprof&sektion=1">gprof(1)</a> licensing.
! 360: <li>Sync with OpenSSL 0.9.6e-0.9.7 <a href="http://www.openssl.org/news/patch_20020730_0_9_7.txt">CHANGES file</a>.
! 361: <li><font color="#e00000"><strong>SECURITY FIX: Several remote buffer overflows can occur in the SSL2 server and SSL3 client of the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=8">ssl(8)</a> library, as in the ASN.1 parser code in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=3">crypto(3)</a> library, all of them being potentially remotely exploitable.</strong></font><br>
! 362: <a href="errata.html#ssl">A source code patch is available</a>.<br>
! 363: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
! 364: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>, allow TCP flags to be specified in all rules that include TCP (before the rules had to be exclusively TCP.)
! 365: <!-- ^^^ 20020730 -->
! 366: <li>Fix a buffer overflow in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=backgammon&sektion=6">backgammon(6)</a>, and replace its gameplay algorithm.
! 367: <li>Kill a kernel tty memory leak.<br>
! 368: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
! 369: <li>Super-cautious strcpy()->strlcpy() in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=exec&sektion=3">exec*(3)</a>.
! 370: <li>Return failure if the parameters given to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=calloc&sektion=3">calloc(3)</a> would cause an overflow of size_t.<br>
! 371: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
! 372: <li>Don't enable so many authentication methods by default in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login.conf&sektion=5">login.conf(5)</a>.
! 373: <li><font color=#e00000><strong>SECURITY FIX: A buffer overflow can occur in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xdr_array&sektion=3">xdr_array(3)</a> RPC code, leading to possible remote crash.</strong></font></br>
! 374: <a href="errata.html#xdr">A source code patch is available</a>.<br>
! 375: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
! 376: <li>Privilege drop in new X servers is disabled for now on x86 due to a problem with xf86OpenConsole().
! 377: <li>Support DMA for two more ServerWorks <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pciide&sektion=4">pciide(4)</a> devices.
! 378: <li><font color=#e00000><strong>SECURITY FIX: A race condition exists in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pppd&sektion=8">pppd(8)</a> daemon which may cause it to alter the file permissions of an arbitrary file.</strong></font><br>
! 379: <a href="errata.html#pppd">A source code patch is available</a>.<br>
! 380: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
! 381: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mprotect&sektion=2">mprotect(2)</a> function pointers stored by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atexit&sektion=3">atexit(3)</a> to stop bad guys tweaking the exit handlers.
! 382: <li>"undrugs" <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gpr&sektion=4">gpr(4)</a>.
! 383: <li>Fix two off-by-one bugs in ext2fs.
! 384: <li>Add ld.so support for sparc.
! 385: <li>Lookup of ip6.arpa, then ip6.int for IPv6 reverse resolution. See <a href="http://www.ietf.org/rfc/rfc3152.txt">RFC3152</a> for why.
! 386: <li>Small fix for GCC 3.1.1 in IPv4 checksum code.
! 387: <!-- 20020729 -->
! 388: <li>Apply the 'broken PCI burst-write' workaround to all <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hifn&sektion=4">hifn(4)</a> 7811-based devices.
! 389: <li>Show <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uftdi&sektion=4">uftdi(4)</a> how to use hardware and software flow control.
! 390: <li>Fix a potential access-after-free() in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kue&sektion=4">kue(4)</a>.
! 391: <!-- ^^^ 20020728 -->
! 392: <li>/tmp/.X11-unix and /tmp/.ICE-unix are created in rc, owned by root, removing the need for root privs later on.
! 393: <li>Again, this time in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld&sektion=1">ld(1)</a>, map BSS non-executable.
! 394: <li>Rearrange the new XFree86 server so all tasks for which root privs are needed get done early in osinit(). Of course, revoke root right afterwards.
! 395: <li>Add Dell-specific PERC (right) product IDs so that <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=aac&sektion=4">aac(4)</a> configures Dell PowerEdge 2650 RAID.
! 396: <li>Add leapsecond support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rdate&sektion=8">rdate(8)</a>'s NTP client.
! 397: <!-- ^^^ 20020727 -->
! 398: <li>The install/upgrade scripts no longer automatically mount NFS filesystems.
! 399: <li>Kernel a.out code now allocates (mostly) non-executable BSS.
! 400: <li>Miscellaneous fixes to several games.
! 401: <li>Lots of work on the sparc64 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=creator&sektion=4&arch=sparc64">creator(4/sparc64)</a> framebuffer driver.
! 402: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> the order of the log and quick keywords is now irrelevant.
! 403: <!-- ^^^ 20020726 -->
! 404: <li>Allow X servers to be built without DGA.
! 405: <li>At securelevel 2, stop an attacker from setting the clock forwards to within a year of the time it wraps around to zero.
! 406: <li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=altq&sektion=9">altq(9)</a> to work on pre-Pentium x86 machines that lack pentium_mhz stuff.
! 407: <li>Add a distrib note that due to major changes to the port, the sparc installer won't allow upgrades to 3.2
! 408: <li>Only include a single <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wscons&sektion=4">wscons(4)</a> font when building with option SMALL_KERNEL.
! 409: <li>Add a few more RFC2142-suggested mailbox aliases.
! 410: <li>Improve <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a>'s filename handling.
! 411: <li>More <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hifn&sektion=4">hifn(4)</a> fixes.
! 412: <li>Fix comparison bug in IPv6 multicast routing MTU check.
! 413: <!-- ^^^ 20020725 -->
! 414: <li>Correct bad sizeof() in kernel NFS code.
! 415: <li>Checks for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=snprintf&sektion=3">snprintf(3)</a> return values < 0.
! 416: <li>Improve <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>'s uid/gid tracking.
! 417: <li>Fix the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=csh&sektion=1">csh(1)</a> large directory fix.
! 418: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>, help avoid a potential man-in-the-middle attack by showing all known host keys for a host when we're warning about an unknown host key.
! 419: <li>Fix a TAILQ null deref in pmdb.
! 420: <!-- ^^^ 20020724 -->
! 421: <li>Make the second parameter to r?index()/strr?chr() an int instead of a char.
! 422: <li>Stick a thread mutex around name lookups in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getaddrinfo&sektion=3">getaddrinfo(3)</a>.
! 423: <li>Fix a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> double free().
! 424: <li>Cardbus support for macppc.
! 425: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dc&sektion=4">dc(4)</a> cardbus reads.
! 426: <li>Remove a signedness bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>'s handling of utmp_len (-u option.)
! 427: <li>Fix some bugs in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pool&sektion=9">pool(9)</a>.
! 428: <!-- ^^^ 20020723 -->
! 429: <li>More additions to GNU <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=as&sektion=1">as(1)</a>, this time to make Ogle compile.
! 430: <li>Fix graceful restarts of chroot'ed <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a>.
! 431: <li>Have SSH fall back to the standard path if setusercontext() can't set it.
! 432: <!-- ^^^ 20020722 -->
! 433: <li>Add a sequence number to kernel messages for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>.
! 434: <li>Teach pmdb about corefiles.
! 435: <li>Map stack pages non-executable.
! 436: <!-- ^^^ 20020721 -->
! 437: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=noct&sektion=4">noct(4)</a> now works around NSP2000 PCI bridge brokenness. Fix a similar problem in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hifn&sektion=4">hifn(4)</a>.
! 438: <li>Drop the requirement for commas in many <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> lists, useful when used in conjunction with the new variable concat feature.
! 439: <li>Implement string concatenation for variable declarations in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
! 440: <li>Big change to the way signal trampolines are stored and called.
! 441: <li>Add milter build support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a>, see the Makefile.
! 442: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sudo&sektion=8">sudo(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inetd&sektion=8">inetd(8)</a> die if setusercontext() fails.
! 443: <!-- ^^^ 20020720 -->
! 444: <li>Fix a disk masher bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=siop&sektion=4">siop(4)</a>, a little too late for some.
! 445: <li>Don't install <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mk-amd-map&sektion=8&manpath=OpenBSD+3.1">mk-amd-map(8)</a> any more, we don't use it. And it's broken.
! 446: <li>Merge Apache 1.3.26 and mod_ssl 2.8.10.
! 447: <li>Have SSH remove fatal cleanups after calling fork().
! 448: <!-- ^^^ 20020719 -->
! 449: <li>/etc/systrace directory added along with policies for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=named&sektion=8">named(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lpd&sektion=8">lpd(8)</a>.
! 450: <li>Make OpenSSL use /bin/sh instead of $SHELL when running scripts. Not everyone uses a Bourne-like shell.
! 451: <li>String handling and other fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rogue&sektion=6">rogue(6)</a>.
! 452: <!-- ^^^ 20020718 -->
! 453: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pax&sektion=1">pax(1)</a> -s replacement string truncation.
! 454: <li>Fix a deref after free() in the kernel's routing socket code.
! 455: <li>Add 'fdcache' to Apache, part of the work to make graceful restart work properly under the chroot().
! 456: <li>The search for a shorter rulebase continues, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> now recognises 'self' as an address, meaning all IPv4 and IPv6 addresses on all interfaces.
! 457: <!-- ^^^ 20020717 -->
! 458: <li>Fix wayward string termination in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rbootd&sektion=8">rbootd(8)</a>.
! 459: <li>Fix a DIAGNOSTIC bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ffs_softupdates&sektion=4">ffs_softupdates(4)</a>, and also make panic() calls show the right type.
! 460: <li>Some mbuf Fixes to the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hifn&sektion=4">hifn(4)</a> driver, more fixes to come.
! 461: <li>Add DES and 3DES to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=noct&sektion=4">noct(4)</a> as well.
! 462: <li>Fix some broken memset() and lseek() calls.
! 463: <!-- ^^^ 20020716 -->
! 464: <li>Work around some limitations of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=noct&sektion=4">noct(4)</a> hardware. Add MD5 and SHA1 support.
! 465: <li>Small additions to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=as&sektion=1">as(1)</a> to make <a href="http://www.gnupg.org/">gnupg</a> compile.
! 466: <li>Add some new users (names beginning with underscore) to replace user nobody for portmap, rstatd, identd, rusersd and fingerd.
! 467: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=csh&sektion=1">csh(1)</a> directory completion SIGSEGV with large directories.
! 468: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atrun&sektion=8">atrun(8)</a> part of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cron&sektion=8">cron(8)</a>, removing the need for the atrun cronjob.
! 469: <li>More <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>: accept !<interface> syntax. Oh yes.
! 470: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=top&sektion=1">top(1)</a> now has a BSD license.
! 471: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> parser spots more silly combinations (return-rst on non-TCP rules, keep-state on block rules.)
! 472: <!-- ^^^ 20020715 -->
! 473: <li>Fix a double free in BSD authentication.
! 474: <!-- XXX sendmail SuperSafe=... thing ? -->
! 475: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftpd&sektion=8">ftpd(8)</a> always use high port numbers for passive data connections (no more -h option.)
! 476: <!-- ^^^ 20020714 -->
! 477: <li>Add SIGALRM to the list of signals that can be sent (after uid/euid checks) to set[ug]id child processes.
! 478: <li>Enable list expansion for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT rules, broken since the pf.conf/nat.conf merge.
! 479: <li>The XFree86 3.3.x servers that are left now revoke their root privileges right after getting I/O access.
! 480: <li>Now that <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xterm&sektion=1">xterm(1)</a> drops its root privileges, install it setgid(utmp) for utmp updates. Revoke setgid too if not needed.
! 481: <!-- ^^^ 20020713 -->
! 482: <li>Fix at least one <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a> buffer overflow.<br>
! 483: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
! 484: <li>Teach MMX (not SSE) to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=as&sektion=1">as(1)</a>.
! 485: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=radio&sektion=4">radio(4)</a> device attachment for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bktr&sektion=4&arch=i386">bktr(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fms&sektion=4">fms(4)</a>.
! 486: <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pcibios&sektion=4&arch=i386">pcibios(4)</a> detect and ignore a too-short PCI IRQ routing table header.
! 487: <li>Changes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a>: Search order now always looks like a.out, destructors are called on dlclose(), move some libc-like functions into private namespace.
! 488: <li>Add support for AGP GART on some i386 AGP chipsets (see <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vga&sektion=4">vga(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=options&sektion=4">options(4)</a>.)
! 489: <li>Remove '\\' -> '\' translation in crontabs to keep the shell happy.
! 490: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xterm&sektion=1">xterm(1)</a> revoke its root privileges.
! 491: <li>Remove a race and some other bugs from the mountpoint locking code. <!-- ok art@ -->
! 492: <li>Add some flags to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dohooks&sektion=9">dohooks(8)</a> and fix a time-honoured memory leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hook_disestablish&sektion=9">hook_disestablish(9)</a>.
! 493: <!-- ^^^ 20020712 -->
! 494: <li>New, hard-won firmware image for the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=txp&sektion=4">txp(4)</a> driver.
! 495: <li>Remove the www group's privileges to the mod_ssl mutex semaphore.
! 496: <li>Really remove SuperProbe from X.
! 497: <li>Create a skeleton UserDir tree under /var/www/users.
! 498: <li>Have Apache initialise OpenSSL (opening /dev/crypto) before chroot. No more /var/www/dev/crypto.
! 499: <!-- ^^^ 20020711 -->
! 500: <li>Basic IPv6 fragment support (no normalisation yet) in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
! 501: <li>Correct a memcpy error in the kernel and ssh's Rijndael code.
! 502: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> filename intercepts work with chroot().
! 503: <li>Try to make resetting of USB ports work better.
! 504: <li>Add fchmod translation support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>.
! 505: <li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> closing the std file descriptors when going daemon.
! 506: <!-- ^^^ 20020710 -->
! 507: <li>Fix ni6_nametodns() pointer bug in icmp6; NetBSD PR17540.
! 508: <li>Add support in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uftdi&sektion=4">uftdi(4)</a> for FT8U232AM-based USB serial adapters, likewise add more devices to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uplcom&sektion=4">uplcom(4)</a>.
! 509: <li>Fix miniroot typo that was breaking FTP installs.
! 510: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sed&sektion=1">sed(1)</a>'s r command (PR2755.)
! 511: <li>Add a daemon mode to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>.
! 512: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=udsbr&sektion=4">udbsr(4)</a> driver for D-Link radio cards added.
! 513: <li>Add a timeout value to USB I/O calls, rather than having a systemwide timeout.
! 514: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> chroot() and drop root privileges by default. A lot module chroot fixes to come.
! 515: <li>Add syscall aliasing to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> (e.g. stat/fstat/readlink/access/... become 'fsread'.)
! 516: <li>Some fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=umidi&sektion=4">umidi(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uscanner&sektion=4">uscanner(4)</a>.
! 517: <li>Add SMC 2206 support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=aue&sektion=4">aue(4)</a>.
! 518: <li>Fix a potential off-by-five error in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>.
! 519: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> now accepts an interface in most of the places it can take an IP address, and picks up all the IPv4 and IPv6 addresses on that interface.
! 520: <!-- ^^^ 20020709 -->
! 521: <li>Don't try to load a 32-bit quart into a 16-bit pint register in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xl&sektion=4">xl(4)</a>.
! 522: <li>Always load ELF binaries to the address at which they were linked.
! 523: <li>Rig <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=opendir&sektion=3">opendir(3)</a>'s sort so it can't fail due to lack of memory.
! 524: <li>Compatibility fixes for the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ubsec&sektion=4">ubsec(4)</a> 582x series.
! 525: <li>Some updates to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cron&sektion=8">cron(8)</a>.
! 526: <li>Grab a security fix to bcopy/memcpy from FreeBSD. See their cvsweb entry for <a href="http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libc/i386/string/bcopy.S">bcopy.S</a>.
! 527: <li>Work around <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tl&sektion=4">tl(4)</a>'s broken multicast filter.
! 528: <li>Remove <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ab&manpath=OpenBSD+3.1">ab(1)</a> from the Apache installation.
! 529: <li>Remove <a href="http://www.eecis.udel.edu/~ntp/">NTP</a> support from the kernel.
! 530: <li>Don't attempt to resubmit a structure we just freed in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> / <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipcomp&sektion=4">ipcomp(4)</a>.
! 531: <li>Small fixes to IP-in-IP encapsulation code.
! 532: <li>Add Security Mode options to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atactl&sektion=8">atactl(8)</a>.
! 533: <li>Support a few more HPT <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pciide&sektion=4">pciide(4)</a> cards.
! 534: <li>Make NEED_VERSION obsolete in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bsd.port.mk&sektion=5">bsd.port.mk(5)</a>.
! 535: <li>Fill IPv6 null pointer dereference in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1">cvs(1)</a> pserver.
! 536: <li>Remove some old upgrade hacks from the installer script.
! 537: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> chokes on invalid '! <interface>' syntax, instead of just ignoring the '!'.
! 538: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> interface stats, and allow the loginterface feature to be disabled.
! 539: <li>Make signal handler flags in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> of type volatile sig_atomic_t.
! 540: <li>Fix a few GCC 3.1 moans in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>.
! 541: <li>Un-bloating of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ahc&sektion=4">ahc(4)</a>.
! 542: <li>Cleanup of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rpcgen&sektion=1">rpcgen(1)</a>.
! 543: <li><font color=#e00000><strong>RELIABILITY FIX: Don't assume we have an active exchange during payload validation, otherwise <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> can be made to crash.</strong></font><br>
! 544: <a href="errata.html#isakmpd">A source code patch exists to remedy the problem.</a><br>
! 545: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
! 546: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ep&sektion=4">ep(4)</a> on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isapnp&sektion=4">isapnp(4)</a> now works on <a href="http://www.openbsd.org/alpha.html">alpha</a>.
! 547: <li>Improve the way the installer's fileset selection UI works.
! 548: <li>Fix a potential buffer overflow in xsystrace.
! 549: <li>Add a note to the unwary in distrib/notes about the danger of skipping several versions when upgrading.
! 550: <li>Don't have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> allocate memory for stuff we don't need, just to discard it straight away.
! 551: <li>Set IP_PORTRANGE_HIGH for active mode data channel of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&sektion-1">ftp(1)</a>.
! 552: <li>Add some more <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=usb&sektion=4">usb(4)</a> product IDs.
! 553: <li>Fix an off-by-one error in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rmt&sektion=8">rmt(8)</a> and improve string handling in general.
! 554: <li>Normalise <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nc&sektion=1">nc(1)</a>'s EOF handling.
! 555: <li>Plug a few <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> memory leaks.
! 556: <li>Tweak the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tga&sektion=4&arch=alpha">tga(4/ALPHA)</a> driver.
! 557: <li>Fix several missing or broken <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=malloc&sektion=3">malloc(3)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=realloc&sektion=3">realloc(3)</a> failure checks.
! 558: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rcs&sektion=1">rcs(1)</a>, actually <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=exit&sektion=3">exit(3)</a> after spotting that LocalId is too long.
! 559: <li>Lots of ANSIfication of function declarations and prototypes.
! 560: <li>Fix bug causing 'SPL NOT LOWERED' errors from the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ami&sektion=4">ami(4)</a> RAID controller.
! 561: <li>Give <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign&sektion=8">ssh-keysign(8)</a> its setuid(root) toys back, but only work at all if HostbasedAuthentication is globally disabled.
! 562: <li>Use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=RSA_blinding_on&sektion=3">RSA_blinding_on(3)</a> to ward off a <a href="http://www.cryptography.com/resources/whitepapers/TimingAttacks.pdf">Kocher timing attack</a> on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign&sektion=8">ssh-keysign(8)</a>.
! 563: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=signal&sektion=3">signal(3)</a> race in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ping&sektion=8">ping(8)</a>.
! 564: <li>Remove <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=adv&sektion=4">adv(4)</a> from the i386 RAMDISK kernel until new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ahc&sektion=4">ahc(4)</a> un-bloats itself.
! 565: <li>Catch a null pointer dereference when fetching the routing table via <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a>.
! 566: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sis&sektion=4">sis(4)</a> compile and work on <a href="http://www.openbsd.org/alpha.html">alpha</a>.
! 567: <li>Return correct result sizes from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ubsec&sektion=4">ubsec(4)</a>.
! 568: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a> will now compile with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> but no <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
! 569: <li>Cleanup of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftpd&sektion=8">ftpd(8)</a>.
! 570: <li>Fix PIO writes code in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wdc&sektion=4">wdc(4)</a>, broken since OpenBSD 2.5!
! 571: <li>Remove unnecessary <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=longjmp&sektion=3">longjmp(3)</a> from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login&sektion=1">login(1)</a>.
! 572: <li>Pages allocated with debug_malloc() aren't ever executed, so don't use VM_PROT_ALL.
! 573: <li>Finally fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a> address cache bug.
! 574: <li>Properly handle endpoint differences of opinion on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> Compression options
! 575: <li>Fix the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wsdisplay&sektion=4">wsdisplay(4)</a> blanker after the X server has been running.
! 576: <li>Make the installer deal correctly with passwords starting with '-X ' for some X, instead of misinterpreting them as options to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=encrypt&sektion=1">encrypt(1)</a>.
! 577: <li>Fix some compatibility quirks in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ppp&sektion=8">ppp(8)</a>.
! 578: <li>Add a pushback buffer to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>'s parser.
! 579: <li>Remove setuid(root) from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign&sektion=8">ssh-keysign(8)</a>, disabling it for now.
! 580: <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=named&sektion=8">named(8)</a> call <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tzset&sektion=3">tzset(3)</a> so /etc/localtime isn't needed after the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chroot&sektion=2">chroot(2)</a>.
! 581: <li>More fixes to the new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ahc&sektion=4">ahc(4)</a> driver.
! 582: <li>Add AlphaServer 800 and 1000 support.
! 583: <li>Enable <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lc&sektion=4">lc(4)</a> devices in <a href="http://www.openbsd.org/alpha.html">alpha</a> GENERIC kernel.
! 584: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isapnp&sektion=4">isapnp(4)</a> panics on <a href="http://www.openbsd.org/alpha.html">alpha</a>.
! 585: <li>Make xf86config give the option of configuring a mouse wheel.
! 586: <li>Gracefully handle <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=i386_iopl&sektion=2&arch=i386">i386_iopl(2)</a> failure in the X server when trying to give up privileges.
! 587: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wscons&sektion=4">wscons(4)</a> files to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fbtab&sektion=5">fbtab(5)</a> on <a href="http://www.openbsd.org/i386.html">i386</a>.
! 588: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a> support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslog&sektion=3">syslog(3)</a>.
! 589: <li>Evolve strtou?q() into strtou?ll(). Use weak aliases if available (wrappers otherwise) to fake strtou?q().
! 590: <li>Run <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rpc.rstatd&sektion=8">rpc.rstatd(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rpc.rusersd&sektion=8">rpc.rusersd(8)</a> as root from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inetd&sektion=8">inetd(8)</a> again, but go to nobody's jail at startup.
! 591: <li>Lots more bounds-checking all over the place.
! 592: <li>Recognise a few more <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fxp&sektion=4">fxp(4)</a> devices.
! 593: <li>Correct misleading cgetclose() entry in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getcap&sektion=3">getcap(3)</a> manpage.
! 594: <li>Try again with the new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ahc&sektion=4">ahc(4)</a> driver.
! 595: <li>Cleanups of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chpass&sektion=1">chpass(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=passwd&sektion=1">passwd(1)</a>.
! 596: <li><font color=#e00000><strong>SECURITY FIX: The kernel would let any user <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ktrace&sektion=2">ktrace(2)</a> set[ug]id processes.</strong></font><br>
! 597: <a href="errata.html#ktrace">A source code patch is available</a>.<br>
! 598: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
! 599: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newsyslog&sektion=8">newsyslog(8)</a> now doesn't follow symbolic links by default, fixing PR1913.
! 600: <li>Change web site banner to "One remote hole in the default install, in nearly 6 years!" That's still an awesome record.
! 601: <li>More audit of OpenSSH.
! 602: <li><a href="http://www.openssh.com/openbsd.html">OpenSSH 3.4</a> was released, and there was much rejoicing.
! 603: <li><font color=#e00000><strong>SECURITY FIX: All versions of OpenSSH's <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> between 2.3.1 and 3.3 contain an input validation error that can result in an integer overflow and privilege escalation. The problem is fixed in OpenSSH 3.4.</strong></font><br>
! 604: <a href="errata.html#sshd">A source code patch is available</a>.<br>
! 605: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
! 606: <li>Add a number of resource limits to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>.
! 607: <li>Increase <a href="http://www.openbsd.org/i386.html">i386</a> kvm size to 768M.
! 608: <li>The list of great Theo quotes for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a> continues to grow.
! 609: <li><font color=#e00000><strong>SECURITY FIX: A potential buffer overflow in the DNS resolver has been found.</strong></font><br>
! 610: <a href="errata.html#resolver">A source code patch is available</a>.<br>
! 611: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
! 612: <li>Merge in <a href="http://www.sendmail.org/">Sendmail</a> 8.12.5.
! 613: <li>Start work on IP-over-FireWire and IP-over-SCSI.
! 614: <li>Move a bunch of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> options into <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a>.
! 615: <li><a href="http://www.openbsd.org/c2k2/">c2k2</a>-inspired changes to the installer.
! 616: <li>Skip routing table lookup when {broad,multi}casting and the outgoing interface is set using <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=setsockopt()&sektion=2">setsockopt(2)</a>. Removes the need for a 224/4 route. <!-- XXX it still gets set in /etc/rc though -->
! 617: <li>Make X use /dev/wsmouse instead of /dev/wsmouse0 by default.
! 618: <li>Add some m68k opcode aliases for GNU <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=as&sektion=1">as(1)</a> from recent binutils.
! 619: <li>Fix the FTP relay in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=faithd&sektion=8">faithd(8)</a>.
! 620: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> reassociation after an AP reboot.
! 621: <li><font color=#e00000><strong>SECURITY FIX: A buffer overflow can
! 622: occur in the .htaccess parsing code in the mod_ssl <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> module, leading to possible remote crash or exploit (PR2767.)</strong></font><br>
! 623: <a href="errata.html#modssl">A source code patch is available</a>.<br>
! 624: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
! 625: <li>Lots of uid_t and gid_t signedness fixes.
! 626: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> no longer calls setsid() when run from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inetd&sektion=8">inetd(8)</a>.
! 627: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1">cvs(1)</a> pserver talk IPv6.
! 628: <li>Increment <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=boot&sektion=8&arch=i386">boot(8)</a> version to help debug the new memory probe and other fixes.
! 629: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> less twitchy on quick inserts/ejects.
! 630: <li>String handling and bounds checking fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login_fbtab&sektion=3">login_fbtab(3)</a>.
! 631: <li>Bump <a href="http://www.openssh.com/">OpenSSH</a> to version 3.3.<br>
! 632: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
! 633: <li>Start adding <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a> support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=noct&sektion=4">noct(4)</a>.
! 634: <li>System call argument rewriting framework for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a>.
! 635: <li>Enable <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> on sparc64, after a <em>lot</em> of groundwork.
! 636: <li>Fix some endianness nits in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a>.
! 637: <li>Remove <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifmcstat&sektion=8&manpath=OpenBSD+3.1">ifmcstat(8)</a>, the same information is available from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a>.
! 638: <li>More improvements to 4GB memory probing on <a href="http://www.openbsd.org/i386.html">i386</a>.
! 639: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> options are now documented in their own sshd?_config(5) manpage.
! 640: <li>Add option for smooth scrolling to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=talk&sektion=1">talk(1)</a>.
! 641: <li>Support a few more wireless cards in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a>.
! 642: <li>Build <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wicontrol&sektion=8">wicontrol(8)</a> on sparc64 as well.
! 643: <li>String handling cleanups in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=comsat&sektion=8">comsat(8)</a>.
! 644: <li>Support <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=magma&sektion=0&arch=sparc">magma(4/SPARC)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=magma&sektion=0&arch=sparc64">magma(4/SPARC64)</a> serial/parallel boards.
! 645: <li>Support <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=stp&sektion=4">stp(4)</a> sbus-PCMCIA bridge based on STP4020 chipset. (The nell driver on Solaris.)
! 646: <li>Cleanup of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=timed&sektion=8">timed(8)</a>.
! 647: <li>Removing its setgid(kmem) was not enough, remove <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=trsp&sektion=8">trsp(8)</a> altogether.
! 648: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=yacc&sektion=1">yacc(1)</a> errors look like C compiler errors, so parser utilities such as <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=error&sektion=1">error(1)</a> can deal with it.
! 649: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a> support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=random&sektion=9">random(9)</a>.
! 650: <li>Kill file descriptor leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&sektion=8">dhcpd(8)</a>.
! 651: <li>Fix lots of format strings in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcp&sektion=8">dhcp(8)</a> programs.
! 652: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ps&sektion=1">ps(1)</a> shows flag 'x' for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a>'d processes.
! 653: <li>Lots of work on the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gpr&sektion=4">gpr(4)</a> driver.
! 654: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uftdi&sektion=4">uftdi(4)</a>.
! 655: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systat&sektion=1">systat(1)</a> revoke its setgid(kmem) privileges.
! 656: <li>Remove old pccons driver from <a href="http://www.openbsd.org/i386.html">i386</a>, also the associated XSERVER option from the kernel.
! 657: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftpd&sektion=8">ftpd(8)</a>'s SIGALRM handler.
! 658: <li><font color=#e00000><strong>SECURITY FIX: A buffer overflow can
! 659: occur during the interpretation of chunked encoding in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a>, leading to possible remote crash.</strong></font><br>
! 660: <a href="errata.html#httpd">A source code patch is available</a>.<br>
! 661: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
! 662: <li>Add the punctuation-challenged Nike psa[play^120 USB widget.
! 663: <li>Remove setgid(kmem) from the enormously useful <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=trsp&sektion=8">trsp(8)</a>.
! 664: <li>Add UK keyboard map to <a href="http://www.openbsd.org/macppc.html">macppc</a> (with '#' on Option-3) and also option CAPS_IS_CONTROL.
! 665: <li>Increase <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xl&sektion=4">xl(4)</a> timeout to squash 'command never completed!' warnings.
! 666: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a> support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=audio&sektion=4">audio(4)</a>.
! 667: <li>Import <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=event&sektion=3">event(3)</a>, an API on top of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=select&sektion=2">select(2)</a> or <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a>.
! 668: <li>Enable DMA on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xl&sektion=4">xl(4)</a>.
! 669: <li>Allow transparent (statically keyed) <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> processing on a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a>.
! 670: <li>Help <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ppp&sektion=8">ppp(8)</a> to cope with yet more Microsoft PPP attributes.
! 671: <li>Extend <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a> key lifetime constraints more flexible (i.e. more than just key lifetime.)
! 672: <li>Teach ECN attributes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>.
! 673: <li>Add eui64 option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifconfig&sektion=8">ifconfig(8)</a> for configuring the IPv6 interface index.
! 674: <li>Add a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> to get the CPU type on sparc and sparc64.
! 675: <li>Throw away the first 256 words of arc4 output in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=random&sektion=9">random(9)</a>.
! 676: <li>Gratuitous pid_t cleanup in /usr/bin.
! 677: <li>Grab multicast <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vlan&sektion=4">vlan(4)</a> code from NetBSD.
! 678: <li>Add some inlined hash functions for the kernel, in <sys/hash.h>.
! 679: <li>Cleanup work on conditional evaluation in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=make&sektion=1">make(1)</a>.
! 680: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> accepts IPComp flows.
! 681: <li>Drop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> scrub(fragcache) syntax in favour of the fragment ... option in scrub rules.
! 682: <li>Teach <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a> about <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipcomp&sektion=4">ipcomp(4)</a>.
! 683: <li>Show sparc64's X server which device it wants to mmap().
! 684: <li>Add ioctl to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wscons&sektion=4">wscons(4)</a> allowing sparc64 (other architectures later) to find out which PCI device it's using.
! 685: <li>Enable userland <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=4">crypto(4)</a> support for DSA. Maybe logging in using ssh2 on a 486 needn't take 20 seconds after all.
! 686: <li>Kernel changes and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> switch for hardware asymmetric <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=4">crypto(4)</a> in userland.
! 687: <li>Add initial Ultra Port Architecture (<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=upa&sektion=4&arch=sparc64">upa(4/SPARC64)</a>) support. Attach <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=creator&sektion=4&arch=sparc64">creator(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=schizo&sektion=4&arch=sparc64">schizo(4)</a> using it.
! 688: <li>Import new <a href="http://www.openbsd.org/vax.html">vax</a> boot code from NetBSD.
! 689: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=umct&sektion=4">umct(4)</a> USB serial driver and .<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=umidi&sektion=4">umidi(4)</a> USB MIDI driver. Not tested, not in GENERIC.
! 690: <li>Add IPL_STATCLOCK and add lots of splassert()s.
! 691: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> spends less time with euid==0 even if it is installed setuid(root).
! 692: <li>Much cleanup in distrib/miniroot.
! 693: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> -s state print UDP and 'other' states nicely.
! 694: <li>New scrub(fragcache) ... syntax for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
! 695: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT proxy port ranges can be specified per-rule.
! 696: <li>Don't <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=panic&sektion=9">panic(9)</a> if <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> tries to insert a duplicate key.
! 697: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT and filter rules now all go in the one file (normally <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a>.) New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> file syntax. Oh yes.
! 698: <li>Clean up semantics of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gre&sektion=4">gre(4)</a> a bit.
! 699: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifconfig&sektion=8">ifconfig(8)</a> prints the Ethernet address. Yippee!
! 700: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=route&sektion=8">route(8)</a> now accepts DNS names (and naturally enough treats them as host routes.)
! 701: <li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> using the same range for SPIs and CPIs.
! 702: <li>Ports can now be specified in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT rules.
! 703: <li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a> to attach to a running process.
! 704: <li>Add ioctl <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a> to retrieve the current emulation of a process.
! 705: <li>Remove <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dlopen&sektion=3">dlopen(3)</a> stuff from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>.
! 706: <li>Fix BPF code for a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gif&sektion=4">gif(4)</a> tunnel, and add some more sanity checks.
! 707: <li>Default RhostsAuthentication and RhostsRSAAuthentication to 'no' now that <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> is now longer setuid(root) by default.
! 708: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-add&sektion=1">ssh-add(1)</a> key lifetimes can now be specified in nice readable form, e.g. '-t 1h'.
! 709: <li>Define __weak_alias() for mvme88k.
! 710: <li>Merge GNU TeXinfo 4.2.
! 711: <li>Prevent <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mbuf&sektion=9">mbuf(9)</a> leakage from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a>.
! 712: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bad144&sektion=8&arch=i386">bad144(8)</a>.
! 713: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=user&sektion=8">user(8)</a> now checks the username length against MaxUserNameLen.
! 714: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bio&sektion=4">bio(4)</a> device, so userland can talk to devices that don't have nodes in /dev.
! 715: <li>Remove KerberosIV startup code from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rc&sektion=8">rc(8)</a> files.
! 716: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT rules work more like normal filter rules.
! 717: <li>Add SIO*PHYADDR to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gif&sektion=4">gif(4)</a> so <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifconfig&sektion=8">ifconfig(8)</a> can set the outer address.
! 718: <li>Make published <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=arp&sektion=8">arp(8)</a> entries work again (PR2635.)
! 719: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcp&sektion=8">dhcp(8)</a> build faster (PR2715.)
! 720: <li>Start converting <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systat&sektion=1">systat(1)</a> to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> instead of kvm.
! 721: <li>Set FDDI link MTU the same as IPv4 MTU, fixes PR2714.
! 722: <li>Allow numeric group IDs in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>.
! 723: <li>Changes to initialisation and media config of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ep&sektion=4">ep(4)</a>.
! 724: <li>Add list support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> rdr rules.
! 725: <li>Fix a number of bad <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strlcpy&sektion=3">strlcpy(3)</a> calls.
! 726: <li>Fix PR2704 resuming <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=eso&sektion=4">eso(4)</a> after standby.
! 727: <li>Change a lot of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=index&sektion=3">index(3)</a> calls to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strchr&sektion=3">strchr(3)</a>.
! 728: <li>Change "'cuz" to "because." Strewth!
! 729: <li>Add another <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mbuf&sektion=9">mbuf(9)</a> flag M_AUTH_AH, changing the meaning of M_AUTH.
! 730: <li>Remove a bunch of '\n's from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslog&sektion=3">syslog(3)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=err&sektion=3">err(3)</a> calls.
! 731: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> IKECFG support work for both SET/ACK and REQ/REPLY modes.
! 732: <li>Fixes for OpenSSL when talking to hardware <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=4">crypto(4)</a>.
! 733: <li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&sektion=1">ftp(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftpd&sektion=8">ftpd(8)</a> spilling the IPv6 scope ID onto the wire.
! 734: <li>The hardware is willing, and now <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xl&sektion=4">xl(4)</a> is able to offload TCP, UDP and IP checksumming to it.
! 735: <li>Support setting MTU on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sk&sektion=4">sk(4)</a>.
! 736: <li>Add KERN_{NFILES,TTYCOUNT,NUMVNODES,MBSTAT} <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> entries.
! 737: <li>For a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a>, handle IPv4 frag-needed-but-DF-set just like on a regular interface.
! 738: <li>Pull in some <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pciide&sektion=4">pciide(4)</a> fixes from NetBSD.
! 739: <li>Remove (arguably) unnecessary setgid(operator) from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=df&sektion=1">df(1)</a>.
! 740: <li>Remove setuid(kmem) from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ps&sektion=1">ps(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=w&sektion=1">w(1)</a> now kvm can use sysctl for some stuff. We don't need no proc filesystem...
! 741: <li>Make the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kvm&sektion=3">kvm(3)</a> library try to use the shiny new sysctls to fetch process arguments and environment.
! 742: <li>Add flag to stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kvm_open&sektion=3">kwm_open(3)</a> opening any files, though limiting kvm functionality.
! 743: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> to retrieve process arguments and environment.
! 744: <li>Tweak kernel memory allocation on i386 to work better on 4GB machines.
! 745: <li>Work started on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=schizo&sektion=4&arch=sparc64">schizo(4/SPARC64)</a> PCI controller. Who said that?
! 746: <li>Install script now puts FQDN in /etc/myname.
! 747: <li>Make more use of splsoftnet() (instead of splnet()) in IPv6 code.
! 748: <li>lo0 now only gets ::1 when it's brought up.
! 749: <li>Merge <a href="http://www.pdc.kth.se/kth-krb/">kth-krb</a> 1.1.1.
! 750: <li>Enable weak aliases in libc for powerpc, sparc and alpha (already enabled on i386.)
! 751: <li>Add new splusb() to prevent USB initialisation lossage.
! 752: <li>Improve SMART support in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atactl&sektion=8">atactl(8)</a>.
! 753: <li>Silently ignore deprecated options to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> since they may be passed in for a remote scp command.
! 754: <li>Remove FallbackToRsh from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&sektion=1">scp(1)</a> as well.
! 755: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT rules now do macro expansion as well.
! 756: <li>Add Makefile-like (var += ...) macro concatenation to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>, then remove it again.
! 757: <li>Add per-rule state timeouts to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
! 758: <li>Fix well-hidden little bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=3">crypto(3)</a> to unbork <a href="http://www.openbsd.org/sparc64.html">sparc64</a> SSL/TLS negotiation.
! 759: <li>On <a href="http://www.openbsd.org/alpha.html">alpha</a>, don't allow kernel symbols to be paged out.
! 760: <li>Deprecate FallbackToRsh and UseRsh options in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>.
! 761: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign&sektion=8">ssh-keysign(8)</a> now insists on 20-byte session IDs.
! 762: <li>Remove suspect DIAGNOSTIC block from softdep kernel code.
! 763: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wsdisplay&sektion=4">wsdisplay(4)</a> screen blanker play nice with the X server.
! 764: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lpr&sektion=1">lpr(1)</a> and friends go from setuid(root) to setgid(daemon). Connections can come from unprivileged ports for now.
! 765: <li>Add Realtek 8129/8139 cardbus device support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rl&sektion=4">rl(4)</a>.
! 766: <li>Switch <a href="http://www.openbsd.org/macppc.html">macppc</a> to use gem instead of gm.
! 767: <li>Multicast fixes and Gigabit Ethernet support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gem&sektion=4">gem(4)</a>.
! 768: <li>Rule label length increased from 32 to 64 characters.
! 769: <li>Allow modification of TTL with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> return-rst.
! 770: <li>Timeout handling improvements to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ohci&sektion=4">ohci(4)</a>.
! 771: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a> print RIP6 statistics.
! 772: <li>Allow a per-rule limit to the number of state table entries a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a> rule can create.
! 773: <li>Switch <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> from AVL to red-black trees.
! 774: <li>Add Gemplus GPR400 PCMCIA smartcard reader.
! 775: <li>Don't propose IDEA when negotiating SSL connections.
! 776: <li>$srcaddr, $srcport, $dstaddr, $dstport, $proto and $nr (rule number) can now be used in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> rule labels.
! 777: <li>Make a kernel TCP RST and a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> return-rst look the same, to frustrate the nmap crowd.
! 778: <li>Some <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a> filter list optimizations.
! 779: <li>Remove IPv4 mapped address support from TCP input code, and remove is_ipv6().
! 780: <li>Add net.inet6.ip6.v6only <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=8">sysctl(8)</a> flag.
! 781: <li>Add ikecfg as a valid flag in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd.conf&sektion=5">isakmpd.conf(5)</a>. Start coding SET/ACK mode support.
! 782: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inetd&sektion=8">inetd(8)</a> no longer accepts UDP packets if the source is a broadcast address.
! 783: <li>Start work on <a href="http://www.xfree86.org/current/Xkdrive.1.html">KDrive</a> (TinyX) low-footprint X server support.
! 784: <li>Add a missing bzero() in sys/netinet/tcp_input.c to fix link-local TCP.
! 785: <li>Add flow type to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>.
! 786: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> crasher PR2729.
! 787: <li>Deprecate SIO.*IFPREFIX_IN6 ioctls.
! 788: <li>Merge <a href="http://www.stacken.kth.se/projekt/arla/">arla</a> release 0.35.7.
! 789: <li>Merge OpenSSL 0.9.7-stable-20020605.
! 790: <li>TCP wrappers and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> accept scoped IPv6 addresses.
! 791: <li>Remove [gs]etprogname() from KerberosIV
! 792: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> crash described in PR2721.
! 793: <li>Disable XF86_SVGA drivers in old XFree that are as good or better in XFree86 4.2.0, as defined in their <a href="http://www.xfree86.org/4.2.0/Status.html">status page</a>.
! 794: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bpf&sektion=4">bpf(4)</a> support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a>
! 795: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>, add netmask, subnet and DHCP server request support to IKECFG.
! 796: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bktr&sektion=4&arch=i386">bktr(4)</a> stereo.
! 797: <li>Support the RNG of AMD-768 southbridge (device <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=amdpm&sektion=4">amdpm(4)</a>.)
! 798: <li>Fix DMA handing of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hme&sektion=4&arch=sparc">hme(4)</a> (SPARC and SPARC64.)
! 799: <li>Pull in libcsu change from NetBSD to allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dlopen&sektion=3">dlopen(3)</a> to be used much earlier.
! 800: <li>Add -t key lifetime option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-add&sektion=1">ssh-add(1)</a>.
! 801: <li>Use IPv4/IPv6 addresses in /etc/inetd.conf instead of 'localhost' to avoid DNS lookups.
! 802: <li>Add predicate suffixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>.
! 803: <li>Add -x and -X options to respectively lock and unlock <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a>.
! 804: <li>Compatibility tweaks to getpid(), getuid() and getgid() under Linux emulation.
! 805: <li>Start work on new debugger, pmdb.
! 806: <li>Additional check (#ifdef DIAGNOSTIC) for duplicate <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uvm&sektion=9">uvm(9)</a> map entries.
! 807: <li>If <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslog&sektion=3">syslog(3)</a> fails with ENOBUFS when sending to /dev/log, it now waits a millisecond and retries.
! 808: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslogd&sektion=8">syslogd(8)</a> doubles the socket receive buffer size.
! 809: <li>Automatic policy generation for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a>.
! 810: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lynx&sektion=1">lynx(1)</a> now defaults to passive FTP.
! 811: <li>Remove [gs]etprogname() from KerberosV.
! 812: <li>New -a <bind_address> option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a> so user can specify the agent's UNIX domain socket.
! 813: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tbrconfig&sektion=8">tbrconfig(8)</a> statically linked.
! 814: <li>Remove assumptions about MTU values for certain media types.
! 815: <li>Use the same byte-order kung fu as the kernel in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atactl&sektion=8">atactl(8)</a>.
! 816: <li>Don't automagically set -prefixlen 128 on IPv6 host route.
! 817: <li>rasops instead of rcons for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vgafb&sektion=4&arch=sparc64">vgafb(4/SPARC64)</a>.
! 818: <li>Add xsystrace(1) [no manpage yet] UI for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a>.
! 819: <li> Add sbus <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bwtwo&sektion=4&arch=sparc">bwtwo(4)</a> mono framebuffer support (untested.)
! 820: <li>PrivSep'd <a href="http://www.openssh.com/">ssh</a> monitor processes check each authentication method is enabled before use.
! 821: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> userland import.
! 822: <li>Use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=arc4random&sektion=3">arc4random(3)</a> for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rtadvd&sektion=8">rtadvd(8)</a>.
! 823: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nice&sektion=3">nice(3)</a> standards compliant.
! 824: <li>More <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> tweaks for Symbol cards.
! 825: <li>Recognise VIA VT8233 PCI-ISA bridge.
! 826: <li>Fix <a href="http://www.openbsd.org/sparc64.html">sparc64</a> 64-bit relocation masks in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a>.
! 827: <li>Merge in <a href="http://www.sendmail.org/">Sendmail</a> 8.12.4.
! 828: <li>Detect stereo radio reception in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fms&sektion=4">fms(4)</a>.
! 829: <li>Compatibility tweaks to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=creator&sektion=0&arch=sparc64">creator(4/SPARC64)</a>.
! 830: <li>Replace <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mr&sektion=4&manpath=OpenBSD+3.1">mr(4)</a> radio driver with new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gtp&sektion=4">gtp(4)</a> driver, which is better tested.
! 831: <li>'<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl</a> -s all' now prints labels as well.
! 832: <li>Add volatile to sig_atomic_t. Stand well back.
! 833: <li>Use rasops instead of rcons in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cgthree&sektion=4&arch=sparc">cgthree(4/SPARC)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cgsix&sektion=4&arch=sparc">cgsix(4/SPARC)</a>.
! 834: <li>Simplify IPv6 link MTU code.
! 835: <li>Implement PMAP_CANFAIL flag for m68k pmap.
! 836: <li>Enable console blanking on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cgthree&sektion=4&arch=sparc">cgthree(4/SPARC)</a>.
! 837: <li>Make sure some struct sockaddr are cleared before use.
! 838: <li>Start work on NetOctave NSP2000 (hardware crypto) driver <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=noct&sektion=4">noct(4)</a>. Just the RNG for now.
! 839: <li>Apply <a href="http://www.dachb0den.com/projects/bsd-airtools.html">BSD Airtools</a> 0.2 patches.
! 840: <li>Teach <a href="http://www.ietf.org/rfc/rfc3168.txt?number=3168">ECN</a> flags to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
! 841: <li>Dump <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mkisofs&sektion=8&manpath=OpenBSD+3.1">mkisofs(8)</a> in favor of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mkhybrid&sektion=8">mkhybrid(8)</a>.
! 842: <li>Avoid fd_set overruns in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rtsold&sektion=8">rtsold(8)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=route6d&sektion=8">route6d(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rtadvd&sektion=8">rtadvd(8)</a>.
! 843: <li>Clue in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inetd&sektion=8">inetd(8)</a> to IPv6 FTP bounce attacks.
! 844: <li>Fix /etc/ptmp deletion bug that occurred if <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rmuser&sektion=8">rmuser(8)</a> was aborted.
! 845: <li>IBSS mode for Symbol cards (firmware >= 2.5) using the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi">wi(4)</a> driver.
! 846: <li>Add leading-zero padding to RSA signatures in <a href="http://www.openssh.com/">ssh</a>.
! 847: <li>Tweak <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=altq&sektion=9">altq(9)</a> <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=options&sektion=4">options(4)</a> so the kernel compiles on i[34]86.
! 848: <li>Add support in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fxp&sektion=4">fxp(4)</a> driver for more Intel PRO/100 VM cards.
! 849: <li>For those that do metric but refuse to work in meters and kilograms, <a href="http://www.unc.edu/~rowlett/units/dictK.html">kayser</a> conversion has been added to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=units&sektion=1">units(1)</a>. Wow.
! 850: <li>Fix signal races in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ping&sektion=8">ping(8)</a>.
! 851: <li>Now that the Dungeon Master <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dm&sektion=0&manpath=OpenBSD+3.1">dm(1)</a> has gone into well-earned retirement, make those games that need to save high scores, etc. run setgid games.
! 852: <li>Per-socket <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> policies and options!
! 853: <li>Stop a potential <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> DoS where an attacker could falsely advance the replay counter and so force valid traffic to be discarded.
! 854: <li>Add German keyboard map for Apple laptops.
! 855: <li>On ELF platforms, allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc&sektion=1">gcc(1)</a> to link Fortran code with other languages.
! 856: <li>Make sure every PCI interrupt is recorded, so ISA doesn't step on one of them later.
! 857: <li>Better <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=radio&sektion=4">radio(4)</a> devices attachment.
! 858: <li>Fix VIA8233 support in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=auvia&sektion=4">auvia(4)</a>.
! 859: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nc&sektion=1">nc(1)</a> timeouts behave more like netcat.
! 860: <li>Make sure user's shell is /usr/sbin/authpf before running <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=authpf&sektion=8">authpf(8)</a> to prevent $SSH_CLIENT shenanigans.
! 861: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh</a>, use OpenSSL's AES implementation instead of our own.
! 862: <li>Add -[46] options to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&sektion=1">ftp(1)</a>.
! 863: <li>Warn to syslog if IPv6 neighbor discovery tries to set the link MTU too small.
! 864: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tip&sektion=1">tip(1)</a> query the driver with the user's baud rate setting rather than only accepting a compiled-in list.
! 865: <li>Cleanup and small fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=skeyaudit&sektion=1">skeyaudit(1)</a>.
! 866: <li>Fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fms&sektion=4">fms(4)</a>.
! 867: <li>Various fixes and enhancements to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a>.
! 868: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> no longer starts in privilege-separated mode unless the PrivSep user sshd and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chroot&sektion=2">chroot(2)</a> dir /var/empty are both present.
! 869: <li>Fix potential time overflow in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dd&sektion=1">dd(1)</a>.
! 870: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a> refragment IP packets that are too large for the outgoing interface.
! 871: <li>Remove libdl, support is in libc since a long time already.
! 872: <li>Recognise Nokia C110 and C111 PC cards as <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> devices.
! 873: <li>Really sanitize <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a>'s environment as promised in the manpage when running set[ug]id, and test for set[ug]id earlier.
! 874: <li>Don't allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mktemp&sektion=3">mktemp(3)</a> to back up past the beginning of its input buffer.
! 875: <li>Use the correct string buffer size for printing port numbers in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
! 876: <li>Remove arc4random_8().
! 877: <li>struct ifnet now has an array of pointers to data for each address family. Move per-interface IPv6 state and neighbor discovery stuff here.
! 878: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a> cleanup.
! 879: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ping6&sektion=8">ping6(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=traceroute6&sektion=8">traceroute6(8)</a> updates from <a href="http://www.kame.net/">KAME</a>.
! 880: <li>unsigned -> unsigned int cleanup.
! 881: <li>Repair machdep.chipset sysctl on alpha.
! 882: <li>Audit pid_t type usage.
! 883: <li>Audit incorrect signal(2) usage.
! 884: <li>Fix big <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=snprintf&sektion=3">snprintf(3)</a>
! 885: parameter typo in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strftime&sektion=3">strftime(3)</a>.
! 886: <li>Don't use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=execlp&sektion=3">execlp(3)</a> when invoking <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign&sektion=8">ssh-keysign(8)</a>.
! 887: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kill&sektion=2">kill(2)</a> parameter brainfade in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=amd&sektion=8">amd(8)</a> and KerberosIV's rlogin.
! 888: <li><a href="http://www.openbsd.org/vax.html">vax</a>: Add board type for VXT2000+.
! 889: <li>More IANA interface type values, including IFT_BRIDGE.
! 890: <li>Split XFree86 bsd_video.c into architecture-specific files.
! 891: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=8">sysctl(8)</a> toggle net.inet.icmp.tstamprepl (default: 1) for ICMP timestamp replies.
! 892: <li>Even more steps toward the death of unsafe string functions.
! 893: <li>In XFree86 build, honour COPTS variable when building third-party apps.
! 894: <li>Add LIBS option for crunchgen so custom libraries can be added to boot images.
! 895: <li>Run <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rpc.rstatd&sektion=8">rpc.rstatd(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rpc.rusersd&sektion=8">rpc.rusersd(8)</a> as user nobody (boo!) from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inetd&sektion=8">inetd(8)</a>.
! 896: <li>From <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a>, remove tests that have no license, and for the same reason replace parts of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld&sektion=1">ld(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ldconfig&sektion=8">ldconfig(8)</a>.
! 897: <li>Remove unnecessary instruction cache flushes on <a href="http://www.openbsd.org/sparc64.html">sparc64</a>.
! 898: <li>Many cleanups in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a>.
! 899: <li>Support mixed IPv4/IPv6 address lists in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
! 900: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign&sektion=8">ssh-keysign(8)</a>.
! 901: <li>Remove obsolete <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dm&sektion=8&manpath=OpenBSD+3.0">dm(8)</a>.
! 902: <li>Fix <a
! 903: href="http://www.openbsd.org/cgi-bin/man.cgi?query=disklabel&sektion=8">disklabel(8)</a>
! 904: warnings on CD-ROM
! 905: (<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cd&sektion=4">cd(4)</a>)
! 906: with no data track.
! 907: <li>Allow incoming <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> connections in the temporary <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> ruleset installed by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rc&sektion=8">/etc/rc</a>, just in case the real rulebase fails to load later on.
! 908: <li>Hunt for biodone() calls not made at splbio() <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spl&sektion=9">spl(9)</a>, and fix them.
! 909: <li>Improve <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mount_cd9660&sektion=8">cd9660(8)</a> filesystem read-ahead performance.
! 910: <li>Support software brightness and backlight control on various macppc models.
! 911: <li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wsconsctl&sektion=8">wsconsctl(8)</a> to control brightness and backlight on displays which
! 912: support this.
! 913: <li>New libc IEEE floating-point code and libm routines for hppa.
! 914: <li>splassert (<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spl&sektion=9">spl(9)</a>) on i386.
! 915: <li>More steps toward the death of unsafe string functions.
! 916: <li>splassert (<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spl&sektion=9">spl(9)</a>) on sparc64.
! 917: <li>Add a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=creator&sektion=4&arch=sparc64">creator(4)</a> driver for sparc64 Creator and Creator3D cards.
! 918: <li>Jumbo <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lpr&sektion=1">lpr(1)</a> changes including IPv6 support, new features, and bugfixes.
! 919: <li>Still more hppa memory management and low-level code fixes.
! 920: <li>Simple pmap optimization on macppc.
! 921: <li>Did we mention the cleaning of the installation scripts, adding functionality yet reducing size?
! 922: <li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ddb&sektion=4">ddb(4)</a> to do a stack trace into the kernel message buffer.
! 923: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isp&sektion=4">isp(4)</a> fixes.
! 924: <li><font color=#e00000><strong>SECURITY FIX: Fix incorrect ACL check when using BSD authentication in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>.</strong></font><br>
! 925: <a href="errata.html#sshbsdauth">A source code patch is available</a>.<br>
! 926: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
! 927: <li>Fix a memory leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a>.
! 928: <li>New systrace facility.
! 929: <li>Better Cyrix cpu support.
! 930: <li>ECN support.
! 931: <li>Support SNTP in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rdate&sektion=8">rdate(8)</a>.
! 932: <li>Fix infinite SIGFPE loop situations on vax.
! 933: <li>Remove unnecessary setuid bit from binaries that either do not need it or
! 934: whose functionality requiring root privileges should only be invoked by root
! 935: anyways, or which can be changed into a setgid bit for a specific group.
! 936: <li>Switch <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=skey&sektion=1">skey(1)</a> management to per-user directories instead of a flat file and drop setuid bit on related tools.
! 937: <li>Lots of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ppp&sektion=8">ppp(8)</a> goodies.
! 938: <li>New splassert (see <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spl&sektion=9">spl(9)</a>) debug functionality on sparc.
! 939: <li>Enable Altivec instructions in macppc kernels.
! 940: <li>Support more Hifn cards (7814, 7851, 7854) via the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nofn&sektion=4">nofn(4)</a> driver.
! 941: <li>OpenSSL 0.9.7.
! 942: <li>Completely rework <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=at&sektion=1">at(1)</a> and related binaries, and make them POSIX-compliant.
! 943: <li>More use of hardware crypto cards functionality via <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ubsec&sektion=4">ubsec(4)</a>.
! 944: <li>More hppa memory management fixes.
! 945: <li>binutils 2.11.2.
! 946: <li>Add per-gid filtering to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
! 947: <li>Switch <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=at&sektion=1">at(1)</a> to be setgid crontab as well.
! 948: <li>Handle host names resolving in several addresses in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
! 949: <li>Fix compilation warnings for various userland programs.
! 950: <li>Add a new user, crontab, and change <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cron&sektion=8">cron(8)</a> from being setuid root to being setgid crontab.
! 951: <li>Add per-uid filtering to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
! 952: <li>More <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=usb&sektion=4">usb(4)</a> support updates.
! 953: <li>More <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ubsec&sektion=4">ubsec(4)</a>
! 954: hackery to get it to do more crypto operations, and hack
! 955: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hifn&sektion=4">hifn(4)</a>
! 956: and
! 957: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lofn&sektion=4">lofn(4)</a>
! 958: to work with this.
! 959: <li>Your average extensive cleaning of the installation scripts, adding functionality yet reducing size.
! 960: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=adb&sektion=4&arch=powerpc">adb(4)</a> french keyboard layout on macppc.
! 961: <li>Switch ELF platforms to the native <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gprof&sektion=1">gprof(1)</a>.
! 962: <li>Obtain a better licence for the hppa spmath routines.
! 963: <li>Add an <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=url&sektion=4">url(4)</a> driver for Realtek RTL8150L-based USB cards.
! 964: <li>mvme88k pmap bugfixes.
! 965: <li>Various <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=usb&sektion=4">usb(4)</a> driver updates.
! 966: <li>Remove <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rlogin&sektion=1&manpath=OpenBSD+3.0">rlogin(1)</a>,
! 967: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rlogind&sektion=8&manpath=OpenBSD+3.0">rlogind(8)</a> and
! 968: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rexecd&sektion=8&manpath=OpenBSD+3.0">rexecd(8)</a>.
! 969: <li>Fix several wrong computations in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newfs&sektion=8">newfs(8)</a>.
! 970: <li>Workaround ghost pcibus detection in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pchb&sektion=4">pchb(4)</a>.
! 971: <li>Add a tuner driver for the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fms&sektion=4">fms(4)</a> radio cards.
! 972: <li>Allow userland to know which <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> rule created a specific state.
! 973: <li>Prevent a 3.0 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wsmoused&sektion=8&arch=i386">wsmoused(8)</a> binary from panic'ing the kernel.
! 974: <li>Enable privsep by default in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>.
! 975: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=find&sektion=1">find(1)</a>'s -anewer and -cnewer options behaviour.
! 976: <li>Sprinkle ptrdiff_t and size_t types instead of int all over the tree.
! 977: <li>Support LBA48 addressing in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wdc&sektion=4">wdc(4)</a>.
! 978: <li>Bring back TURBOchannel alpha hardware support.
! 979: <li>Fix a slightly incorrect behaviour of the device cloning in UKC (<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=boot_config&sektion=8">boot_config(8)</a>).
! 980: <li><font color=#e00000><strong>SECURITY FIX: cause the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=exec&sektion=3">exec(3)</a> to fail if we are unable to allocate resources when dup-ing <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=null&sektion=4">/dev/null(4)</a> to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fd&sektion=4">fd(4)</a>'s 0-2 for setuid programs.</strong></font><br>
! 981: <a href="errata.html#fdalloc2">A source code patch is available</a>.<br>
! 982: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
! 983: <li>Extended Attributes code updates.
! 984: <li>Improve PS/2 mouse port detection in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pckbc&sektion=4">pckbc(4)</a>.
! 985: <li>Better <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hifn&sektion=4">hifn(4)</a> initialisation and memory usage.
! 986: <li>Extensive cleaning of the installation scripts, adding functionality yet reducing size. No, you're not having a deja vu.
! 987: <li>Fix ethernet interrupt level on sparc, and rework the sparc interrupt framework.
! 988: <li>Better color depth detection in Xwsfb.
! 989: <li>64-bit fixes in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vmstat&sektion=8">vmstat(8)</a>.
! 990: <li>Improve dma processing in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bge&sektion=4">bge(4)</a>.
! 991: <li><font color=#e00000><strong>RELIABILITY FIX: constrain readdirplus request count in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mount_nfs&sektion=8">nfs(8)</a> filesystem.</strong></font><br>
! 992: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
! 993: <li>Switch macppc console from the rcons engine to the rasops engine.
! 994: <li>Extensive cleaning of the installation scripts, adding functionality yet reducing size. Yes, once again.
! 995: <li>Add IEEE754 floating point completion code on alpha.
! 996: <li>Improve dma processing in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gx&sektion=4">gx(4)</a>.
! 997: <li>Build the XFree86 GLX extension on sparc64.
! 998: <li>Hunt for outdated prototypes for character devices entry points and fix them.
! 999: <li>Switch mvme88k to the new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=MAKEDEV&sektion=8&arch=mvme68k">MAKEDEV(8)</a> generation framework.
! 1000: <li>Implement the -s option in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=m4&sektion=1">m4(1)</a>, for it to be POSIX-compliant.
! 1001: <li>Kill all mvme68k kernel compilation warnings.
! 1002: <li>Assorted mac68k code cleanups.
! 1003: <li>Shared key support in hostap mode in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a>.
! 1004: <li>Make Xwsfb support <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tga&sektion=4&arch=alpha">tga(4)</a> cards on alpha.
! 1005: <li>Fix a lock leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ami&sektion=4">ami(4)</a>.
! 1006: <li><font color=#e00000><strong>SECURITY FIX: update <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sudo&sektion=8">sudo(8)</a> to sudo 1.6.6.</strong></font><br>
! 1007: <a href="errata.html#sudo">A source code patch is available</a>.<br>
! 1008: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
! 1009: <li><font color=#e00000><strong>RELIABILITY FIX: avoid buffer overrun on PASV from a malicious server in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&sektion=1">ftp(1)</a>.</strong></font><br>
! 1010: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
! 1011: <li>Add a Soundforte radio driver, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sfr&sektion=4&arch=i386">sfr(4)</a>.
! 1012: <li>Add dynamic interface -> address translation in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
! 1013: <li>Add kernel hooks on ethernet interfaces, triggered by address changes.
! 1014: <li>Extended Attributes code updates.
! 1015: <li>Enable the Freetype library on sparc64.
! 1016: <li>Add queueing in the kernel crypto framework.
! 1017: <li>Make the system includes C++ friendly.
! 1018: <li>Allow explicit filtering of non-reassembled fragments in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
! 1019: <li>Support more hardware and fix stability issues in the mac68k <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sn&sektion=4&arch=mac68k">sn(4)</a> network driver.
! 1020: <li>Improved Lithuanian keyboard map for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wscons&sektion=4">wscons(4)</a>.
! 1021: <li><font color=#e00000>SECURITY FIX: fix a buffer overflow in AFS/Kerberos token handling in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>, and send a complete ticket.</font><br>
! 1022: <a href="errata.html#sshafs">A source code patch is available</a>.<br>
! 1023: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
! 1024: <li>Fix a memory leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a>.
! 1025: <li>Assorted hppa memory management fixes.
! 1026: <li>Allow fractional delays in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=top&sektion=1">top(1)</a>.
! 1027: <li>Enable upgrade functionality again on alpha installation media.
! 1028: <li>Extensive cleaning of the installation scripts, adding functionality yet reducing size.
! 1029: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1">cvs(1)</a> create the .cvspass file on a login operation if it does not exist, rather than failing.
! 1030: <li>Extend mac68k disklabels to 16 partitions, like all the other platforms.
! 1031: <li>Add cddb support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cdio&sektion=1">cdio(1)</a>.
! 1032: <li>Support more network cards with the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dc&sektion=4">dc(4)</a> driver.
! 1033: <li>Improve sparc pmap behaviour in some low memory conditions.
! 1034: <li>sendmail 8.13.
! 1035: <li>Switch mvme68k to the new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=MAKEDEV&sektion=8&arch=mvme68k">MAKEDEV(8)</a> generation framework.
! 1036: <li>Improve the library logic in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld&sektion=1">ld(1)</a> to increase speed and decrease memory usage on a.out platforms.
! 1037: <li>New mvme68k installation media.
! 1038: <li>Change fpu probe routine on mac68k.
! 1039: <li>Fix an obscure bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sed&sektion=1">sed(1)</a>.
! 1040: <li>Support more wireless cards with the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> driver, and fix a few issues within.
! 1041: <li>Fix 64-bit issues in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
! 1042: <li>Remove the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wx&sektion=4&manpath=OpenBSD+3.0">wx(4)</a> driver,
! 1043: which had been deprecated in favor of the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gx&sektion=4">gx(4)</a> driver.
! 1044: </ul>
! 1045: <p>
! 1046:
! 1047: This list mentions mostly platform-independent changes. For a list of changes
! 1048: made in a particular platform, please check the page for that platform. If you
! 1049: find them not listed there, the changes are either (1) not being documented or
! 1050: (2) are documented here.<br><br>
! 1051:
! 1052: <hr>
! 1053: <p>
! 1054: <h3>
! 1055: <a href="plus20.html">For changes leading up to OpenBSD 2.0, click here</a>.<br>
! 1056: <a href="plus21.html">For changes leading up to OpenBSD 2.1, click here</a>.<br>
! 1057: <a href="plus22.html">For changes leading up to OpenBSD 2.2, click here</a>.<br>
! 1058: <a href="plus23.html">For changes leading up to OpenBSD 2.3, click here</a>.<br>
! 1059: <a href="plus24.html">For changes leading up to OpenBSD 2.4, click here</a>.<br>
! 1060: <a href="plus25.html">For changes leading up to OpenBSD 2.5, click here</a>.<br>
! 1061: <a href="plus26.html">For changes leading up to OpenBSD 2.6, click here</a>.<br>
! 1062: <a href="plus27.html">For changes leading up to OpenBSD 2.7, click here</a>.<br>
! 1063: <a href="plus28.html">For changes leading up to OpenBSD 2.8, click here</a>.<br>
! 1064: <a href="plus29.html">For changes leading up to OpenBSD 2.9, click here</a>.<br>
! 1065: <a href="plus30.html">For changes leading up to OpenBSD 3.0, click here</a>.<br>
! 1066: <a href="plus31.html">For changes leading up to OpenBSD 3.1, click here</a>.<br>
! 1067: <a href="plus.html">For changes in OpenBSD-current, click here</a>.
! 1068: <br>
! 1069: </h3>
! 1070:
! 1071: <hr>
! 1072: <a href="index.html"><img height=24 width=24 src="back.gif" border=0 alt="OpenBSD"></a>
! 1073: <a href="mailto:www@openbsd.org">www@openbsd.org</a>
! 1074: <br><small>$OpenBSD: plus.html,v 1.844 2002/10/12 22:38:36 deraadt Exp $</small>
! 1075:
! 1076: </body>
! 1077: </html>