Annotation of www/plus32.html, Revision 1.2
1.1 deraadt 1: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML Strict//EN">
2: <html>
3: <head>
4: <title>OpenBSD-3.2 changes</title>
5: <link rev="made" href="mailto:www@openbsd.org">
6: <meta name="resource-type" content="document">
7: <meta name="description" content="OpenBSD-current changes">
8: <meta name="keywords" content="openbsd,current,changes">
9: <meta name="distribution" content="global">
10: <meta name="copyright" content="This document copyright 1996-2002 by OpenBSD.">
11: </head>
12:
13: <body bgcolor="#ffffff" text="#000000" link="#23238e">
14:
15: <a href="index.html"><img alt="[OpenBSD]" height="30" width="141" src="images/smalltitle.gif" border="0"></a>
16: <p>
17: <h2><font color=#e00000>Changes made between OpenBSD 3.1 and OpenBSD 3.2</font><hr></h2>
18:
19: <p>
20: This is a partial list of the major machine-independent changes
21: (i.e., these are the changes people ask about most often). Port
22: specific changes have also been made, and are sometimes mentioned
23: in the pages for the specific <a href="plat.html">platforms</a>.
24:
25: <p>
26: Changes to the <a href="ports.html">ports</a> collection are documented
27: <a href="portsplus/index.html">here</a>.
28:
29: <p>
30: Note: <font color=#e00000>Problems for which patches exist are marked in red</font>.
31:
32: <p>
33: <h3>
1.2 ! deraadt 34: For changes in other releases, click below:<br>
! 35: <a href="plus20.html">2.0</a>,
! 36: <a href="plus21.html">2.1</a>,
! 37: <a href="plus22.html">2.2</a>,
! 38: <a href="plus23.html">2.3</a>,
! 39: <a href="plus24.html">2.4</a>,
! 40: <a href="plus25.html">2.5</a>,
! 41: <a href="plus26.html">2.6</a>,
! 42: <a href="plus27.html">2.7</a>,
! 43: <a href="plus28.html">2.8</a>,
! 44: <a href="plus29.html">2.9</a>,
! 45: <a href="plus30.html">3.0</a>,
! 46: <a href="plus31.html">3.1</a>,
! 47: <a href="plus.html">current</a>.
1.1 deraadt 48: <br>
49: </h3>
50:
51: <p>
52: <h3><font color=#0000e0>Changes made between OpenBSD 3.1 and OpenBSD 3.2</font></h3><p>
53: <ul>
54:
55: <li>Release branch created.
56: <!-- ^^^ 20021003 -->
57: <li>Cool new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xdm&sektion=8">xdm(8)</a> images for 3.2.
58: <li><font color="#e00000"><strong>SECURITY FIX: Incorrect argument checking in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=setitimer&sektion=2">setitimer(2)</a> system call may allow an attacker to write to kernel memory.</strong></font><br>
59: <a href="errata.html#kerntime">A source code patch is available</a>.<br>
60: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
61: <!-- ^^^ 20021002 -->
62: <li>Retrofit the SIGUSR1->SIGUSR2 console switching change to the old X server.
63: <li>Fix a couple of crashers in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kevent&sektion=2">kevent(2)</a>.
64: <li>OpenBSD 3.2-beta -> 3.2, OpenSSH -> 3.5.
65: <!-- ^^^ 20021001 -->
66: <li>Try to initialise AGP GART in the privileged startup portion of the X server.
67: <!-- ^^^ 20020930 -->
68: <li>Plug a memory leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=url&sektion=4">url(4)</a>.
69: <!-- ^^^ 20020929 -->
70: <li>login_radius returns, complete with fixed license.
71: <li>Still more cleanup and output trimming in the installer script.
72: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xf86cfg&sektion=1">xf86cfg(1)</a> now runs the server with '-nolisten tcp'.
73: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xdm&sektion=8">xdm(8)</a> now drops privileges to run as user _x11 after starting as root.
74: <!-- ^^^ 20020928 -->
75: <li>daddr -> saddr in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> binat code. Oops.<br>
76: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
77: <li>Add a wildcard client string match against "probe-*" for SSH probes to use.
78: <!-- ^^^ 20020927 -->
79: <li>Disable login_radius, pesky licensing problems again.<br>
80: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
81: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sppp&sektion=4">sppp(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lmc&sektion=4">lmc(4)</a> are back, with better licenses.
82: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> can now do privsep and krb4 together.
83: <!-- ^^^ 20020926 -->
84: <li>Remove RC5 and MDC2 from libcrypto.
85: <li>Have the installer set the nosuid flag for mount points that shouldn't contain setuid programs.
86: <!-- ^^^ 20020925 -->
87: <li>Fix a sizeof bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a> spanning tree protocol support.
88: <li>New driver <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=em&sektion=4">em(4)</a>, supporting Intel Gigibit Ethernet adapters and replacing <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gx&sektion=4&release=OpenBSD+3.1">gx(4)</a>
89: <li>Some memory allocation and other tweaks to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=talkd&sektion=8">talkd(8)</a>.
90: <!-- ^^^ 20020924 -->
91: <li>Better handling of IPv6 deprecated addresses.
92: <li>Fix the padding length for an IPv6 PADN option before a jumbo payload option.
93: <li>Allow SSL session IDs of any length up to 32, removing the non-standard 16-char minimum imposed before.
94: <li>Add a /dev/X0 entry for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xdm&sektion=8">xdm(8)</a>, allowing the mouse to work with the upcoming xdm privilege drop. One for the Upgrading Mini-faq.
95: <li>Properly dump radix tree nodes in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a>.
96: <!-- ^^^ 20020923 -->
97: <li>Template policy support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>.
98: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sppp&sektion=4">sppp(4)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lmc&sektion=4">lmc(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cz&sektion=4">cz(4)</a> drivers removed from release kernels due to license problems.
99: <li>A bunch of gcc3 tweaks.
100: <li>Don't build Kerberos ticket forwarding programs <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kf&sektion=1&release=OpenBSD+3.1">kf(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kfd&sektion=8">kfd(8)</a> because of security issues. (Will come back when Heimdal 0.5 gets merged, after 3.2 release.)
101: <li>Add support for ELF sections loaded relative to a base section.
102: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>'s antispoof command also block incoming packets with the source set to one of the host's IP addresses.
103: <li>Make the VT switching code use SIGUSR2 instead of SIGUSR1. The latter is also used by the X server to synchronise with xinit.
104: <!-- ^^^ 20020922 -->
105: <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newsyslog&sektion=8">newsyslog(8)</a> handle with more grace situations where some archived logfiles have been uncompressed in-place.
106: <li>Continue to reduce the amount of output the installer generates, so we won't need a magnifier to read the installation instructions in the CD gatefold.
107: <li>Add TBI (Ten-Bit Interface) mode support for fibre-based <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nge&sektion=4">nge(4)</a> cards, as well as some other bug fixes.
108: <!-- ^^^ 20020921 -->
109: <!-- ^^^ 20020920 -->
110: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newsyslog&sektion=8">newsyslog(8)</a> actually run the command it's asked to run. Also, add new interpretation of a null command.
111: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newsyslog&sektion=8">newsyslog(8)</a>'s handling of empty lines.
112: <li>Remove the obsolete access.conf and srm.conf files from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a>.
113: <!-- ^^^ 20020919 -->
114: <li>Make sure <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> ProxyCommand programs get killed on exit (portable OpenSSH <a href="http://bugzilla.mindrot.org/show_bug.cgi?id=223">bug #223</a>.)
115: <li>Fix a potential FREE() of an uninitialised pointer in the kernel (sys/exec_script.c)
116: <li>Rewrite <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a>'s GRE decoder.
117: <li>Fix signal trampoline problems with non-exec stack.
118: <li>Remove EGP decode support from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a> due to a duff license and apathy.
119: <!-- ^^^ 20020918 -->
120: <li>So farewell, then, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=trsp&sektion=8&release=OpenBSD+3.1">trsp(8)</a>.
121: <li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newsyslog&sektion=8">newsyslog(8)</a> to rotate only specific logfiles.
122: <li>Make RAND_poll use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=arc4random&sektion=3">arc4random(3)</a> instead of /dev/arandom, so it works in under a chroot.
123: <li>New -a flag to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newsyslog&sektion=8">newsyslog(8)</a> allows a directory to be specified for archived logs.
124: <li>Set the close-on-exec flag for file descriptors created by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kvm_open&sektion=3">kvm_open(3)</a>.
125: <li>Fix DMA-related panics in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=twe&sektion=4">twe(4)</a> driver.
126: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>, try harder to create the X11 forwarding listener socket.
127: <!-- ^^^ 20020917 -->
128: <li>Fix a potential buffer overrun in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=setlocale&sektion=3">setlocale(3)</a> (NetBSD-<a href="ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2002-012.txt.asc">SA2002-012</a>.)
129: <li>Don't chdir to / when <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> goes daemon.
130: <li>Add __syslog__ string formatting attribute to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc&sektion=1">gcc(1)</a>.
131: <!-- ^^^ 20020916 -->
132: <li>Periodically save changes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> policies.
133: <li>Various fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newsyslog&sektion=8">newsyslog(8)</a>.
134: <li>Re-sync the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=siop&sektion=4">siop(4)</a> driver with NetBSD.
135: <li>Signal fixes in libevent.
136: <!-- ^^^ 20020915 -->
137: <li>Merge in Sendmail 8.12.6.
138: <li>Give stdio's __cleanup handlers the same mprotect() treatment as <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atexit&sektion=3">atexit(3)</a> now receives.
139: <li>Further tweaks to handling of address families in NAT rules. Try to infer the AF from the rule, if that fails then require the user to specify it.
140: <li>Various fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cy&sektion=4">cy(4)</a>.
141: <li>Merge in OpenSSL-0.9.7-stable-SNAP-20020911, bump libcrypto minor version.
142: <!-- ^^^ 20020914 -->
143: <li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newsyslog&sektion=8">newsyslog(8)</a> rotating logfiles that only contain logfile rotation messages.
144: <!-- ^^^ 20020913 -->
145: <li>License fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pppd&sektion=8">pppd(8)</a>, nearly there now.
146: <li>Add -H option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=identd&sektion=8">identd(8)</a> which hides info for non-existent users as well as existing ones. Useful when NATing.
147: <li>Remove the need for /dev/null and /etc/localtime in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=named&sektion=8">named(8)</a>'s chroot jail.
148: <li>Add 'antispoof' keyword to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>. Oh yes.
149: <li>Improvements to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>'s netmask handling.
150: <!-- ^^^ 20020912 -->
151: <li>Add a missing pointer initialisation in in6_ifdetach().
152: <li>Make the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a> client's ls command useful, with globbing and short/long listings.
153: <li>Fix initialisation of Broadcom 582x chips by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ubsec&sektion=4">ubsec(4)</a>.
154: <!-- ^^^ 20020911 -->
155: <li>Various signedness fixes.
156: <li>Versioning info moves to 3.2-beta.
157: <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a> check the peer using <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getpeereid&sektion=2">getpeereid(2)</a>.
158: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pmap&sektion=9">pmap</a>_{copy,zero}_page API changes.
159: <li>Merge in OpenSSL 0.9.7beta3.
160: <!-- ^^^ 20020910 -->
161: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=amd&sektion=8">amd(8)</a> now creates a socket listening on 127.0.0.1 as well as one on *, and only responds to amq requests on the former.
162: <li>Add support for the Silicon Image 680 ATA133 chip to the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pciide&sektion=4">pciide(4)</a> driver.
163: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> now supports Kerberos authentication in PrivSep mode.
164: <!-- ^^^ 20020909 -->
165: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>'s parser takes more care parsing address families in NAT rules.
166: <li>Add leap second support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rdate&sektion=8">rdate(8)</a> running in RFC868 mode (it already supports this in NTP mode with the -N option.)
167: <li>Correct <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=altq&sektion=9">altq(9)</a>'s representation of positive infinity.
168: <!-- ^^^ 20020908 -->
169: <li>Signal handler fixes in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bootpd&sektion-8">bootpd(8)</a><!-- on 20020908 -->, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rtadvd&sektion-8">rtadvd(8)</a><!-- on 20020909 --> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rtsold&sektion=8">rtsold(8)</a><!-- on 20020907 -->.
170: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=faithd&sektion=8">faithd(8)</a> dies on FD_SET overruns.
171: <li>Fix a couple of off-by-ones in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mopd&sektion=8">mopd(8)</a>.
172: <!-- ^^^ 20020907 -->
173: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fsck&sektion=8">fsck(8)</a> work properly with long block device filenames (handle MAXPATHLEN chars instead of 32.)
174: <li>Don't build the somewhat less than ubiquitous <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=photurisd&sektion=8&release=OpenBSD+3.1">photurisd(8)</a> by default any more.
175: <li>Lots and lots of ANSIfication.
176: <li>Lots of int -> socklen_t.
177: <li>Some signedness fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=arp&sektion=8">arp(8)</a>.
178: <li>Repair a missing msglog() arg in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=routed&sektion=8">routed(8)</a>.
179: <!-- ^^^ 20020906 -->
180: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ahc&sektion=4">ahc(4)</a>'s interrupt sharing.
181: <li>lib<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=usbhid&sektion=3">usbhid(3)</a> now available in the shared variety.
182: <li>Don't allow data to be appended to the receive buffer of a socket that's been shut down (see NetBSD <a href="http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=18185">PR#18185</a>.)
183: <li>Merge in OpenSSL 0.9.7beta1. To be continued.
184: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> interoperability fixes for FreeS/WAN and SSH Sentinel.
185: <!-- ^^^ 20020905 -->
186: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rwalld&sektion=8">rwalld(8)</a> revoke its group privileges as well as user privs.
187: <li>Don't install safe_finger any more.
188: <li>Add support for the SCSI Reduced Block Command Set (RBC.)
189: <li>Bump <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>'s LoginGraceTime from one minute to two.
190: <li>Various compatibility fixes and additions to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ubsec&sektion=4">ubsec(4)</a>.
191: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifconfig&sektion=8">ifconfig(8)</a> can now set whether or not use of IPv6 deprecated addresses are allowed.
192: <!-- ^^^ 20020904 -->
193: <li>_x11 user and group added for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xdm&sektion=1">xdm(1</a> to use.
194: <li>Pull in XFree86's fix for a serious Xlib security bug (which didn't affect OpenBSD.)
195: <li>Fix parsing of NAT port ranges.
196: <li>Check the interface specified with route-to/dup-to/fastroute actually exists. If it does, null terminate its name before moving on.
197: <!-- ^^^ 20020902 -->
198: <li>Fix an uninitialised pointer bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a>.
199: <li>The X server now tries to open the aperture driver before trying /dev/mem. Re-enable early privilege drop on i386.
200: <!-- ^^^ 20020901 -->
201: <!-- ^^^ 20020831 -->
202: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=traceroute&sektion=8">traceroute(8)</a> now warns if DNS returns multiple addresses, like traceroute6.
203: <li>Add support for the Promise Ultra133 TX2 EIDE controller.
204: <li>Fix an mbuf leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a>.
205: <li>Reenable the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atexit&sektion=3">atexit(3)</a> handler improvements backed out on 31 July.
206: <li>Add -I option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=traceroute6&sektion=8">traceroute6(8)</a> to get ICMP probes instead of UDP.
207: <!-- ^^^ 20020830 -->
208: <li>Further reduce the amount of time <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> runs as root when installed setuid.
209: <li>Fudge <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> so it only honours the requirement to check against a CRL if there is a CRL loaded...
210: <!-- ^^^ 20020829 -->
211: <li>Update the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rt&sektion=4">rt(4)</a> Radiotrack driver, add isapnp support.
212: <li>Some casts to make 64-bit kernel work with varargs calls.
213: <!-- ^^^ 20020828 -->
214: <li>Fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gem&sektion=4">gem(4)</a>.
215: <li>Properly limit EDNS0 size to 0xffff.
216: <li>Fix a signedness problem in SSH so that <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=RSA_public_decrypt&sektion=3">RSA_public_decrypt(3)</a> errors can be detected.
217: <li>Make X's module loader set PROT_EXEC using <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mprotect&sektion=2">mprotect(2)</a> on malloc'd pages containing code (needed since the heap is now mapped without PROT_EXEC.)
218: <li>DNS responses from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getaddrinfo&sektion=3">getaddrinfo(3)</a>, gethostby*() and getnetby*() now get a 64K receive buffer.<br>
219: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
220: <!-- ^^^ 20020827 -->
221: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=traceroute6&sektion=8">traceroute6(8)</a> warns if DNS returns multiple IP addresses for the target.
222: <li>Do a yyrestart() after a longjmp in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pcap&sektion-3">pcap(3)</a>.
223: <li>Fix a dangling pointer bug in sbcompress().
224: <li>Make the X server option NoSilkenMouse work again.
225: <!-- ^^^ 20020826 -->
226: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=portmap&sektion=8">portmap(8)</a> detect failure of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=svc_register&sektion=3">svc_register</a> and die nicely.
227: <li>X aperture driver for Alpha, works like i386.
228: <!-- ^^^ 20020824 -->
229: <li>Skeleton <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a> support for ELF in i386. Not enabled, nor is it promised anytime soon.
230: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a> warns about symbol size mismatches.
231: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inet_ntop&sektion=3">inet_ntop(3)</a> handles snprintf errors properly.
232: <li>Map the heap non-executable.
233: <!-- ^^^ 20020823 -->
234: <li>Change the way FREF() and FRELE() are called w.r.t. getvnode() and getsock().
235: <li>Fix a locking problem that can occur when an executable tries to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=exec&sektion=3">exec(3)</a> itself.
236: <li>Avoid a potential int overflow in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=comsat&sektion=8">comsat(8)</a>
237: <li>Make the resolver ignore DNS AAAA replies containing IPv4-mapped addresses.
238: <!-- ^^^ 20020822 -->
239: <li>Bump the listen() backlog from 5 to 128 (!) in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a>.
240: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>'s default LoginGraceTime reduced from 600 to 60 seconds.
241: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wscons&sektion=4">wscons(4)</a> now attaches to each wsdisplay device by default.
242: <li>Fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strip&sektion=1">strip(1)</a>. -x now works.
243: <!-- ^^^ 20020821 -->
244: <li>net.inet6.ip6_use_deprecated is on by default again...
245: <li>Fix some (but not all) signal races in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fsck_ffs&sektion=8">fsck_ffs(8)</a>.
246: <li>New -n option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftpd&sektion=8">ftpd(8)</a> that disallows anonymous access even if the ftp user exists.
247: <li>Perform /tmp/.{X11,ICE}-unix fixups before the system goes multiuser.
248: <!-- ^^^ 20020820 -->
249: <li>Fix sysctl <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=copyout&sektion=9">copyout(9)</a>s in IPv6 neigbour discovery.
250: <!-- ^^^ 20020819 -->
251: <li>Audit and cleanup of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inet_net_ntop&sektion=3">inet_net_ntop(3)</a>, inet_neta() and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inet_ntop&sektion=3">inet_ntop(3)</a>.
252: <li>TCP now tries to act appropriately w.r.t. net.inet6.ip6_use_deprecated.
253: <!-- ^^^ 20020818 -->
254: <li>Use of IPv6 deprecated addresses switched off by default. (See <a href="http://www.ietf.org/rfc/rfc2462.txt">RFC2462</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=8">sysctl(8)</a> variable net.inet6.ip6_use_deprecated.)
255: <li>Fixes to the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isp&sektion=4">isp(4)</a> SCSI driver.
256: <!-- ^^^ 20020817 -->
257: <li>Correct two sizeof bugs in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=9">crypto(9)</a>.
258: <li>Allow a raw IP socket to see a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gre&sektion=4">gre(4)</a> packets for tunnels we haven't configured.
259: <!-- ^^^ 20020816 -->
260: <li>Add some more cross-compilation targets in /usr/src/Makefile.
261: <li>Backfit Perl 5.80's File::Glob implementation (based on OpenBSD's code) to our <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=perl&sektion=1">perl(1)</a>.
262: <li>Fix a null pointer dereference in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
263: <!-- ^^^ 20020815 -->
264: <!-- ^^^ 20020814 -->
265: <!-- ^^^ some CVS breakage around here -->
266: <!-- ^^^ 20020813 -->
267: <li>Using the state table instead of a special-purpose list, allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT to use the same proxy port for multiple external peers.
268: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a> setgid(_sshagnt). setuid/setgid processes can't be <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ptrace&sektion=2">ptrace(2)</a>ed.
269: <li>SPARC consoles now use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wscons&sektion=4">wscons(4)</a>.
270: <!-- ^^^ 20020812 -->
271: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=traceroute&sektion=8">traceroute(8)</a> now displays '!X' when packets come back as ICMP administratively prohibited by filter.
272: <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rsh&sektion=1">rsh(1)</a> die on fd_set overruns.
273: <li>In a number of places, switch the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=calloc&sektion=3">calloc(3)</a> round the right way.
274: <li>Switch SPARC to ELF.
275: <li>Fix an XFree runtime loader problem seen on Alpha, PowerPC, SPARC and SPARC64.
276: <!-- ^^^ 20020811 -->
277: <li><font color="#e00000"><strong>SECURITY FIX: An insufficient boundary check in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=select&sektion=2">select(2)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=poll&sektion=2">poll(2)</a> system calls allows an attacker to overwrite kernel memory and execute arbitrary code in kernel context.</strong></font><br>
278: <a href="errata.html#scarg">A source code patch is available</a>.<br>
279: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
280: <!-- ^^^ 20020810 -->
281: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=raid&sektion=4">raid(4)</a> no longer gets loud at boot time unless option RAIDDEBUG is used.
282: <li>Sink a few bugs in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bs&sektion=6">bs(6)</a>.
283: <!-- ^^^ 20020809 -->
284: <li>Fix raw socket translation for Linux compatibility mode.
285: <li>Properly clear the argument list in pmdb.
286: <li>Die on fd_set overrun in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mtrace&sektion=8">mtrace(8)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=map-mbone&sektion=8">map-mbone(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mrouted&sektion=8">mrouted(8)</a> (not built by default.)
287: <li>When emulating Linux, don't have accept()ed sockets inherit flags from the listen socket.<br>
288: <a href="stable.html">[Applied to 3.1-stable]</a>
289: <li>Fix snprintf length in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslogd&sektion=8">syslogd(8)</a>.
290: <li>Correct a sizeof bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=photurisd&sektion=8">photurisd(8)</a>.
291: <li>Tweak IFF_PROMISC handling in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> to avoid some unnecessary initialisations.
292: <li>Fix a potential off-by-one in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a> that could cause mmap breakage on some architectures.
293: <li>Make insertion of data into socket buffers run in constant time, a huge win especially with large buffers.
294: <li>Relax slightly the conditions under which a TCP SYN packet will trigger the sequence number modulator. Handy for systems with ECN stacks.
295: <li>Fix a number of && -> & bit-test typos in OpenSSH (v1 RSA key use,) <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=routed&sektion=8">routed(8)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pic&sektion=1">pic(1)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fvwm&sektion=1">fvwm(1)</a> and a few in the kernel.
296: <li>Add a couple of missing <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=open&sektion=2">open(2)</a> mode args in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=afsd&sektion=8">afsd(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=msgs&sektion=1">msgs(1)</a>.
297: <!-- ^^^ 20020808 -->
298: <li>Improve TX interrupt handing in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=be&sektion=4&arch=sparc">be(4/SPARC,4/SPARC64)</a>.
299: <li>Fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mrinfo&sektion=8">mrinfo(8)</a> (this isn't built by default.)
300: <li>Improve <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>'s handling of interrupted system calls.
301: <li>Fix a free-in-caught-alloc-failure-block (!) in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ohci&sektion=4">ohci(4)</a>.
302: <li>Rewrite the CRL support in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>. Check for OpenSSL >= 0.9.7, the earliest supported version for now.
303: <!-- ^^^ 20020807 -->
304: <li>Retrofit the new early privilege revocation code to the old X servers.
305: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xlock&sektion=1">xlock(1)</a> defaults to blank mode (rather than random mode.) Also remove bomb mode altogether, to the annoyance of noone.
306: <li>Several fixes to the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hme&sektion=4&arch=sparc">hme(4/SPARC, 4/SPARC64)</a> driver.
307: <li>Restore struct link_map ABI compatibility between ld.so and gdb, broken by the split of link.h into separate MI, ELF and a.out files.
308: <!-- ^^^ 20020806 -->
309: <li>Move AGP chipset support out of machine-independent section (AGP support is per-arch.)
310: <li><strong><font color="#e00000">REVISED SECURITY FIX</font></strong> for the OpenSSL ASN.1 buffer overflows, see the <a href="errata.html#ssl">erratum</a>.<br>
311: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
312: <!-- ^^^ 20020805 -->
313: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=auth_call&sektion=3">auth_call(3)</a>'s error logging.
314: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cron&sektion=8">cron(8)</a> cross-checks the crontab filename against the system username.
315: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a> drops its privileges earlier.
316: <!-- ^^^ 20020804 -->
317: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> can log matching rules to syslog.
318: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=write&sektion=1">write(1)</a> drops privileges after opening the tty.
319: <li>Refactor <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vmstat&sektion=8">vmstat(8)</a> slightly so <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kvm&sektion=3">kvm(3)</a> is only ever opened once (it could be opened a second time by dkstats.c before.)
320: <li>Open the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kvm&sektion=3">kvm(3)</a> library earlier in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fstat&sektion=1">fstat(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systat&sektion=1">systat(1)</a>, and so drop privs earlier.
321: <li>Test for a previously unchecked malloc() return value in the RPC library, and die unceremoniously on failure.
322: <li>Catch file read errors in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rdate&sektion=8">rdate(8)</a>'s leapsecond handler.
323: <li>Cleanup of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=amd&sektion=8">amd(8)</a>.
324: <!-- ^^^ 20020803 -->
325: <li>Remove Kerberos support from the default <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login.conf&sektion=5">login.conf</a> (and its hardwired defaults for when login.conf is absent.) See <a href="http://www.openbsd.org/cgi-bin/cvsweb/src/etc/login.conf?rev=1.12&content-type=text/x-cvsweb-markup">the log</a> for why.
326: <li>No more RPC by default. Expect a lot of 'NFS is broken' email to misc@ when 3.2 is released.
327: <li>Rework some aspects of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crontab&sektion=1">crontab(1)</a>'s file checks.
328: <li>Provide our own <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=RSA_verify&sektion=3">RSA_verify(3)</a> implementation for OpenSSH.
329: <li>Add the _sshagnt group for use by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a>.
330: <li>Correct a pointer comparison typo in libssl's ASN.1 parser library.
331: <li>Check for correct return value of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inet_aton&sektion=3">inet_aton(3)</a> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>.
332: <li>Add some overflow checks similar to the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=calloc&sektion=3">calloc(3)</a> patch to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>.
333: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> support for certificate revocation lists.
334: <!-- ^^^ 20020802 -->
335: <li>Prevent integer overflow in i386 USER_LDT code.
336: <li>Fix NFS's handling of zero-length RPC fragments.
337: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> handles unlinking of a symlink correctly.
338: <li>Limit file size to 2^31 * PAGE_SIZE in FFS code.
339: <li>u_short -> u_int16_t in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mrouted&sektion=8">mtrouted(8)</a>.
340: <!-- ^^^ 20020801 -->
341: <li><strong><font color="#e00000">REVISED SECURITY FIX</font></strong> for the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xdr_array&sektion=3">xdr_array(3)</a> buffer overflow, see the <a href="errata.html#xdr">erratum</a>.<br>
342: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
343: <li>Spot zero-length keys or values in ypmatch_add(), and exit early.
344: <li>Broken by the removal of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atexit&sektion=3">atexit(3)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chpass&sektion=1">chpass(1)</a> now cleans up after itself properly again.
345: <li>Use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fork&sektion=2">fork(2)</a> instead of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vfork&sektion=2">vfork(2)</a> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=make&sektion=1">make(1)</a>. Fixes hppa breakage.
346: <li>Back out the new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atexit&sektion=3">atexit(3)</a> handler changes which appear to break Perl somehow. Bugger.
347: <li>Get <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=calloc&sektion=3">calloc(3)</a> semantics right, while still not allowing the size_t overflow.<br>
348: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
349: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> compilation without mod_ssl.
350: <!-- ^^^ 20020731 -->
351: <li>On i386, allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mprotect&sektion=2">mprotect(2)</a> to alter the execution protection of the stack.
352: <li>Fix some more potential null pointer dereferences, this time in pfkey and netiso.
353: <li>Plug a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a> file descriptor leak in the X server.
354: <li>Have libc <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=opendir&sektion=3">opendir(3)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scandir&sektion=3">scandir(3)</a> check for size_t overflows like the new calloc().
355: <li>Like in libc, fix the calloc() implementation in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=named&sektion=8">named(8)</a> (only used by a feature disabled in OpenBSD.)
356: <li>Lots of work on the sparc and sparc64 console drivers.
357: <li>Kernel IPsec was only doing ESP integrity checks on NICs that had already done so in hardware...
358: <li>Fix a typo that caused a potential null pointer dereference in kernel NFS.
359: <li>New 'PermitUserEnvironment' option for SSH. Off by default.
360: <li>Add 'with or without modification' clause to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gprof&sektion=1">gprof(1)</a> licensing.
361: <li>Sync with OpenSSL 0.9.6e-0.9.7 <a href="http://www.openssl.org/news/patch_20020730_0_9_7.txt">CHANGES file</a>.
362: <li><font color="#e00000"><strong>SECURITY FIX: Several remote buffer overflows can occur in the SSL2 server and SSL3 client of the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=8">ssl(8)</a> library, as in the ASN.1 parser code in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=3">crypto(3)</a> library, all of them being potentially remotely exploitable.</strong></font><br>
363: <a href="errata.html#ssl">A source code patch is available</a>.<br>
364: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
365: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>, allow TCP flags to be specified in all rules that include TCP (before the rules had to be exclusively TCP.)
366: <!-- ^^^ 20020730 -->
367: <li>Fix a buffer overflow in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=backgammon&sektion=6">backgammon(6)</a>, and replace its gameplay algorithm.
368: <li>Kill a kernel tty memory leak.<br>
369: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
370: <li>Super-cautious strcpy()->strlcpy() in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=exec&sektion=3">exec*(3)</a>.
371: <li>Return failure if the parameters given to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=calloc&sektion=3">calloc(3)</a> would cause an overflow of size_t.<br>
372: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
373: <li>Don't enable so many authentication methods by default in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login.conf&sektion=5">login.conf(5)</a>.
374: <li><font color=#e00000><strong>SECURITY FIX: A buffer overflow can occur in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xdr_array&sektion=3">xdr_array(3)</a> RPC code, leading to possible remote crash.</strong></font></br>
375: <a href="errata.html#xdr">A source code patch is available</a>.<br>
376: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
377: <li>Privilege drop in new X servers is disabled for now on x86 due to a problem with xf86OpenConsole().
378: <li>Support DMA for two more ServerWorks <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pciide&sektion=4">pciide(4)</a> devices.
379: <li><font color=#e00000><strong>SECURITY FIX: A race condition exists in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pppd&sektion=8">pppd(8)</a> daemon which may cause it to alter the file permissions of an arbitrary file.</strong></font><br>
380: <a href="errata.html#pppd">A source code patch is available</a>.<br>
381: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
382: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mprotect&sektion=2">mprotect(2)</a> function pointers stored by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atexit&sektion=3">atexit(3)</a> to stop bad guys tweaking the exit handlers.
383: <li>"undrugs" <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gpr&sektion=4">gpr(4)</a>.
384: <li>Fix two off-by-one bugs in ext2fs.
385: <li>Add ld.so support for sparc.
386: <li>Lookup of ip6.arpa, then ip6.int for IPv6 reverse resolution. See <a href="http://www.ietf.org/rfc/rfc3152.txt">RFC3152</a> for why.
387: <li>Small fix for GCC 3.1.1 in IPv4 checksum code.
388: <!-- 20020729 -->
389: <li>Apply the 'broken PCI burst-write' workaround to all <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hifn&sektion=4">hifn(4)</a> 7811-based devices.
390: <li>Show <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uftdi&sektion=4">uftdi(4)</a> how to use hardware and software flow control.
391: <li>Fix a potential access-after-free() in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kue&sektion=4">kue(4)</a>.
392: <!-- ^^^ 20020728 -->
393: <li>/tmp/.X11-unix and /tmp/.ICE-unix are created in rc, owned by root, removing the need for root privs later on.
394: <li>Again, this time in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld&sektion=1">ld(1)</a>, map BSS non-executable.
395: <li>Rearrange the new XFree86 server so all tasks for which root privs are needed get done early in osinit(). Of course, revoke root right afterwards.
396: <li>Add Dell-specific PERC (right) product IDs so that <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=aac&sektion=4">aac(4)</a> configures Dell PowerEdge 2650 RAID.
397: <li>Add leapsecond support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rdate&sektion=8">rdate(8)</a>'s NTP client.
398: <!-- ^^^ 20020727 -->
399: <li>The install/upgrade scripts no longer automatically mount NFS filesystems.
400: <li>Kernel a.out code now allocates (mostly) non-executable BSS.
401: <li>Miscellaneous fixes to several games.
402: <li>Lots of work on the sparc64 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=creator&sektion=4&arch=sparc64">creator(4/sparc64)</a> framebuffer driver.
403: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> the order of the log and quick keywords is now irrelevant.
404: <!-- ^^^ 20020726 -->
405: <li>Allow X servers to be built without DGA.
406: <li>At securelevel 2, stop an attacker from setting the clock forwards to within a year of the time it wraps around to zero.
407: <li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=altq&sektion=9">altq(9)</a> to work on pre-Pentium x86 machines that lack pentium_mhz stuff.
408: <li>Add a distrib note that due to major changes to the port, the sparc installer won't allow upgrades to 3.2
409: <li>Only include a single <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wscons&sektion=4">wscons(4)</a> font when building with option SMALL_KERNEL.
410: <li>Add a few more RFC2142-suggested mailbox aliases.
411: <li>Improve <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a>'s filename handling.
412: <li>More <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hifn&sektion=4">hifn(4)</a> fixes.
413: <li>Fix comparison bug in IPv6 multicast routing MTU check.
414: <!-- ^^^ 20020725 -->
415: <li>Correct bad sizeof() in kernel NFS code.
416: <li>Checks for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=snprintf&sektion=3">snprintf(3)</a> return values < 0.
417: <li>Improve <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>'s uid/gid tracking.
418: <li>Fix the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=csh&sektion=1">csh(1)</a> large directory fix.
419: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>, help avoid a potential man-in-the-middle attack by showing all known host keys for a host when we're warning about an unknown host key.
420: <li>Fix a TAILQ null deref in pmdb.
421: <!-- ^^^ 20020724 -->
422: <li>Make the second parameter to r?index()/strr?chr() an int instead of a char.
423: <li>Stick a thread mutex around name lookups in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getaddrinfo&sektion=3">getaddrinfo(3)</a>.
424: <li>Fix a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> double free().
425: <li>Cardbus support for macppc.
426: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dc&sektion=4">dc(4)</a> cardbus reads.
427: <li>Remove a signedness bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>'s handling of utmp_len (-u option.)
428: <li>Fix some bugs in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pool&sektion=9">pool(9)</a>.
429: <!-- ^^^ 20020723 -->
430: <li>More additions to GNU <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=as&sektion=1">as(1)</a>, this time to make Ogle compile.
431: <li>Fix graceful restarts of chroot'ed <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a>.
432: <li>Have SSH fall back to the standard path if setusercontext() can't set it.
433: <!-- ^^^ 20020722 -->
434: <li>Add a sequence number to kernel messages for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>.
435: <li>Teach pmdb about corefiles.
436: <li>Map stack pages non-executable.
437: <!-- ^^^ 20020721 -->
438: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=noct&sektion=4">noct(4)</a> now works around NSP2000 PCI bridge brokenness. Fix a similar problem in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hifn&sektion=4">hifn(4)</a>.
439: <li>Drop the requirement for commas in many <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> lists, useful when used in conjunction with the new variable concat feature.
440: <li>Implement string concatenation for variable declarations in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
441: <li>Big change to the way signal trampolines are stored and called.
442: <li>Add milter build support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a>, see the Makefile.
443: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sudo&sektion=8">sudo(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inetd&sektion=8">inetd(8)</a> die if setusercontext() fails.
444: <!-- ^^^ 20020720 -->
445: <li>Fix a disk masher bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=siop&sektion=4">siop(4)</a>, a little too late for some.
446: <li>Don't install <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mk-amd-map&sektion=8&manpath=OpenBSD+3.1">mk-amd-map(8)</a> any more, we don't use it. And it's broken.
447: <li>Merge Apache 1.3.26 and mod_ssl 2.8.10.
448: <li>Have SSH remove fatal cleanups after calling fork().
449: <!-- ^^^ 20020719 -->
450: <li>/etc/systrace directory added along with policies for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=named&sektion=8">named(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lpd&sektion=8">lpd(8)</a>.
451: <li>Make OpenSSL use /bin/sh instead of $SHELL when running scripts. Not everyone uses a Bourne-like shell.
452: <li>String handling and other fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rogue&sektion=6">rogue(6)</a>.
453: <!-- ^^^ 20020718 -->
454: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pax&sektion=1">pax(1)</a> -s replacement string truncation.
455: <li>Fix a deref after free() in the kernel's routing socket code.
456: <li>Add 'fdcache' to Apache, part of the work to make graceful restart work properly under the chroot().
457: <li>The search for a shorter rulebase continues, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> now recognises 'self' as an address, meaning all IPv4 and IPv6 addresses on all interfaces.
458: <!-- ^^^ 20020717 -->
459: <li>Fix wayward string termination in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rbootd&sektion=8">rbootd(8)</a>.
460: <li>Fix a DIAGNOSTIC bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ffs_softupdates&sektion=4">ffs_softupdates(4)</a>, and also make panic() calls show the right type.
461: <li>Some mbuf Fixes to the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hifn&sektion=4">hifn(4)</a> driver, more fixes to come.
462: <li>Add DES and 3DES to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=noct&sektion=4">noct(4)</a> as well.
463: <li>Fix some broken memset() and lseek() calls.
464: <!-- ^^^ 20020716 -->
465: <li>Work around some limitations of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=noct&sektion=4">noct(4)</a> hardware. Add MD5 and SHA1 support.
466: <li>Small additions to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=as&sektion=1">as(1)</a> to make <a href="http://www.gnupg.org/">gnupg</a> compile.
467: <li>Add some new users (names beginning with underscore) to replace user nobody for portmap, rstatd, identd, rusersd and fingerd.
468: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=csh&sektion=1">csh(1)</a> directory completion SIGSEGV with large directories.
469: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atrun&sektion=8">atrun(8)</a> part of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cron&sektion=8">cron(8)</a>, removing the need for the atrun cronjob.
470: <li>More <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>: accept !<interface> syntax. Oh yes.
471: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=top&sektion=1">top(1)</a> now has a BSD license.
472: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> parser spots more silly combinations (return-rst on non-TCP rules, keep-state on block rules.)
473: <!-- ^^^ 20020715 -->
474: <li>Fix a double free in BSD authentication.
475: <!-- XXX sendmail SuperSafe=... thing ? -->
476: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftpd&sektion=8">ftpd(8)</a> always use high port numbers for passive data connections (no more -h option.)
477: <!-- ^^^ 20020714 -->
478: <li>Add SIGALRM to the list of signals that can be sent (after uid/euid checks) to set[ug]id child processes.
479: <li>Enable list expansion for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT rules, broken since the pf.conf/nat.conf merge.
480: <li>The XFree86 3.3.x servers that are left now revoke their root privileges right after getting I/O access.
481: <li>Now that <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xterm&sektion=1">xterm(1)</a> drops its root privileges, install it setgid(utmp) for utmp updates. Revoke setgid too if not needed.
482: <!-- ^^^ 20020713 -->
483: <li>Fix at least one <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a> buffer overflow.<br>
484: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
485: <li>Teach MMX (not SSE) to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=as&sektion=1">as(1)</a>.
486: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=radio&sektion=4">radio(4)</a> device attachment for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bktr&sektion=4&arch=i386">bktr(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fms&sektion=4">fms(4)</a>.
487: <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pcibios&sektion=4&arch=i386">pcibios(4)</a> detect and ignore a too-short PCI IRQ routing table header.
488: <li>Changes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a>: Search order now always looks like a.out, destructors are called on dlclose(), move some libc-like functions into private namespace.
489: <li>Add support for AGP GART on some i386 AGP chipsets (see <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vga&sektion=4">vga(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=options&sektion=4">options(4)</a>.)
490: <li>Remove '\\' -> '\' translation in crontabs to keep the shell happy.
491: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xterm&sektion=1">xterm(1)</a> revoke its root privileges.
492: <li>Remove a race and some other bugs from the mountpoint locking code. <!-- ok art@ -->
493: <li>Add some flags to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dohooks&sektion=9">dohooks(8)</a> and fix a time-honoured memory leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hook_disestablish&sektion=9">hook_disestablish(9)</a>.
494: <!-- ^^^ 20020712 -->
495: <li>New, hard-won firmware image for the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=txp&sektion=4">txp(4)</a> driver.
496: <li>Remove the www group's privileges to the mod_ssl mutex semaphore.
497: <li>Really remove SuperProbe from X.
498: <li>Create a skeleton UserDir tree under /var/www/users.
499: <li>Have Apache initialise OpenSSL (opening /dev/crypto) before chroot. No more /var/www/dev/crypto.
500: <!-- ^^^ 20020711 -->
501: <li>Basic IPv6 fragment support (no normalisation yet) in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
502: <li>Correct a memcpy error in the kernel and ssh's Rijndael code.
503: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> filename intercepts work with chroot().
504: <li>Try to make resetting of USB ports work better.
505: <li>Add fchmod translation support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>.
506: <li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> closing the std file descriptors when going daemon.
507: <!-- ^^^ 20020710 -->
508: <li>Fix ni6_nametodns() pointer bug in icmp6; NetBSD PR17540.
509: <li>Add support in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uftdi&sektion=4">uftdi(4)</a> for FT8U232AM-based USB serial adapters, likewise add more devices to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uplcom&sektion=4">uplcom(4)</a>.
510: <li>Fix miniroot typo that was breaking FTP installs.
511: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sed&sektion=1">sed(1)</a>'s r command (PR2755.)
512: <li>Add a daemon mode to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>.
513: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=udsbr&sektion=4">udbsr(4)</a> driver for D-Link radio cards added.
514: <li>Add a timeout value to USB I/O calls, rather than having a systemwide timeout.
515: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> chroot() and drop root privileges by default. A lot module chroot fixes to come.
516: <li>Add syscall aliasing to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> (e.g. stat/fstat/readlink/access/... become 'fsread'.)
517: <li>Some fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=umidi&sektion=4">umidi(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uscanner&sektion=4">uscanner(4)</a>.
518: <li>Add SMC 2206 support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=aue&sektion=4">aue(4)</a>.
519: <li>Fix a potential off-by-five error in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>.
520: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> now accepts an interface in most of the places it can take an IP address, and picks up all the IPv4 and IPv6 addresses on that interface.
521: <!-- ^^^ 20020709 -->
522: <li>Don't try to load a 32-bit quart into a 16-bit pint register in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xl&sektion=4">xl(4)</a>.
523: <li>Always load ELF binaries to the address at which they were linked.
524: <li>Rig <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=opendir&sektion=3">opendir(3)</a>'s sort so it can't fail due to lack of memory.
525: <li>Compatibility fixes for the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ubsec&sektion=4">ubsec(4)</a> 582x series.
526: <li>Some updates to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cron&sektion=8">cron(8)</a>.
527: <li>Grab a security fix to bcopy/memcpy from FreeBSD. See their cvsweb entry for <a href="http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libc/i386/string/bcopy.S">bcopy.S</a>.
528: <li>Work around <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tl&sektion=4">tl(4)</a>'s broken multicast filter.
529: <li>Remove <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ab&manpath=OpenBSD+3.1">ab(1)</a> from the Apache installation.
530: <li>Remove <a href="http://www.eecis.udel.edu/~ntp/">NTP</a> support from the kernel.
531: <li>Don't attempt to resubmit a structure we just freed in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> / <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipcomp&sektion=4">ipcomp(4)</a>.
532: <li>Small fixes to IP-in-IP encapsulation code.
533: <li>Add Security Mode options to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atactl&sektion=8">atactl(8)</a>.
534: <li>Support a few more HPT <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pciide&sektion=4">pciide(4)</a> cards.
535: <li>Make NEED_VERSION obsolete in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bsd.port.mk&sektion=5">bsd.port.mk(5)</a>.
536: <li>Fill IPv6 null pointer dereference in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1">cvs(1)</a> pserver.
537: <li>Remove some old upgrade hacks from the installer script.
538: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> chokes on invalid '! <interface>' syntax, instead of just ignoring the '!'.
539: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> interface stats, and allow the loginterface feature to be disabled.
540: <li>Make signal handler flags in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> of type volatile sig_atomic_t.
541: <li>Fix a few GCC 3.1 moans in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>.
542: <li>Un-bloating of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ahc&sektion=4">ahc(4)</a>.
543: <li>Cleanup of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rpcgen&sektion=1">rpcgen(1)</a>.
544: <li><font color=#e00000><strong>RELIABILITY FIX: Don't assume we have an active exchange during payload validation, otherwise <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> can be made to crash.</strong></font><br>
545: <a href="errata.html#isakmpd">A source code patch exists to remedy the problem.</a><br>
546: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
547: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ep&sektion=4">ep(4)</a> on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isapnp&sektion=4">isapnp(4)</a> now works on <a href="http://www.openbsd.org/alpha.html">alpha</a>.
548: <li>Improve the way the installer's fileset selection UI works.
549: <li>Fix a potential buffer overflow in xsystrace.
550: <li>Add a note to the unwary in distrib/notes about the danger of skipping several versions when upgrading.
551: <li>Don't have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> allocate memory for stuff we don't need, just to discard it straight away.
552: <li>Set IP_PORTRANGE_HIGH for active mode data channel of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&sektion-1">ftp(1)</a>.
553: <li>Add some more <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=usb&sektion=4">usb(4)</a> product IDs.
554: <li>Fix an off-by-one error in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rmt&sektion=8">rmt(8)</a> and improve string handling in general.
555: <li>Normalise <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nc&sektion=1">nc(1)</a>'s EOF handling.
556: <li>Plug a few <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> memory leaks.
557: <li>Tweak the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tga&sektion=4&arch=alpha">tga(4/ALPHA)</a> driver.
558: <li>Fix several missing or broken <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=malloc&sektion=3">malloc(3)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=realloc&sektion=3">realloc(3)</a> failure checks.
559: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rcs&sektion=1">rcs(1)</a>, actually <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=exit&sektion=3">exit(3)</a> after spotting that LocalId is too long.
560: <li>Lots of ANSIfication of function declarations and prototypes.
561: <li>Fix bug causing 'SPL NOT LOWERED' errors from the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ami&sektion=4">ami(4)</a> RAID controller.
562: <li>Give <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign&sektion=8">ssh-keysign(8)</a> its setuid(root) toys back, but only work at all if HostbasedAuthentication is globally disabled.
563: <li>Use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=RSA_blinding_on&sektion=3">RSA_blinding_on(3)</a> to ward off a <a href="http://www.cryptography.com/resources/whitepapers/TimingAttacks.pdf">Kocher timing attack</a> on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign&sektion=8">ssh-keysign(8)</a>.
564: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=signal&sektion=3">signal(3)</a> race in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ping&sektion=8">ping(8)</a>.
565: <li>Remove <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=adv&sektion=4">adv(4)</a> from the i386 RAMDISK kernel until new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ahc&sektion=4">ahc(4)</a> un-bloats itself.
566: <li>Catch a null pointer dereference when fetching the routing table via <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a>.
567: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sis&sektion=4">sis(4)</a> compile and work on <a href="http://www.openbsd.org/alpha.html">alpha</a>.
568: <li>Return correct result sizes from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ubsec&sektion=4">ubsec(4)</a>.
569: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a> will now compile with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> but no <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
570: <li>Cleanup of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftpd&sektion=8">ftpd(8)</a>.
571: <li>Fix PIO writes code in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wdc&sektion=4">wdc(4)</a>, broken since OpenBSD 2.5!
572: <li>Remove unnecessary <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=longjmp&sektion=3">longjmp(3)</a> from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login&sektion=1">login(1)</a>.
573: <li>Pages allocated with debug_malloc() aren't ever executed, so don't use VM_PROT_ALL.
574: <li>Finally fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a> address cache bug.
575: <li>Properly handle endpoint differences of opinion on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> Compression options
576: <li>Fix the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wsdisplay&sektion=4">wsdisplay(4)</a> blanker after the X server has been running.
577: <li>Make the installer deal correctly with passwords starting with '-X ' for some X, instead of misinterpreting them as options to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=encrypt&sektion=1">encrypt(1)</a>.
578: <li>Fix some compatibility quirks in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ppp&sektion=8">ppp(8)</a>.
579: <li>Add a pushback buffer to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>'s parser.
580: <li>Remove setuid(root) from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign&sektion=8">ssh-keysign(8)</a>, disabling it for now.
581: <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=named&sektion=8">named(8)</a> call <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tzset&sektion=3">tzset(3)</a> so /etc/localtime isn't needed after the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chroot&sektion=2">chroot(2)</a>.
582: <li>More fixes to the new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ahc&sektion=4">ahc(4)</a> driver.
583: <li>Add AlphaServer 800 and 1000 support.
584: <li>Enable <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lc&sektion=4">lc(4)</a> devices in <a href="http://www.openbsd.org/alpha.html">alpha</a> GENERIC kernel.
585: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isapnp&sektion=4">isapnp(4)</a> panics on <a href="http://www.openbsd.org/alpha.html">alpha</a>.
586: <li>Make xf86config give the option of configuring a mouse wheel.
587: <li>Gracefully handle <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=i386_iopl&sektion=2&arch=i386">i386_iopl(2)</a> failure in the X server when trying to give up privileges.
588: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wscons&sektion=4">wscons(4)</a> files to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fbtab&sektion=5">fbtab(5)</a> on <a href="http://www.openbsd.org/i386.html">i386</a>.
589: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a> support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslog&sektion=3">syslog(3)</a>.
590: <li>Evolve strtou?q() into strtou?ll(). Use weak aliases if available (wrappers otherwise) to fake strtou?q().
591: <li>Run <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rpc.rstatd&sektion=8">rpc.rstatd(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rpc.rusersd&sektion=8">rpc.rusersd(8)</a> as root from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inetd&sektion=8">inetd(8)</a> again, but go to nobody's jail at startup.
592: <li>Lots more bounds-checking all over the place.
593: <li>Recognise a few more <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fxp&sektion=4">fxp(4)</a> devices.
594: <li>Correct misleading cgetclose() entry in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getcap&sektion=3">getcap(3)</a> manpage.
595: <li>Try again with the new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ahc&sektion=4">ahc(4)</a> driver.
596: <li>Cleanups of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chpass&sektion=1">chpass(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=passwd&sektion=1">passwd(1)</a>.
597: <li><font color=#e00000><strong>SECURITY FIX: The kernel would let any user <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ktrace&sektion=2">ktrace(2)</a> set[ug]id processes.</strong></font><br>
598: <a href="errata.html#ktrace">A source code patch is available</a>.<br>
599: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
600: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newsyslog&sektion=8">newsyslog(8)</a> now doesn't follow symbolic links by default, fixing PR1913.
601: <li>Change web site banner to "One remote hole in the default install, in nearly 6 years!" That's still an awesome record.
602: <li>More audit of OpenSSH.
603: <li><a href="http://www.openssh.com/openbsd.html">OpenSSH 3.4</a> was released, and there was much rejoicing.
604: <li><font color=#e00000><strong>SECURITY FIX: All versions of OpenSSH's <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> between 2.3.1 and 3.3 contain an input validation error that can result in an integer overflow and privilege escalation. The problem is fixed in OpenSSH 3.4.</strong></font><br>
605: <a href="errata.html#sshd">A source code patch is available</a>.<br>
606: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
607: <li>Add a number of resource limits to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>.
608: <li>Increase <a href="http://www.openbsd.org/i386.html">i386</a> kvm size to 768M.
609: <li>The list of great Theo quotes for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a> continues to grow.
610: <li><font color=#e00000><strong>SECURITY FIX: A potential buffer overflow in the DNS resolver has been found.</strong></font><br>
611: <a href="errata.html#resolver">A source code patch is available</a>.<br>
612: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
613: <li>Merge in <a href="http://www.sendmail.org/">Sendmail</a> 8.12.5.
614: <li>Start work on IP-over-FireWire and IP-over-SCSI.
615: <li>Move a bunch of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> options into <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a>.
616: <li><a href="http://www.openbsd.org/c2k2/">c2k2</a>-inspired changes to the installer.
617: <li>Skip routing table lookup when {broad,multi}casting and the outgoing interface is set using <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=setsockopt()&sektion=2">setsockopt(2)</a>. Removes the need for a 224/4 route. <!-- XXX it still gets set in /etc/rc though -->
618: <li>Make X use /dev/wsmouse instead of /dev/wsmouse0 by default.
619: <li>Add some m68k opcode aliases for GNU <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=as&sektion=1">as(1)</a> from recent binutils.
620: <li>Fix the FTP relay in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=faithd&sektion=8">faithd(8)</a>.
621: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> reassociation after an AP reboot.
622: <li><font color=#e00000><strong>SECURITY FIX: A buffer overflow can
623: occur in the .htaccess parsing code in the mod_ssl <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> module, leading to possible remote crash or exploit (PR2767.)</strong></font><br>
624: <a href="errata.html#modssl">A source code patch is available</a>.<br>
625: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
626: <li>Lots of uid_t and gid_t signedness fixes.
627: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> no longer calls setsid() when run from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inetd&sektion=8">inetd(8)</a>.
628: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1">cvs(1)</a> pserver talk IPv6.
629: <li>Increment <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=boot&sektion=8&arch=i386">boot(8)</a> version to help debug the new memory probe and other fixes.
630: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> less twitchy on quick inserts/ejects.
631: <li>String handling and bounds checking fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login_fbtab&sektion=3">login_fbtab(3)</a>.
632: <li>Bump <a href="http://www.openssh.com/">OpenSSH</a> to version 3.3.<br>
633: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
634: <li>Start adding <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a> support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=noct&sektion=4">noct(4)</a>.
635: <li>System call argument rewriting framework for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a>.
636: <li>Enable <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> on sparc64, after a <em>lot</em> of groundwork.
637: <li>Fix some endianness nits in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a>.
638: <li>Remove <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifmcstat&sektion=8&manpath=OpenBSD+3.1">ifmcstat(8)</a>, the same information is available from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a>.
639: <li>More improvements to 4GB memory probing on <a href="http://www.openbsd.org/i386.html">i386</a>.
640: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> options are now documented in their own sshd?_config(5) manpage.
641: <li>Add option for smooth scrolling to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=talk&sektion=1">talk(1)</a>.
642: <li>Support a few more wireless cards in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a>.
643: <li>Build <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wicontrol&sektion=8">wicontrol(8)</a> on sparc64 as well.
644: <li>String handling cleanups in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=comsat&sektion=8">comsat(8)</a>.
645: <li>Support <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=magma&sektion=0&arch=sparc">magma(4/SPARC)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=magma&sektion=0&arch=sparc64">magma(4/SPARC64)</a> serial/parallel boards.
646: <li>Support <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=stp&sektion=4">stp(4)</a> sbus-PCMCIA bridge based on STP4020 chipset. (The nell driver on Solaris.)
647: <li>Cleanup of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=timed&sektion=8">timed(8)</a>.
648: <li>Removing its setgid(kmem) was not enough, remove <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=trsp&sektion=8">trsp(8)</a> altogether.
649: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=yacc&sektion=1">yacc(1)</a> errors look like C compiler errors, so parser utilities such as <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=error&sektion=1">error(1)</a> can deal with it.
650: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a> support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=random&sektion=9">random(9)</a>.
651: <li>Kill file descriptor leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&sektion=8">dhcpd(8)</a>.
652: <li>Fix lots of format strings in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcp&sektion=8">dhcp(8)</a> programs.
653: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ps&sektion=1">ps(1)</a> shows flag 'x' for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a>'d processes.
654: <li>Lots of work on the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gpr&sektion=4">gpr(4)</a> driver.
655: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uftdi&sektion=4">uftdi(4)</a>.
656: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systat&sektion=1">systat(1)</a> revoke its setgid(kmem) privileges.
657: <li>Remove old pccons driver from <a href="http://www.openbsd.org/i386.html">i386</a>, also the associated XSERVER option from the kernel.
658: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftpd&sektion=8">ftpd(8)</a>'s SIGALRM handler.
659: <li><font color=#e00000><strong>SECURITY FIX: A buffer overflow can
660: occur during the interpretation of chunked encoding in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a>, leading to possible remote crash.</strong></font><br>
661: <a href="errata.html#httpd">A source code patch is available</a>.<br>
662: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
663: <li>Add the punctuation-challenged Nike psa[play^120 USB widget.
664: <li>Remove setgid(kmem) from the enormously useful <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=trsp&sektion=8">trsp(8)</a>.
665: <li>Add UK keyboard map to <a href="http://www.openbsd.org/macppc.html">macppc</a> (with '#' on Option-3) and also option CAPS_IS_CONTROL.
666: <li>Increase <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xl&sektion=4">xl(4)</a> timeout to squash 'command never completed!' warnings.
667: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a> support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=audio&sektion=4">audio(4)</a>.
668: <li>Import <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=event&sektion=3">event(3)</a>, an API on top of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=select&sektion=2">select(2)</a> or <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a>.
669: <li>Enable DMA on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xl&sektion=4">xl(4)</a>.
670: <li>Allow transparent (statically keyed) <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> processing on a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a>.
671: <li>Help <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ppp&sektion=8">ppp(8)</a> to cope with yet more Microsoft PPP attributes.
672: <li>Extend <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a> key lifetime constraints more flexible (i.e. more than just key lifetime.)
673: <li>Teach ECN attributes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>.
674: <li>Add eui64 option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifconfig&sektion=8">ifconfig(8)</a> for configuring the IPv6 interface index.
675: <li>Add a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> to get the CPU type on sparc and sparc64.
676: <li>Throw away the first 256 words of arc4 output in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=random&sektion=9">random(9)</a>.
677: <li>Gratuitous pid_t cleanup in /usr/bin.
678: <li>Grab multicast <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vlan&sektion=4">vlan(4)</a> code from NetBSD.
679: <li>Add some inlined hash functions for the kernel, in <sys/hash.h>.
680: <li>Cleanup work on conditional evaluation in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=make&sektion=1">make(1)</a>.
681: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> accepts IPComp flows.
682: <li>Drop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> scrub(fragcache) syntax in favour of the fragment ... option in scrub rules.
683: <li>Teach <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a> about <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipcomp&sektion=4">ipcomp(4)</a>.
684: <li>Show sparc64's X server which device it wants to mmap().
685: <li>Add ioctl to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wscons&sektion=4">wscons(4)</a> allowing sparc64 (other architectures later) to find out which PCI device it's using.
686: <li>Enable userland <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=4">crypto(4)</a> support for DSA. Maybe logging in using ssh2 on a 486 needn't take 20 seconds after all.
687: <li>Kernel changes and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> switch for hardware asymmetric <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=4">crypto(4)</a> in userland.
688: <li>Add initial Ultra Port Architecture (<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=upa&sektion=4&arch=sparc64">upa(4/SPARC64)</a>) support. Attach <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=creator&sektion=4&arch=sparc64">creator(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=schizo&sektion=4&arch=sparc64">schizo(4)</a> using it.
689: <li>Import new <a href="http://www.openbsd.org/vax.html">vax</a> boot code from NetBSD.
690: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=umct&sektion=4">umct(4)</a> USB serial driver and .<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=umidi&sektion=4">umidi(4)</a> USB MIDI driver. Not tested, not in GENERIC.
691: <li>Add IPL_STATCLOCK and add lots of splassert()s.
692: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> spends less time with euid==0 even if it is installed setuid(root).
693: <li>Much cleanup in distrib/miniroot.
694: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> -s state print UDP and 'other' states nicely.
695: <li>New scrub(fragcache) ... syntax for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
696: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT proxy port ranges can be specified per-rule.
697: <li>Don't <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=panic&sektion=9">panic(9)</a> if <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> tries to insert a duplicate key.
698: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT and filter rules now all go in the one file (normally <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a>.) New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> file syntax. Oh yes.
699: <li>Clean up semantics of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gre&sektion=4">gre(4)</a> a bit.
700: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifconfig&sektion=8">ifconfig(8)</a> prints the Ethernet address. Yippee!
701: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=route&sektion=8">route(8)</a> now accepts DNS names (and naturally enough treats them as host routes.)
702: <li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> using the same range for SPIs and CPIs.
703: <li>Ports can now be specified in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT rules.
704: <li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a> to attach to a running process.
705: <li>Add ioctl <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a> to retrieve the current emulation of a process.
706: <li>Remove <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dlopen&sektion=3">dlopen(3)</a> stuff from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>.
707: <li>Fix BPF code for a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gif&sektion=4">gif(4)</a> tunnel, and add some more sanity checks.
708: <li>Default RhostsAuthentication and RhostsRSAAuthentication to 'no' now that <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> is now longer setuid(root) by default.
709: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-add&sektion=1">ssh-add(1)</a> key lifetimes can now be specified in nice readable form, e.g. '-t 1h'.
710: <li>Define __weak_alias() for mvme88k.
711: <li>Merge GNU TeXinfo 4.2.
712: <li>Prevent <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mbuf&sektion=9">mbuf(9)</a> leakage from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a>.
713: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bad144&sektion=8&arch=i386">bad144(8)</a>.
714: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=user&sektion=8">user(8)</a> now checks the username length against MaxUserNameLen.
715: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bio&sektion=4">bio(4)</a> device, so userland can talk to devices that don't have nodes in /dev.
716: <li>Remove KerberosIV startup code from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rc&sektion=8">rc(8)</a> files.
717: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT rules work more like normal filter rules.
718: <li>Add SIO*PHYADDR to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gif&sektion=4">gif(4)</a> so <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifconfig&sektion=8">ifconfig(8)</a> can set the outer address.
719: <li>Make published <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=arp&sektion=8">arp(8)</a> entries work again (PR2635.)
720: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcp&sektion=8">dhcp(8)</a> build faster (PR2715.)
721: <li>Start converting <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systat&sektion=1">systat(1)</a> to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> instead of kvm.
722: <li>Set FDDI link MTU the same as IPv4 MTU, fixes PR2714.
723: <li>Allow numeric group IDs in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>.
724: <li>Changes to initialisation and media config of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ep&sektion=4">ep(4)</a>.
725: <li>Add list support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> rdr rules.
726: <li>Fix a number of bad <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strlcpy&sektion=3">strlcpy(3)</a> calls.
727: <li>Fix PR2704 resuming <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=eso&sektion=4">eso(4)</a> after standby.
728: <li>Change a lot of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=index&sektion=3">index(3)</a> calls to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strchr&sektion=3">strchr(3)</a>.
729: <li>Change "'cuz" to "because." Strewth!
730: <li>Add another <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mbuf&sektion=9">mbuf(9)</a> flag M_AUTH_AH, changing the meaning of M_AUTH.
731: <li>Remove a bunch of '\n's from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslog&sektion=3">syslog(3)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=err&sektion=3">err(3)</a> calls.
732: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> IKECFG support work for both SET/ACK and REQ/REPLY modes.
733: <li>Fixes for OpenSSL when talking to hardware <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=4">crypto(4)</a>.
734: <li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&sektion=1">ftp(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftpd&sektion=8">ftpd(8)</a> spilling the IPv6 scope ID onto the wire.
735: <li>The hardware is willing, and now <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xl&sektion=4">xl(4)</a> is able to offload TCP, UDP and IP checksumming to it.
736: <li>Support setting MTU on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sk&sektion=4">sk(4)</a>.
737: <li>Add KERN_{NFILES,TTYCOUNT,NUMVNODES,MBSTAT} <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> entries.
738: <li>For a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a>, handle IPv4 frag-needed-but-DF-set just like on a regular interface.
739: <li>Pull in some <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pciide&sektion=4">pciide(4)</a> fixes from NetBSD.
740: <li>Remove (arguably) unnecessary setgid(operator) from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=df&sektion=1">df(1)</a>.
741: <li>Remove setuid(kmem) from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ps&sektion=1">ps(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=w&sektion=1">w(1)</a> now kvm can use sysctl for some stuff. We don't need no proc filesystem...
742: <li>Make the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kvm&sektion=3">kvm(3)</a> library try to use the shiny new sysctls to fetch process arguments and environment.
743: <li>Add flag to stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kvm_open&sektion=3">kwm_open(3)</a> opening any files, though limiting kvm functionality.
744: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> to retrieve process arguments and environment.
745: <li>Tweak kernel memory allocation on i386 to work better on 4GB machines.
746: <li>Work started on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=schizo&sektion=4&arch=sparc64">schizo(4/SPARC64)</a> PCI controller. Who said that?
747: <li>Install script now puts FQDN in /etc/myname.
748: <li>Make more use of splsoftnet() (instead of splnet()) in IPv6 code.
749: <li>lo0 now only gets ::1 when it's brought up.
750: <li>Merge <a href="http://www.pdc.kth.se/kth-krb/">kth-krb</a> 1.1.1.
751: <li>Enable weak aliases in libc for powerpc, sparc and alpha (already enabled on i386.)
752: <li>Add new splusb() to prevent USB initialisation lossage.
753: <li>Improve SMART support in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atactl&sektion=8">atactl(8)</a>.
754: <li>Silently ignore deprecated options to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> since they may be passed in for a remote scp command.
755: <li>Remove FallbackToRsh from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&sektion=1">scp(1)</a> as well.
756: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT rules now do macro expansion as well.
757: <li>Add Makefile-like (var += ...) macro concatenation to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>, then remove it again.
758: <li>Add per-rule state timeouts to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
759: <li>Fix well-hidden little bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=3">crypto(3)</a> to unbork <a href="http://www.openbsd.org/sparc64.html">sparc64</a> SSL/TLS negotiation.
760: <li>On <a href="http://www.openbsd.org/alpha.html">alpha</a>, don't allow kernel symbols to be paged out.
761: <li>Deprecate FallbackToRsh and UseRsh options in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>.
762: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign&sektion=8">ssh-keysign(8)</a> now insists on 20-byte session IDs.
763: <li>Remove suspect DIAGNOSTIC block from softdep kernel code.
764: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wsdisplay&sektion=4">wsdisplay(4)</a> screen blanker play nice with the X server.
765: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lpr&sektion=1">lpr(1)</a> and friends go from setuid(root) to setgid(daemon). Connections can come from unprivileged ports for now.
766: <li>Add Realtek 8129/8139 cardbus device support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rl&sektion=4">rl(4)</a>.
767: <li>Switch <a href="http://www.openbsd.org/macppc.html">macppc</a> to use gem instead of gm.
768: <li>Multicast fixes and Gigabit Ethernet support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gem&sektion=4">gem(4)</a>.
769: <li>Rule label length increased from 32 to 64 characters.
770: <li>Allow modification of TTL with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> return-rst.
771: <li>Timeout handling improvements to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ohci&sektion=4">ohci(4)</a>.
772: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a> print RIP6 statistics.
773: <li>Allow a per-rule limit to the number of state table entries a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a> rule can create.
774: <li>Switch <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> from AVL to red-black trees.
775: <li>Add Gemplus GPR400 PCMCIA smartcard reader.
776: <li>Don't propose IDEA when negotiating SSL connections.
777: <li>$srcaddr, $srcport, $dstaddr, $dstport, $proto and $nr (rule number) can now be used in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> rule labels.
778: <li>Make a kernel TCP RST and a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> return-rst look the same, to frustrate the nmap crowd.
779: <li>Some <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a> filter list optimizations.
780: <li>Remove IPv4 mapped address support from TCP input code, and remove is_ipv6().
781: <li>Add net.inet6.ip6.v6only <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=8">sysctl(8)</a> flag.
782: <li>Add ikecfg as a valid flag in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd.conf&sektion=5">isakmpd.conf(5)</a>. Start coding SET/ACK mode support.
783: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inetd&sektion=8">inetd(8)</a> no longer accepts UDP packets if the source is a broadcast address.
784: <li>Start work on <a href="http://www.xfree86.org/current/Xkdrive.1.html">KDrive</a> (TinyX) low-footprint X server support.
785: <li>Add a missing bzero() in sys/netinet/tcp_input.c to fix link-local TCP.
786: <li>Add flow type to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>.
787: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> crasher PR2729.
788: <li>Deprecate SIO.*IFPREFIX_IN6 ioctls.
789: <li>Merge <a href="http://www.stacken.kth.se/projekt/arla/">arla</a> release 0.35.7.
790: <li>Merge OpenSSL 0.9.7-stable-20020605.
791: <li>TCP wrappers and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> accept scoped IPv6 addresses.
792: <li>Remove [gs]etprogname() from KerberosIV
793: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> crash described in PR2721.
794: <li>Disable XF86_SVGA drivers in old XFree that are as good or better in XFree86 4.2.0, as defined in their <a href="http://www.xfree86.org/4.2.0/Status.html">status page</a>.
795: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bpf&sektion=4">bpf(4)</a> support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a>
796: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>, add netmask, subnet and DHCP server request support to IKECFG.
797: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bktr&sektion=4&arch=i386">bktr(4)</a> stereo.
798: <li>Support the RNG of AMD-768 southbridge (device <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=amdpm&sektion=4">amdpm(4)</a>.)
799: <li>Fix DMA handing of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hme&sektion=4&arch=sparc">hme(4)</a> (SPARC and SPARC64.)
800: <li>Pull in libcsu change from NetBSD to allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dlopen&sektion=3">dlopen(3)</a> to be used much earlier.
801: <li>Add -t key lifetime option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-add&sektion=1">ssh-add(1)</a>.
802: <li>Use IPv4/IPv6 addresses in /etc/inetd.conf instead of 'localhost' to avoid DNS lookups.
803: <li>Add predicate suffixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>.
804: <li>Add -x and -X options to respectively lock and unlock <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a>.
805: <li>Compatibility tweaks to getpid(), getuid() and getgid() under Linux emulation.
806: <li>Start work on new debugger, pmdb.
807: <li>Additional check (#ifdef DIAGNOSTIC) for duplicate <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uvm&sektion=9">uvm(9)</a> map entries.
808: <li>If <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslog&sektion=3">syslog(3)</a> fails with ENOBUFS when sending to /dev/log, it now waits a millisecond and retries.
809: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslogd&sektion=8">syslogd(8)</a> doubles the socket receive buffer size.
810: <li>Automatic policy generation for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a>.
811: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lynx&sektion=1">lynx(1)</a> now defaults to passive FTP.
812: <li>Remove [gs]etprogname() from KerberosV.
813: <li>New -a <bind_address> option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a> so user can specify the agent's UNIX domain socket.
814: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tbrconfig&sektion=8">tbrconfig(8)</a> statically linked.
815: <li>Remove assumptions about MTU values for certain media types.
816: <li>Use the same byte-order kung fu as the kernel in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atactl&sektion=8">atactl(8)</a>.
817: <li>Don't automagically set -prefixlen 128 on IPv6 host route.
818: <li>rasops instead of rcons for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vgafb&sektion=4&arch=sparc64">vgafb(4/SPARC64)</a>.
819: <li>Add xsystrace(1) [no manpage yet] UI for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a>.
820: <li> Add sbus <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bwtwo&sektion=4&arch=sparc">bwtwo(4)</a> mono framebuffer support (untested.)
821: <li>PrivSep'd <a href="http://www.openssh.com/">ssh</a> monitor processes check each authentication method is enabled before use.
822: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> userland import.
823: <li>Use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=arc4random&sektion=3">arc4random(3)</a> for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rtadvd&sektion=8">rtadvd(8)</a>.
824: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nice&sektion=3">nice(3)</a> standards compliant.
825: <li>More <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> tweaks for Symbol cards.
826: <li>Recognise VIA VT8233 PCI-ISA bridge.
827: <li>Fix <a href="http://www.openbsd.org/sparc64.html">sparc64</a> 64-bit relocation masks in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a>.
828: <li>Merge in <a href="http://www.sendmail.org/">Sendmail</a> 8.12.4.
829: <li>Detect stereo radio reception in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fms&sektion=4">fms(4)</a>.
830: <li>Compatibility tweaks to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=creator&sektion=0&arch=sparc64">creator(4/SPARC64)</a>.
831: <li>Replace <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mr&sektion=4&manpath=OpenBSD+3.1">mr(4)</a> radio driver with new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gtp&sektion=4">gtp(4)</a> driver, which is better tested.
832: <li>'<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl</a> -s all' now prints labels as well.
833: <li>Add volatile to sig_atomic_t. Stand well back.
834: <li>Use rasops instead of rcons in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cgthree&sektion=4&arch=sparc">cgthree(4/SPARC)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cgsix&sektion=4&arch=sparc">cgsix(4/SPARC)</a>.
835: <li>Simplify IPv6 link MTU code.
836: <li>Implement PMAP_CANFAIL flag for m68k pmap.
837: <li>Enable console blanking on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cgthree&sektion=4&arch=sparc">cgthree(4/SPARC)</a>.
838: <li>Make sure some struct sockaddr are cleared before use.
839: <li>Start work on NetOctave NSP2000 (hardware crypto) driver <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=noct&sektion=4">noct(4)</a>. Just the RNG for now.
840: <li>Apply <a href="http://www.dachb0den.com/projects/bsd-airtools.html">BSD Airtools</a> 0.2 patches.
841: <li>Teach <a href="http://www.ietf.org/rfc/rfc3168.txt?number=3168">ECN</a> flags to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
842: <li>Dump <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mkisofs&sektion=8&manpath=OpenBSD+3.1">mkisofs(8)</a> in favor of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mkhybrid&sektion=8">mkhybrid(8)</a>.
843: <li>Avoid fd_set overruns in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rtsold&sektion=8">rtsold(8)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=route6d&sektion=8">route6d(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rtadvd&sektion=8">rtadvd(8)</a>.
844: <li>Clue in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inetd&sektion=8">inetd(8)</a> to IPv6 FTP bounce attacks.
845: <li>Fix /etc/ptmp deletion bug that occurred if <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rmuser&sektion=8">rmuser(8)</a> was aborted.
846: <li>IBSS mode for Symbol cards (firmware >= 2.5) using the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi">wi(4)</a> driver.
847: <li>Add leading-zero padding to RSA signatures in <a href="http://www.openssh.com/">ssh</a>.
848: <li>Tweak <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=altq&sektion=9">altq(9)</a> <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=options&sektion=4">options(4)</a> so the kernel compiles on i[34]86.
849: <li>Add support in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fxp&sektion=4">fxp(4)</a> driver for more Intel PRO/100 VM cards.
850: <li>For those that do metric but refuse to work in meters and kilograms, <a href="http://www.unc.edu/~rowlett/units/dictK.html">kayser</a> conversion has been added to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=units&sektion=1">units(1)</a>. Wow.
851: <li>Fix signal races in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ping&sektion=8">ping(8)</a>.
852: <li>Now that the Dungeon Master <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dm&sektion=0&manpath=OpenBSD+3.1">dm(1)</a> has gone into well-earned retirement, make those games that need to save high scores, etc. run setgid games.
853: <li>Per-socket <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> policies and options!
854: <li>Stop a potential <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> DoS where an attacker could falsely advance the replay counter and so force valid traffic to be discarded.
855: <li>Add German keyboard map for Apple laptops.
856: <li>On ELF platforms, allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc&sektion=1">gcc(1)</a> to link Fortran code with other languages.
857: <li>Make sure every PCI interrupt is recorded, so ISA doesn't step on one of them later.
858: <li>Better <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=radio&sektion=4">radio(4)</a> devices attachment.
859: <li>Fix VIA8233 support in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=auvia&sektion=4">auvia(4)</a>.
860: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nc&sektion=1">nc(1)</a> timeouts behave more like netcat.
861: <li>Make sure user's shell is /usr/sbin/authpf before running <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=authpf&sektion=8">authpf(8)</a> to prevent $SSH_CLIENT shenanigans.
862: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh</a>, use OpenSSL's AES implementation instead of our own.
863: <li>Add -[46] options to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&sektion=1">ftp(1)</a>.
864: <li>Warn to syslog if IPv6 neighbor discovery tries to set the link MTU too small.
865: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tip&sektion=1">tip(1)</a> query the driver with the user's baud rate setting rather than only accepting a compiled-in list.
866: <li>Cleanup and small fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=skeyaudit&sektion=1">skeyaudit(1)</a>.
867: <li>Fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fms&sektion=4">fms(4)</a>.
868: <li>Various fixes and enhancements to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a>.
869: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> no longer starts in privilege-separated mode unless the PrivSep user sshd and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chroot&sektion=2">chroot(2)</a> dir /var/empty are both present.
870: <li>Fix potential time overflow in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dd&sektion=1">dd(1)</a>.
871: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a> refragment IP packets that are too large for the outgoing interface.
872: <li>Remove libdl, support is in libc since a long time already.
873: <li>Recognise Nokia C110 and C111 PC cards as <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> devices.
874: <li>Really sanitize <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a>'s environment as promised in the manpage when running set[ug]id, and test for set[ug]id earlier.
875: <li>Don't allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mktemp&sektion=3">mktemp(3)</a> to back up past the beginning of its input buffer.
876: <li>Use the correct string buffer size for printing port numbers in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
877: <li>Remove arc4random_8().
878: <li>struct ifnet now has an array of pointers to data for each address family. Move per-interface IPv6 state and neighbor discovery stuff here.
879: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a> cleanup.
880: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ping6&sektion=8">ping6(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=traceroute6&sektion=8">traceroute6(8)</a> updates from <a href="http://www.kame.net/">KAME</a>.
881: <li>unsigned -> unsigned int cleanup.
882: <li>Repair machdep.chipset sysctl on alpha.
883: <li>Audit pid_t type usage.
884: <li>Audit incorrect signal(2) usage.
885: <li>Fix big <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=snprintf&sektion=3">snprintf(3)</a>
886: parameter typo in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strftime&sektion=3">strftime(3)</a>.
887: <li>Don't use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=execlp&sektion=3">execlp(3)</a> when invoking <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign&sektion=8">ssh-keysign(8)</a>.
888: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kill&sektion=2">kill(2)</a> parameter brainfade in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=amd&sektion=8">amd(8)</a> and KerberosIV's rlogin.
889: <li><a href="http://www.openbsd.org/vax.html">vax</a>: Add board type for VXT2000+.
890: <li>More IANA interface type values, including IFT_BRIDGE.
891: <li>Split XFree86 bsd_video.c into architecture-specific files.
892: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=8">sysctl(8)</a> toggle net.inet.icmp.tstamprepl (default: 1) for ICMP timestamp replies.
893: <li>Even more steps toward the death of unsafe string functions.
894: <li>In XFree86 build, honour COPTS variable when building third-party apps.
895: <li>Add LIBS option for crunchgen so custom libraries can be added to boot images.
896: <li>Run <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rpc.rstatd&sektion=8">rpc.rstatd(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rpc.rusersd&sektion=8">rpc.rusersd(8)</a> as user nobody (boo!) from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inetd&sektion=8">inetd(8)</a>.
897: <li>From <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a>, remove tests that have no license, and for the same reason replace parts of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld&sektion=1">ld(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ldconfig&sektion=8">ldconfig(8)</a>.
898: <li>Remove unnecessary instruction cache flushes on <a href="http://www.openbsd.org/sparc64.html">sparc64</a>.
899: <li>Many cleanups in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a>.
900: <li>Support mixed IPv4/IPv6 address lists in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
901: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign&sektion=8">ssh-keysign(8)</a>.
902: <li>Remove obsolete <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dm&sektion=8&manpath=OpenBSD+3.0">dm(8)</a>.
903: <li>Fix <a
904: href="http://www.openbsd.org/cgi-bin/man.cgi?query=disklabel&sektion=8">disklabel(8)</a>
905: warnings on CD-ROM
906: (<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cd&sektion=4">cd(4)</a>)
907: with no data track.
908: <li>Allow incoming <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> connections in the temporary <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> ruleset installed by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rc&sektion=8">/etc/rc</a>, just in case the real rulebase fails to load later on.
909: <li>Hunt for biodone() calls not made at splbio() <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spl&sektion=9">spl(9)</a>, and fix them.
910: <li>Improve <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mount_cd9660&sektion=8">cd9660(8)</a> filesystem read-ahead performance.
911: <li>Support software brightness and backlight control on various macppc models.
912: <li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wsconsctl&sektion=8">wsconsctl(8)</a> to control brightness and backlight on displays which
913: support this.
914: <li>New libc IEEE floating-point code and libm routines for hppa.
915: <li>splassert (<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spl&sektion=9">spl(9)</a>) on i386.
916: <li>More steps toward the death of unsafe string functions.
917: <li>splassert (<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spl&sektion=9">spl(9)</a>) on sparc64.
918: <li>Add a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=creator&sektion=4&arch=sparc64">creator(4)</a> driver for sparc64 Creator and Creator3D cards.
919: <li>Jumbo <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lpr&sektion=1">lpr(1)</a> changes including IPv6 support, new features, and bugfixes.
920: <li>Still more hppa memory management and low-level code fixes.
921: <li>Simple pmap optimization on macppc.
922: <li>Did we mention the cleaning of the installation scripts, adding functionality yet reducing size?
923: <li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ddb&sektion=4">ddb(4)</a> to do a stack trace into the kernel message buffer.
924: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isp&sektion=4">isp(4)</a> fixes.
925: <li><font color=#e00000><strong>SECURITY FIX: Fix incorrect ACL check when using BSD authentication in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>.</strong></font><br>
926: <a href="errata.html#sshbsdauth">A source code patch is available</a>.<br>
927: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
928: <li>Fix a memory leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a>.
929: <li>New systrace facility.
930: <li>Better Cyrix cpu support.
931: <li>ECN support.
932: <li>Support SNTP in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rdate&sektion=8">rdate(8)</a>.
933: <li>Fix infinite SIGFPE loop situations on vax.
934: <li>Remove unnecessary setuid bit from binaries that either do not need it or
935: whose functionality requiring root privileges should only be invoked by root
936: anyways, or which can be changed into a setgid bit for a specific group.
937: <li>Switch <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=skey&sektion=1">skey(1)</a> management to per-user directories instead of a flat file and drop setuid bit on related tools.
938: <li>Lots of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ppp&sektion=8">ppp(8)</a> goodies.
939: <li>New splassert (see <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spl&sektion=9">spl(9)</a>) debug functionality on sparc.
940: <li>Enable Altivec instructions in macppc kernels.
941: <li>Support more Hifn cards (7814, 7851, 7854) via the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nofn&sektion=4">nofn(4)</a> driver.
942: <li>OpenSSL 0.9.7.
943: <li>Completely rework <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=at&sektion=1">at(1)</a> and related binaries, and make them POSIX-compliant.
944: <li>More use of hardware crypto cards functionality via <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ubsec&sektion=4">ubsec(4)</a>.
945: <li>More hppa memory management fixes.
946: <li>binutils 2.11.2.
947: <li>Add per-gid filtering to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
948: <li>Switch <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=at&sektion=1">at(1)</a> to be setgid crontab as well.
949: <li>Handle host names resolving in several addresses in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
950: <li>Fix compilation warnings for various userland programs.
951: <li>Add a new user, crontab, and change <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cron&sektion=8">cron(8)</a> from being setuid root to being setgid crontab.
952: <li>Add per-uid filtering to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
953: <li>More <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=usb&sektion=4">usb(4)</a> support updates.
954: <li>More <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ubsec&sektion=4">ubsec(4)</a>
955: hackery to get it to do more crypto operations, and hack
956: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hifn&sektion=4">hifn(4)</a>
957: and
958: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lofn&sektion=4">lofn(4)</a>
959: to work with this.
960: <li>Your average extensive cleaning of the installation scripts, adding functionality yet reducing size.
961: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=adb&sektion=4&arch=powerpc">adb(4)</a> french keyboard layout on macppc.
962: <li>Switch ELF platforms to the native <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gprof&sektion=1">gprof(1)</a>.
963: <li>Obtain a better licence for the hppa spmath routines.
964: <li>Add an <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=url&sektion=4">url(4)</a> driver for Realtek RTL8150L-based USB cards.
965: <li>mvme88k pmap bugfixes.
966: <li>Various <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=usb&sektion=4">usb(4)</a> driver updates.
967: <li>Remove <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rlogin&sektion=1&manpath=OpenBSD+3.0">rlogin(1)</a>,
968: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rlogind&sektion=8&manpath=OpenBSD+3.0">rlogind(8)</a> and
969: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rexecd&sektion=8&manpath=OpenBSD+3.0">rexecd(8)</a>.
970: <li>Fix several wrong computations in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newfs&sektion=8">newfs(8)</a>.
971: <li>Workaround ghost pcibus detection in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pchb&sektion=4">pchb(4)</a>.
972: <li>Add a tuner driver for the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fms&sektion=4">fms(4)</a> radio cards.
973: <li>Allow userland to know which <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> rule created a specific state.
974: <li>Prevent a 3.0 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wsmoused&sektion=8&arch=i386">wsmoused(8)</a> binary from panic'ing the kernel.
975: <li>Enable privsep by default in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>.
976: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=find&sektion=1">find(1)</a>'s -anewer and -cnewer options behaviour.
977: <li>Sprinkle ptrdiff_t and size_t types instead of int all over the tree.
978: <li>Support LBA48 addressing in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wdc&sektion=4">wdc(4)</a>.
979: <li>Bring back TURBOchannel alpha hardware support.
980: <li>Fix a slightly incorrect behaviour of the device cloning in UKC (<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=boot_config&sektion=8">boot_config(8)</a>).
981: <li><font color=#e00000><strong>SECURITY FIX: cause the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=exec&sektion=3">exec(3)</a> to fail if we are unable to allocate resources when dup-ing <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=null&sektion=4">/dev/null(4)</a> to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fd&sektion=4">fd(4)</a>'s 0-2 for setuid programs.</strong></font><br>
982: <a href="errata.html#fdalloc2">A source code patch is available</a>.<br>
983: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
984: <li>Extended Attributes code updates.
985: <li>Improve PS/2 mouse port detection in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pckbc&sektion=4">pckbc(4)</a>.
986: <li>Better <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hifn&sektion=4">hifn(4)</a> initialisation and memory usage.
987: <li>Extensive cleaning of the installation scripts, adding functionality yet reducing size. No, you're not having a deja vu.
988: <li>Fix ethernet interrupt level on sparc, and rework the sparc interrupt framework.
989: <li>Better color depth detection in Xwsfb.
990: <li>64-bit fixes in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vmstat&sektion=8">vmstat(8)</a>.
991: <li>Improve dma processing in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bge&sektion=4">bge(4)</a>.
992: <li><font color=#e00000><strong>RELIABILITY FIX: constrain readdirplus request count in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mount_nfs&sektion=8">nfs(8)</a> filesystem.</strong></font><br>
993: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
994: <li>Switch macppc console from the rcons engine to the rasops engine.
995: <li>Extensive cleaning of the installation scripts, adding functionality yet reducing size. Yes, once again.
996: <li>Add IEEE754 floating point completion code on alpha.
997: <li>Improve dma processing in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gx&sektion=4">gx(4)</a>.
998: <li>Build the XFree86 GLX extension on sparc64.
999: <li>Hunt for outdated prototypes for character devices entry points and fix them.
1000: <li>Switch mvme88k to the new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=MAKEDEV&sektion=8&arch=mvme68k">MAKEDEV(8)</a> generation framework.
1001: <li>Implement the -s option in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=m4&sektion=1">m4(1)</a>, for it to be POSIX-compliant.
1002: <li>Kill all mvme68k kernel compilation warnings.
1003: <li>Assorted mac68k code cleanups.
1004: <li>Shared key support in hostap mode in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a>.
1005: <li>Make Xwsfb support <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tga&sektion=4&arch=alpha">tga(4)</a> cards on alpha.
1006: <li>Fix a lock leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ami&sektion=4">ami(4)</a>.
1007: <li><font color=#e00000><strong>SECURITY FIX: update <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sudo&sektion=8">sudo(8)</a> to sudo 1.6.6.</strong></font><br>
1008: <a href="errata.html#sudo">A source code patch is available</a>.<br>
1009: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
1010: <li><font color=#e00000><strong>RELIABILITY FIX: avoid buffer overrun on PASV from a malicious server in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&sektion=1">ftp(1)</a>.</strong></font><br>
1011: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
1012: <li>Add a Soundforte radio driver, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sfr&sektion=4&arch=i386">sfr(4)</a>.
1013: <li>Add dynamic interface -> address translation in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
1014: <li>Add kernel hooks on ethernet interfaces, triggered by address changes.
1015: <li>Extended Attributes code updates.
1016: <li>Enable the Freetype library on sparc64.
1017: <li>Add queueing in the kernel crypto framework.
1018: <li>Make the system includes C++ friendly.
1019: <li>Allow explicit filtering of non-reassembled fragments in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
1020: <li>Support more hardware and fix stability issues in the mac68k <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sn&sektion=4&arch=mac68k">sn(4)</a> network driver.
1021: <li>Improved Lithuanian keyboard map for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wscons&sektion=4">wscons(4)</a>.
1022: <li><font color=#e00000>SECURITY FIX: fix a buffer overflow in AFS/Kerberos token handling in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>, and send a complete ticket.</font><br>
1023: <a href="errata.html#sshafs">A source code patch is available</a>.<br>
1024: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
1025: <li>Fix a memory leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a>.
1026: <li>Assorted hppa memory management fixes.
1027: <li>Allow fractional delays in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=top&sektion=1">top(1)</a>.
1028: <li>Enable upgrade functionality again on alpha installation media.
1029: <li>Extensive cleaning of the installation scripts, adding functionality yet reducing size.
1030: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1">cvs(1)</a> create the .cvspass file on a login operation if it does not exist, rather than failing.
1031: <li>Extend mac68k disklabels to 16 partitions, like all the other platforms.
1032: <li>Add cddb support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cdio&sektion=1">cdio(1)</a>.
1033: <li>Support more network cards with the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dc&sektion=4">dc(4)</a> driver.
1034: <li>Improve sparc pmap behaviour in some low memory conditions.
1035: <li>sendmail 8.13.
1036: <li>Switch mvme68k to the new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=MAKEDEV&sektion=8&arch=mvme68k">MAKEDEV(8)</a> generation framework.
1037: <li>Improve the library logic in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld&sektion=1">ld(1)</a> to increase speed and decrease memory usage on a.out platforms.
1038: <li>New mvme68k installation media.
1039: <li>Change fpu probe routine on mac68k.
1040: <li>Fix an obscure bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sed&sektion=1">sed(1)</a>.
1041: <li>Support more wireless cards with the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> driver, and fix a few issues within.
1042: <li>Fix 64-bit issues in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
1043: <li>Remove the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wx&sektion=4&manpath=OpenBSD+3.0">wx(4)</a> driver,
1044: which had been deprecated in favor of the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gx&sektion=4">gx(4)</a> driver.
1045: </ul>
1046: <p>
1047:
1048: This list mentions mostly platform-independent changes. For a list of changes
1049: made in a particular platform, please check the page for that platform. If you
1050: find them not listed there, the changes are either (1) not being documented or
1051: (2) are documented here.<br><br>
1052:
1053: <hr>
1054: <p>
1055: <h3>
1.2 ! deraadt 1056: For changes in other releases, click below:<br>
! 1057: <a href="plus20.html">2.0</a>,
! 1058: <a href="plus21.html">2.1</a>,
! 1059: <a href="plus22.html">2.2</a>,
! 1060: <a href="plus23.html">2.3</a>,
! 1061: <a href="plus24.html">2.4</a>,
! 1062: <a href="plus25.html">2.5</a>,
! 1063: <a href="plus26.html">2.6</a>,
! 1064: <a href="plus27.html">2.7</a>,
! 1065: <a href="plus28.html">2.8</a>,
! 1066: <a href="plus29.html">2.9</a>,
! 1067: <a href="plus30.html">3.0</a>,
! 1068: <a href="plus31.html">3.1</a>,
! 1069: <a href="plus.html">current</a>.
1.1 deraadt 1070: <br>
1071: </h3>
1072:
1073: <hr>
1074: <a href="index.html"><img height=24 width=24 src="back.gif" border=0 alt="OpenBSD"></a>
1075: <a href="mailto:www@openbsd.org">www@openbsd.org</a>
1.2 ! deraadt 1076: <br><small>$OpenBSD: plus32.html,v 1.1 2002/10/17 08:38:57 deraadt Exp $</small>
1.1 deraadt 1077:
1078: </body>
1079: </html>