Annotation of www/plus32.html, Revision 1.21
1.5 naddy 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1.1 deraadt 2: <html>
3: <head>
1.7 deraadt 4: <title>OpenBSD 3.2 changes</title>
1.1 deraadt 5: <link rev="made" href="mailto:www@openbsd.org">
6: <meta name="resource-type" content="document">
1.15 david 7: <meta name="description" content="OpenBSD 3.2 changes">
8: <meta name="keywords" content="openbsd,changes">
1.1 deraadt 9: <meta name="distribution" content="global">
10: <meta name="copyright" content="This document copyright 1996-2002 by OpenBSD.">
11: </head>
12:
13: <body bgcolor="#ffffff" text="#000000" link="#23238e">
14:
15: <a href="index.html"><img alt="[OpenBSD]" height="30" width="141" src="images/smalltitle.gif" border="0"></a>
16: <p>
1.7 deraadt 17: <h2><font color="#e00000">OpenBSD 3.2 released (November 1, 2002)</font></h2>
1.5 naddy 18: <hr>
1.1 deraadt 19:
20: <p>
21: This is a partial list of the major machine-independent changes
22: (i.e., these are the changes people ask about most often). Port
23: specific changes have also been made, and are sometimes mentioned
24: in the pages for the specific <a href="plat.html">platforms</a>.
25:
26: <p>
27: Changes to the <a href="ports.html">ports</a> collection are documented
28: <a href="portsplus/index.html">here</a>.
29:
30: <p>
1.5 naddy 31: Note: <font color="#e00000">Problems for which patches exist are marked in red</font>.
1.1 deraadt 32:
33: <p>
34: <h3>
1.2 deraadt 35: For changes in other releases, click below:<br>
36: <a href="plus20.html">2.0</a>,
37: <a href="plus21.html">2.1</a>,
38: <a href="plus22.html">2.2</a>,
39: <a href="plus23.html">2.3</a>,
40: <a href="plus24.html">2.4</a>,
41: <a href="plus25.html">2.5</a>,
42: <a href="plus26.html">2.6</a>,
43: <a href="plus27.html">2.7</a>,
44: <a href="plus28.html">2.8</a>,
45: <a href="plus29.html">2.9</a>,
46: <a href="plus30.html">3.0</a>,
47: <a href="plus31.html">3.1</a>,
1.6 deraadt 48: <a href="plus33.html">3.3</a>,
1.11 david 49: <a href="plus34.html">3.4</a>,
1.14 deraadt 50: <a href="plus35.html">3.5</a>,
1.17 miod 51: <a href="plus36.html">3.6</a>,
1.18 deraadt 52: <a href="plus37.html">3.7</a>,
1.20 deraadt 53: <a href="plus38.html">3.8</a>,
1.21 ! deraadt 54: <a href="plus39.html">3.9</a>,
1.2 deraadt 55: <a href="plus.html">current</a>.
1.1 deraadt 56: <br>
57: </h3>
58:
59: <p>
1.5 naddy 60: <h3><font color="#0000e0">Changes made between OpenBSD 3.1 and OpenBSD 3.2</font></h3><p>
1.1 deraadt 61: <ul>
62:
63: <li>Release branch created.
64: <!-- ^^^ 20021003 -->
1.8 deraadt 65: <li>Cool new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xdm&sektion=1">xdm(1)</a> images for 3.2.
1.5 naddy 66: <li><font color="#e00000"><strong>SECURITY FIX: Incorrect argument checking in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=setitimer&sektion=2">setitimer(2)</a> system call may allow an attacker to write to kernel memory.</strong></font><br>
1.4 margarid 67: <a href="errata31.html#kerntime">A source code patch is available</a>.<br>
1.5 naddy 68: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.1 deraadt 69: <!-- ^^^ 20021002 -->
70: <li>Retrofit the SIGUSR1->SIGUSR2 console switching change to the old X server.
1.5 naddy 71: <li>Fix a couple of crashers in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kevent&sektion=2">kevent(2)</a>.
1.10 deraadt 72: <li>OpenBSD 3.2-beta -> 3.2, OpenSSH -> 3.5.
1.1 deraadt 73: <!-- ^^^ 20021001 -->
74: <li>Try to initialise AGP GART in the privileged startup portion of the X server.
75: <!-- ^^^ 20020930 -->
1.5 naddy 76: <li>Plug a memory leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=url&sektion=4">url(4)</a>.
1.1 deraadt 77: <!-- ^^^ 20020929 -->
78: <li>login_radius returns, complete with fixed license.
79: <li>Still more cleanup and output trimming in the installer script.
1.5 naddy 80: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xf86cfg&sektion=1">xf86cfg(1)</a> now runs the server with '-nolisten tcp'.
1.8 deraadt 81: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xdm&sektion=1">xdm(1)</a> now drops privileges to run as user _x11 after starting as root.
1.1 deraadt 82: <!-- ^^^ 20020928 -->
1.10 deraadt 83: <li>daddr -> saddr in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> binat code. Oops.<br>
1.5 naddy 84: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.1 deraadt 85: <li>Add a wildcard client string match against "probe-*" for SSH probes to use.
86: <!-- ^^^ 20020927 -->
87: <li>Disable login_radius, pesky licensing problems again.<br>
1.5 naddy 88: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
89: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sppp&sektion=4">sppp(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lmc&sektion=4">lmc(4)</a> are back, with better licenses.
90: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> can now do privsep and krb4 together.
1.1 deraadt 91: <!-- ^^^ 20020926 -->
92: <li>Remove RC5 and MDC2 from libcrypto.
93: <li>Have the installer set the nosuid flag for mount points that shouldn't contain setuid programs.
94: <!-- ^^^ 20020925 -->
1.5 naddy 95: <li>Fix a sizeof bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a> spanning tree protocol support.
96: <li>New driver <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=em&sektion=4">em(4)</a>, supporting Intel Gigibit Ethernet adapters and replacing <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gx&sektion=4&release=OpenBSD+3.1">gx(4)</a>
97: <li>Some memory allocation and other tweaks to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=talkd&sektion=8">talkd(8)</a>.
1.1 deraadt 98: <!-- ^^^ 20020924 -->
99: <li>Better handling of IPv6 deprecated addresses.
100: <li>Fix the padding length for an IPv6 PADN option before a jumbo payload option.
101: <li>Allow SSL session IDs of any length up to 32, removing the non-standard 16-char minimum imposed before.
1.8 deraadt 102: <li>Add a /dev/X0 entry for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xdm&sektion=1">xdm(1)</a>, allowing the mouse to work with the upcoming xdm privilege drop. One for the Upgrading Mini-faq.
1.5 naddy 103: <li>Properly dump radix tree nodes in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a>.
1.1 deraadt 104: <!-- ^^^ 20020923 -->
1.5 naddy 105: <li>Template policy support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>.
106: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sppp&sektion=4">sppp(4)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lmc&sektion=4">lmc(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cz&sektion=4">cz(4)</a> drivers removed from release kernels due to license problems.
1.1 deraadt 107: <li>A bunch of gcc3 tweaks.
1.5 naddy 108: <li>Don't build Kerberos ticket forwarding programs <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kf&sektion=1&release=OpenBSD+3.1">kf(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kfd&sektion=8">kfd(8)</a> because of security issues. (Will come back when Heimdal 0.5 gets merged, after 3.2 release.)
1.1 deraadt 109: <li>Add support for ELF sections loaded relative to a base section.
1.5 naddy 110: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>'s antispoof command also block incoming packets with the source set to one of the host's IP addresses.
1.1 deraadt 111: <li>Make the VT switching code use SIGUSR2 instead of SIGUSR1. The latter is also used by the X server to synchronise with xinit.
112: <!-- ^^^ 20020922 -->
1.5 naddy 113: <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newsyslog&sektion=8">newsyslog(8)</a> handle with more grace situations where some archived logfiles have been uncompressed in-place.
1.1 deraadt 114: <li>Continue to reduce the amount of output the installer generates, so we won't need a magnifier to read the installation instructions in the CD gatefold.
1.5 naddy 115: <li>Add TBI (Ten-Bit Interface) mode support for fibre-based <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nge&sektion=4">nge(4)</a> cards, as well as some other bug fixes.
1.1 deraadt 116: <!-- ^^^ 20020921 -->
117: <!-- ^^^ 20020920 -->
1.5 naddy 118: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newsyslog&sektion=8">newsyslog(8)</a> actually run the command it's asked to run. Also, add new interpretation of a null command.
119: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newsyslog&sektion=8">newsyslog(8)</a>'s handling of empty lines.
120: <li>Remove the obsolete access.conf and srm.conf files from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a>.
1.1 deraadt 121: <!-- ^^^ 20020919 -->
1.13 deraadt 122: <li>Make sure <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> ProxyCommand programs get killed on exit (portable OpenSSH <a href="http://bugzilla.mindrot.org/show_bug.cgi?id=223">bug #223</a>).
1.1 deraadt 123: <li>Fix a potential FREE() of an uninitialised pointer in the kernel (sys/exec_script.c)
1.5 naddy 124: <li>Rewrite <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a>'s GRE decoder.
1.1 deraadt 125: <li>Fix signal trampoline problems with non-exec stack.
1.5 naddy 126: <li>Remove EGP decode support from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a> due to a duff license and apathy.
1.1 deraadt 127: <!-- ^^^ 20020918 -->
1.5 naddy 128: <li>So farewell, then, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=trsp&sektion=8&release=OpenBSD+3.1">trsp(8)</a>.
129: <li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newsyslog&sektion=8">newsyslog(8)</a> to rotate only specific logfiles.
130: <li>Make RAND_poll use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=arc4random&sektion=3">arc4random(3)</a> instead of /dev/arandom, so it works in under a chroot.
131: <li>New -a flag to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newsyslog&sektion=8">newsyslog(8)</a> allows a directory to be specified for archived logs.
132: <li>Set the close-on-exec flag for file descriptors created by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kvm_open&sektion=3">kvm_open(3)</a>.
133: <li>Fix DMA-related panics in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=twe&sektion=4">twe(4)</a> driver.
134: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>, try harder to create the X11 forwarding listener socket.
1.1 deraadt 135: <!-- ^^^ 20020917 -->
1.13 deraadt 136: <li>Fix a potential buffer overrun in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=setlocale&sektion=3">setlocale(3)</a> (NetBSD-<a href="ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2002-012.txt.asc">SA2002-012</a>).
1.5 naddy 137: <li>Don't chdir to / when <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> goes daemon.
138: <li>Add __syslog__ string formatting attribute to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc&sektion=1">gcc(1)</a>.
1.1 deraadt 139: <!-- ^^^ 20020916 -->
1.5 naddy 140: <li>Periodically save changes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> policies.
141: <li>Various fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newsyslog&sektion=8">newsyslog(8)</a>.
142: <li>Re-sync the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=siop&sektion=4">siop(4)</a> driver with NetBSD.
1.1 deraadt 143: <li>Signal fixes in libevent.
144: <!-- ^^^ 20020915 -->
145: <li>Merge in Sendmail 8.12.6.
1.5 naddy 146: <li>Give stdio's __cleanup handlers the same mprotect() treatment as <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atexit&sektion=3">atexit(3)</a> now receives.
1.1 deraadt 147: <li>Further tweaks to handling of address families in NAT rules. Try to infer the AF from the rule, if that fails then require the user to specify it.
1.5 naddy 148: <li>Various fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cy&sektion=4">cy(4)</a>.
1.1 deraadt 149: <li>Merge in OpenSSL-0.9.7-stable-SNAP-20020911, bump libcrypto minor version.
150: <!-- ^^^ 20020914 -->
1.5 naddy 151: <li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newsyslog&sektion=8">newsyslog(8)</a> rotating logfiles that only contain logfile rotation messages.
1.1 deraadt 152: <!-- ^^^ 20020913 -->
1.5 naddy 153: <li>License fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pppd&sektion=8">pppd(8)</a>, nearly there now.
154: <li>Add -H option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=identd&sektion=8">identd(8)</a> which hides info for non-existent users as well as existing ones. Useful when NATing.
155: <li>Remove the need for /dev/null and /etc/localtime in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=named&sektion=8">named(8)</a>'s chroot jail.
156: <li>Add 'antispoof' keyword to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>. Oh yes.
157: <li>Improvements to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>'s netmask handling.
1.1 deraadt 158: <!-- ^^^ 20020912 -->
159: <li>Add a missing pointer initialisation in in6_ifdetach().
1.5 naddy 160: <li>Make the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a> client's ls command useful, with globbing and short/long listings.
161: <li>Fix initialisation of Broadcom 582x chips by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ubsec&sektion=4">ubsec(4)</a>.
1.1 deraadt 162: <!-- ^^^ 20020911 -->
163: <li>Various signedness fixes.
164: <li>Versioning info moves to 3.2-beta.
1.5 naddy 165: <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a> check the peer using <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getpeereid&sektion=2">getpeereid(2)</a>.
166: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pmap&sektion=9">pmap</a>_{copy,zero}_page API changes.
1.1 deraadt 167: <li>Merge in OpenSSL 0.9.7beta3.
168: <!-- ^^^ 20020910 -->
1.5 naddy 169: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=amd&sektion=8">amd(8)</a> now creates a socket listening on 127.0.0.1 as well as one on *, and only responds to amq requests on the former.
170: <li>Add support for the Silicon Image 680 ATA133 chip to the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pciide&sektion=4">pciide(4)</a> driver.
171: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> now supports Kerberos authentication in PrivSep mode.
1.1 deraadt 172: <!-- ^^^ 20020909 -->
1.5 naddy 173: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>'s parser takes more care parsing address families in NAT rules.
1.13 deraadt 174: <li>Add leap second support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rdate&sektion=8">rdate(8)</a> running in RFC868 mode (it already supports this in NTP mode with the -N option).
1.5 naddy 175: <li>Correct <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=altq&sektion=9">altq(9)</a>'s representation of positive infinity.
1.1 deraadt 176: <!-- ^^^ 20020908 -->
1.5 naddy 177: <li>Signal handler fixes in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bootpd&sektion=8">bootpd(8)</a><!-- on 20020908 -->, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rtadvd&sektion=8">rtadvd(8)</a><!-- on 20020909 --> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rtsold&sektion=8">rtsold(8)</a><!-- on 20020907 -->.
178: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=faithd&sektion=8">faithd(8)</a> dies on FD_SET overruns.
179: <li>Fix a couple of off-by-ones in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mopd&sektion=8">mopd(8)</a>.
1.1 deraadt 180: <!-- ^^^ 20020907 -->
1.13 deraadt 181: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fsck&sektion=8">fsck(8)</a> work properly with long block device filenames (handle MAXPATHLEN chars instead of 32).
1.5 naddy 182: <li>Don't build the somewhat less than ubiquitous <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=photurisd&sektion=8&release=OpenBSD+3.1">photurisd(8)</a> by default any more.
1.1 deraadt 183: <li>Lots and lots of ANSIfication.
1.10 deraadt 184: <li>Lots of int -> socklen_t.
1.5 naddy 185: <li>Some signedness fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=arp&sektion=8">arp(8)</a>.
186: <li>Repair a missing msglog() arg in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=routed&sektion=8">routed(8)</a>.
1.1 deraadt 187: <!-- ^^^ 20020906 -->
1.5 naddy 188: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ahc&sektion=4">ahc(4)</a>'s interrupt sharing.
189: <li>lib<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=usbhid&sektion=3">usbhid(3)</a> now available in the shared variety.
1.13 deraadt 190: <li>Don't allow data to be appended to the receive buffer of a socket that's been shut down (see NetBSD <a href="http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=18185">PR#18185</a>).
1.1 deraadt 191: <li>Merge in OpenSSL 0.9.7beta1. To be continued.
1.5 naddy 192: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> interoperability fixes for FreeS/WAN and SSH Sentinel.
1.1 deraadt 193: <!-- ^^^ 20020905 -->
1.5 naddy 194: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rwalld&sektion=8">rwalld(8)</a> revoke its group privileges as well as user privs.
1.1 deraadt 195: <li>Don't install safe_finger any more.
1.13 deraadt 196: <li>Add support for the SCSI Reduced Block Command Set (RBC).
1.5 naddy 197: <li>Bump <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>'s LoginGraceTime from one minute to two.
198: <li>Various compatibility fixes and additions to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ubsec&sektion=4">ubsec(4)</a>.
199: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifconfig&sektion=8">ifconfig(8)</a> can now set whether or not use of IPv6 deprecated addresses are allowed.
1.1 deraadt 200: <!-- ^^^ 20020904 -->
1.8 deraadt 201: <li>_x11 user and group added for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xdm&sektion=1">xdm(1)</a> to use.
1.13 deraadt 202: <li>Pull in XFree86's fix for a serious Xlib security bug (which didn't affect OpenBSD).
1.1 deraadt 203: <li>Fix parsing of NAT port ranges.
204: <li>Check the interface specified with route-to/dup-to/fastroute actually exists. If it does, null terminate its name before moving on.
205: <!-- ^^^ 20020902 -->
1.5 naddy 206: <li>Fix an uninitialised pointer bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a>.
1.1 deraadt 207: <li>The X server now tries to open the aperture driver before trying /dev/mem. Re-enable early privilege drop on i386.
208: <!-- ^^^ 20020901 -->
209: <!-- ^^^ 20020831 -->
1.5 naddy 210: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=traceroute&sektion=8">traceroute(8)</a> now warns if DNS returns multiple addresses, like traceroute6.
1.1 deraadt 211: <li>Add support for the Promise Ultra133 TX2 EIDE controller.
1.5 naddy 212: <li>Fix an mbuf leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a>.
213: <li>Reenable the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atexit&sektion=3">atexit(3)</a> handler improvements backed out on 31 July.
214: <li>Add -I option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=traceroute6&sektion=8">traceroute6(8)</a> to get ICMP probes instead of UDP.
1.1 deraadt 215: <!-- ^^^ 20020830 -->
1.5 naddy 216: <li>Further reduce the amount of time <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> runs as root when installed setuid.
217: <li>Fudge <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> so it only honours the requirement to check against a CRL if there is a CRL loaded...
1.1 deraadt 218: <!-- ^^^ 20020829 -->
1.5 naddy 219: <li>Update the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rt&sektion=4">rt(4)</a> Radiotrack driver, add isapnp support.
1.1 deraadt 220: <li>Some casts to make 64-bit kernel work with varargs calls.
221: <!-- ^^^ 20020828 -->
1.5 naddy 222: <li>Fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gem&sektion=4">gem(4)</a>.
1.1 deraadt 223: <li>Properly limit EDNS0 size to 0xffff.
1.5 naddy 224: <li>Fix a signedness problem in SSH so that <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=RSA_public_decrypt&sektion=3">RSA_public_decrypt(3)</a> errors can be detected.
1.13 deraadt 225: <li>Make X's module loader set PROT_EXEC using <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mprotect&sektion=2">mprotect(2)</a> on malloc'd pages containing code (needed since the heap is now mapped without PROT_EXEC).
1.5 naddy 226: <li>DNS responses from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getaddrinfo&sektion=3">getaddrinfo(3)</a>, gethostby*() and getnetby*() now get a 64K receive buffer.<br>
227: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.1 deraadt 228: <!-- ^^^ 20020827 -->
1.5 naddy 229: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=traceroute6&sektion=8">traceroute6(8)</a> warns if DNS returns multiple IP addresses for the target.
230: <li>Do a yyrestart() after a longjmp in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pcap&sektion=3">pcap(3)</a>.
1.1 deraadt 231: <li>Fix a dangling pointer bug in sbcompress().
232: <li>Make the X server option NoSilkenMouse work again.
233: <!-- ^^^ 20020826 -->
1.5 naddy 234: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=portmap&sektion=8">portmap(8)</a> detect failure of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=svc_register&sektion=3">svc_register</a> and die nicely.
1.1 deraadt 235: <li>X aperture driver for Alpha, works like i386.
236: <!-- ^^^ 20020824 -->
1.5 naddy 237: <li>Skeleton <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a> support for ELF in i386. Not enabled, nor is it promised anytime soon.
238: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a> warns about symbol size mismatches.
239: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inet_ntop&sektion=3">inet_ntop(3)</a> handles snprintf errors properly.
1.1 deraadt 240: <li>Map the heap non-executable.
241: <!-- ^^^ 20020823 -->
242: <li>Change the way FREF() and FRELE() are called w.r.t. getvnode() and getsock().
1.5 naddy 243: <li>Fix a locking problem that can occur when an executable tries to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=exec&sektion=3">exec(3)</a> itself.
244: <li>Avoid a potential int overflow in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=comsat&sektion=8">comsat(8)</a>
1.1 deraadt 245: <li>Make the resolver ignore DNS AAAA replies containing IPv4-mapped addresses.
246: <!-- ^^^ 20020822 -->
1.5 naddy 247: <li>Bump the listen() backlog from 5 to 128 (!) in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a>.
248: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>'s default LoginGraceTime reduced from 600 to 60 seconds.
249: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wscons&sektion=4">wscons(4)</a> now attaches to each wsdisplay device by default.
250: <li>Fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strip&sektion=1">strip(1)</a>. -x now works.
1.1 deraadt 251: <!-- ^^^ 20020821 -->
252: <li>net.inet6.ip6_use_deprecated is on by default again...
1.5 naddy 253: <li>Fix some (but not all) signal races in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fsck_ffs&sektion=8">fsck_ffs(8)</a>.
254: <li>New -n option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftpd&sektion=8">ftpd(8)</a> that disallows anonymous access even if the ftp user exists.
1.1 deraadt 255: <li>Perform /tmp/.{X11,ICE}-unix fixups before the system goes multiuser.
256: <!-- ^^^ 20020820 -->
1.5 naddy 257: <li>Fix sysctl <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=copyout&sektion=9">copyout(9)</a>s in IPv6 neigbour discovery.
1.1 deraadt 258: <!-- ^^^ 20020819 -->
1.5 naddy 259: <li>Audit and cleanup of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inet_net_ntop&sektion=3">inet_net_ntop(3)</a>, inet_neta() and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inet_ntop&sektion=3">inet_ntop(3)</a>.
1.1 deraadt 260: <li>TCP now tries to act appropriately w.r.t. net.inet6.ip6_use_deprecated.
261: <!-- ^^^ 20020818 -->
1.5 naddy 262: <li>Use of IPv6 deprecated addresses switched off by default. (See <a href="http://www.ietf.org/rfc/rfc2462.txt">RFC2462</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=8">sysctl(8)</a> variable net.inet6.ip6_use_deprecated.)
263: <li>Fixes to the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isp&sektion=4">isp(4)</a> SCSI driver.
1.1 deraadt 264: <!-- ^^^ 20020817 -->
1.5 naddy 265: <li>Correct two sizeof bugs in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=9">crypto(9)</a>.
266: <li>Allow a raw IP socket to see a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gre&sektion=4">gre(4)</a> packets for tunnels we haven't configured.
1.1 deraadt 267: <!-- ^^^ 20020816 -->
268: <li>Add some more cross-compilation targets in /usr/src/Makefile.
1.5 naddy 269: <li>Backfit Perl 5.80's File::Glob implementation (based on OpenBSD's code) to our <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=perl&sektion=1">perl(1)</a>.
270: <li>Fix a null pointer dereference in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
1.1 deraadt 271: <!-- ^^^ 20020815 -->
272: <!-- ^^^ 20020814 -->
273: <!-- ^^^ some CVS breakage around here -->
274: <!-- ^^^ 20020813 -->
1.5 naddy 275: <li>Using the state table instead of a special-purpose list, allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT to use the same proxy port for multiple external peers.
276: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a> setgid(_sshagnt). setuid/setgid processes can't be <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ptrace&sektion=2">ptrace(2)</a>ed.
277: <li>SPARC consoles now use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wscons&sektion=4">wscons(4)</a>.
1.1 deraadt 278: <!-- ^^^ 20020812 -->
1.5 naddy 279: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=traceroute&sektion=8">traceroute(8)</a> now displays '!X' when packets come back as ICMP administratively prohibited by filter.
280: <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rsh&sektion=1">rsh(1)</a> die on fd_set overruns.
281: <li>In a number of places, switch the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=calloc&sektion=3">calloc(3)</a> round the right way.
1.1 deraadt 282: <li>Switch SPARC to ELF.
283: <li>Fix an XFree runtime loader problem seen on Alpha, PowerPC, SPARC and SPARC64.
284: <!-- ^^^ 20020811 -->
1.5 naddy 285: <li><font color="#e00000"><strong>SECURITY FIX: An insufficient boundary check in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=select&sektion=2">select(2)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=poll&sektion=2">poll(2)</a> system calls allows an attacker to overwrite kernel memory and execute arbitrary code in kernel context.</strong></font><br>
1.4 margarid 286: <a href="errata31.html#scarg">A source code patch is available</a>.<br>
1.5 naddy 287: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.1 deraadt 288: <!-- ^^^ 20020810 -->
1.5 naddy 289: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=raid&sektion=4">raid(4)</a> no longer gets loud at boot time unless option RAIDDEBUG is used.
290: <li>Sink a few bugs in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bs&sektion=6">bs(6)</a>.
1.1 deraadt 291: <!-- ^^^ 20020809 -->
292: <li>Fix raw socket translation for Linux compatibility mode.
293: <li>Properly clear the argument list in pmdb.
1.13 deraadt 294: <li>Die on fd_set overrun in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mtrace&sektion=8">mtrace(8)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=map-mbone&sektion=8">map-mbone(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mrouted&sektion=8">mrouted(8)</a> (not built by default).
1.1 deraadt 295: <li>When emulating Linux, don't have accept()ed sockets inherit flags from the listen socket.<br>
296: <a href="stable.html">[Applied to 3.1-stable]</a>
1.5 naddy 297: <li>Fix snprintf length in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslogd&sektion=8">syslogd(8)</a>.
298: <li>Correct a sizeof bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=photurisd&sektion=8">photurisd(8)</a>.
299: <li>Tweak IFF_PROMISC handling in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> to avoid some unnecessary initialisations.
300: <li>Fix a potential off-by-one in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a> that could cause mmap breakage on some architectures.
1.1 deraadt 301: <li>Make insertion of data into socket buffers run in constant time, a huge win especially with large buffers.
302: <li>Relax slightly the conditions under which a TCP SYN packet will trigger the sequence number modulator. Handy for systems with ECN stacks.
1.10 deraadt 303: <li>Fix a number of && -> & bit-test typos in OpenSSH (v1 RSA key use,) <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=routed&sektion=8">routed(8)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pic&sektion=1">pic(1)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fvwm&sektion=1">fvwm(1)</a> and a few in the kernel.
1.5 naddy 304: <li>Add a couple of missing <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=open&sektion=2">open(2)</a> mode args in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=afsd&sektion=8">afsd(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=msgs&sektion=1">msgs(1)</a>.
1.1 deraadt 305: <!-- ^^^ 20020808 -->
1.5 naddy 306: <li>Improve TX interrupt handing in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=be&sektion=4&arch=sparc">be(4/SPARC,4/SPARC64)</a>.
1.13 deraadt 307: <li>Fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mrinfo&sektion=8">mrinfo(8)</a> (this isn't built by default).
1.5 naddy 308: <li>Improve <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>'s handling of interrupted system calls.
309: <li>Fix a free-in-caught-alloc-failure-block (!) in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ohci&sektion=4">ohci(4)</a>.
310: <li>Rewrite the CRL support in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>. Check for OpenSSL >= 0.9.7, the earliest supported version for now.
1.1 deraadt 311: <!-- ^^^ 20020807 -->
312: <li>Retrofit the new early privilege revocation code to the old X servers.
1.13 deraadt 313: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xlock&sektion=1">xlock(1)</a> defaults to blank mode (rather than random mode). Also remove bomb mode altogether, to the annoyance of noone.
1.5 naddy 314: <li>Several fixes to the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hme&sektion=4&arch=sparc">hme(4/SPARC, 4/SPARC64)</a> driver.
1.1 deraadt 315: <li>Restore struct link_map ABI compatibility between ld.so and gdb, broken by the split of link.h into separate MI, ELF and a.out files.
316: <!-- ^^^ 20020806 -->
1.13 deraadt 317: <li>Move AGP chipset support out of machine-independent section (AGP support is per-arch).
1.4 margarid 318: <li><strong><font color="#e00000">REVISED SECURITY FIX</font></strong> for the OpenSSL ASN.1 buffer overflows, see the <a href="errata31.html#ssl">erratum</a>.<br>
1.5 naddy 319: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.1 deraadt 320: <!-- ^^^ 20020805 -->
1.5 naddy 321: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=auth_call&sektion=3">auth_call(3)</a>'s error logging.
322: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cron&sektion=8">cron(8)</a> cross-checks the crontab filename against the system username.
323: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a> drops its privileges earlier.
1.1 deraadt 324: <!-- ^^^ 20020804 -->
1.5 naddy 325: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> can log matching rules to syslog.
326: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=write&sektion=1">write(1)</a> drops privileges after opening the tty.
1.13 deraadt 327: <li>Refactor <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vmstat&sektion=8">vmstat(8)</a> slightly so <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kvm&sektion=3">kvm(3)</a> is only ever opened once (it could be opened a second time by dkstats.c before).
1.5 naddy 328: <li>Open the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kvm&sektion=3">kvm(3)</a> library earlier in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fstat&sektion=1">fstat(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systat&sektion=1">systat(1)</a>, and so drop privs earlier.
1.1 deraadt 329: <li>Test for a previously unchecked malloc() return value in the RPC library, and die unceremoniously on failure.
1.5 naddy 330: <li>Catch file read errors in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rdate&sektion=8">rdate(8)</a>'s leapsecond handler.
331: <li>Cleanup of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=amd&sektion=8">amd(8)</a>.
1.1 deraadt 332: <!-- ^^^ 20020803 -->
1.13 deraadt 333: <li>Remove Kerberos support from the default <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login.conf&sektion=5">login.conf</a> (and its hardwired defaults for when login.conf is absent). See <a href="http://www.openbsd.org/cgi-bin/cvsweb/src/etc/login.conf?rev=1.12&content-type=text/x-cvsweb-markup">the log</a> for why.
1.1 deraadt 334: <li>No more RPC by default. Expect a lot of 'NFS is broken' email to misc@ when 3.2 is released.
1.5 naddy 335: <li>Rework some aspects of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crontab&sektion=1">crontab(1)</a>'s file checks.
336: <li>Provide our own <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=RSA_verify&sektion=3">RSA_verify(3)</a> implementation for OpenSSH.
337: <li>Add the _sshagnt group for use by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a>.
1.1 deraadt 338: <li>Correct a pointer comparison typo in libssl's ASN.1 parser library.
1.5 naddy 339: <li>Check for correct return value of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inet_aton&sektion=3">inet_aton(3)</a> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>.
340: <li>Add some overflow checks similar to the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=calloc&sektion=3">calloc(3)</a> patch to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>.
341: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> support for certificate revocation lists.
1.1 deraadt 342: <!-- ^^^ 20020802 -->
343: <li>Prevent integer overflow in i386 USER_LDT code.
344: <li>Fix NFS's handling of zero-length RPC fragments.
1.5 naddy 345: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> handles unlinking of a symlink correctly.
1.1 deraadt 346: <li>Limit file size to 2^31 * PAGE_SIZE in FFS code.
1.10 deraadt 347: <li>u_short -> u_int16_t in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mrouted&sektion=8">mtrouted(8)</a>.
1.1 deraadt 348: <!-- ^^^ 20020801 -->
1.5 naddy 349: <li><strong><font color="#e00000">REVISED SECURITY FIX</font></strong> for the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xdr_array&sektion=3">xdr_array(3)</a> buffer overflow, see the <a href="errata31.html#xdr">erratum</a>.<br>
350: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.1 deraadt 351: <li>Spot zero-length keys or values in ypmatch_add(), and exit early.
1.5 naddy 352: <li>Broken by the removal of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atexit&sektion=3">atexit(3)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chpass&sektion=1">chpass(1)</a> now cleans up after itself properly again.
353: <li>Use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fork&sektion=2">fork(2)</a> instead of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vfork&sektion=2">vfork(2)</a> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=make&sektion=1">make(1)</a>. Fixes hppa breakage.
354: <li>Back out the new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atexit&sektion=3">atexit(3)</a> handler changes which appear to break Perl somehow. Bugger.
355: <li>Get <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=calloc&sektion=3">calloc(3)</a> semantics right, while still not allowing the size_t overflow.<br>
356: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
357: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> compilation without mod_ssl.
1.1 deraadt 358: <!-- ^^^ 20020731 -->
1.5 naddy 359: <li>On i386, allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mprotect&sektion=2">mprotect(2)</a> to alter the execution protection of the stack.
1.1 deraadt 360: <li>Fix some more potential null pointer dereferences, this time in pfkey and netiso.
1.5 naddy 361: <li>Plug a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a> file descriptor leak in the X server.
362: <li>Have libc <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=opendir&sektion=3">opendir(3)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scandir&sektion=3">scandir(3)</a> check for size_t overflows like the new calloc().
1.13 deraadt 363: <li>Like in libc, fix the calloc() implementation in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=named&sektion=8">named(8)</a> (only used by a feature disabled in OpenBSD).
1.1 deraadt 364: <li>Lots of work on the sparc and sparc64 console drivers.
365: <li>Kernel IPsec was only doing ESP integrity checks on NICs that had already done so in hardware...
366: <li>Fix a typo that caused a potential null pointer dereference in kernel NFS.
367: <li>New 'PermitUserEnvironment' option for SSH. Off by default.
1.5 naddy 368: <li>Add 'with or without modification' clause to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gprof&sektion=1">gprof(1)</a> licensing.
1.1 deraadt 369: <li>Sync with OpenSSL 0.9.6e-0.9.7 <a href="http://www.openssl.org/news/patch_20020730_0_9_7.txt">CHANGES file</a>.
1.5 naddy 370: <li><font color="#e00000"><strong>SECURITY FIX: Several remote buffer overflows can occur in the SSL2 server and SSL3 client of the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=8">ssl(8)</a> library, as in the ASN.1 parser code in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=3">crypto(3)</a> library, all of them being potentially remotely exploitable.</strong></font><br>
1.4 margarid 371: <a href="errata31.html#ssl">A source code patch is available</a>.<br>
1.5 naddy 372: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.13 deraadt 373: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>, allow TCP flags to be specified in all rules that include TCP (before the rules had to be exclusively TCP).
1.1 deraadt 374: <!-- ^^^ 20020730 -->
1.5 naddy 375: <li>Fix a buffer overflow in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=backgammon&sektion=6">backgammon(6)</a>, and replace its gameplay algorithm.
1.1 deraadt 376: <li>Kill a kernel tty memory leak.<br>
1.5 naddy 377: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
378: <li>Super-cautious strcpy()->strlcpy() in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=exec&sektion=3">exec*(3)</a>.
379: <li>Return failure if the parameters given to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=calloc&sektion=3">calloc(3)</a> would cause an overflow of size_t.<br>
380: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
381: <li>Don't enable so many authentication methods by default in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login.conf&sektion=5">login.conf(5)</a>.
382: <li><font color="#e00000"><strong>SECURITY FIX: A buffer overflow can occur in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xdr_array&sektion=3">xdr_array(3)</a> RPC code, leading to possible remote crash.</strong></font><br>
1.4 margarid 383: <a href="errata31.html#xdr">A source code patch is available</a>.<br>
1.5 naddy 384: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.1 deraadt 385: <li>Privilege drop in new X servers is disabled for now on x86 due to a problem with xf86OpenConsole().
1.5 naddy 386: <li>Support DMA for two more ServerWorks <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pciide&sektion=4">pciide(4)</a> devices.
387: <li><font color="#e00000"><strong>SECURITY FIX: A race condition exists in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pppd&sektion=8">pppd(8)</a> daemon which may cause it to alter the file permissions of an arbitrary file.</strong></font><br>
1.4 margarid 388: <a href="errata31.html#pppd">A source code patch is available</a>.<br>
1.5 naddy 389: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
390: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mprotect&sektion=2">mprotect(2)</a> function pointers stored by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atexit&sektion=3">atexit(3)</a> to stop bad guys tweaking the exit handlers.
391: <li>"undrugs" <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gpr&sektion=4">gpr(4)</a>.
1.1 deraadt 392: <li>Fix two off-by-one bugs in ext2fs.
393: <li>Add ld.so support for sparc.
394: <li>Lookup of ip6.arpa, then ip6.int for IPv6 reverse resolution. See <a href="http://www.ietf.org/rfc/rfc3152.txt">RFC3152</a> for why.
395: <li>Small fix for GCC 3.1.1 in IPv4 checksum code.
396: <!-- 20020729 -->
1.5 naddy 397: <li>Apply the 'broken PCI burst-write' workaround to all <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hifn&sektion=4">hifn(4)</a> 7811-based devices.
398: <li>Show <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uftdi&sektion=4">uftdi(4)</a> how to use hardware and software flow control.
399: <li>Fix a potential access-after-free() in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kue&sektion=4">kue(4)</a>.
1.1 deraadt 400: <!-- ^^^ 20020728 -->
401: <li>/tmp/.X11-unix and /tmp/.ICE-unix are created in rc, owned by root, removing the need for root privs later on.
1.5 naddy 402: <li>Again, this time in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld&sektion=1">ld(1)</a>, map BSS non-executable.
1.1 deraadt 403: <li>Rearrange the new XFree86 server so all tasks for which root privs are needed get done early in osinit(). Of course, revoke root right afterwards.
1.5 naddy 404: <li>Add Dell-specific PERC (right) product IDs so that <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=aac&sektion=4">aac(4)</a> configures Dell PowerEdge 2650 RAID.
405: <li>Add leapsecond support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rdate&sektion=8">rdate(8)</a>'s NTP client.
1.1 deraadt 406: <!-- ^^^ 20020727 -->
407: <li>The install/upgrade scripts no longer automatically mount NFS filesystems.
408: <li>Kernel a.out code now allocates (mostly) non-executable BSS.
409: <li>Miscellaneous fixes to several games.
1.5 naddy 410: <li>Lots of work on the sparc64 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=creator&sektion=4&arch=sparc64">creator(4/sparc64)</a> framebuffer driver.
411: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> the order of the log and quick keywords is now irrelevant.
1.1 deraadt 412: <!-- ^^^ 20020726 -->
413: <li>Allow X servers to be built without DGA.
414: <li>At securelevel 2, stop an attacker from setting the clock forwards to within a year of the time it wraps around to zero.
1.5 naddy 415: <li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=altq&sektion=9">altq(9)</a> to work on pre-Pentium x86 machines that lack pentium_mhz stuff.
1.1 deraadt 416: <li>Add a distrib note that due to major changes to the port, the sparc installer won't allow upgrades to 3.2
1.5 naddy 417: <li>Only include a single <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wscons&sektion=4">wscons(4)</a> font when building with option SMALL_KERNEL.
1.1 deraadt 418: <li>Add a few more RFC2142-suggested mailbox aliases.
1.5 naddy 419: <li>Improve <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a>'s filename handling.
420: <li>More <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hifn&sektion=4">hifn(4)</a> fixes.
1.1 deraadt 421: <li>Fix comparison bug in IPv6 multicast routing MTU check.
422: <!-- ^^^ 20020725 -->
423: <li>Correct bad sizeof() in kernel NFS code.
1.5 naddy 424: <li>Checks for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=snprintf&sektion=3">snprintf(3)</a> return values < 0.
425: <li>Improve <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>'s uid/gid tracking.
426: <li>Fix the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=csh&sektion=1">csh(1)</a> large directory fix.
427: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>, help avoid a potential man-in-the-middle attack by showing all known host keys for a host when we're warning about an unknown host key.
1.1 deraadt 428: <li>Fix a TAILQ null deref in pmdb.
429: <!-- ^^^ 20020724 -->
430: <li>Make the second parameter to r?index()/strr?chr() an int instead of a char.
1.5 naddy 431: <li>Stick a thread mutex around name lookups in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getaddrinfo&sektion=3">getaddrinfo(3)</a>.
432: <li>Fix a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> double free().
1.16 mickey 433: <li>CardBus support for macppc.
1.5 naddy 434: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dc&sektion=4">dc(4)</a> cardbus reads.
1.13 deraadt 435: <li>Remove a signedness bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>'s handling of utmp_len (-u option).
1.5 naddy 436: <li>Fix some bugs in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pool&sektion=9">pool(9)</a>.
1.1 deraadt 437: <!-- ^^^ 20020723 -->
1.5 naddy 438: <li>More additions to GNU <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=as&sektion=1">as(1)</a>, this time to make Ogle compile.
439: <li>Fix graceful restarts of chroot'ed <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a>.
1.1 deraadt 440: <li>Have SSH fall back to the standard path if setusercontext() can't set it.
441: <!-- ^^^ 20020722 -->
1.5 naddy 442: <li>Add a sequence number to kernel messages for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>.
1.1 deraadt 443: <li>Teach pmdb about corefiles.
444: <li>Map stack pages non-executable.
445: <!-- ^^^ 20020721 -->
1.5 naddy 446: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=noct&sektion=4">noct(4)</a> now works around NSP2000 PCI bridge brokenness. Fix a similar problem in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hifn&sektion=4">hifn(4)</a>.
447: <li>Drop the requirement for commas in many <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> lists, useful when used in conjunction with the new variable concat feature.
448: <li>Implement string concatenation for variable declarations in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
1.1 deraadt 449: <li>Big change to the way signal trampolines are stored and called.
1.5 naddy 450: <li>Add milter build support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a>, see the Makefile.
451: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sudo&sektion=8">sudo(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inetd&sektion=8">inetd(8)</a> die if setusercontext() fails.
1.1 deraadt 452: <!-- ^^^ 20020720 -->
1.5 naddy 453: <li>Fix a disk masher bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=siop&sektion=4">siop(4)</a>, a little too late for some.
454: <li>Don't install <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mk-amd-map&sektion=8&manpath=OpenBSD+3.1">mk-amd-map(8)</a> any more, we don't use it. And it's broken.
1.1 deraadt 455: <li>Merge Apache 1.3.26 and mod_ssl 2.8.10.
456: <li>Have SSH remove fatal cleanups after calling fork().
457: <!-- ^^^ 20020719 -->
1.5 naddy 458: <li>/etc/systrace directory added along with policies for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=named&sektion=8">named(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lpd&sektion=8">lpd(8)</a>.
1.1 deraadt 459: <li>Make OpenSSL use /bin/sh instead of $SHELL when running scripts. Not everyone uses a Bourne-like shell.
1.5 naddy 460: <li>String handling and other fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rogue&sektion=6">rogue(6)</a>.
1.1 deraadt 461: <!-- ^^^ 20020718 -->
1.5 naddy 462: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pax&sektion=1">pax(1)</a> -s replacement string truncation.
1.1 deraadt 463: <li>Fix a deref after free() in the kernel's routing socket code.
464: <li>Add 'fdcache' to Apache, part of the work to make graceful restart work properly under the chroot().
1.5 naddy 465: <li>The search for a shorter rulebase continues, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> now recognises 'self' as an address, meaning all IPv4 and IPv6 addresses on all interfaces.
1.1 deraadt 466: <!-- ^^^ 20020717 -->
1.5 naddy 467: <li>Fix wayward string termination in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rbootd&sektion=8">rbootd(8)</a>.
468: <li>Fix a DIAGNOSTIC bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ffs_softupdates&sektion=4">ffs_softupdates(4)</a>, and also make panic() calls show the right type.
469: <li>Some mbuf Fixes to the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hifn&sektion=4">hifn(4)</a> driver, more fixes to come.
470: <li>Add DES and 3DES to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=noct&sektion=4">noct(4)</a> as well.
1.1 deraadt 471: <li>Fix some broken memset() and lseek() calls.
472: <!-- ^^^ 20020716 -->
1.5 naddy 473: <li>Work around some limitations of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=noct&sektion=4">noct(4)</a> hardware. Add MD5 and SHA1 support.
474: <li>Small additions to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=as&sektion=1">as(1)</a> to make <a href="http://www.gnupg.org/">gnupg</a> compile.
1.1 deraadt 475: <li>Add some new users (names beginning with underscore) to replace user nobody for portmap, rstatd, identd, rusersd and fingerd.
1.5 naddy 476: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=csh&sektion=1">csh(1)</a> directory completion SIGSEGV with large directories.
477: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atrun&sektion=8">atrun(8)</a> part of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cron&sektion=8">cron(8)</a>, removing the need for the atrun cronjob.
478: <li>More <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>: accept !<interface> syntax. Oh yes.
479: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=top&sektion=1">top(1)</a> now has a BSD license.
1.13 deraadt 480: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> parser spots more silly combinations (return-rst on non-TCP rules, keep-state on block rules).
1.1 deraadt 481: <!-- ^^^ 20020715 -->
482: <li>Fix a double free in BSD authentication.
483: <!-- XXX sendmail SuperSafe=... thing ? -->
1.13 deraadt 484: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftpd&sektion=8">ftpd(8)</a> always use high port numbers for passive data connections (no more -h option).
1.1 deraadt 485: <!-- ^^^ 20020714 -->
486: <li>Add SIGALRM to the list of signals that can be sent (after uid/euid checks) to set[ug]id child processes.
1.5 naddy 487: <li>Enable list expansion for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT rules, broken since the pf.conf/nat.conf merge.
1.1 deraadt 488: <li>The XFree86 3.3.x servers that are left now revoke their root privileges right after getting I/O access.
1.5 naddy 489: <li>Now that <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xterm&sektion=1">xterm(1)</a> drops its root privileges, install it setgid(utmp) for utmp updates. Revoke setgid too if not needed.
1.1 deraadt 490: <!-- ^^^ 20020713 -->
1.5 naddy 491: <li>Fix at least one <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a> buffer overflow.<br>
492: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
493: <li>Teach MMX (not SSE) to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=as&sektion=1">as(1)</a>.
494: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=radio&sektion=4">radio(4)</a> device attachment for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bktr&sektion=4&arch=i386">bktr(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fms&sektion=4">fms(4)</a>.
495: <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pcibios&sektion=4&arch=i386">pcibios(4)</a> detect and ignore a too-short PCI IRQ routing table header.
496: <li>Changes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a>: Search order now always looks like a.out, destructors are called on dlclose(), move some libc-like functions into private namespace.
1.13 deraadt 497: <li>Add support for AGP GART on some i386 AGP chipsets (see <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vga&sektion=4">vga(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=options&sektion=4">options(4)</a>).
1.10 deraadt 498: <li>Remove '\\' -> '\' translation in crontabs to keep the shell happy.
1.5 naddy 499: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xterm&sektion=1">xterm(1)</a> revoke its root privileges.
1.1 deraadt 500: <li>Remove a race and some other bugs from the mountpoint locking code. <!-- ok art@ -->
1.5 naddy 501: <li>Add some flags to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dohooks&sektion=9">dohooks(8)</a> and fix a time-honoured memory leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hook_disestablish&sektion=9">hook_disestablish(9)</a>.
1.1 deraadt 502: <!-- ^^^ 20020712 -->
1.5 naddy 503: <li>New, hard-won firmware image for the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=txp&sektion=4">txp(4)</a> driver.
1.1 deraadt 504: <li>Remove the www group's privileges to the mod_ssl mutex semaphore.
505: <li>Really remove SuperProbe from X.
506: <li>Create a skeleton UserDir tree under /var/www/users.
507: <li>Have Apache initialise OpenSSL (opening /dev/crypto) before chroot. No more /var/www/dev/crypto.
508: <!-- ^^^ 20020711 -->
1.5 naddy 509: <li>Basic IPv6 fragment support (no normalisation yet) in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
1.1 deraadt 510: <li>Correct a memcpy error in the kernel and ssh's Rijndael code.
1.5 naddy 511: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> filename intercepts work with chroot().
1.1 deraadt 512: <li>Try to make resetting of USB ports work better.
1.5 naddy 513: <li>Add fchmod translation support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>.
514: <li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> closing the std file descriptors when going daemon.
1.1 deraadt 515: <!-- ^^^ 20020710 -->
516: <li>Fix ni6_nametodns() pointer bug in icmp6; NetBSD PR17540.
1.5 naddy 517: <li>Add support in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uftdi&sektion=4">uftdi(4)</a> for FT8U232AM-based USB serial adapters, likewise add more devices to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uplcom&sektion=4">uplcom(4)</a>.
1.1 deraadt 518: <li>Fix miniroot typo that was breaking FTP installs.
1.13 deraadt 519: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sed&sektion=1">sed(1)</a>'s r command (PR2755).
1.5 naddy 520: <li>Add a daemon mode to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>.
521: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=udsbr&sektion=4">udbsr(4)</a> driver for D-Link radio cards added.
1.1 deraadt 522: <li>Add a timeout value to USB I/O calls, rather than having a systemwide timeout.
1.5 naddy 523: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> chroot() and drop root privileges by default. A lot module chroot fixes to come.
1.13 deraadt 524: <li>Add syscall aliasing to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> (e.g. stat/fstat/readlink/access/... become 'fsread').
1.5 naddy 525: <li>Some fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=umidi&sektion=4">umidi(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uscanner&sektion=4">uscanner(4)</a>.
526: <li>Add SMC 2206 support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=aue&sektion=4">aue(4)</a>.
527: <li>Fix a potential off-by-five error in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>.
528: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> now accepts an interface in most of the places it can take an IP address, and picks up all the IPv4 and IPv6 addresses on that interface.
1.1 deraadt 529: <!-- ^^^ 20020709 -->
1.5 naddy 530: <li>Don't try to load a 32-bit quart into a 16-bit pint register in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xl&sektion=4">xl(4)</a>.
1.1 deraadt 531: <li>Always load ELF binaries to the address at which they were linked.
1.5 naddy 532: <li>Rig <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=opendir&sektion=3">opendir(3)</a>'s sort so it can't fail due to lack of memory.
533: <li>Compatibility fixes for the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ubsec&sektion=4">ubsec(4)</a> 582x series.
534: <li>Some updates to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cron&sektion=8">cron(8)</a>.
1.1 deraadt 535: <li>Grab a security fix to bcopy/memcpy from FreeBSD. See their cvsweb entry for <a href="http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libc/i386/string/bcopy.S">bcopy.S</a>.
1.5 naddy 536: <li>Work around <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tl&sektion=4">tl(4)</a>'s broken multicast filter.
537: <li>Remove <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ab&manpath=OpenBSD+3.1">ab(1)</a> from the Apache installation.
1.1 deraadt 538: <li>Remove <a href="http://www.eecis.udel.edu/~ntp/">NTP</a> support from the kernel.
1.5 naddy 539: <li>Don't attempt to resubmit a structure we just freed in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> / <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipcomp&sektion=4">ipcomp(4)</a>.
1.1 deraadt 540: <li>Small fixes to IP-in-IP encapsulation code.
1.5 naddy 541: <li>Add Security Mode options to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atactl&sektion=8">atactl(8)</a>.
542: <li>Support a few more HPT <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pciide&sektion=4">pciide(4)</a> cards.
543: <li>Make NEED_VERSION obsolete in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bsd.port.mk&sektion=5">bsd.port.mk(5)</a>.
544: <li>Fill IPv6 null pointer dereference in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1">cvs(1)</a> pserver.
1.1 deraadt 545: <li>Remove some old upgrade hacks from the installer script.
1.5 naddy 546: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> chokes on invalid '! <interface>' syntax, instead of just ignoring the '!'.
547: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> interface stats, and allow the loginterface feature to be disabled.
548: <li>Make signal handler flags in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> of type volatile sig_atomic_t.
549: <li>Fix a few GCC 3.1 moans in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>.
550: <li>Un-bloating of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ahc&sektion=4">ahc(4)</a>.
551: <li>Cleanup of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rpcgen&sektion=1">rpcgen(1)</a>.
552: <li><font color="#e00000"><strong>RELIABILITY FIX: Don't assume we have an active exchange during payload validation, otherwise <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> can be made to crash.</strong></font><br>
1.4 margarid 553: <a href="errata31.html#isakmpd">A source code patch exists to remedy the problem.</a><br>
1.5 naddy 554: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.12 jcs 555: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ep&sektion=4">ep(4)</a> on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isapnp&sektion=4">isapnp(4)</a> now works on <a href="alpha.html">alpha</a>.
1.1 deraadt 556: <li>Improve the way the installer's fileset selection UI works.
557: <li>Fix a potential buffer overflow in xsystrace.
558: <li>Add a note to the unwary in distrib/notes about the danger of skipping several versions when upgrading.
1.5 naddy 559: <li>Don't have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> allocate memory for stuff we don't need, just to discard it straight away.
560: <li>Set IP_PORTRANGE_HIGH for active mode data channel of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&sektion=1">ftp(1)</a>.
561: <li>Add some more <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=usb&sektion=4">usb(4)</a> product IDs.
562: <li>Fix an off-by-one error in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rmt&sektion=8">rmt(8)</a> and improve string handling in general.
563: <li>Normalise <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nc&sektion=1">nc(1)</a>'s EOF handling.
564: <li>Plug a few <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> memory leaks.
565: <li>Tweak the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tga&sektion=4&arch=alpha">tga(4/ALPHA)</a> driver.
566: <li>Fix several missing or broken <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=malloc&sektion=3">malloc(3)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=realloc&sektion=3">realloc(3)</a> failure checks.
567: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rcs&sektion=1">rcs(1)</a>, actually <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=exit&sektion=3">exit(3)</a> after spotting that LocalId is too long.
1.1 deraadt 568: <li>Lots of ANSIfication of function declarations and prototypes.
1.5 naddy 569: <li>Fix bug causing 'SPL NOT LOWERED' errors from the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ami&sektion=4">ami(4)</a> RAID controller.
570: <li>Give <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign&sektion=8">ssh-keysign(8)</a> its setuid(root) toys back, but only work at all if HostbasedAuthentication is globally disabled.
571: <li>Use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=RSA_blinding_on&sektion=3">RSA_blinding_on(3)</a> to ward off a <a href="http://www.cryptography.com/resources/whitepapers/TimingAttacks.pdf">Kocher timing attack</a> on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign&sektion=8">ssh-keysign(8)</a>.
572: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=signal&sektion=3">signal(3)</a> race in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ping&sektion=8">ping(8)</a>.
573: <li>Remove <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=adv&sektion=4">adv(4)</a> from the i386 RAMDISK kernel until new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ahc&sektion=4">ahc(4)</a> un-bloats itself.
574: <li>Catch a null pointer dereference when fetching the routing table via <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a>.
1.12 jcs 575: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sis&sektion=4">sis(4)</a> compile and work on <a href="alpha.html">alpha</a>.
1.5 naddy 576: <li>Return correct result sizes from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ubsec&sektion=4">ubsec(4)</a>.
577: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a> will now compile with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> but no <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
578: <li>Cleanup of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftpd&sektion=8">ftpd(8)</a>.
579: <li>Fix PIO writes code in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wdc&sektion=4">wdc(4)</a>, broken since OpenBSD 2.5!
580: <li>Remove unnecessary <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=longjmp&sektion=3">longjmp(3)</a> from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login&sektion=1">login(1)</a>.
1.1 deraadt 581: <li>Pages allocated with debug_malloc() aren't ever executed, so don't use VM_PROT_ALL.
1.5 naddy 582: <li>Finally fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a> address cache bug.
583: <li>Properly handle endpoint differences of opinion on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> Compression options
584: <li>Fix the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wsdisplay&sektion=4">wsdisplay(4)</a> blanker after the X server has been running.
585: <li>Make the installer deal correctly with passwords starting with '-X ' for some X, instead of misinterpreting them as options to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=encrypt&sektion=1">encrypt(1)</a>.
586: <li>Fix some compatibility quirks in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ppp&sektion=8">ppp(8)</a>.
587: <li>Add a pushback buffer to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>'s parser.
588: <li>Remove setuid(root) from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign&sektion=8">ssh-keysign(8)</a>, disabling it for now.
589: <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=named&sektion=8">named(8)</a> call <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tzset&sektion=3">tzset(3)</a> so /etc/localtime isn't needed after the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chroot&sektion=2">chroot(2)</a>.
590: <li>More fixes to the new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ahc&sektion=4">ahc(4)</a> driver.
1.1 deraadt 591: <li>Add AlphaServer 800 and 1000 support.
1.12 jcs 592: <li>Enable <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lc&sektion=4">lc(4)</a> devices in <a href="alpha.html">alpha</a> GENERIC kernel.
593: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isapnp&sektion=4">isapnp(4)</a> panics on <a href="alpha.html">alpha</a>.
1.1 deraadt 594: <li>Make xf86config give the option of configuring a mouse wheel.
1.5 naddy 595: <li>Gracefully handle <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=i386_iopl&sektion=2&arch=i386">i386_iopl(2)</a> failure in the X server when trying to give up privileges.
1.12 jcs 596: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wscons&sektion=4">wscons(4)</a> files to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fbtab&sektion=5">fbtab(5)</a> on <a href="i386.html">i386</a>.
1.5 naddy 597: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a> support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslog&sektion=3">syslog(3)</a>.
1.1 deraadt 598: <li>Evolve strtou?q() into strtou?ll(). Use weak aliases if available (wrappers otherwise) to fake strtou?q().
1.5 naddy 599: <li>Run <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rpc.rstatd&sektion=8">rpc.rstatd(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rpc.rusersd&sektion=8">rpc.rusersd(8)</a> as root from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inetd&sektion=8">inetd(8)</a> again, but go to nobody's jail at startup.
1.1 deraadt 600: <li>Lots more bounds-checking all over the place.
1.5 naddy 601: <li>Recognise a few more <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fxp&sektion=4">fxp(4)</a> devices.
602: <li>Correct misleading cgetclose() entry in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getcap&sektion=3">getcap(3)</a> manpage.
603: <li>Try again with the new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ahc&sektion=4">ahc(4)</a> driver.
604: <li>Cleanups of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chpass&sektion=1">chpass(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=passwd&sektion=1">passwd(1)</a>.
605: <li><font color="#e00000"><strong>SECURITY FIX: The kernel would let any user <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ktrace&sektion=2">ktrace(2)</a> set[ug]id processes.</strong></font><br>
1.4 margarid 606: <a href="errata31.html#ktrace">A source code patch is available</a>.<br>
1.5 naddy 607: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
608: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newsyslog&sektion=8">newsyslog(8)</a> now doesn't follow symbolic links by default, fixing PR1913.
1.1 deraadt 609: <li>Change web site banner to "One remote hole in the default install, in nearly 6 years!" That's still an awesome record.
610: <li>More audit of OpenSSH.
611: <li><a href="http://www.openssh.com/openbsd.html">OpenSSH 3.4</a> was released, and there was much rejoicing.
1.5 naddy 612: <li><font color="#e00000"><strong>SECURITY FIX: All versions of OpenSSH's <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> between 2.3.1 and 3.3 contain an input validation error that can result in an integer overflow and privilege escalation. The problem is fixed in OpenSSH 3.4.</strong></font><br>
1.4 margarid 613: <a href="errata31.html#sshd">A source code patch is available</a>.<br>
1.5 naddy 614: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
615: <li>Add a number of resource limits to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>.
1.12 jcs 616: <li>Increase <a href="i386.html">i386</a> kvm size to 768M.
1.5 naddy 617: <li>The list of great Theo quotes for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a> continues to grow.
618: <li><font color="#e00000"><strong>SECURITY FIX: A potential buffer overflow in the DNS resolver has been found.</strong></font><br>
1.4 margarid 619: <a href="errata31.html#resolver">A source code patch is available</a>.<br>
1.5 naddy 620: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.1 deraadt 621: <li>Merge in <a href="http://www.sendmail.org/">Sendmail</a> 8.12.5.
622: <li>Start work on IP-over-FireWire and IP-over-SCSI.
1.5 naddy 623: <li>Move a bunch of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> options into <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a>.
1.1 deraadt 624: <li><a href="http://www.openbsd.org/c2k2/">c2k2</a>-inspired changes to the installer.
1.5 naddy 625: <li>Skip routing table lookup when {broad,multi}casting and the outgoing interface is set using <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=setsockopt()&sektion=2">setsockopt(2)</a>. Removes the need for a 224/4 route. <!-- XXX it still gets set in /etc/rc though -->
1.1 deraadt 626: <li>Make X use /dev/wsmouse instead of /dev/wsmouse0 by default.
1.5 naddy 627: <li>Add some m68k opcode aliases for GNU <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=as&sektion=1">as(1)</a> from recent binutils.
628: <li>Fix the FTP relay in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=faithd&sektion=8">faithd(8)</a>.
629: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> reassociation after an AP reboot.
630: <li><font color="#e00000"><strong>SECURITY FIX: A buffer overflow can
631: occur in the .htaccess parsing code in the mod_ssl <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> module, leading to possible remote crash or exploit (PR2767.)</strong></font><br>
1.4 margarid 632: <a href="errata31.html#modssl">A source code patch is available</a>.<br>
1.5 naddy 633: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.1 deraadt 634: <li>Lots of uid_t and gid_t signedness fixes.
1.5 naddy 635: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> no longer calls setsid() when run from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inetd&sektion=8">inetd(8)</a>.
636: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1">cvs(1)</a> pserver talk IPv6.
637: <li>Increment <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=boot&sektion=8&arch=i386">boot(8)</a> version to help debug the new memory probe and other fixes.
638: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> less twitchy on quick inserts/ejects.
639: <li>String handling and bounds checking fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login_fbtab&sektion=3">login_fbtab(3)</a>.
1.1 deraadt 640: <li>Bump <a href="http://www.openssh.com/">OpenSSH</a> to version 3.3.<br>
1.5 naddy 641: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
642: <li>Start adding <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a> support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=noct&sektion=4">noct(4)</a>.
643: <li>System call argument rewriting framework for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a>.
644: <li>Enable <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> on sparc64, after a <em>lot</em> of groundwork.
645: <li>Fix some endianness nits in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a>.
646: <li>Remove <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifmcstat&sektion=8&manpath=OpenBSD+3.1">ifmcstat(8)</a>, the same information is available from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a>.
1.12 jcs 647: <li>More improvements to 4GB memory probing on <a href="i386.html">i386</a>.
1.5 naddy 648: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> options are now documented in their own sshd?_config(5) manpage.
649: <li>Add option for smooth scrolling to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=talk&sektion=1">talk(1)</a>.
650: <li>Support a few more wireless cards in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a>.
651: <li>Build <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wicontrol&sektion=8">wicontrol(8)</a> on sparc64 as well.
652: <li>String handling cleanups in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=comsat&sektion=8">comsat(8)</a>.
653: <li>Support <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=magma&sektion=0&arch=sparc">magma(4/SPARC)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=magma&sektion=0&arch=sparc64">magma(4/SPARC64)</a> serial/parallel boards.
654: <li>Support <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=stp&sektion=4">stp(4)</a> sbus-PCMCIA bridge based on STP4020 chipset. (The nell driver on Solaris.)
655: <li>Cleanup of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=timed&sektion=8">timed(8)</a>.
656: <li>Removing its setgid(kmem) was not enough, remove <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=trsp&sektion=8">trsp(8)</a> altogether.
657: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=yacc&sektion=1">yacc(1)</a> errors look like C compiler errors, so parser utilities such as <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=error&sektion=1">error(1)</a> can deal with it.
658: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a> support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=random&sektion=9">random(9)</a>.
659: <li>Kill file descriptor leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&sektion=8">dhcpd(8)</a>.
660: <li>Fix lots of format strings in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcp&sektion=8">dhcp(8)</a> programs.
661: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ps&sektion=1">ps(1)</a> shows flag 'x' for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a>'d processes.
662: <li>Lots of work on the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gpr&sektion=4">gpr(4)</a> driver.
663: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uftdi&sektion=4">uftdi(4)</a>.
664: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systat&sektion=1">systat(1)</a> revoke its setgid(kmem) privileges.
1.12 jcs 665: <li>Remove old pccons driver from <a href="i386.html">i386</a>, also the associated XSERVER option from the kernel.
1.5 naddy 666: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftpd&sektion=8">ftpd(8)</a>'s SIGALRM handler.
667: <li><font color="#e00000"><strong>SECURITY FIX: A buffer overflow can
668: occur during the interpretation of chunked encoding in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a>, leading to possible remote crash.</strong></font><br>
1.4 margarid 669: <a href="errata31.html#httpd">A source code patch is available</a>.<br>
1.5 naddy 670: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.1 deraadt 671: <li>Add the punctuation-challenged Nike psa[play^120 USB widget.
1.5 naddy 672: <li>Remove setgid(kmem) from the enormously useful <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=trsp&sektion=8">trsp(8)</a>.
1.12 jcs 673: <li>Add UK keyboard map to <a href="macppc.html">macppc</a> (with '#' on Option-3) and also option CAPS_IS_CONTROL.
1.5 naddy 674: <li>Increase <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xl&sektion=4">xl(4)</a> timeout to squash 'command never completed!' warnings.
675: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a> support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=audio&sektion=4">audio(4)</a>.
676: <li>Import <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=event&sektion=3">event(3)</a>, an API on top of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=select&sektion=2">select(2)</a> or <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a>.
677: <li>Enable DMA on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xl&sektion=4">xl(4)</a>.
678: <li>Allow transparent (statically keyed) <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> processing on a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a>.
679: <li>Help <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ppp&sektion=8">ppp(8)</a> to cope with yet more Microsoft PPP attributes.
1.13 deraadt 680: <li>Extend <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a> key lifetime constraints more flexible (i.e. more than just key lifetime).
1.5 naddy 681: <li>Teach ECN attributes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>.
682: <li>Add eui64 option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifconfig&sektion=8">ifconfig(8)</a> for configuring the IPv6 interface index.
683: <li>Add a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> to get the CPU type on sparc and sparc64.
684: <li>Throw away the first 256 words of arc4 output in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=random&sektion=9">random(9)</a>.
1.1 deraadt 685: <li>Gratuitous pid_t cleanup in /usr/bin.
1.5 naddy 686: <li>Grab multicast <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vlan&sektion=4">vlan(4)</a> code from NetBSD.
1.1 deraadt 687: <li>Add some inlined hash functions for the kernel, in <sys/hash.h>.
1.5 naddy 688: <li>Cleanup work on conditional evaluation in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=make&sektion=1">make(1)</a>.
689: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> accepts IPComp flows.
690: <li>Drop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> scrub(fragcache) syntax in favour of the fragment ... option in scrub rules.
691: <li>Teach <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a> about <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipcomp&sektion=4">ipcomp(4)</a>.
1.1 deraadt 692: <li>Show sparc64's X server which device it wants to mmap().
1.5 naddy 693: <li>Add ioctl to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wscons&sektion=4">wscons(4)</a> allowing sparc64 (other architectures later) to find out which PCI device it's using.
694: <li>Enable userland <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=4">crypto(4)</a> support for DSA. Maybe logging in using ssh2 on a 486 needn't take 20 seconds after all.
695: <li>Kernel changes and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> switch for hardware asymmetric <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=4">crypto(4)</a> in userland.
696: <li>Add initial Ultra Port Architecture (<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=upa&sektion=4&arch=sparc64">upa(4/SPARC64)</a>) support. Attach <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=creator&sektion=4&arch=sparc64">creator(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=schizo&sektion=4&arch=sparc64">schizo(4)</a> using it.
1.12 jcs 697: <li>Import new <a href="vax.html">vax</a> boot code from NetBSD.
1.5 naddy 698: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=umct&sektion=4">umct(4)</a> USB serial driver and .<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=umidi&sektion=4">umidi(4)</a> USB MIDI driver. Not tested, not in GENERIC.
1.1 deraadt 699: <li>Add IPL_STATCLOCK and add lots of splassert()s.
1.5 naddy 700: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> spends less time with euid==0 even if it is installed setuid(root).
1.1 deraadt 701: <li>Much cleanup in distrib/miniroot.
1.5 naddy 702: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> -s state print UDP and 'other' states nicely.
703: <li>New scrub(fragcache) ... syntax for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
704: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT proxy port ranges can be specified per-rule.
705: <li>Don't <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=panic&sektion=9">panic(9)</a> if <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> tries to insert a duplicate key.
1.13 deraadt 706: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT and filter rules now all go in the one file (normally <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a>). New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> file syntax. Oh yes.
1.5 naddy 707: <li>Clean up semantics of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gre&sektion=4">gre(4)</a> a bit.
708: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifconfig&sektion=8">ifconfig(8)</a> prints the Ethernet address. Yippee!
1.13 deraadt 709: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=route&sektion=8">route(8)</a> now accepts DNS names (and naturally enough treats them as host routes).
1.5 naddy 710: <li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> using the same range for SPIs and CPIs.
711: <li>Ports can now be specified in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT rules.
712: <li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a> to attach to a running process.
713: <li>Add ioctl <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a> to retrieve the current emulation of a process.
714: <li>Remove <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dlopen&sektion=3">dlopen(3)</a> stuff from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>.
715: <li>Fix BPF code for a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gif&sektion=4">gif(4)</a> tunnel, and add some more sanity checks.
716: <li>Default RhostsAuthentication and RhostsRSAAuthentication to 'no' now that <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> is now longer setuid(root) by default.
717: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-add&sektion=1">ssh-add(1)</a> key lifetimes can now be specified in nice readable form, e.g. '-t 1h'.
1.1 deraadt 718: <li>Define __weak_alias() for mvme88k.
719: <li>Merge GNU TeXinfo 4.2.
1.5 naddy 720: <li>Prevent <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mbuf&sektion=9">mbuf(9)</a> leakage from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a>.
721: <li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bad144&sektion=8&arch=i386">bad144(8)</a>.
722: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=user&sektion=8">user(8)</a> now checks the username length against MaxUserNameLen.
723: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bio&sektion=4">bio(4)</a> device, so userland can talk to devices that don't have nodes in /dev.
724: <li>Remove KerberosIV startup code from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rc&sektion=8">rc(8)</a> files.
725: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT rules work more like normal filter rules.
726: <li>Add SIO*PHYADDR to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gif&sektion=4">gif(4)</a> so <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifconfig&sektion=8">ifconfig(8)</a> can set the outer address.
1.13 deraadt 727: <li>Make published <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=arp&sektion=8">arp(8)</a> entries work again (PR2635).
728: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcp&sektion=8">dhcp(8)</a> build faster (PR2715).
1.5 naddy 729: <li>Start converting <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systat&sektion=1">systat(1)</a> to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> instead of kvm.
1.1 deraadt 730: <li>Set FDDI link MTU the same as IPv4 MTU, fixes PR2714.
1.5 naddy 731: <li>Allow numeric group IDs in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>.
732: <li>Changes to initialisation and media config of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ep&sektion=4">ep(4)</a>.
733: <li>Add list support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> rdr rules.
734: <li>Fix a number of bad <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strlcpy&sektion=3">strlcpy(3)</a> calls.
735: <li>Fix PR2704 resuming <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=eso&sektion=4">eso(4)</a> after standby.
736: <li>Change a lot of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=index&sektion=3">index(3)</a> calls to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strchr&sektion=3">strchr(3)</a>.
1.1 deraadt 737: <li>Change "'cuz" to "because." Strewth!
1.5 naddy 738: <li>Add another <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mbuf&sektion=9">mbuf(9)</a> flag M_AUTH_AH, changing the meaning of M_AUTH.
739: <li>Remove a bunch of '\n's from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslog&sektion=3">syslog(3)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=err&sektion=3">err(3)</a> calls.
740: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> IKECFG support work for both SET/ACK and REQ/REPLY modes.
741: <li>Fixes for OpenSSL when talking to hardware <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=4">crypto(4)</a>.
742: <li>Stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&sektion=1">ftp(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftpd&sektion=8">ftpd(8)</a> spilling the IPv6 scope ID onto the wire.
743: <li>The hardware is willing, and now <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xl&sektion=4">xl(4)</a> is able to offload TCP, UDP and IP checksumming to it.
744: <li>Support setting MTU on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sk&sektion=4">sk(4)</a>.
745: <li>Add KERN_{NFILES,TTYCOUNT,NUMVNODES,MBSTAT} <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> entries.
746: <li>For a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a>, handle IPv4 frag-needed-but-DF-set just like on a regular interface.
747: <li>Pull in some <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pciide&sektion=4">pciide(4)</a> fixes from NetBSD.
748: <li>Remove (arguably) unnecessary setgid(operator) from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=df&sektion=1">df(1)</a>.
749: <li>Remove setuid(kmem) from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ps&sektion=1">ps(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=w&sektion=1">w(1)</a> now kvm can use sysctl for some stuff. We don't need no proc filesystem...
750: <li>Make the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kvm&sektion=3">kvm(3)</a> library try to use the shiny new sysctls to fetch process arguments and environment.
751: <li>Add flag to stop <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kvm_open&sektion=3">kwm_open(3)</a> opening any files, though limiting kvm functionality.
752: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> to retrieve process arguments and environment.
1.1 deraadt 753: <li>Tweak kernel memory allocation on i386 to work better on 4GB machines.
1.5 naddy 754: <li>Work started on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=schizo&sektion=4&arch=sparc64">schizo(4/SPARC64)</a> PCI controller. Who said that?
1.1 deraadt 755: <li>Install script now puts FQDN in /etc/myname.
756: <li>Make more use of splsoftnet() (instead of splnet()) in IPv6 code.
757: <li>lo0 now only gets ::1 when it's brought up.
758: <li>Merge <a href="http://www.pdc.kth.se/kth-krb/">kth-krb</a> 1.1.1.
1.13 deraadt 759: <li>Enable weak aliases in libc for powerpc, sparc and alpha (already enabled on i386).
1.1 deraadt 760: <li>Add new splusb() to prevent USB initialisation lossage.
1.5 naddy 761: <li>Improve SMART support in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atactl&sektion=8">atactl(8)</a>.
762: <li>Silently ignore deprecated options to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> since they may be passed in for a remote scp command.
763: <li>Remove FallbackToRsh from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&sektion=1">scp(1)</a> as well.
764: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> NAT rules now do macro expansion as well.
765: <li>Add Makefile-like (var += ...) macro concatenation to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>, then remove it again.
766: <li>Add per-rule state timeouts to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
1.12 jcs 767: <li>Fix well-hidden little bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=3">crypto(3)</a> to unbork <a href="sparc64.html">sparc64</a> SSL/TLS negotiation.
768: <li>On <a href="alpha.html">alpha</a>, don't allow kernel symbols to be paged out.
1.5 naddy 769: <li>Deprecate FallbackToRsh and UseRsh options in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>.
770: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign&sektion=8">ssh-keysign(8)</a> now insists on 20-byte session IDs.
1.1 deraadt 771: <li>Remove suspect DIAGNOSTIC block from softdep kernel code.
1.5 naddy 772: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wsdisplay&sektion=4">wsdisplay(4)</a> screen blanker play nice with the X server.
773: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lpr&sektion=1">lpr(1)</a> and friends go from setuid(root) to setgid(daemon). Connections can come from unprivileged ports for now.
774: <li>Add Realtek 8129/8139 cardbus device support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rl&sektion=4">rl(4)</a>.
1.12 jcs 775: <li>Switch <a href="macppc.html">macppc</a> to use gem instead of gm.
1.5 naddy 776: <li>Multicast fixes and Gigabit Ethernet support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gem&sektion=4">gem(4)</a>.
1.1 deraadt 777: <li>Rule label length increased from 32 to 64 characters.
1.5 naddy 778: <li>Allow modification of TTL with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> return-rst.
779: <li>Timeout handling improvements to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ohci&sektion=4">ohci(4)</a>.
780: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a> print RIP6 statistics.
781: <li>Allow a per-rule limit to the number of state table entries a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5">pf.conf(5)</a> rule can create.
782: <li>Switch <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> from AVL to red-black trees.
1.1 deraadt 783: <li>Add Gemplus GPR400 PCMCIA smartcard reader.
784: <li>Don't propose IDEA when negotiating SSL connections.
1.5 naddy 785: <li>$srcaddr, $srcport, $dstaddr, $dstport, $proto and $nr (rule number) can now be used in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> rule labels.
786: <li>Make a kernel TCP RST and a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> return-rst look the same, to frustrate the nmap crowd.
787: <li>Some <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a> filter list optimizations.
1.1 deraadt 788: <li>Remove IPv4 mapped address support from TCP input code, and remove is_ipv6().
1.5 naddy 789: <li>Add net.inet6.ip6.v6only <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=8">sysctl(8)</a> flag.
790: <li>Add ikecfg as a valid flag in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd.conf&sektion=5">isakmpd.conf(5)</a>. Start coding SET/ACK mode support.
791: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inetd&sektion=8">inetd(8)</a> no longer accepts UDP packets if the source is a broadcast address.
1.1 deraadt 792: <li>Start work on <a href="http://www.xfree86.org/current/Xkdrive.1.html">KDrive</a> (TinyX) low-footprint X server support.
793: <li>Add a missing bzero() in sys/netinet/tcp_input.c to fix link-local TCP.
1.5 naddy 794: <li>Add flow type to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>.
795: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> crasher PR2729.
1.1 deraadt 796: <li>Deprecate SIO.*IFPREFIX_IN6 ioctls.
797: <li>Merge <a href="http://www.stacken.kth.se/projekt/arla/">arla</a> release 0.35.7.
798: <li>Merge OpenSSL 0.9.7-stable-20020605.
1.5 naddy 799: <li>TCP wrappers and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> accept scoped IPv6 addresses.
1.1 deraadt 800: <li>Remove [gs]etprogname() from KerberosIV
1.5 naddy 801: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> crash described in PR2721.
1.1 deraadt 802: <li>Disable XF86_SVGA drivers in old XFree that are as good or better in XFree86 4.2.0, as defined in their <a href="http://www.xfree86.org/4.2.0/Status.html">status page</a>.
1.5 naddy 803: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bpf&sektion=4">bpf(4)</a> support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kqueue&sektion=2">kqueue(2)</a>
804: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>, add netmask, subnet and DHCP server request support to IKECFG.
805: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bktr&sektion=4&arch=i386">bktr(4)</a> stereo.
1.13 deraadt 806: <li>Support the RNG of AMD-768 southbridge (device <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=amdpm&sektion=4">amdpm(4)</a>).
807: <li>Fix DMA handing of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hme&sektion=4&arch=sparc">hme(4)</a> (SPARC and SPARC64).
1.5 naddy 808: <li>Pull in libcsu change from NetBSD to allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dlopen&sektion=3">dlopen(3)</a> to be used much earlier.
809: <li>Add -t key lifetime option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-add&sektion=1">ssh-add(1)</a>.
1.1 deraadt 810: <li>Use IPv4/IPv6 addresses in /etc/inetd.conf instead of 'localhost' to avoid DNS lookups.
1.5 naddy 811: <li>Add predicate suffixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a>.
812: <li>Add -x and -X options to respectively lock and unlock <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a>.
1.1 deraadt 813: <li>Compatibility tweaks to getpid(), getuid() and getgid() under Linux emulation.
814: <li>Start work on new debugger, pmdb.
1.5 naddy 815: <li>Additional check (#ifdef DIAGNOSTIC) for duplicate <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uvm&sektion=9">uvm(9)</a> map entries.
816: <li>If <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslog&sektion=3">syslog(3)</a> fails with ENOBUFS when sending to /dev/log, it now waits a millisecond and retries.
817: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslogd&sektion=8">syslogd(8)</a> doubles the socket receive buffer size.
818: <li>Automatic policy generation for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a>.
819: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lynx&sektion=1">lynx(1)</a> now defaults to passive FTP.
1.1 deraadt 820: <li>Remove [gs]etprogname() from KerberosV.
1.5 naddy 821: <li>New -a <bind_address> option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a> so user can specify the agent's UNIX domain socket.
822: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tbrconfig&sektion=8">tbrconfig(8)</a> statically linked.
1.1 deraadt 823: <li>Remove assumptions about MTU values for certain media types.
1.5 naddy 824: <li>Use the same byte-order kung fu as the kernel in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atactl&sektion=8">atactl(8)</a>.
1.1 deraadt 825: <li>Don't automagically set -prefixlen 128 on IPv6 host route.
1.5 naddy 826: <li>rasops instead of rcons for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vgafb&sektion=4&arch=sparc64">vgafb(4/SPARC64)</a>.
827: <li>Add xsystrace(1) [no manpage yet] UI for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=4">systrace(4)</a>.
1.13 deraadt 828: <li> Add sbus <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bwtwo&sektion=4&arch=sparc">bwtwo(4)</a> mono framebuffer support (untested).
1.1 deraadt 829: <li>PrivSep'd <a href="http://www.openssh.com/">ssh</a> monitor processes check each authentication method is enabled before use.
1.5 naddy 830: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1">systrace(1)</a> userland import.
831: <li>Use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=arc4random&sektion=3">arc4random(3)</a> for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rtadvd&sektion=8">rtadvd(8)</a>.
832: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nice&sektion=3">nice(3)</a> standards compliant.
833: <li>More <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> tweaks for Symbol cards.
1.1 deraadt 834: <li>Recognise VIA VT8233 PCI-ISA bridge.
1.12 jcs 835: <li>Fix <a href="sparc64.html">sparc64</a> 64-bit relocation masks in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a>.
1.1 deraadt 836: <li>Merge in <a href="http://www.sendmail.org/">Sendmail</a> 8.12.4.
1.5 naddy 837: <li>Detect stereo radio reception in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fms&sektion=4">fms(4)</a>.
838: <li>Compatibility tweaks to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=creator&sektion=0&arch=sparc64">creator(4/SPARC64)</a>.
839: <li>Replace <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mr&sektion=4&manpath=OpenBSD+3.1">mr(4)</a> radio driver with new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gtp&sektion=4">gtp(4)</a> driver, which is better tested.
840: <li>'<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl</a> -s all' now prints labels as well.
1.1 deraadt 841: <li>Add volatile to sig_atomic_t. Stand well back.
1.5 naddy 842: <li>Use rasops instead of rcons in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cgthree&sektion=4&arch=sparc">cgthree(4/SPARC)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cgsix&sektion=4&arch=sparc">cgsix(4/SPARC)</a>.
1.1 deraadt 843: <li>Simplify IPv6 link MTU code.
844: <li>Implement PMAP_CANFAIL flag for m68k pmap.
1.5 naddy 845: <li>Enable console blanking on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cgthree&sektion=4&arch=sparc">cgthree(4/SPARC)</a>.
1.1 deraadt 846: <li>Make sure some struct sockaddr are cleared before use.
1.5 naddy 847: <li>Start work on NetOctave NSP2000 (hardware crypto) driver <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=noct&sektion=4">noct(4)</a>. Just the RNG for now.
1.1 deraadt 848: <li>Apply <a href="http://www.dachb0den.com/projects/bsd-airtools.html">BSD Airtools</a> 0.2 patches.
1.5 naddy 849: <li>Teach <a href="http://www.ietf.org/rfc/rfc3168.txt?number=3168">ECN</a> flags to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
850: <li>Dump <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mkisofs&sektion=8&manpath=OpenBSD+3.1">mkisofs(8)</a> in favor of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mkhybrid&sektion=8">mkhybrid(8)</a>.
851: <li>Avoid fd_set overruns in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rtsold&sektion=8">rtsold(8)</a>, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=route6d&sektion=8">route6d(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rtadvd&sektion=8">rtadvd(8)</a>.
852: <li>Clue in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inetd&sektion=8">inetd(8)</a> to IPv6 FTP bounce attacks.
853: <li>Fix /etc/ptmp deletion bug that occurred if <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rmuser&sektion=8">rmuser(8)</a> was aborted.
1.1 deraadt 854: <li>IBSS mode for Symbol cards (firmware >= 2.5) using the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi">wi(4)</a> driver.
855: <li>Add leading-zero padding to RSA signatures in <a href="http://www.openssh.com/">ssh</a>.
1.5 naddy 856: <li>Tweak <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=altq&sektion=9">altq(9)</a> <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=options&sektion=4">options(4)</a> so the kernel compiles on i[34]86.
857: <li>Add support in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fxp&sektion=4">fxp(4)</a> driver for more Intel PRO/100 VM cards.
858: <li>For those that do metric but refuse to work in meters and kilograms, <a href="http://www.unc.edu/~rowlett/units/dictK.html">kayser</a> conversion has been added to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=units&sektion=1">units(1)</a>. Wow.
859: <li>Fix signal races in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ping&sektion=8">ping(8)</a>.
860: <li>Now that the Dungeon Master <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dm&sektion=0&manpath=OpenBSD+3.1">dm(1)</a> has gone into well-earned retirement, make those games that need to save high scores, etc. run setgid games.
861: <li>Per-socket <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> policies and options!
862: <li>Stop a potential <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> DoS where an attacker could falsely advance the replay counter and so force valid traffic to be discarded.
1.1 deraadt 863: <li>Add German keyboard map for Apple laptops.
1.5 naddy 864: <li>On ELF platforms, allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc&sektion=1">gcc(1)</a> to link Fortran code with other languages.
1.1 deraadt 865: <li>Make sure every PCI interrupt is recorded, so ISA doesn't step on one of them later.
1.5 naddy 866: <li>Better <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=radio&sektion=4">radio(4)</a> devices attachment.
867: <li>Fix VIA8233 support in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=auvia&sektion=4">auvia(4)</a>.
868: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nc&sektion=1">nc(1)</a> timeouts behave more like netcat.
869: <li>Make sure user's shell is /usr/sbin/authpf before running <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=authpf&sektion=8">authpf(8)</a> to prevent $SSH_CLIENT shenanigans.
870: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh</a>, use OpenSSL's AES implementation instead of our own.
871: <li>Add -[46] options to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&sektion=1">ftp(1)</a>.
1.1 deraadt 872: <li>Warn to syslog if IPv6 neighbor discovery tries to set the link MTU too small.
1.5 naddy 873: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tip&sektion=1">tip(1)</a> query the driver with the user's baud rate setting rather than only accepting a compiled-in list.
874: <li>Cleanup and small fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=skeyaudit&sektion=1">skeyaudit(1)</a>.
875: <li>Fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fms&sektion=4">fms(4)</a>.
876: <li>Various fixes and enhancements to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a>.
877: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> no longer starts in privilege-separated mode unless the PrivSep user sshd and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chroot&sektion=2">chroot(2)</a> dir /var/empty are both present.
878: <li>Fix potential time overflow in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dd&sektion=1">dd(1)</a>.
879: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a> refragment IP packets that are too large for the outgoing interface.
1.1 deraadt 880: <li>Remove libdl, support is in libc since a long time already.
1.5 naddy 881: <li>Recognise Nokia C110 and C111 PC cards as <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> devices.
882: <li>Really sanitize <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a>'s environment as promised in the manpage when running set[ug]id, and test for set[ug]id earlier.
883: <li>Don't allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mktemp&sektion=3">mktemp(3)</a> to back up past the beginning of its input buffer.
884: <li>Use the correct string buffer size for printing port numbers in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
1.1 deraadt 885: <li>Remove arc4random_8().
886: <li>struct ifnet now has an array of pointers to data for each address family. Move per-interface IPv6 state and neighbor discovery stuff here.
1.5 naddy 887: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a> cleanup.
888: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ping6&sektion=8">ping6(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=traceroute6&sektion=8">traceroute6(8)</a> updates from <a href="http://www.kame.net/">KAME</a>.
1.1 deraadt 889: <li>unsigned -> unsigned int cleanup.
890: <li>Repair machdep.chipset sysctl on alpha.
891: <li>Audit pid_t type usage.
892: <li>Audit incorrect signal(2) usage.
1.5 naddy 893: <li>Fix big <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=snprintf&sektion=3">snprintf(3)</a>
894: parameter typo in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strftime&sektion=3">strftime(3)</a>.
895: <li>Don't use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=execlp&sektion=3">execlp(3)</a> when invoking <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign&sektion=8">ssh-keysign(8)</a>.
896: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kill&sektion=2">kill(2)</a> parameter brainfade in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=amd&sektion=8">amd(8)</a> and KerberosIV's rlogin.
1.12 jcs 897: <li><a href="vax.html">vax</a>: Add board type for VXT2000+.
1.1 deraadt 898: <li>More IANA interface type values, including IFT_BRIDGE.
899: <li>Split XFree86 bsd_video.c into architecture-specific files.
1.5 naddy 900: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=8">sysctl(8)</a> toggle net.inet.icmp.tstamprepl (default: 1) for ICMP timestamp replies.
1.1 deraadt 901: <li>Even more steps toward the death of unsafe string functions.
902: <li>In XFree86 build, honour COPTS variable when building third-party apps.
903: <li>Add LIBS option for crunchgen so custom libraries can be added to boot images.
1.5 naddy 904: <li>Run <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rpc.rstatd&sektion=8">rpc.rstatd(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rpc.rusersd&sektion=8">rpc.rusersd(8)</a> as user nobody (boo!) from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inetd&sektion=8">inetd(8)</a>.
905: <li>From <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a>, remove tests that have no license, and for the same reason replace parts of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld&sektion=1">ld(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ldconfig&sektion=8">ldconfig(8)</a>.
1.12 jcs 906: <li>Remove unnecessary instruction cache flushes on <a href="sparc64.html">sparc64</a>.
1.5 naddy 907: <li>Many cleanups in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a>.
908: <li>Support mixed IPv4/IPv6 address lists in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
909: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign&sektion=8">ssh-keysign(8)</a>.
910: <li>Remove obsolete <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dm&sektion=8&manpath=OpenBSD+3.0">dm(8)</a>.
1.1 deraadt 911: <li>Fix <a
1.5 naddy 912: href="http://www.openbsd.org/cgi-bin/man.cgi?query=disklabel&sektion=8">disklabel(8)</a>
1.1 deraadt 913: warnings on CD-ROM
1.5 naddy 914: (<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cd&sektion=4">cd(4)</a>)
1.1 deraadt 915: with no data track.
1.5 naddy 916: <li>Allow incoming <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> connections in the temporary <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> ruleset installed by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rc&sektion=8">/etc/rc</a>, just in case the real rulebase fails to load later on.
917: <li>Hunt for biodone() calls not made at splbio() <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spl&sektion=9">spl(9)</a>, and fix them.
918: <li>Improve <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mount_cd9660&sektion=8">cd9660(8)</a> filesystem read-ahead performance.
1.1 deraadt 919: <li>Support software brightness and backlight control on various macppc models.
1.5 naddy 920: <li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wsconsctl&sektion=8">wsconsctl(8)</a> to control brightness and backlight on displays which
1.1 deraadt 921: support this.
922: <li>New libc IEEE floating-point code and libm routines for hppa.
1.5 naddy 923: <li>splassert (<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spl&sektion=9">spl(9)</a>) on i386.
1.1 deraadt 924: <li>More steps toward the death of unsafe string functions.
1.5 naddy 925: <li>splassert (<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spl&sektion=9">spl(9)</a>) on sparc64.
926: <li>Add a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=creator&sektion=4&arch=sparc64">creator(4)</a> driver for sparc64 Creator and Creator3D cards.
927: <li>Jumbo <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lpr&sektion=1">lpr(1)</a> changes including IPv6 support, new features, and bugfixes.
1.1 deraadt 928: <li>Still more hppa memory management and low-level code fixes.
929: <li>Simple pmap optimization on macppc.
930: <li>Did we mention the cleaning of the installation scripts, adding functionality yet reducing size?
1.5 naddy 931: <li>Allow <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ddb&sektion=4">ddb(4)</a> to do a stack trace into the kernel message buffer.
932: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isp&sektion=4">isp(4)</a> fixes.
933: <li><font color="#e00000"><strong>SECURITY FIX: Fix incorrect ACL check when using BSD authentication in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>.</strong></font><br>
1.4 margarid 934: <a href="errata31.html#sshbsdauth">A source code patch is available</a>.<br>
1.5 naddy 935: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
936: <li>Fix a memory leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a>.
1.1 deraadt 937: <li>New systrace facility.
1.19 david 938: <li>Better Cyrix CPU support.
1.1 deraadt 939: <li>ECN support.
1.5 naddy 940: <li>Support SNTP in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rdate&sektion=8">rdate(8)</a>.
1.1 deraadt 941: <li>Fix infinite SIGFPE loop situations on vax.
942: <li>Remove unnecessary setuid bit from binaries that either do not need it or
943: whose functionality requiring root privileges should only be invoked by root
944: anyways, or which can be changed into a setgid bit for a specific group.
1.5 naddy 945: <li>Switch <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=skey&sektion=1">skey(1)</a> management to per-user directories instead of a flat file and drop setuid bit on related tools.
946: <li>Lots of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ppp&sektion=8">ppp(8)</a> goodies.
947: <li>New splassert (see <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spl&sektion=9">spl(9)</a>) debug functionality on sparc.
1.1 deraadt 948: <li>Enable Altivec instructions in macppc kernels.
1.5 naddy 949: <li>Support more Hifn cards (7814, 7851, 7854) via the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nofn&sektion=4">nofn(4)</a> driver.
1.1 deraadt 950: <li>OpenSSL 0.9.7.
1.5 naddy 951: <li>Completely rework <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=at&sektion=1">at(1)</a> and related binaries, and make them POSIX-compliant.
952: <li>More use of hardware crypto cards functionality via <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ubsec&sektion=4">ubsec(4)</a>.
1.1 deraadt 953: <li>More hppa memory management fixes.
954: <li>binutils 2.11.2.
1.5 naddy 955: <li>Add per-gid filtering to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
956: <li>Switch <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=at&sektion=1">at(1)</a> to be setgid crontab as well.
957: <li>Handle host names resolving in several addresses in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
1.1 deraadt 958: <li>Fix compilation warnings for various userland programs.
1.5 naddy 959: <li>Add a new user, crontab, and change <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cron&sektion=8">cron(8)</a> from being setuid root to being setgid crontab.
960: <li>Add per-uid filtering to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
961: <li>More <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=usb&sektion=4">usb(4)</a> support updates.
962: <li>More <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ubsec&sektion=4">ubsec(4)</a>
1.1 deraadt 963: hackery to get it to do more crypto operations, and hack
1.5 naddy 964: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hifn&sektion=4">hifn(4)</a>
1.1 deraadt 965: and
1.5 naddy 966: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lofn&sektion=4">lofn(4)</a>
1.1 deraadt 967: to work with this.
968: <li>Your average extensive cleaning of the installation scripts, adding functionality yet reducing size.
1.5 naddy 969: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=adb&sektion=4&arch=powerpc">adb(4)</a> french keyboard layout on macppc.
970: <li>Switch ELF platforms to the native <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gprof&sektion=1">gprof(1)</a>.
1.1 deraadt 971: <li>Obtain a better licence for the hppa spmath routines.
1.5 naddy 972: <li>Add an <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=url&sektion=4">url(4)</a> driver for Realtek RTL8150L-based USB cards.
1.1 deraadt 973: <li>mvme88k pmap bugfixes.
1.5 naddy 974: <li>Various <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=usb&sektion=4">usb(4)</a> driver updates.
975: <li>Remove <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rlogin&sektion=1&manpath=OpenBSD+3.0">rlogin(1)</a>,
976: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rlogind&sektion=8&manpath=OpenBSD+3.0">rlogind(8)</a> and
977: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rexecd&sektion=8&manpath=OpenBSD+3.0">rexecd(8)</a>.
978: <li>Fix several wrong computations in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newfs&sektion=8">newfs(8)</a>.
979: <li>Workaround ghost pcibus detection in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pchb&sektion=4">pchb(4)</a>.
980: <li>Add a tuner driver for the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fms&sektion=4">fms(4)</a> radio cards.
981: <li>Allow userland to know which <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> rule created a specific state.
982: <li>Prevent a 3.0 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wsmoused&sektion=8&arch=i386">wsmoused(8)</a> binary from panic'ing the kernel.
983: <li>Enable privsep by default in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>.
984: <li>Fix <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=find&sektion=1">find(1)</a>'s -anewer and -cnewer options behaviour.
1.1 deraadt 985: <li>Sprinkle ptrdiff_t and size_t types instead of int all over the tree.
1.5 naddy 986: <li>Support LBA48 addressing in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wdc&sektion=4">wdc(4)</a>.
1.1 deraadt 987: <li>Bring back TURBOchannel alpha hardware support.
1.5 naddy 988: <li>Fix a slightly incorrect behaviour of the device cloning in UKC (<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=boot_config&sektion=8">boot_config(8)</a>).
989: <li><font color="#e00000"><strong>SECURITY FIX: cause the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=exec&sektion=3">exec(3)</a> to fail if we are unable to allocate resources when dup-ing <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=null&sektion=4">/dev/null(4)</a> to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fd&sektion=4">fd(4)</a>'s 0-2 for setuid programs.</strong></font><br>
1.4 margarid 990: <a href="errata31.html#fdalloc2">A source code patch is available</a>.<br>
1.5 naddy 991: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.1 deraadt 992: <li>Extended Attributes code updates.
1.5 naddy 993: <li>Improve PS/2 mouse port detection in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pckbc&sektion=4">pckbc(4)</a>.
994: <li>Better <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hifn&sektion=4">hifn(4)</a> initialisation and memory usage.
1.1 deraadt 995: <li>Extensive cleaning of the installation scripts, adding functionality yet reducing size. No, you're not having a deja vu.
996: <li>Fix ethernet interrupt level on sparc, and rework the sparc interrupt framework.
997: <li>Better color depth detection in Xwsfb.
1.5 naddy 998: <li>64-bit fixes in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vmstat&sektion=8">vmstat(8)</a>.
999: <li>Improve dma processing in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bge&sektion=4">bge(4)</a>.
1000: <li><strong>RELIABILITY FIX: constrain readdirplus request count in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mount_nfs&sektion=8">nfs(8)</a> filesystem.</strong><br>
1001: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.1 deraadt 1002: <li>Switch macppc console from the rcons engine to the rasops engine.
1003: <li>Extensive cleaning of the installation scripts, adding functionality yet reducing size. Yes, once again.
1004: <li>Add IEEE754 floating point completion code on alpha.
1.5 naddy 1005: <li>Improve dma processing in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gx&sektion=4">gx(4)</a>.
1.1 deraadt 1006: <li>Build the XFree86 GLX extension on sparc64.
1007: <li>Hunt for outdated prototypes for character devices entry points and fix them.
1.9 miod 1008: <li>Switch mvme88k to the new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=MAKEDEV&sektion=8&arch=mvme88k">MAKEDEV(8)</a> generation framework.
1.5 naddy 1009: <li>Implement the -s option in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=m4&sektion=1">m4(1)</a>, for it to be POSIX-compliant.
1.1 deraadt 1010: <li>Kill all mvme68k kernel compilation warnings.
1011: <li>Assorted mac68k code cleanups.
1.5 naddy 1012: <li>Shared key support in hostap mode in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a>.
1013: <li>Make Xwsfb support <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tga&sektion=4&arch=alpha">tga(4)</a> cards on alpha.
1014: <li>Fix a lock leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ami&sektion=4">ami(4)</a>.
1015: <li><font color="#e00000"><strong>SECURITY FIX: update <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sudo&sektion=8">sudo(8)</a> to sudo 1.6.6.</strong></font><br>
1.4 margarid 1016: <a href="errata31.html#sudo">A source code patch is available</a>.<br>
1.5 naddy 1017: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1018: <li><strong>RELIABILITY FIX: avoid buffer overrun on PASV from a malicious server in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&sektion=1">ftp(1)</a>.</strong><br>
1019: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1020: <li>Add a Soundforte radio driver, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sfr&sektion=4&arch=i386">sfr(4)</a>.
1021: <li>Add dynamic interface -> address translation in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
1.1 deraadt 1022: <li>Add kernel hooks on ethernet interfaces, triggered by address changes.
1023: <li>Extended Attributes code updates.
1024: <li>Enable the Freetype library on sparc64.
1.3 mickey 1025: <li>Add queuing in the kernel crypto framework.
1.1 deraadt 1026: <li>Make the system includes C++ friendly.
1.5 naddy 1027: <li>Allow explicit filtering of non-reassembled fragments in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>.
1028: <li>Support more hardware and fix stability issues in the mac68k <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sn&sektion=4&arch=mac68k">sn(4)</a> network driver.
1029: <li>Improved Lithuanian keyboard map for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wscons&sektion=4">wscons(4)</a>.
1030: <li><font color="#e00000"><strong>SECURITY FIX: fix a buffer overflow in AFS/Kerberos token handling in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>, and send a complete ticket.</strong></font><br>
1.4 margarid 1031: <a href="errata31.html#sshafs">A source code patch is available</a>.<br>
1.5 naddy 1032: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1033: <li>Fix a memory leak in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&sektion=1">mg(1)</a>.
1.1 deraadt 1034: <li>Assorted hppa memory management fixes.
1.5 naddy 1035: <li>Allow fractional delays in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=top&sektion=1">top(1)</a>.
1.1 deraadt 1036: <li>Enable upgrade functionality again on alpha installation media.
1037: <li>Extensive cleaning of the installation scripts, adding functionality yet reducing size.
1.5 naddy 1038: <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1">cvs(1)</a> create the .cvspass file on a login operation if it does not exist, rather than failing.
1.1 deraadt 1039: <li>Extend mac68k disklabels to 16 partitions, like all the other platforms.
1.5 naddy 1040: <li>Add cddb support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cdio&sektion=1">cdio(1)</a>.
1041: <li>Support more network cards with the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dc&sektion=4">dc(4)</a> driver.
1.1 deraadt 1042: <li>Improve sparc pmap behaviour in some low memory conditions.
1043: <li>sendmail 8.13.
1.5 naddy 1044: <li>Switch mvme68k to the new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=MAKEDEV&sektion=8&arch=mvme68k">MAKEDEV(8)</a> generation framework.
1045: <li>Improve the library logic in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld&sektion=1">ld(1)</a> to increase speed and decrease memory usage on a.out platforms.
1.1 deraadt 1046: <li>New mvme68k installation media.
1047: <li>Change fpu probe routine on mac68k.
1.5 naddy 1048: <li>Fix an obscure bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sed&sektion=1">sed(1)</a>.
1049: <li>Support more wireless cards with the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a> driver, and fix a few issues within.
1050: <li>Fix 64-bit issues in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a>.
1051: <li>Remove the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wx&sektion=4&manpath=OpenBSD+3.0">wx(4)</a> driver,
1052: which had been deprecated in favor of the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gx&sektion=4">gx(4)</a> driver.
1.1 deraadt 1053: </ul>
1054: <p>
1055:
1056: This list mentions mostly platform-independent changes. For a list of changes
1057: made in a particular platform, please check the page for that platform. If you
1058: find them not listed there, the changes are either (1) not being documented or
1059: (2) are documented here.<br><br>
1060:
1061: <hr>
1062: <p>
1063: <h3>
1.2 deraadt 1064: For changes in other releases, click below:<br>
1065: <a href="plus20.html">2.0</a>,
1066: <a href="plus21.html">2.1</a>,
1067: <a href="plus22.html">2.2</a>,
1068: <a href="plus23.html">2.3</a>,
1069: <a href="plus24.html">2.4</a>,
1070: <a href="plus25.html">2.5</a>,
1071: <a href="plus26.html">2.6</a>,
1072: <a href="plus27.html">2.7</a>,
1073: <a href="plus28.html">2.8</a>,
1074: <a href="plus29.html">2.9</a>,
1075: <a href="plus30.html">3.0</a>,
1076: <a href="plus31.html">3.1</a>,
1.6 deraadt 1077: <a href="plus33.html">3.3</a>,
1.11 david 1078: <a href="plus34.html">3.4</a>,
1.14 deraadt 1079: <a href="plus35.html">3.5</a>,
1.17 miod 1080: <a href="plus36.html">3.6</a>,
1.18 deraadt 1081: <a href="plus37.html">3.7</a>,
1.20 deraadt 1082: <a href="plus38.html">3.8</a>,
1.21 ! deraadt 1083: <a href="plus39.html">3.9</a>,
1.2 deraadt 1084: <a href="plus.html">current</a>.
1.1 deraadt 1085: <br>
1086: </h3>
1087:
1088: <hr>
1089: <a href="index.html"><img height=24 width=24 src="back.gif" border=0 alt="OpenBSD"></a>
1090: <a href="mailto:www@openbsd.org">www@openbsd.org</a>
1.21 ! deraadt 1091: <br><small>$OpenBSD: plus32.html,v 1.20 2005/09/13 23:05:43 deraadt Exp $</small>
1.1 deraadt 1092:
1093: </body>
1094: </html>