Annotation of www/plus32.html, Revision 1.61
1.5 naddy 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1.1 deraadt 2: <html>
3: <head>
1.55 tj 4: <title>OpenBSD 3.2 Changelog</title>
1.15 david 5: <meta name="description" content="OpenBSD 3.2 changes">
1.1 deraadt 6: <meta name="copyright" content="This document copyright 1996-2002 by OpenBSD.">
1.53 deraadt 7: <meta name="viewport" content="width=device-width, initial-scale=1">
8: <link rel="stylesheet" type="text/css" href="openbsd.css">
1.57 tb 9: <link rel="canonical" href="https://www.openbsd.org/plus32.html">
1.1 deraadt 10: </head>
11:
12: <body bgcolor="#ffffff" text="#000000" link="#23238e">
13:
1.53 deraadt 14: <h2>
15: <a href="index.html">
16: <font color="#0000ff"><i>Open</i></font><font color="#000084">BSD</font></a>
1.55 tj 17: <font color="#e00000">3.2 Changelog</font>
18: </h2>
1.5 naddy 19: <hr>
1.1 deraadt 20:
21: <p>
22: This is a partial list of the major machine-independent changes
1.28 sobrado 23: (i.e., these are the changes people ask about most often). Machine
1.1 deraadt 24: specific changes have also been made, and are sometimes mentioned
25: in the pages for the specific <a href="plat.html">platforms</a>.
26:
27: <p>
1.5 naddy 28: Note: <font color="#e00000">Problems for which patches exist are marked in red</font>.
1.1 deraadt 29:
30: <p>
1.2 deraadt 31: For changes in other releases, click below:<br>
32: <a href="plus20.html">2.0</a>,
33: <a href="plus21.html">2.1</a>,
34: <a href="plus22.html">2.2</a>,
35: <a href="plus23.html">2.3</a>,
36: <a href="plus24.html">2.4</a>,
37: <a href="plus25.html">2.5</a>,
38: <a href="plus26.html">2.6</a>,
39: <a href="plus27.html">2.7</a>,
40: <a href="plus28.html">2.8</a>,
41: <a href="plus29.html">2.9</a>,
42: <a href="plus30.html">3.0</a>,
43: <a href="plus31.html">3.1</a>,
1.6 deraadt 44: <a href="plus33.html">3.3</a>,
1.11 david 45: <a href="plus34.html">3.4</a>,
1.14 deraadt 46: <a href="plus35.html">3.5</a>,
1.17 miod 47: <a href="plus36.html">3.6</a>,
1.42 deraadt 48: <a href="plus37.html">3.7</a>,
1.27 deraadt 49: <br>
1.20 deraadt 50: <a href="plus38.html">3.8</a>,
1.21 deraadt 51: <a href="plus39.html">3.9</a>,
1.22 deraadt 52: <a href="plus40.html">4.0</a>,
1.23 deraadt 53: <a href="plus41.html">4.1</a>,
1.24 deraadt 54: <a href="plus42.html">4.2</a>,
1.26 deraadt 55: <a href="plus43.html">4.3</a>,
1.27 deraadt 56: <a href="plus44.html">4.4</a>,
1.29 deraadt 57: <a href="plus45.html">4.5</a>,
1.30 deraadt 58: <a href="plus46.html">4.6</a>,
1.31 deraadt 59: <a href="plus47.html">4.7</a>,
1.32 deraadt 60: <a href="plus48.html">4.8</a>,
1.34 deraadt 61: <a href="plus49.html">4.9</a>,
1.35 nick 62: <a href="plus50.html">5.0</a>,
1.36 schwarze 63: <a href="plus51.html">5.1</a>,
1.37 nick 64: <a href="plus52.html">5.2</a>,
1.38 deraadt 65: <a href="plus53.html">5.3</a>,
1.39 deraadt 66: <a href="plus54.html">5.4</a>,
1.40 deraadt 67: <br>
1.42 deraadt 68: <a href="plus55.html">5.5</a>,
1.45 brett 69: <a href="plus56.html">5.6</a>,
1.46 deraadt 70: <a href="plus57.html">5.7</a>,
1.49 deraadt 71: <a href="plus58.html">5.8</a>,
1.50 deraadt 72: <a href="plus59.html">5.9</a>,
1.56 deraadt 73: <a href="plus60.html">6.0</a>,
1.60 deraadt 74: <a href="plus61.html">6.1</a>,
1.2 deraadt 75: <a href="plus.html">current</a>.
1.1 deraadt 76: <br>
77:
78: <p>
1.43 deraadt 79: <h3><font color="#0000e0">Changes made between OpenBSD 3.1 and 3.2</font></h3>
80: <p>
81:
1.1 deraadt 82: <ul>
83: <li>Release branch created.
84: <!-- ^^^ 20021003 -->
1.61 ! tb 85: <li>Cool new <a href="https://man.openbsd.org/?query=xdm&sektion=1">xdm(1)</a> images for 3.2.
! 86: <li><font color="#e00000"><strong>SECURITY FIX: Incorrect argument checking in the <a href="https://man.openbsd.org/?query=setitimer&sektion=2">setitimer(2)</a> system call may allow an attacker to write to kernel memory.</strong></font><br>
1.4 margarid 87: <a href="errata31.html#kerntime">A source code patch is available</a>.<br>
1.5 naddy 88: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.1 deraadt 89: <!-- ^^^ 20021002 -->
90: <li>Retrofit the SIGUSR1->SIGUSR2 console switching change to the old X server.
1.61 ! tb 91: <li>Fix a couple of crashers in <a href="https://man.openbsd.org/?query=kevent&sektion=2">kevent(2)</a>.
1.10 deraadt 92: <li>OpenBSD 3.2-beta -> 3.2, OpenSSH -> 3.5.
1.1 deraadt 93: <!-- ^^^ 20021001 -->
94: <li>Try to initialise AGP GART in the privileged startup portion of the X server.
95: <!-- ^^^ 20020930 -->
1.61 ! tb 96: <li>Plug a memory leak in <a href="https://man.openbsd.org/?query=url&sektion=4">url(4)</a>.
1.1 deraadt 97: <!-- ^^^ 20020929 -->
98: <li>login_radius returns, complete with fixed license.
99: <li>Still more cleanup and output trimming in the installer script.
1.61 ! tb 100: <li><a href="https://man.openbsd.org/?query=xf86cfg&sektion=1">xf86cfg(1)</a> now runs the server with '-nolisten tcp'.
! 101: <li><a href="https://man.openbsd.org/?query=xdm&sektion=1">xdm(1)</a> now drops privileges to run as user _x11 after starting as root.
1.1 deraadt 102: <!-- ^^^ 20020928 -->
1.61 ! tb 103: <li>daddr -> saddr in <a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a> binat code. Oops.<br>
1.5 naddy 104: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.1 deraadt 105: <li>Add a wildcard client string match against "probe-*" for SSH probes to use.
106: <!-- ^^^ 20020927 -->
107: <li>Disable login_radius, pesky licensing problems again.<br>
1.5 naddy 108: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.61 ! tb 109: <li><a href="https://man.openbsd.org/?query=sppp&sektion=4">sppp(4)</a> and <a href="https://man.openbsd.org/?query=lmc&sektion=4">lmc(4)</a> are back, with better licenses.
! 110: <li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a> can now do privsep and krb4 together.
1.1 deraadt 111: <!-- ^^^ 20020926 -->
112: <li>Remove RC5 and MDC2 from libcrypto.
113: <li>Have the installer set the nosuid flag for mount points that shouldn't contain setuid programs.
114: <!-- ^^^ 20020925 -->
1.61 ! tb 115: <li>Fix a sizeof bug in <a href="https://man.openbsd.org/?query=bridge&sektion=4">bridge(4)</a> spanning tree protocol support.
! 116: <li>New driver <a href="https://man.openbsd.org/?query=em&sektion=4">em(4)</a>, supporting Intel Gigibit Ethernet adapters and replacing <a href="https://man.openbsd.org/?query=gx&sektion=4&release=OpenBSD+3.1">gx(4)</a>
! 117: <li>Some memory allocation and other tweaks to <a href="https://man.openbsd.org/?query=talkd&sektion=8">talkd(8)</a>.
1.1 deraadt 118: <!-- ^^^ 20020924 -->
119: <li>Better handling of IPv6 deprecated addresses.
120: <li>Fix the padding length for an IPv6 PADN option before a jumbo payload option.
121: <li>Allow SSL session IDs of any length up to 32, removing the non-standard 16-char minimum imposed before.
1.61 ! tb 122: <li>Add a /dev/X0 entry for <a href="https://man.openbsd.org/?query=xdm&sektion=1">xdm(1)</a>, allowing the mouse to work with the upcoming xdm privilege drop. One for the Upgrading Mini-faq.
! 123: <li>Properly dump radix tree nodes in <a href="https://man.openbsd.org/?query=netstat&sektion=1">netstat(1)</a>.
1.1 deraadt 124: <!-- ^^^ 20020923 -->
1.61 ! tb 125: <li>Template policy support for <a href="https://man.openbsd.org/?query=systrace&sektion=1">systrace(1)</a>.
! 126: <li><a href="https://man.openbsd.org/?query=sppp&sektion=4">sppp(4)</a>, <a href="https://man.openbsd.org/?query=lmc&sektion=4">lmc(4)</a> and <a href="https://man.openbsd.org/?query=cz&sektion=4">cz(4)</a> drivers removed from release kernels due to license problems.
1.1 deraadt 127: <li>A bunch of gcc3 tweaks.
1.61 ! tb 128: <li>Don't build Kerberos ticket forwarding programs <a href="https://man.openbsd.org/?query=kf&sektion=1&release=OpenBSD+3.1">kf(1)</a> and <a href="https://man.openbsd.org/?query=kfd&sektion=8">kfd(8)</a> because of security issues. (Will come back when Heimdal 0.5 gets merged, after 3.2 release.)
1.1 deraadt 129: <li>Add support for ELF sections loaded relative to a base section.
1.61 ! tb 130: <li>Make <a href="https://man.openbsd.org/?query=pfctl&sektion=8">pfctl(8)</a>'s antispoof command also block incoming packets with the source set to one of the host's IP addresses.
1.1 deraadt 131: <li>Make the VT switching code use SIGUSR2 instead of SIGUSR1. The latter is also used by the X server to synchronise with xinit.
132: <!-- ^^^ 20020922 -->
1.61 ! tb 133: <li>Have <a href="https://man.openbsd.org/?query=newsyslog&sektion=8">newsyslog(8)</a> handle with more grace situations where some archived logfiles have been uncompressed in-place.
1.1 deraadt 134: <li>Continue to reduce the amount of output the installer generates, so we won't need a magnifier to read the installation instructions in the CD gatefold.
1.61 ! tb 135: <li>Add TBI (Ten-Bit Interface) mode support for fibre-based <a href="https://man.openbsd.org/?query=nge&sektion=4">nge(4)</a> cards, as well as some other bug fixes.
1.1 deraadt 136: <!-- ^^^ 20020921 -->
137: <!-- ^^^ 20020920 -->
1.61 ! tb 138: <li>Make <a href="https://man.openbsd.org/?query=newsyslog&sektion=8">newsyslog(8)</a> actually run the command it's asked to run. Also, add new interpretation of a null command.
! 139: <li>Fix <a href="https://man.openbsd.org/?query=newsyslog&sektion=8">newsyslog(8)</a>'s handling of empty lines.
! 140: <li>Remove the obsolete access.conf and srm.conf files from <a href="https://man.openbsd.org/?query=httpd&sektion=8">httpd(8)</a>.
1.1 deraadt 141: <!-- ^^^ 20020919 -->
1.61 ! tb 142: <li>Make sure <a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a> ProxyCommand programs get killed on exit (portable OpenSSH <a href="http://bugzilla.mindrot.org/show_bug.cgi?id=223">bug #223</a>).
1.1 deraadt 143: <li>Fix a potential FREE() of an uninitialised pointer in the kernel (sys/exec_script.c)
1.61 ! tb 144: <li>Rewrite <a href="https://man.openbsd.org/?query=tcpdump&sektion=8">tcpdump(8)</a>'s GRE decoder.
1.1 deraadt 145: <li>Fix signal trampoline problems with non-exec stack.
1.61 ! tb 146: <li>Remove EGP decode support from <a href="https://man.openbsd.org/?query=tcpdump&sektion=8">tcpdump(8)</a> due to a duff license and apathy.
1.1 deraadt 147: <!-- ^^^ 20020918 -->
1.61 ! tb 148: <li>So farewell, then, <a href="https://man.openbsd.org/?query=trsp&sektion=8&release=OpenBSD+3.1">trsp(8)</a>.
! 149: <li>Allow <a href="https://man.openbsd.org/?query=newsyslog&sektion=8">newsyslog(8)</a> to rotate only specific logfiles.
! 150: <li>Make RAND_poll use <a href="https://man.openbsd.org/?query=arc4random&sektion=3">arc4random(3)</a> instead of /dev/arandom, so it works in under a chroot.
! 151: <li>New -a flag to <a href="https://man.openbsd.org/?query=newsyslog&sektion=8">newsyslog(8)</a> allows a directory to be specified for archived logs.
! 152: <li>Set the close-on-exec flag for file descriptors created by <a href="https://man.openbsd.org/?query=kvm_open&sektion=3">kvm_open(3)</a>.
! 153: <li>Fix DMA-related panics in the <a href="https://man.openbsd.org/?query=twe&sektion=4">twe(4)</a> driver.
! 154: <li>In <a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>, try harder to create the X11 forwarding listener socket.
1.1 deraadt 155: <!-- ^^^ 20020917 -->
1.61 ! tb 156: <li>Fix a potential buffer overrun in <a href="https://man.openbsd.org/?query=setlocale&sektion=3">setlocale(3)</a> (NetBSD-<a href="ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2002-012.txt.asc">SA2002-012</a>).
! 157: <li>Don't chdir to / when <a href="https://man.openbsd.org/?query=systrace&sektion=1">systrace(1)</a> goes daemon.
! 158: <li>Add __syslog__ string formatting attribute to <a href="https://man.openbsd.org/?query=gcc&sektion=1">gcc(1)</a>.
1.1 deraadt 159: <!-- ^^^ 20020916 -->
1.61 ! tb 160: <li>Periodically save changes to <a href="https://man.openbsd.org/?query=systrace&sektion=1">systrace(1)</a> policies.
! 161: <li>Various fixes to <a href="https://man.openbsd.org/?query=newsyslog&sektion=8">newsyslog(8)</a>.
! 162: <li>Re-sync the <a href="https://man.openbsd.org/?query=siop&sektion=4">siop(4)</a> driver with NetBSD.
1.1 deraadt 163: <li>Signal fixes in libevent.
164: <!-- ^^^ 20020915 -->
165: <li>Merge in Sendmail 8.12.6.
1.61 ! tb 166: <li>Give stdio's __cleanup handlers the same mprotect() treatment as <a href="https://man.openbsd.org/?query=atexit&sektion=3">atexit(3)</a> now receives.
1.1 deraadt 167: <li>Further tweaks to handling of address families in NAT rules. Try to infer the AF from the rule, if that fails then require the user to specify it.
1.61 ! tb 168: <li>Various fixes to <a href="https://man.openbsd.org/?query=cy&sektion=4">cy(4)</a>.
1.1 deraadt 169: <li>Merge in OpenSSL-0.9.7-stable-SNAP-20020911, bump libcrypto minor version.
170: <!-- ^^^ 20020914 -->
1.61 ! tb 171: <li>Stop <a href="https://man.openbsd.org/?query=newsyslog&sektion=8">newsyslog(8)</a> rotating logfiles that only contain logfile rotation messages.
1.1 deraadt 172: <!-- ^^^ 20020913 -->
1.61 ! tb 173: <li>License fixes to <a href="https://man.openbsd.org/?query=pppd&sektion=8">pppd(8)</a>, nearly there now.
! 174: <li>Add -H option to <a href="https://man.openbsd.org/?query=identd&sektion=8">identd(8)</a> which hides info for non-existent users as well as existing ones. Useful when NATing.
! 175: <li>Remove the need for /dev/null and /etc/localtime in <a href="https://man.openbsd.org/?query=named&sektion=8">named(8)</a>'s chroot jail.
! 176: <li>Add 'antispoof' keyword to <a href="https://man.openbsd.org/?query=pfctl&sektion=8">pfctl(8)</a>. Oh yes.
! 177: <li>Improvements to <a href="https://man.openbsd.org/?query=pfctl&sektion=8">pfctl(8)</a>'s netmask handling.
1.1 deraadt 178: <!-- ^^^ 20020912 -->
179: <li>Add a missing pointer initialisation in in6_ifdetach().
1.61 ! tb 180: <li>Make the <a href="https://man.openbsd.org/?query=sftp&sektion=1">sftp(1)</a> client's ls command useful, with globbing and short/long listings.
! 181: <li>Fix initialisation of Broadcom 582x chips by <a href="https://man.openbsd.org/?query=ubsec&sektion=4">ubsec(4)</a>.
1.1 deraadt 182: <!-- ^^^ 20020911 -->
183: <li>Various signedness fixes.
184: <li>Versioning info moves to 3.2-beta.
1.61 ! tb 185: <li>Have <a href="https://man.openbsd.org/?query=ssh-agent&sektion=1">ssh-agent(1)</a> check the peer using <a href="https://man.openbsd.org/?query=getpeereid&sektion=2">getpeereid(2)</a>.
! 186: <li><a href="https://man.openbsd.org/?query=pmap&sektion=9">pmap</a>_{copy,zero}_page API changes.
1.1 deraadt 187: <li>Merge in OpenSSL 0.9.7beta3.
188: <!-- ^^^ 20020910 -->
1.61 ! tb 189: <li><a href="https://man.openbsd.org/?query=amd&sektion=8">amd(8)</a> now creates a socket listening on 127.0.0.1 as well as one on *, and only responds to amq requests on the former.
! 190: <li>Add support for the Silicon Image 680 ATA133 chip to the <a href="https://man.openbsd.org/?query=pciide&sektion=4">pciide(4)</a> driver.
! 191: <li><a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a> now supports Kerberos authentication in PrivSep mode.
1.1 deraadt 192: <!-- ^^^ 20020909 -->
1.61 ! tb 193: <li><a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a>'s parser takes more care parsing address families in NAT rules.
! 194: <li>Add leap second support to <a href="https://man.openbsd.org/?query=rdate&sektion=8">rdate(8)</a> running in RFC868 mode (it already supports this in NTP mode with the -N option).
! 195: <li>Correct <a href="https://man.openbsd.org/?query=altq&sektion=9">altq(9)</a>'s representation of positive infinity.
1.1 deraadt 196: <!-- ^^^ 20020908 -->
1.61 ! tb 197: <li>Signal handler fixes in <a href="https://man.openbsd.org/?query=bootpd&sektion=8">bootpd(8)</a><!-- on 20020908 -->, <a href="https://man.openbsd.org/?query=rtadvd&sektion=8">rtadvd(8)</a><!-- on 20020909 --> and <a href="https://man.openbsd.org/?query=rtsold&sektion=8">rtsold(8)</a><!-- on 20020907 -->.
! 198: <li><a href="https://man.openbsd.org/?query=faithd&sektion=8">faithd(8)</a> dies on FD_SET overruns.
! 199: <li>Fix a couple of off-by-ones in <a href="https://man.openbsd.org/?query=mopd&sektion=8">mopd(8)</a>.
1.1 deraadt 200: <!-- ^^^ 20020907 -->
1.61 ! tb 201: <li>Make <a href="https://man.openbsd.org/?query=fsck&sektion=8">fsck(8)</a> work properly with long block device filenames (handle MAXPATHLEN chars instead of 32).
! 202: <li>Don't build the somewhat less than ubiquitous <a href="https://man.openbsd.org/?query=photurisd&sektion=8&release=OpenBSD+3.1">photurisd(8)</a> by default any more.
1.1 deraadt 203: <li>Lots and lots of ANSIfication.
1.10 deraadt 204: <li>Lots of int -> socklen_t.
1.61 ! tb 205: <li>Some signedness fixes to <a href="https://man.openbsd.org/?query=arp&sektion=8">arp(8)</a>.
! 206: <li>Repair a missing msglog() arg in <a href="https://man.openbsd.org/?query=routed&sektion=8">routed(8)</a>.
1.1 deraadt 207: <!-- ^^^ 20020906 -->
1.61 ! tb 208: <li>Fix <a href="https://man.openbsd.org/?query=ahc&sektion=4">ahc(4)</a>'s interrupt sharing.
! 209: <li>lib<a href="https://man.openbsd.org/?query=usbhid&sektion=3">usbhid(3)</a> now available in the shared variety.
1.13 deraadt 210: <li>Don't allow data to be appended to the receive buffer of a socket that's been shut down (see NetBSD <a href="http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=18185">PR#18185</a>).
1.1 deraadt 211: <li>Merge in OpenSSL 0.9.7beta1. To be continued.
1.61 ! tb 212: <li><a href="https://man.openbsd.org/?query=isakmpd&sektion=8">isakmpd(8)</a> interoperability fixes for FreeS/WAN and SSH Sentinel.
1.1 deraadt 213: <!-- ^^^ 20020905 -->
1.61 ! tb 214: <li>Make <a href="https://man.openbsd.org/?query=rwalld&sektion=8">rwalld(8)</a> revoke its group privileges as well as user privs.
1.1 deraadt 215: <li>Don't install safe_finger any more.
1.13 deraadt 216: <li>Add support for the SCSI Reduced Block Command Set (RBC).
1.61 ! tb 217: <li>Bump <a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>'s LoginGraceTime from one minute to two.
! 218: <li>Various compatibility fixes and additions to <a href="https://man.openbsd.org/?query=ubsec&sektion=4">ubsec(4)</a>.
! 219: <li><a href="https://man.openbsd.org/?query=ifconfig&sektion=8">ifconfig(8)</a> can now set whether or not use of IPv6 deprecated addresses are allowed.
1.1 deraadt 220: <!-- ^^^ 20020904 -->
1.61 ! tb 221: <li>_x11 user and group added for <a href="https://man.openbsd.org/?query=xdm&sektion=1">xdm(1)</a> to use.
1.13 deraadt 222: <li>Pull in XFree86's fix for a serious Xlib security bug (which didn't affect OpenBSD).
1.1 deraadt 223: <li>Fix parsing of NAT port ranges.
224: <li>Check the interface specified with route-to/dup-to/fastroute actually exists. If it does, null terminate its name before moving on.
225: <!-- ^^^ 20020902 -->
1.61 ! tb 226: <li>Fix an uninitialised pointer bug in <a href="https://man.openbsd.org/?query=ld.so&sektion=1">ld.so(1)</a>.
1.1 deraadt 227: <li>The X server now tries to open the aperture driver before trying /dev/mem. Re-enable early privilege drop on i386.
228: <!-- ^^^ 20020901 -->
229: <!-- ^^^ 20020831 -->
1.61 ! tb 230: <li><a href="https://man.openbsd.org/?query=traceroute&sektion=8">traceroute(8)</a> now warns if DNS returns multiple addresses, like traceroute6.
1.1 deraadt 231: <li>Add support for the Promise Ultra133 TX2 EIDE controller.
1.61 ! tb 232: <li>Fix an mbuf leak in <a href="https://man.openbsd.org/?query=wi&sektion=4">wi(4)</a>.
! 233: <li>Reenable the <a href="https://man.openbsd.org/?query=atexit&sektion=3">atexit(3)</a> handler improvements backed out on 31 July.
! 234: <li>Add -I option to <a href="https://man.openbsd.org/?query=traceroute6&sektion=8">traceroute6(8)</a> to get ICMP probes instead of UDP.
1.1 deraadt 235: <!-- ^^^ 20020830 -->
1.61 ! tb 236: <li>Further reduce the amount of time <a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a> runs as root when installed setuid.
! 237: <li>Fudge <a href="https://man.openbsd.org/?query=isakmpd&sektion=8">isakmpd(8)</a> so it only honours the requirement to check against a CRL if there is a CRL loaded...
1.1 deraadt 238: <!-- ^^^ 20020829 -->
1.61 ! tb 239: <li>Update the <a href="https://man.openbsd.org/?query=rt&sektion=4">rt(4)</a> Radiotrack driver, add isapnp support.
1.1 deraadt 240: <li>Some casts to make 64-bit kernel work with varargs calls.
241: <!-- ^^^ 20020828 -->
1.61 ! tb 242: <li>Fixes to <a href="https://man.openbsd.org/?query=gem&sektion=4">gem(4)</a>.
1.1 deraadt 243: <li>Properly limit EDNS0 size to 0xffff.
1.61 ! tb 244: <li>Fix a signedness problem in SSH so that <a href="https://man.openbsd.org/?query=RSA_public_decrypt&sektion=3">RSA_public_decrypt(3)</a> errors can be detected.
! 245: <li>Make X's module loader set PROT_EXEC using <a href="https://man.openbsd.org/?query=mprotect&sektion=2">mprotect(2)</a> on malloc'd pages containing code (needed since the heap is now mapped without PROT_EXEC).
! 246: <li>DNS responses from <a href="https://man.openbsd.org/?query=getaddrinfo&sektion=3">getaddrinfo(3)</a>, gethostby*() and getnetby*() now get a 64K receive buffer.<br>
1.5 naddy 247: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.1 deraadt 248: <!-- ^^^ 20020827 -->
1.61 ! tb 249: <li><a href="https://man.openbsd.org/?query=traceroute6&sektion=8">traceroute6(8)</a> warns if DNS returns multiple IP addresses for the target.
! 250: <li>Do a yyrestart() after a longjmp in <a href="https://man.openbsd.org/?query=pcap&sektion=3">pcap(3)</a>.
1.1 deraadt 251: <li>Fix a dangling pointer bug in sbcompress().
252: <li>Make the X server option NoSilkenMouse work again.
253: <!-- ^^^ 20020826 -->
1.61 ! tb 254: <li>Make <a href="https://man.openbsd.org/?query=portmap&sektion=8">portmap(8)</a> detect failure of <a href="https://man.openbsd.org/?query=svc_register&sektion=3">svc_register</a> and die nicely.
1.1 deraadt 255: <li>X aperture driver for Alpha, works like i386.
256: <!-- ^^^ 20020824 -->
1.61 ! tb 257: <li>Skeleton <a href="https://man.openbsd.org/?query=ld.so&sektion=1">ld.so(1)</a> support for ELF in i386. Not enabled, nor is it promised anytime soon.
! 258: <li><a href="https://man.openbsd.org/?query=ld.so&sektion=1">ld.so(1)</a> warns about symbol size mismatches.
! 259: <li><a href="https://man.openbsd.org/?query=inet_ntop&sektion=3">inet_ntop(3)</a> handles snprintf errors properly.
1.1 deraadt 260: <li>Map the heap non-executable.
261: <!-- ^^^ 20020823 -->
262: <li>Change the way FREF() and FRELE() are called w.r.t. getvnode() and getsock().
1.61 ! tb 263: <li>Fix a locking problem that can occur when an executable tries to <a href="https://man.openbsd.org/?query=exec&sektion=3">exec(3)</a> itself.
! 264: <li>Avoid a potential int overflow in <a href="https://man.openbsd.org/?query=comsat&sektion=8">comsat(8)</a>
1.1 deraadt 265: <li>Make the resolver ignore DNS AAAA replies containing IPv4-mapped addresses.
266: <!-- ^^^ 20020822 -->
1.61 ! tb 267: <li>Bump the listen() backlog from 5 to 128 (!) in <a href="https://man.openbsd.org/?query=ssh-agent&sektion=1">ssh-agent(1)</a>.
! 268: <li><a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>'s default LoginGraceTime reduced from 600 to 60 seconds.
! 269: <li><a href="https://man.openbsd.org/?query=wscons&sektion=4">wscons(4)</a> now attaches to each wsdisplay device by default.
! 270: <li>Fixes to <a href="https://man.openbsd.org/?query=strip&sektion=1">strip(1)</a>. -x now works.
1.1 deraadt 271: <!-- ^^^ 20020821 -->
272: <li>net.inet6.ip6_use_deprecated is on by default again...
1.61 ! tb 273: <li>Fix some (but not all) signal races in <a href="https://man.openbsd.org/?query=fsck_ffs&sektion=8">fsck_ffs(8)</a>.
! 274: <li>New -n option to <a href="https://man.openbsd.org/?query=ftpd&sektion=8">ftpd(8)</a> that disallows anonymous access even if the ftp user exists.
1.1 deraadt 275: <li>Perform /tmp/.{X11,ICE}-unix fixups before the system goes multiuser.
276: <!-- ^^^ 20020820 -->
1.61 ! tb 277: <li>Fix sysctl <a href="https://man.openbsd.org/?query=copyout&sektion=9">copyout(9)</a>s in IPv6 neigbour discovery.
1.1 deraadt 278: <!-- ^^^ 20020819 -->
1.61 ! tb 279: <li>Audit and cleanup of <a href="https://man.openbsd.org/?query=inet_net_ntop&sektion=3">inet_net_ntop(3)</a>, inet_neta() and <a href="https://man.openbsd.org/?query=inet_ntop&sektion=3">inet_ntop(3)</a>.
1.1 deraadt 280: <li>TCP now tries to act appropriately w.r.t. net.inet6.ip6_use_deprecated.
281: <!-- ^^^ 20020818 -->
1.61 ! tb 282: <li>Use of IPv6 deprecated addresses switched off by default. (See <a href="http://www.ietf.org/rfc/rfc2462.txt">RFC2462</a> and <a href="https://man.openbsd.org/?query=sysctl&sektion=8">sysctl(8)</a> variable net.inet6.ip6_use_deprecated.)
! 283: <li>Fixes to the <a href="https://man.openbsd.org/?query=isp&sektion=4">isp(4)</a> SCSI driver.
1.1 deraadt 284: <!-- ^^^ 20020817 -->
1.61 ! tb 285: <li>Correct two sizeof bugs in <a href="https://man.openbsd.org/?query=crypto&sektion=9">crypto(9)</a>.
! 286: <li>Allow a raw IP socket to see a <a href="https://man.openbsd.org/?query=gre&sektion=4">gre(4)</a> packets for tunnels we haven't configured.
1.1 deraadt 287: <!-- ^^^ 20020816 -->
288: <li>Add some more cross-compilation targets in /usr/src/Makefile.
1.61 ! tb 289: <li>Backfit Perl 5.80's File::Glob implementation (based on OpenBSD's code) to our <a href="https://man.openbsd.org/?query=perl&sektion=1">perl(1)</a>.
! 290: <li>Fix a null pointer dereference in <a href="https://man.openbsd.org/?query=pfctl&sektion=8">pfctl(8)</a>.
1.1 deraadt 291: <!-- ^^^ 20020815 -->
292: <!-- ^^^ 20020814 -->
293: <!-- ^^^ some CVS breakage around here -->
294: <!-- ^^^ 20020813 -->
1.61 ! tb 295: <li>Using the state table instead of a special-purpose list, allow <a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a> NAT to use the same proxy port for multiple external peers.
! 296: <li>Make <a href="https://man.openbsd.org/?query=ssh-agent&sektion=1">ssh-agent(1)</a> setgid(_sshagnt). setuid/setgid processes can't be <a href="https://man.openbsd.org/?query=ptrace&sektion=2">ptrace(2)</a>ed.
! 297: <li>SPARC consoles now use <a href="https://man.openbsd.org/?query=wscons&sektion=4">wscons(4)</a>.
1.1 deraadt 298: <!-- ^^^ 20020812 -->
1.61 ! tb 299: <li><a href="https://man.openbsd.org/?query=traceroute&sektion=8">traceroute(8)</a> now displays '!X' when packets come back as ICMP administratively prohibited by filter.
! 300: <li>Have <a href="https://man.openbsd.org/?query=rsh&sektion=1">rsh(1)</a> die on fd_set overruns.
! 301: <li>In a number of places, switch the <a href="https://man.openbsd.org/?query=calloc&sektion=3">calloc(3)</a> round the right way.
1.1 deraadt 302: <li>Switch SPARC to ELF.
303: <li>Fix an XFree runtime loader problem seen on Alpha, PowerPC, SPARC and SPARC64.
304: <!-- ^^^ 20020811 -->
1.61 ! tb 305: <li><font color="#e00000"><strong>SECURITY FIX: An insufficient boundary check in the <a href="https://man.openbsd.org/?query=select&sektion=2">select(2)</a> and <a href="https://man.openbsd.org/?query=poll&sektion=2">poll(2)</a> system calls allows an attacker to overwrite kernel memory and execute arbitrary code in kernel context.</strong></font><br>
1.4 margarid 306: <a href="errata31.html#scarg">A source code patch is available</a>.<br>
1.5 naddy 307: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.1 deraadt 308: <!-- ^^^ 20020810 -->
1.61 ! tb 309: <li><a href="https://man.openbsd.org/?query=raid&sektion=4">raid(4)</a> no longer gets loud at boot time unless option RAIDDEBUG is used.
! 310: <li>Sink a few bugs in <a href="https://man.openbsd.org/?query=bs&sektion=6">bs(6)</a>.
1.1 deraadt 311: <!-- ^^^ 20020809 -->
312: <li>Fix raw socket translation for Linux compatibility mode.
313: <li>Properly clear the argument list in pmdb.
1.61 ! tb 314: <li>Die on fd_set overrun in <a href="https://man.openbsd.org/?query=mtrace&sektion=8">mtrace(8)</a>, <a href="https://man.openbsd.org/?query=map-mbone&sektion=8">map-mbone(8)</a> and <a href="https://man.openbsd.org/?query=mrouted&sektion=8">mrouted(8)</a> (not built by default).
1.1 deraadt 315: <li>When emulating Linux, don't have accept()ed sockets inherit flags from the listen socket.<br>
316: <a href="stable.html">[Applied to 3.1-stable]</a>
1.61 ! tb 317: <li>Fix snprintf length in <a href="https://man.openbsd.org/?query=syslogd&sektion=8">syslogd(8)</a>.
! 318: <li>Correct a sizeof bug in <a href="https://man.openbsd.org/?query=photurisd&sektion=8">photurisd(8)</a>.
! 319: <li>Tweak IFF_PROMISC handling in <a href="https://man.openbsd.org/?query=wi&sektion=4">wi(4)</a> to avoid some unnecessary initialisations.
! 320: <li>Fix a potential off-by-one in <a href="https://man.openbsd.org/?query=ld.so&sektion=1">ld.so(1)</a> that could cause mmap breakage on some architectures.
1.1 deraadt 321: <li>Make insertion of data into socket buffers run in constant time, a huge win especially with large buffers.
322: <li>Relax slightly the conditions under which a TCP SYN packet will trigger the sequence number modulator. Handy for systems with ECN stacks.
1.61 ! tb 323: <li>Fix a number of && -> & bit-test typos in OpenSSH (v1 RSA key use,) <a href="https://man.openbsd.org/?query=routed&sektion=8">routed(8)</a>, <a href="https://man.openbsd.org/?query=pic&sektion=1">pic(1)</a>, <a href="https://man.openbsd.org/?query=fvwm&sektion=1">fvwm(1)</a> and a few in the kernel.
! 324: <li>Add a couple of missing <a href="https://man.openbsd.org/?query=open&sektion=2">open(2)</a> mode args in <a href="https://man.openbsd.org/?query=afsd&sektion=8">afsd(8)</a> and <a href="https://man.openbsd.org/?query=msgs&sektion=1">msgs(1)</a>.
1.1 deraadt 325: <!-- ^^^ 20020808 -->
1.61 ! tb 326: <li>Improve TX interrupt handing in <a href="https://man.openbsd.org/?query=be&sektion=4&arch=sparc">be(4/SPARC,4/SPARC64)</a>.
! 327: <li>Fixes to <a href="https://man.openbsd.org/?query=mrinfo&sektion=8">mrinfo(8)</a> (this isn't built by default).
! 328: <li>Improve <a href="https://man.openbsd.org/?query=systrace&sektion=1">systrace(1)</a>'s handling of interrupted system calls.
! 329: <li>Fix a free-in-caught-alloc-failure-block (!) in <a href="https://man.openbsd.org/?query=ohci&sektion=4">ohci(4)</a>.
! 330: <li>Rewrite the CRL support in <a href="https://man.openbsd.org/?query=isakmpd&sektion=8">isakmpd(8)</a>. Check for OpenSSL >= 0.9.7, the earliest supported version for now.
1.1 deraadt 331: <!-- ^^^ 20020807 -->
332: <li>Retrofit the new early privilege revocation code to the old X servers.
1.61 ! tb 333: <li><a href="https://man.openbsd.org/?query=xlock&sektion=1">xlock(1)</a> defaults to blank mode (rather than random mode). Also remove bomb mode altogether, to the annoyance of noone.
! 334: <li>Several fixes to the <a href="https://man.openbsd.org/?query=hme&sektion=4&arch=sparc">hme(4/SPARC, 4/SPARC64)</a> driver.
1.1 deraadt 335: <li>Restore struct link_map ABI compatibility between ld.so and gdb, broken by the split of link.h into separate MI, ELF and a.out files.
336: <!-- ^^^ 20020806 -->
1.13 deraadt 337: <li>Move AGP chipset support out of machine-independent section (AGP support is per-arch).
1.4 margarid 338: <li><strong><font color="#e00000">REVISED SECURITY FIX</font></strong> for the OpenSSL ASN.1 buffer overflows, see the <a href="errata31.html#ssl">erratum</a>.<br>
1.5 naddy 339: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.1 deraadt 340: <!-- ^^^ 20020805 -->
1.61 ! tb 341: <li>Fix <a href="https://man.openbsd.org/?query=auth_call&sektion=3">auth_call(3)</a>'s error logging.
! 342: <li><a href="https://man.openbsd.org/?query=cron&sektion=8">cron(8)</a> cross-checks the crontab filename against the system username.
! 343: <li><a href="https://man.openbsd.org/?query=netstat&sektion=1">netstat(1)</a> drops its privileges earlier.
1.1 deraadt 344: <!-- ^^^ 20020804 -->
1.61 ! tb 345: <li><a href="https://man.openbsd.org/?query=systrace&sektion=1">systrace(1)</a> can log matching rules to syslog.
! 346: <li><a href="https://man.openbsd.org/?query=write&sektion=1">write(1)</a> drops privileges after opening the tty.
! 347: <li>Refactor <a href="https://man.openbsd.org/?query=vmstat&sektion=8">vmstat(8)</a> slightly so <a href="https://man.openbsd.org/?query=kvm&sektion=3">kvm(3)</a> is only ever opened once (it could be opened a second time by dkstats.c before).
! 348: <li>Open the <a href="https://man.openbsd.org/?query=kvm&sektion=3">kvm(3)</a> library earlier in <a href="https://man.openbsd.org/?query=fstat&sektion=1">fstat(1)</a> and <a href="https://man.openbsd.org/?query=systat&sektion=1">systat(1)</a>, and so drop privs earlier.
1.1 deraadt 349: <li>Test for a previously unchecked malloc() return value in the RPC library, and die unceremoniously on failure.
1.61 ! tb 350: <li>Catch file read errors in <a href="https://man.openbsd.org/?query=rdate&sektion=8">rdate(8)</a>'s leapsecond handler.
! 351: <li>Cleanup of <a href="https://man.openbsd.org/?query=amd&sektion=8">amd(8)</a>.
1.1 deraadt 352: <!-- ^^^ 20020803 -->
1.61 ! tb 353: <li>Remove Kerberos support from the default <a href="https://man.openbsd.org/?query=login.conf&sektion=5">login.conf</a> (and its hardwired defaults for when login.conf is absent). See <a href="https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc/login.conf?rev=1.12&content-type=text/x-cvsweb-markup">the log</a> for why.
1.1 deraadt 354: <li>No more RPC by default. Expect a lot of 'NFS is broken' email to misc@ when 3.2 is released.
1.61 ! tb 355: <li>Rework some aspects of <a href="https://man.openbsd.org/?query=crontab&sektion=1">crontab(1)</a>'s file checks.
! 356: <li>Provide our own <a href="https://man.openbsd.org/?query=RSA_verify&sektion=3">RSA_verify(3)</a> implementation for OpenSSH.
! 357: <li>Add the _sshagnt group for use by <a href="https://man.openbsd.org/?query=ssh-agent&sektion=1">ssh-agent(1)</a>.
1.1 deraadt 358: <li>Correct a pointer comparison typo in libssl's ASN.1 parser library.
1.61 ! tb 359: <li>Check for correct return value of <a href="https://man.openbsd.org/?query=inet_aton&sektion=3">inet_aton(3)</a> in <a href="https://man.openbsd.org/?query=isakmpd&sektion=8">isakmpd(8)</a>.
! 360: <li>Add some overflow checks similar to the <a href="https://man.openbsd.org/?query=calloc&sektion=3">calloc(3)</a> patch to <a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>.
! 361: <li><a href="https://man.openbsd.org/?query=isakmpd&sektion=8">isakmpd(8)</a> support for certificate revocation lists.
1.1 deraadt 362: <!-- ^^^ 20020802 -->
363: <li>Prevent integer overflow in i386 USER_LDT code.
364: <li>Fix NFS's handling of zero-length RPC fragments.
1.61 ! tb 365: <li><a href="https://man.openbsd.org/?query=systrace&sektion=1">systrace(1)</a> handles unlinking of a symlink correctly.
1.1 deraadt 366: <li>Limit file size to 2^31 * PAGE_SIZE in FFS code.
1.61 ! tb 367: <li>u_short -> u_int16_t in <a href="https://man.openbsd.org/?query=mrouted&sektion=8">mtrouted(8)</a>.
1.1 deraadt 368: <!-- ^^^ 20020801 -->
1.61 ! tb 369: <li><strong><font color="#e00000">REVISED SECURITY FIX</font></strong> for the <a href="https://man.openbsd.org/?query=xdr_array&sektion=3">xdr_array(3)</a> buffer overflow, see the <a href="errata31.html#xdr">erratum</a>.<br>
1.5 naddy 370: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.1 deraadt 371: <li>Spot zero-length keys or values in ypmatch_add(), and exit early.
1.61 ! tb 372: <li>Broken by the removal of <a href="https://man.openbsd.org/?query=atexit&sektion=3">atexit(3)</a>, <a href="https://man.openbsd.org/?query=chpass&sektion=1">chpass(1)</a> now cleans up after itself properly again.
! 373: <li>Use <a href="https://man.openbsd.org/?query=fork&sektion=2">fork(2)</a> instead of <a href="https://man.openbsd.org/?query=vfork&sektion=2">vfork(2)</a> in <a href="https://man.openbsd.org/?query=make&sektion=1">make(1)</a>. Fixes hppa breakage.
! 374: <li>Back out the new <a href="https://man.openbsd.org/?query=atexit&sektion=3">atexit(3)</a> handler changes which appear to break Perl somehow. Bugger.
! 375: <li>Get <a href="https://man.openbsd.org/?query=calloc&sektion=3">calloc(3)</a> semantics right, while still not allowing the size_t overflow.<br>
1.5 naddy 376: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.61 ! tb 377: <li>Fix <a href="https://man.openbsd.org/?query=httpd&sektion=8">httpd(8)</a> compilation without mod_ssl.
1.1 deraadt 378: <!-- ^^^ 20020731 -->
1.61 ! tb 379: <li>On i386, allow <a href="https://man.openbsd.org/?query=mprotect&sektion=2">mprotect(2)</a> to alter the execution protection of the stack.
1.1 deraadt 380: <li>Fix some more potential null pointer dereferences, this time in pfkey and netiso.
1.61 ! tb 381: <li>Plug a <a href="https://man.openbsd.org/?query=kqueue&sektion=2">kqueue(2)</a> file descriptor leak in the X server.
! 382: <li>Have libc <a href="https://man.openbsd.org/?query=opendir&sektion=3">opendir(3)</a> and <a href="https://man.openbsd.org/?query=scandir&sektion=3">scandir(3)</a> check for size_t overflows like the new calloc().
! 383: <li>Like in libc, fix the calloc() implementation in <a href="https://man.openbsd.org/?query=named&sektion=8">named(8)</a> (only used by a feature disabled in OpenBSD).
1.1 deraadt 384: <li>Lots of work on the sparc and sparc64 console drivers.
385: <li>Kernel IPsec was only doing ESP integrity checks on NICs that had already done so in hardware...
386: <li>Fix a typo that caused a potential null pointer dereference in kernel NFS.
387: <li>New 'PermitUserEnvironment' option for SSH. Off by default.
1.61 ! tb 388: <li>Add 'with or without modification' clause to <a href="https://man.openbsd.org/?query=gprof&sektion=1">gprof(1)</a> licensing.
1.1 deraadt 389: <li>Sync with OpenSSL 0.9.6e-0.9.7 <a href="http://www.openssl.org/news/patch_20020730_0_9_7.txt">CHANGES file</a>.
1.61 ! tb 390: <li><font color="#e00000"><strong>SECURITY FIX: Several remote buffer overflows can occur in the SSL2 server and SSL3 client of the <a href="https://man.openbsd.org/?query=ssl&sektion=8">ssl(8)</a> library, as in the ASN.1 parser code in the <a href="https://man.openbsd.org/?query=crypto&sektion=3">crypto(3)</a> library, all of them being potentially remotely exploitable.</strong></font><br>
1.4 margarid 391: <a href="errata31.html#ssl">A source code patch is available</a>.<br>
1.5 naddy 392: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.61 ! tb 393: <li>In <a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a>, allow TCP flags to be specified in all rules that include TCP (before the rules had to be exclusively TCP).
1.1 deraadt 394: <!-- ^^^ 20020730 -->
1.61 ! tb 395: <li>Fix a buffer overflow in <a href="https://man.openbsd.org/?query=backgammon&sektion=6">backgammon(6)</a>, and replace its gameplay algorithm.
1.1 deraadt 396: <li>Kill a kernel tty memory leak.<br>
1.5 naddy 397: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.61 ! tb 398: <li>Super-cautious strcpy()->strlcpy() in <a href="https://man.openbsd.org/?query=exec&sektion=3">exec*(3)</a>.
! 399: <li>Return failure if the parameters given to <a href="https://man.openbsd.org/?query=calloc&sektion=3">calloc(3)</a> would cause an overflow of size_t.<br>
1.5 naddy 400: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.61 ! tb 401: <li>Don't enable so many authentication methods by default in <a href="https://man.openbsd.org/?query=login.conf&sektion=5">login.conf(5)</a>.
! 402: <li><font color="#e00000"><strong>SECURITY FIX: A buffer overflow can occur in the <a href="https://man.openbsd.org/?query=xdr_array&sektion=3">xdr_array(3)</a> RPC code, leading to possible remote crash.</strong></font><br>
1.4 margarid 403: <a href="errata31.html#xdr">A source code patch is available</a>.<br>
1.5 naddy 404: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.1 deraadt 405: <li>Privilege drop in new X servers is disabled for now on x86 due to a problem with xf86OpenConsole().
1.61 ! tb 406: <li>Support DMA for two more ServerWorks <a href="https://man.openbsd.org/?query=pciide&sektion=4">pciide(4)</a> devices.
! 407: <li><font color="#e00000"><strong>SECURITY FIX: A race condition exists in the <a href="https://man.openbsd.org/?query=pppd&sektion=8">pppd(8)</a> daemon which may cause it to alter the file permissions of an arbitrary file.</strong></font><br>
1.4 margarid 408: <a href="errata31.html#pppd">A source code patch is available</a>.<br>
1.5 naddy 409: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.61 ! tb 410: <li><a href="https://man.openbsd.org/?query=mprotect&sektion=2">mprotect(2)</a> function pointers stored by <a href="https://man.openbsd.org/?query=atexit&sektion=3">atexit(3)</a> to stop bad guys tweaking the exit handlers.
! 411: <li>"undrugs" <a href="https://man.openbsd.org/?query=gpr&sektion=4">gpr(4)</a>.
1.1 deraadt 412: <li>Fix two off-by-one bugs in ext2fs.
413: <li>Add ld.so support for sparc.
414: <li>Lookup of ip6.arpa, then ip6.int for IPv6 reverse resolution. See <a href="http://www.ietf.org/rfc/rfc3152.txt">RFC3152</a> for why.
415: <li>Small fix for GCC 3.1.1 in IPv4 checksum code.
416: <!-- 20020729 -->
1.61 ! tb 417: <li>Apply the 'broken PCI burst-write' workaround to all <a href="https://man.openbsd.org/?query=hifn&sektion=4">hifn(4)</a> 7811-based devices.
! 418: <li>Show <a href="https://man.openbsd.org/?query=uftdi&sektion=4">uftdi(4)</a> how to use hardware and software flow control.
! 419: <li>Fix a potential access-after-free() in <a href="https://man.openbsd.org/?query=kue&sektion=4">kue(4)</a>.
1.1 deraadt 420: <!-- ^^^ 20020728 -->
421: <li>/tmp/.X11-unix and /tmp/.ICE-unix are created in rc, owned by root, removing the need for root privs later on.
1.61 ! tb 422: <li>Again, this time in <a href="https://man.openbsd.org/?query=ld&sektion=1">ld(1)</a>, map BSS non-executable.
1.1 deraadt 423: <li>Rearrange the new XFree86 server so all tasks for which root privs are needed get done early in osinit(). Of course, revoke root right afterwards.
1.61 ! tb 424: <li>Add Dell-specific PERC (right) product IDs so that <a href="https://man.openbsd.org/?query=aac&sektion=4">aac(4)</a> configures Dell PowerEdge 2650 RAID.
! 425: <li>Add leapsecond support to <a href="https://man.openbsd.org/?query=rdate&sektion=8">rdate(8)</a>'s NTP client.
1.1 deraadt 426: <!-- ^^^ 20020727 -->
427: <li>The install/upgrade scripts no longer automatically mount NFS filesystems.
428: <li>Kernel a.out code now allocates (mostly) non-executable BSS.
429: <li>Miscellaneous fixes to several games.
1.61 ! tb 430: <li>Lots of work on the sparc64 <a href="https://man.openbsd.org/?query=creator&sektion=4&arch=sparc64">creator(4/sparc64)</a> framebuffer driver.
! 431: <li>In <a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a> the order of the log and quick keywords is now irrelevant.
1.1 deraadt 432: <!-- ^^^ 20020726 -->
433: <li>Allow X servers to be built without DGA.
434: <li>At securelevel 2, stop an attacker from setting the clock forwards to within a year of the time it wraps around to zero.
1.61 ! tb 435: <li>Allow <a href="https://man.openbsd.org/?query=altq&sektion=9">altq(9)</a> to work on pre-Pentium x86 machines that lack pentium_mhz stuff.
1.1 deraadt 436: <li>Add a distrib note that due to major changes to the port, the sparc installer won't allow upgrades to 3.2
1.61 ! tb 437: <li>Only include a single <a href="https://man.openbsd.org/?query=wscons&sektion=4">wscons(4)</a> font when building with option SMALL_KERNEL.
1.1 deraadt 438: <li>Add a few more RFC2142-suggested mailbox aliases.
1.61 ! tb 439: <li>Improve <a href="https://man.openbsd.org/?query=mg&sektion=1">mg(1)</a>'s filename handling.
! 440: <li>More <a href="https://man.openbsd.org/?query=hifn&sektion=4">hifn(4)</a> fixes.
1.1 deraadt 441: <li>Fix comparison bug in IPv6 multicast routing MTU check.
442: <!-- ^^^ 20020725 -->
443: <li>Correct bad sizeof() in kernel NFS code.
1.61 ! tb 444: <li>Checks for <a href="https://man.openbsd.org/?query=snprintf&sektion=3">snprintf(3)</a> return values < 0.
! 445: <li>Improve <a href="https://man.openbsd.org/?query=systrace&sektion=1">systrace(1)</a>'s uid/gid tracking.
! 446: <li>Fix the <a href="https://man.openbsd.org/?query=csh&sektion=1">csh(1)</a> large directory fix.
! 447: <li>In <a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>, help avoid a potential man-in-the-middle attack by showing all known host keys for a host when we're warning about an unknown host key.
1.1 deraadt 448: <li>Fix a TAILQ null deref in pmdb.
449: <!-- ^^^ 20020724 -->
450: <li>Make the second parameter to r?index()/strr?chr() an int instead of a char.
1.61 ! tb 451: <li>Stick a thread mutex around name lookups in <a href="https://man.openbsd.org/?query=getaddrinfo&sektion=3">getaddrinfo(3)</a>.
! 452: <li>Fix a <a href="https://man.openbsd.org/?query=systrace&sektion=1">systrace(1)</a> double free().
1.16 mickey 453: <li>CardBus support for macppc.
1.61 ! tb 454: <li>Fix <a href="https://man.openbsd.org/?query=dc&sektion=4">dc(4)</a> cardbus reads.
! 455: <li>Remove a signedness bug in <a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>'s handling of utmp_len (-u option).
! 456: <li>Fix some bugs in <a href="https://man.openbsd.org/?query=pool&sektion=9">pool(9)</a>.
1.1 deraadt 457: <!-- ^^^ 20020723 -->
1.61 ! tb 458: <li>More additions to GNU <a href="https://man.openbsd.org/?query=as&sektion=1">as(1)</a>, this time to make Ogle compile.
! 459: <li>Fix graceful restarts of chroot'ed <a href="https://man.openbsd.org/?query=httpd&sektion=8">httpd(8)</a>.
1.1 deraadt 460: <li>Have SSH fall back to the standard path if setusercontext() can't set it.
461: <!-- ^^^ 20020722 -->
1.61 ! tb 462: <li>Add a sequence number to kernel messages for <a href="https://man.openbsd.org/?query=systrace&sektion=1">systrace(1)</a>.
1.1 deraadt 463: <li>Teach pmdb about corefiles.
464: <li>Map stack pages non-executable.
465: <!-- ^^^ 20020721 -->
1.61 ! tb 466: <li><a href="https://man.openbsd.org/?query=noct&sektion=4">noct(4)</a> now works around NSP2000 PCI bridge brokenness. Fix a similar problem in <a href="https://man.openbsd.org/?query=hifn&sektion=4">hifn(4)</a>.
! 467: <li>Drop the requirement for commas in many <a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a> lists, useful when used in conjunction with the new variable concat feature.
! 468: <li>Implement string concatenation for variable declarations in <a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a>.
1.1 deraadt 469: <li>Big change to the way signal trampolines are stored and called.
1.61 ! tb 470: <li>Add milter build support to <a href="https://man.openbsd.org/?query=sendmail&sektion=8">sendmail(8)</a>, see the Makefile.
! 471: <li>Make <a href="https://man.openbsd.org/?query=sudo&sektion=8">sudo(8)</a> and <a href="https://man.openbsd.org/?query=inetd&sektion=8">inetd(8)</a> die if setusercontext() fails.
1.1 deraadt 472: <!-- ^^^ 20020720 -->
1.61 ! tb 473: <li>Fix a disk masher bug in <a href="https://man.openbsd.org/?query=siop&sektion=4">siop(4)</a>, a little too late for some.
! 474: <li>Don't install <a href="https://man.openbsd.org/?query=mk-amd-map&sektion=8&manpath=OpenBSD+3.1">mk-amd-map(8)</a> any more, we don't use it. And it's broken.
1.1 deraadt 475: <li>Merge Apache 1.3.26 and mod_ssl 2.8.10.
476: <li>Have SSH remove fatal cleanups after calling fork().
477: <!-- ^^^ 20020719 -->
1.61 ! tb 478: <li>/etc/systrace directory added along with policies for <a href="https://man.openbsd.org/?query=named&sektion=8">named(8)</a> and <a href="https://man.openbsd.org/?query=lpd&sektion=8">lpd(8)</a>.
1.1 deraadt 479: <li>Make OpenSSL use /bin/sh instead of $SHELL when running scripts. Not everyone uses a Bourne-like shell.
1.61 ! tb 480: <li>String handling and other fixes to <a href="https://man.openbsd.org/?query=rogue&sektion=6">rogue(6)</a>.
1.1 deraadt 481: <!-- ^^^ 20020718 -->
1.61 ! tb 482: <li>Fix <a href="https://man.openbsd.org/?query=pax&sektion=1">pax(1)</a> -s replacement string truncation.
1.1 deraadt 483: <li>Fix a deref after free() in the kernel's routing socket code.
484: <li>Add 'fdcache' to Apache, part of the work to make graceful restart work properly under the chroot().
1.61 ! tb 485: <li>The search for a shorter rulebase continues, <a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a> now recognises 'self' as an address, meaning all IPv4 and IPv6 addresses on all interfaces.
1.1 deraadt 486: <!-- ^^^ 20020717 -->
1.61 ! tb 487: <li>Fix wayward string termination in <a href="https://man.openbsd.org/?query=rbootd&sektion=8">rbootd(8)</a>.
! 488: <li>Fix a DIAGNOSTIC bug in <a href="https://man.openbsd.org/?query=ffs_softupdates&sektion=4">ffs_softupdates(4)</a>, and also make panic() calls show the right type.
! 489: <li>Some mbuf Fixes to the <a href="https://man.openbsd.org/?query=hifn&sektion=4">hifn(4)</a> driver, more fixes to come.
! 490: <li>Add DES and 3DES to <a href="https://man.openbsd.org/?query=noct&sektion=4">noct(4)</a> as well.
1.1 deraadt 491: <li>Fix some broken memset() and lseek() calls.
492: <!-- ^^^ 20020716 -->
1.61 ! tb 493: <li>Work around some limitations of <a href="https://man.openbsd.org/?query=noct&sektion=4">noct(4)</a> hardware. Add MD5 and SHA1 support.
! 494: <li>Small additions to <a href="https://man.openbsd.org/?query=as&sektion=1">as(1)</a> to make <a href="http://www.gnupg.org/">gnupg</a> compile.
1.1 deraadt 495: <li>Add some new users (names beginning with underscore) to replace user nobody for portmap, rstatd, identd, rusersd and fingerd.
1.61 ! tb 496: <li>Fix <a href="https://man.openbsd.org/?query=csh&sektion=1">csh(1)</a> directory completion SIGSEGV with large directories.
! 497: <li>Make <a href="https://man.openbsd.org/?query=atrun&sektion=8">atrun(8)</a> part of <a href="https://man.openbsd.org/?query=cron&sektion=8">cron(8)</a>, removing the need for the atrun cronjob.
! 498: <li>More <a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a>: accept !<interface> syntax. Oh yes.
! 499: <li><a href="https://man.openbsd.org/?query=top&sektion=1">top(1)</a> now has a BSD license.
! 500: <li><a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a> parser spots more silly combinations (return-rst on non-TCP rules, keep-state on block rules).
1.1 deraadt 501: <!-- ^^^ 20020715 -->
502: <li>Fix a double free in BSD authentication.
503: <!-- XXX sendmail SuperSafe=... thing ? -->
1.61 ! tb 504: <li>Make <a href="https://man.openbsd.org/?query=ftpd&sektion=8">ftpd(8)</a> always use high port numbers for passive data connections (no more -h option).
1.1 deraadt 505: <!-- ^^^ 20020714 -->
506: <li>Add SIGALRM to the list of signals that can be sent (after uid/euid checks) to set[ug]id child processes.
1.61 ! tb 507: <li>Enable list expansion for <a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a> NAT rules, broken since the pf.conf/nat.conf merge.
1.1 deraadt 508: <li>The XFree86 3.3.x servers that are left now revoke their root privileges right after getting I/O access.
1.61 ! tb 509: <li>Now that <a href="https://man.openbsd.org/?query=xterm&sektion=1">xterm(1)</a> drops its root privileges, install it setgid(utmp) for utmp updates. Revoke setgid too if not needed.
1.1 deraadt 510: <!-- ^^^ 20020713 -->
1.61 ! tb 511: <li>Fix at least one <a href="https://man.openbsd.org/?query=tcpdump&sektion=8">tcpdump(8)</a> buffer overflow.<br>
1.5 naddy 512: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.61 ! tb 513: <li>Teach MMX (not SSE) to <a href="https://man.openbsd.org/?query=as&sektion=1">as(1)</a>.
! 514: <li>Add <a href="https://man.openbsd.org/?query=radio&sektion=4">radio(4)</a> device attachment for <a href="https://man.openbsd.org/?query=bktr&sektion=4&arch=i386">bktr(4)</a> and <a href="https://man.openbsd.org/?query=fms&sektion=4">fms(4)</a>.
! 515: <li>Have <a href="https://man.openbsd.org/?query=pcibios&sektion=4&arch=i386">pcibios(4)</a> detect and ignore a too-short PCI IRQ routing table header.
! 516: <li>Changes to <a href="https://man.openbsd.org/?query=ld.so&sektion=1">ld.so(1)</a>: Search order now always looks like a.out, destructors are called on dlclose(), move some libc-like functions into private namespace.
! 517: <li>Add support for AGP GART on some i386 AGP chipsets (see <a href="https://man.openbsd.org/?query=vga&sektion=4">vga(4)</a> and <a href="https://man.openbsd.org/?query=options&sektion=4">options(4)</a>).
1.10 deraadt 518: <li>Remove '\\' -> '\' translation in crontabs to keep the shell happy.
1.61 ! tb 519: <li>Make <a href="https://man.openbsd.org/?query=xterm&sektion=1">xterm(1)</a> revoke its root privileges.
1.1 deraadt 520: <li>Remove a race and some other bugs from the mountpoint locking code. <!-- ok art@ -->
1.61 ! tb 521: <li>Add some flags to <a href="https://man.openbsd.org/?query=dohooks&sektion=9">dohooks(8)</a> and fix a time-honoured memory leak in <a href="https://man.openbsd.org/?query=hook_disestablish&sektion=9">hook_disestablish(9)</a>.
1.1 deraadt 522: <!-- ^^^ 20020712 -->
1.61 ! tb 523: <li>New, hard-won firmware image for the <a href="https://man.openbsd.org/?query=txp&sektion=4">txp(4)</a> driver.
1.1 deraadt 524: <li>Remove the www group's privileges to the mod_ssl mutex semaphore.
525: <li>Really remove SuperProbe from X.
526: <li>Create a skeleton UserDir tree under /var/www/users.
527: <li>Have Apache initialise OpenSSL (opening /dev/crypto) before chroot. No more /var/www/dev/crypto.
528: <!-- ^^^ 20020711 -->
1.61 ! tb 529: <li>Basic IPv6 fragment support (no normalisation yet) in <a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a>.
1.1 deraadt 530: <li>Correct a memcpy error in the kernel and ssh's Rijndael code.
1.61 ! tb 531: <li>Make <a href="https://man.openbsd.org/?query=systrace&sektion=1">systrace(1)</a> filename intercepts work with chroot().
1.1 deraadt 532: <li>Try to make resetting of USB ports work better.
1.61 ! tb 533: <li>Add fchmod translation support to <a href="https://man.openbsd.org/?query=systrace&sektion=1">systrace(1)</a>.
! 534: <li>Stop <a href="https://man.openbsd.org/?query=systrace&sektion=1">systrace(1)</a> closing the std file descriptors when going daemon.
1.1 deraadt 535: <!-- ^^^ 20020710 -->
536: <li>Fix ni6_nametodns() pointer bug in icmp6; NetBSD PR17540.
1.61 ! tb 537: <li>Add support in <a href="https://man.openbsd.org/?query=uftdi&sektion=4">uftdi(4)</a> for FT8U232AM-based USB serial adapters, likewise add more devices to <a href="https://man.openbsd.org/?query=uplcom&sektion=4">uplcom(4)</a>.
1.1 deraadt 538: <li>Fix miniroot typo that was breaking FTP installs.
1.61 ! tb 539: <li>Fix <a href="https://man.openbsd.org/?query=sed&sektion=1">sed(1)</a>'s r command (PR2755).
! 540: <li>Add a daemon mode to <a href="https://man.openbsd.org/?query=systrace&sektion=1">systrace(1)</a>.
! 541: <li><a href="https://man.openbsd.org/?query=udsbr&sektion=4">udbsr(4)</a> driver for D-Link radio cards added.
1.1 deraadt 542: <li>Add a timeout value to USB I/O calls, rather than having a systemwide timeout.
1.61 ! tb 543: <li>Make <a href="https://man.openbsd.org/?query=httpd&sektion=8">httpd(8)</a> chroot() and drop root privileges by default. A lot module chroot fixes to come.
! 544: <li>Add syscall aliasing to <a href="https://man.openbsd.org/?query=systrace&sektion=1">systrace(1)</a> (e.g. stat/fstat/readlink/access/... become 'fsread').
! 545: <li>Some fixes to <a href="https://man.openbsd.org/?query=umidi&sektion=4">umidi(4)</a> and <a href="https://man.openbsd.org/?query=uscanner&sektion=4">uscanner(4)</a>.
! 546: <li>Add SMC 2206 support to <a href="https://man.openbsd.org/?query=aue&sektion=4">aue(4)</a>.
! 547: <li>Fix a potential off-by-five error in <a href="https://man.openbsd.org/?query=systrace&sektion=1">systrace(1)</a>.
! 548: <li><a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a> now accepts an interface in most of the places it can take an IP address, and picks up all the IPv4 and IPv6 addresses on that interface.
1.1 deraadt 549: <!-- ^^^ 20020709 -->
1.61 ! tb 550: <li>Don't try to load a 32-bit quart into a 16-bit pint register in <a href="https://man.openbsd.org/?query=xl&sektion=4">xl(4)</a>.
1.1 deraadt 551: <li>Always load ELF binaries to the address at which they were linked.
1.61 ! tb 552: <li>Rig <a href="https://man.openbsd.org/?query=opendir&sektion=3">opendir(3)</a>'s sort so it can't fail due to lack of memory.
! 553: <li>Compatibility fixes for the <a href="https://man.openbsd.org/?query=ubsec&sektion=4">ubsec(4)</a> 582x series.
! 554: <li>Some updates to <a href="https://man.openbsd.org/?query=cron&sektion=8">cron(8)</a>.
1.1 deraadt 555: <li>Grab a security fix to bcopy/memcpy from FreeBSD. See their cvsweb entry for <a href="http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libc/i386/string/bcopy.S">bcopy.S</a>.
1.61 ! tb 556: <li>Work around <a href="https://man.openbsd.org/?query=tl&sektion=4">tl(4)</a>'s broken multicast filter.
! 557: <li>Remove <a href="https://man.openbsd.org/?query=ab&manpath=OpenBSD+3.1">ab(1)</a> from the Apache installation.
1.1 deraadt 558: <li>Remove <a href="http://www.eecis.udel.edu/~ntp/">NTP</a> support from the kernel.
1.61 ! tb 559: <li>Don't attempt to resubmit a structure we just freed in <a href="https://man.openbsd.org/?query=ipsec&sektion=4">ipsec(4)</a> / <a href="https://man.openbsd.org/?query=ipcomp&sektion=4">ipcomp(4)</a>.
1.1 deraadt 560: <li>Small fixes to IP-in-IP encapsulation code.
1.61 ! tb 561: <li>Add Security Mode options to <a href="https://man.openbsd.org/?query=atactl&sektion=8">atactl(8)</a>.
! 562: <li>Support a few more HPT <a href="https://man.openbsd.org/?query=pciide&sektion=4">pciide(4)</a> cards.
! 563: <li>Make NEED_VERSION obsolete in <a href="https://man.openbsd.org/?query=bsd.port.mk&sektion=5">bsd.port.mk(5)</a>.
! 564: <li>Fill IPv6 null pointer dereference in <a href="https://man.openbsd.org/?query=cvs&sektion=1">cvs(1)</a> pserver.
1.1 deraadt 565: <li>Remove some old upgrade hacks from the installer script.
1.61 ! tb 566: <li><a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a> chokes on invalid '! <interface>' syntax, instead of just ignoring the '!'.
! 567: <li>Fix <a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a> interface stats, and allow the loginterface feature to be disabled.
! 568: <li>Make signal handler flags in <a href="https://man.openbsd.org/?query=isakmpd&sektion=8">isakmpd(8)</a> of type volatile sig_atomic_t.
! 569: <li>Fix a few GCC 3.1 moans in <a href="https://man.openbsd.org/?query=isakmpd&sektion=8">isakmpd(8)</a>.
! 570: <li>Un-bloating of <a href="https://man.openbsd.org/?query=ahc&sektion=4">ahc(4)</a>.
! 571: <li>Cleanup of <a href="https://man.openbsd.org/?query=rpcgen&sektion=1">rpcgen(1)</a>.
! 572: <li><font color="#e00000"><strong>RELIABILITY FIX: Don't assume we have an active exchange during payload validation, otherwise <a href="https://man.openbsd.org/?query=isakmpd&sektion=8">isakmpd(8)</a> can be made to crash.</strong></font><br>
1.4 margarid 573: <a href="errata31.html#isakmpd">A source code patch exists to remedy the problem.</a><br>
1.5 naddy 574: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.61 ! tb 575: <li><a href="https://man.openbsd.org/?query=ep&sektion=4">ep(4)</a> on <a href="https://man.openbsd.org/?query=isapnp&sektion=4">isapnp(4)</a> now works on <a href="alpha.html">alpha</a>.
1.1 deraadt 576: <li>Improve the way the installer's fileset selection UI works.
577: <li>Fix a potential buffer overflow in xsystrace.
578: <li>Add a note to the unwary in distrib/notes about the danger of skipping several versions when upgrading.
1.61 ! tb 579: <li>Don't have <a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a> allocate memory for stuff we don't need, just to discard it straight away.
! 580: <li>Set IP_PORTRANGE_HIGH for active mode data channel of <a href="https://man.openbsd.org/?query=ftp&sektion=1">ftp(1)</a>.
! 581: <li>Add some more <a href="https://man.openbsd.org/?query=usb&sektion=4">usb(4)</a> product IDs.
! 582: <li>Fix an off-by-one error in <a href="https://man.openbsd.org/?query=rmt&sektion=8">rmt(8)</a> and improve string handling in general.
! 583: <li>Normalise <a href="https://man.openbsd.org/?query=nc&sektion=1">nc(1)</a>'s EOF handling.
! 584: <li>Plug a few <a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a> memory leaks.
! 585: <li>Tweak the <a href="https://man.openbsd.org/?query=tga&sektion=4&arch=alpha">tga(4/ALPHA)</a> driver.
! 586: <li>Fix several missing or broken <a href="https://man.openbsd.org/?query=malloc&sektion=3">malloc(3)</a> and <a href="https://man.openbsd.org/?query=realloc&sektion=3">realloc(3)</a> failure checks.
! 587: <li>In <a href="https://man.openbsd.org/?query=rcs&sektion=1">rcs(1)</a>, actually <a href="https://man.openbsd.org/?query=exit&sektion=3">exit(3)</a> after spotting that LocalId is too long.
1.1 deraadt 588: <li>Lots of ANSIfication of function declarations and prototypes.
1.61 ! tb 589: <li>Fix bug causing 'SPL NOT LOWERED' errors from the <a href="https://man.openbsd.org/?query=ami&sektion=4">ami(4)</a> RAID controller.
! 590: <li>Give <a href="https://man.openbsd.org/?query=ssh-keysign&sektion=8">ssh-keysign(8)</a> its setuid(root) toys back, but only work at all if HostbasedAuthentication is globally disabled.
! 591: <li>Use <a href="https://man.openbsd.org/?query=RSA_blinding_on&sektion=3">RSA_blinding_on(3)</a> to ward off a <a href="http://www.cryptography.com/resources/whitepapers/TimingAttacks.pdf">Kocher timing attack</a> on <a href="https://man.openbsd.org/?query=ssh-keysign&sektion=8">ssh-keysign(8)</a>.
! 592: <li>Fix <a href="https://man.openbsd.org/?query=signal&sektion=3">signal(3)</a> race in <a href="https://man.openbsd.org/?query=ping&sektion=8">ping(8)</a>.
! 593: <li>Remove <a href="https://man.openbsd.org/?query=adv&sektion=4">adv(4)</a> from the i386 RAMDISK kernel until new <a href="https://man.openbsd.org/?query=ahc&sektion=4">ahc(4)</a> un-bloats itself.
! 594: <li>Catch a null pointer dereference when fetching the routing table via <a href="https://man.openbsd.org/?query=sysctl&sektion=3">sysctl(3)</a>.
! 595: <li>Make <a href="https://man.openbsd.org/?query=sis&sektion=4">sis(4)</a> compile and work on <a href="alpha.html">alpha</a>.
! 596: <li>Return correct result sizes from <a href="https://man.openbsd.org/?query=ubsec&sektion=4">ubsec(4)</a>.
! 597: <li><a href="https://man.openbsd.org/?query=bridge&sektion=4">bridge(4)</a> will now compile with <a href="https://man.openbsd.org/?query=ipsec&sektion=4">ipsec(4)</a> but no <a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a>.
! 598: <li>Cleanup of <a href="https://man.openbsd.org/?query=ftpd&sektion=8">ftpd(8)</a>.
! 599: <li>Fix PIO writes code in <a href="https://man.openbsd.org/?query=wdc&sektion=4">wdc(4)</a>, broken since OpenBSD 2.5!
! 600: <li>Remove unnecessary <a href="https://man.openbsd.org/?query=longjmp&sektion=3">longjmp(3)</a> from <a href="https://man.openbsd.org/?query=login&sektion=1">login(1)</a>.
1.1 deraadt 601: <li>Pages allocated with debug_malloc() aren't ever executed, so don't use VM_PROT_ALL.
1.61 ! tb 602: <li>Finally fix <a href="https://man.openbsd.org/?query=bridge&sektion=4">bridge(4)</a> address cache bug.
! 603: <li>Properly handle endpoint differences of opinion on <a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a> Compression options
! 604: <li>Fix the <a href="https://man.openbsd.org/?query=wsdisplay&sektion=4">wsdisplay(4)</a> blanker after the X server has been running.
! 605: <li>Make the installer deal correctly with passwords starting with '-X ' for some X, instead of misinterpreting them as options to <a href="https://man.openbsd.org/?query=encrypt&sektion=1">encrypt(1)</a>.
! 606: <li>Fix some compatibility quirks in <a href="https://man.openbsd.org/?query=ppp&sektion=8">ppp(8)</a>.
! 607: <li>Add a pushback buffer to <a href="https://man.openbsd.org/?query=pfctl&sektion=8">pfctl(8)</a>'s parser.
! 608: <li>Remove setuid(root) from <a href="https://man.openbsd.org/?query=ssh-keysign&sektion=8">ssh-keysign(8)</a>, disabling it for now.
! 609: <li>Have <a href="https://man.openbsd.org/?query=named&sektion=8">named(8)</a> call <a href="https://man.openbsd.org/?query=tzset&sektion=3">tzset(3)</a> so /etc/localtime isn't needed after the <a href="https://man.openbsd.org/?query=chroot&sektion=2">chroot(2)</a>.
! 610: <li>More fixes to the new <a href="https://man.openbsd.org/?query=ahc&sektion=4">ahc(4)</a> driver.
1.1 deraadt 611: <li>Add AlphaServer 800 and 1000 support.
1.61 ! tb 612: <li>Enable <a href="https://man.openbsd.org/?query=lc&sektion=4">lc(4)</a> devices in <a href="alpha.html">alpha</a> GENERIC kernel.
! 613: <li>Fix <a href="https://man.openbsd.org/?query=isapnp&sektion=4">isapnp(4)</a> panics on <a href="alpha.html">alpha</a>.
1.1 deraadt 614: <li>Make xf86config give the option of configuring a mouse wheel.
1.61 ! tb 615: <li>Gracefully handle <a href="https://man.openbsd.org/?query=i386_iopl&sektion=2&arch=i386">i386_iopl(2)</a> failure in the X server when trying to give up privileges.
! 616: <li>Add <a href="https://man.openbsd.org/?query=wscons&sektion=4">wscons(4)</a> files to <a href="https://man.openbsd.org/?query=fbtab&sektion=5">fbtab(5)</a> on <a href="i386.html">i386</a>.
! 617: <li>Add <a href="https://man.openbsd.org/?query=kqueue&sektion=2">kqueue(2)</a> support to <a href="https://man.openbsd.org/?query=syslog&sektion=3">syslog(3)</a>.
1.1 deraadt 618: <li>Evolve strtou?q() into strtou?ll(). Use weak aliases if available (wrappers otherwise) to fake strtou?q().
1.61 ! tb 619: <li>Run <a href="https://man.openbsd.org/?query=rpc.rstatd&sektion=8">rpc.rstatd(8)</a> and <a href="https://man.openbsd.org/?query=rpc.rusersd&sektion=8">rpc.rusersd(8)</a> as root from <a href="https://man.openbsd.org/?query=inetd&sektion=8">inetd(8)</a> again, but go to nobody's jail at startup.
1.1 deraadt 620: <li>Lots more bounds-checking all over the place.
1.61 ! tb 621: <li>Recognise a few more <a href="https://man.openbsd.org/?query=fxp&sektion=4">fxp(4)</a> devices.
! 622: <li>Correct misleading cgetclose() entry in <a href="https://man.openbsd.org/?query=getcap&sektion=3">getcap(3)</a> manpage.
! 623: <li>Try again with the new <a href="https://man.openbsd.org/?query=ahc&sektion=4">ahc(4)</a> driver.
! 624: <li>Cleanups of <a href="https://man.openbsd.org/?query=chpass&sektion=1">chpass(1)</a> and <a href="https://man.openbsd.org/?query=passwd&sektion=1">passwd(1)</a>.
! 625: <li><font color="#e00000"><strong>SECURITY FIX: The kernel would let any user <a href="https://man.openbsd.org/?query=ktrace&sektion=2">ktrace(2)</a> set[ug]id processes.</strong></font><br>
1.4 margarid 626: <a href="errata31.html#ktrace">A source code patch is available</a>.<br>
1.5 naddy 627: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.61 ! tb 628: <li><a href="https://man.openbsd.org/?query=newsyslog&sektion=8">newsyslog(8)</a> now doesn't follow symbolic links by default, fixing PR1913.
1.1 deraadt 629: <li>Change web site banner to "One remote hole in the default install, in nearly 6 years!" That's still an awesome record.
630: <li>More audit of OpenSSH.
1.58 tb 631: <li><a href="https://www.openssh.com/openbsd.html">OpenSSH 3.4</a> was released, and there was much rejoicing.
1.61 ! tb 632: <li><font color="#e00000"><strong>SECURITY FIX: All versions of OpenSSH's <a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a> between 2.3.1 and 3.3 contain an input validation error that can result in an integer overflow and privilege escalation. The problem is fixed in OpenSSH 3.4.</strong></font><br>
1.4 margarid 633: <a href="errata31.html#sshd">A source code patch is available</a>.<br>
1.5 naddy 634: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.61 ! tb 635: <li>Add a number of resource limits to <a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>.
1.12 jcs 636: <li>Increase <a href="i386.html">i386</a> kvm size to 768M.
1.61 ! tb 637: <li>The list of great Theo quotes for <a href="https://man.openbsd.org/?query=mg&sektion=1">mg(1)</a> continues to grow.
1.5 naddy 638: <li><font color="#e00000"><strong>SECURITY FIX: A potential buffer overflow in the DNS resolver has been found.</strong></font><br>
1.4 margarid 639: <a href="errata31.html#resolver">A source code patch is available</a>.<br>
1.5 naddy 640: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.1 deraadt 641: <li>Merge in <a href="http://www.sendmail.org/">Sendmail</a> 8.12.5.
642: <li>Start work on IP-over-FireWire and IP-over-SCSI.
1.61 ! tb 643: <li>Move a bunch of <a href="https://man.openbsd.org/?query=pfctl&sektion=8">pfctl(8)</a> options into <a href="https://man.openbsd.org/?query=pf.conf&sektion=5">pf.conf(5)</a>.
1.57 tb 644: <li>c2k2-inspired changes to the installer.
1.61 ! tb 645: <li>Skip routing table lookup when {broad,multi}casting and the outgoing interface is set using <a href="https://man.openbsd.org/?query=setsockopt()&sektion=2">setsockopt(2)</a>. Removes the need for a 224/4 route. <!-- XXX it still gets set in /etc/rc though -->
1.1 deraadt 646: <li>Make X use /dev/wsmouse instead of /dev/wsmouse0 by default.
1.61 ! tb 647: <li>Add some m68k opcode aliases for GNU <a href="https://man.openbsd.org/?query=as&sektion=1">as(1)</a> from recent binutils.
! 648: <li>Fix the FTP relay in <a href="https://man.openbsd.org/?query=faithd&sektion=8">faithd(8)</a>.
! 649: <li>Fix <a href="https://man.openbsd.org/?query=wi&sektion=4">wi(4)</a> reassociation after an AP reboot.
1.5 naddy 650: <li><font color="#e00000"><strong>SECURITY FIX: A buffer overflow can
1.61 ! tb 651: occur in the .htaccess parsing code in the mod_ssl <a href="https://man.openbsd.org/?query=httpd&sektion=8">httpd(8)</a> module, leading to possible remote crash or exploit (PR2767.)</strong></font><br>
1.4 margarid 652: <a href="errata31.html#modssl">A source code patch is available</a>.<br>
1.5 naddy 653: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.1 deraadt 654: <li>Lots of uid_t and gid_t signedness fixes.
1.61 ! tb 655: <li><a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a> no longer calls setsid() when run from <a href="https://man.openbsd.org/?query=inetd&sektion=8">inetd(8)</a>.
! 656: <li>Make <a href="https://man.openbsd.org/?query=cvs&sektion=1">cvs(1)</a> pserver talk IPv6.
! 657: <li>Increment <a href="https://man.openbsd.org/?query=boot&sektion=8&arch=i386">boot(8)</a> version to help debug the new memory probe and other fixes.
! 658: <li>Make <a href="https://man.openbsd.org/?query=wi&sektion=4">wi(4)</a> less twitchy on quick inserts/ejects.
! 659: <li>String handling and bounds checking fixes to <a href="https://man.openbsd.org/?query=login_fbtab&sektion=3">login_fbtab(3)</a>.
1.58 tb 660: <li>Bump <a href="https://www.openssh.com/">OpenSSH</a> to version 3.3.<br>
1.5 naddy 661: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.61 ! tb 662: <li>Start adding <a href="https://man.openbsd.org/?query=kqueue&sektion=2">kqueue(2)</a> support to <a href="https://man.openbsd.org/?query=noct&sektion=4">noct(4)</a>.
! 663: <li>System call argument rewriting framework for <a href="https://man.openbsd.org/?query=systrace&sektion=4">systrace(4)</a>.
! 664: <li>Enable <a href="https://man.openbsd.org/?query=wi&sektion=4">wi(4)</a> on sparc64, after a <em>lot</em> of groundwork.
! 665: <li>Fix some endianness nits in <a href="https://man.openbsd.org/?query=wi&sektion=4">wi(4)</a>.
! 666: <li>Remove <a href="https://man.openbsd.org/?query=ifmcstat&sektion=8&manpath=OpenBSD+3.1">ifmcstat(8)</a>, the same information is available from <a href="https://man.openbsd.org/?query=netstat&sektion=1">netstat(1)</a>.
1.12 jcs 667: <li>More improvements to 4GB memory probing on <a href="i386.html">i386</a>.
1.61 ! tb 668: <li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a> and <a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a> options are now documented in their own sshd?_config(5) manpage.
! 669: <li>Add option for smooth scrolling to <a href="https://man.openbsd.org/?query=talk&sektion=1">talk(1)</a>.
! 670: <li>Support a few more wireless cards in <a href="https://man.openbsd.org/?query=wi&sektion=4">wi(4)</a>.
! 671: <li>Build <a href="https://man.openbsd.org/?query=wicontrol&sektion=8">wicontrol(8)</a> on sparc64 as well.
! 672: <li>String handling cleanups in <a href="https://man.openbsd.org/?query=comsat&sektion=8">comsat(8)</a>.
! 673: <li>Support <a href="https://man.openbsd.org/?query=magma&sektion=0&arch=sparc">magma(4/SPARC)</a>, <a href="https://man.openbsd.org/?query=magma&sektion=0&arch=sparc64">magma(4/SPARC64)</a> serial/parallel boards.
! 674: <li>Support <a href="https://man.openbsd.org/?query=stp&sektion=4">stp(4)</a> sbus-PCMCIA bridge based on STP4020 chipset. (The nell driver on Solaris.)
! 675: <li>Cleanup of <a href="https://man.openbsd.org/?query=timed&sektion=8">timed(8)</a>.
! 676: <li>Removing its setgid(kmem) was not enough, remove <a href="https://man.openbsd.org/?query=trsp&sektion=8">trsp(8)</a> altogether.
! 677: <li>Make <a href="https://man.openbsd.org/?query=yacc&sektion=1">yacc(1)</a> errors look like C compiler errors, so parser utilities such as <a href="https://man.openbsd.org/?query=error&sektion=1">error(1)</a> can deal with it.
! 678: <li>Add <a href="https://man.openbsd.org/?query=kqueue&sektion=2">kqueue(2)</a> support to <a href="https://man.openbsd.org/?query=random&sektion=9">random(9)</a>.
! 679: <li>Kill file descriptor leak in <a href="https://man.openbsd.org/?query=dhcpd&sektion=8">dhcpd(8)</a>.
! 680: <li>Fix lots of format strings in the <a href="https://man.openbsd.org/?query=dhcp&sektion=8">dhcp(8)</a> programs.
! 681: <li><a href="https://man.openbsd.org/?query=ps&sektion=1">ps(1)</a> shows flag 'x' for <a href="https://man.openbsd.org/?query=systrace&sektion=4">systrace(4)</a>'d processes.
! 682: <li>Lots of work on the <a href="https://man.openbsd.org/?query=gpr&sektion=4">gpr(4)</a> driver.
! 683: <li>Fix <a href="https://man.openbsd.org/?query=uftdi&sektion=4">uftdi(4)</a>.
! 684: <li>Make <a href="https://man.openbsd.org/?query=systat&sektion=1">systat(1)</a> revoke its setgid(kmem) privileges.
1.12 jcs 685: <li>Remove old pccons driver from <a href="i386.html">i386</a>, also the associated XSERVER option from the kernel.
1.61 ! tb 686: <li>Fix <a href="https://man.openbsd.org/?query=ftpd&sektion=8">ftpd(8)</a>'s SIGALRM handler.
1.5 naddy 687: <li><font color="#e00000"><strong>SECURITY FIX: A buffer overflow can
1.61 ! tb 688: occur during the interpretation of chunked encoding in <a href="https://man.openbsd.org/?query=httpd&sektion=8">httpd(8)</a>, leading to possible remote crash.</strong></font><br>
1.4 margarid 689: <a href="errata31.html#httpd">A source code patch is available</a>.<br>
1.5 naddy 690: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.1 deraadt 691: <li>Add the punctuation-challenged Nike psa[play^120 USB widget.
1.61 ! tb 692: <li>Remove setgid(kmem) from the enormously useful <a href="https://man.openbsd.org/?query=trsp&sektion=8">trsp(8)</a>.
1.12 jcs 693: <li>Add UK keyboard map to <a href="macppc.html">macppc</a> (with '#' on Option-3) and also option CAPS_IS_CONTROL.
1.61 ! tb 694: <li>Increase <a href="https://man.openbsd.org/?query=xl&sektion=4">xl(4)</a> timeout to squash 'command never completed!' warnings.
! 695: <li>Add <a href="https://man.openbsd.org/?query=kqueue&sektion=2">kqueue(2)</a> support to <a href="https://man.openbsd.org/?query=audio&sektion=4">audio(4)</a>.
! 696: <li>Import <a href="https://man.openbsd.org/?query=event&sektion=3">event(3)</a>, an API on top of <a href="https://man.openbsd.org/?query=select&sektion=2">select(2)</a> or <a href="https://man.openbsd.org/?query=kqueue&sektion=2">kqueue(2)</a>.
! 697: <li>Enable DMA on <a href="https://man.openbsd.org/?query=xl&sektion=4">xl(4)</a>.
! 698: <li>Allow transparent (statically keyed) <a href="https://man.openbsd.org/?query=ipsec&sektion=4">ipsec(4)</a> processing on a <a href="https://man.openbsd.org/?query=bridge&sektion=4">bridge(4)</a>.
! 699: <li>Help <a href="https://man.openbsd.org/?query=ppp&sektion=8">ppp(8)</a> to cope with yet more Microsoft PPP attributes.
! 700: <li>Extend <a href="https://man.openbsd.org/?query=ssh-agent&sektion=1">ssh-agent(1)</a> key lifetime constraints more flexible (i.e. more than just key lifetime).
! 701: <li>Teach ECN attributes to <a href="https://man.openbsd.org/?query=isakmpd&sektion=8">isakmpd(8)</a>.
! 702: <li>Add eui64 option to <a href="https://man.openbsd.org/?query=ifconfig&sektion=8">ifconfig(8)</a> for configuring the IPv6 interface index.
! 703: <li>Add a <a href="https://man.openbsd.org/?query=sysctl&sektion=3">sysctl(3)</a> to get the CPU type on sparc and sparc64.
! 704: <li>Throw away the first 256 words of arc4 output in <a href="https://man.openbsd.org/?query=random&sektion=9">random(9)</a>.
1.1 deraadt 705: <li>Gratuitous pid_t cleanup in /usr/bin.
1.61 ! tb 706: <li>Grab multicast <a href="https://man.openbsd.org/?query=vlan&sektion=4">vlan(4)</a> code from NetBSD.
1.1 deraadt 707: <li>Add some inlined hash functions for the kernel, in <sys/hash.h>.
1.61 ! tb 708: <li>Cleanup work on conditional evaluation in <a href="https://man.openbsd.org/?query=make&sektion=1">make(1)</a>.
! 709: <li><a href="https://man.openbsd.org/?query=isakmpd&sektion=8">isakmpd(8)</a> accepts IPComp flows.
! 710: <li>Drop <a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a> scrub(fragcache) syntax in favour of the fragment ... option in scrub rules.
! 711: <li>Teach <a href="https://man.openbsd.org/?query=tcpdump&sektion=8">tcpdump(8)</a> about <a href="https://man.openbsd.org/?query=ipcomp&sektion=4">ipcomp(4)</a>.
1.1 deraadt 712: <li>Show sparc64's X server which device it wants to mmap().
1.61 ! tb 713: <li>Add ioctl to <a href="https://man.openbsd.org/?query=wscons&sektion=4">wscons(4)</a> allowing sparc64 (other architectures later) to find out which PCI device it's using.
! 714: <li>Enable userland <a href="https://man.openbsd.org/?query=crypto&sektion=4">crypto(4)</a> support for DSA. Maybe logging in using ssh2 on a 486 needn't take 20 seconds after all.
! 715: <li>Kernel changes and <a href="https://man.openbsd.org/?query=sysctl&sektion=3">sysctl(3)</a> switch for hardware asymmetric <a href="https://man.openbsd.org/?query=crypto&sektion=4">crypto(4)</a> in userland.
! 716: <li>Add initial Ultra Port Architecture (<a href="https://man.openbsd.org/?query=upa&sektion=4&arch=sparc64">upa(4/SPARC64)</a>) support. Attach <a href="https://man.openbsd.org/?query=creator&sektion=4&arch=sparc64">creator(4)</a> and <a href="https://man.openbsd.org/?query=schizo&sektion=4&arch=sparc64">schizo(4)</a> using it.
1.12 jcs 717: <li>Import new <a href="vax.html">vax</a> boot code from NetBSD.
1.61 ! tb 718: <li>Add <a href="https://man.openbsd.org/?query=umct&sektion=4">umct(4)</a> USB serial driver and .<a href="https://man.openbsd.org/?query=umidi&sektion=4">umidi(4)</a> USB MIDI driver. Not tested, not in GENERIC.
1.1 deraadt 719: <li>Add IPL_STATCLOCK and add lots of splassert()s.
1.61 ! tb 720: <li><a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a> spends less time with euid==0 even if it is installed setuid(root).
1.1 deraadt 721: <li>Much cleanup in distrib/miniroot.
1.61 ! tb 722: <li>Make <a href="https://man.openbsd.org/?query=pfctl&sektion=8">pfctl(8)</a> -s state print UDP and 'other' states nicely.
! 723: <li>New scrub(fragcache) ... syntax for <a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a>.
! 724: <li><a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a> NAT proxy port ranges can be specified per-rule.
! 725: <li>Don't <a href="https://man.openbsd.org/?query=panic&sektion=9">panic(9)</a> if <a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a> tries to insert a duplicate key.
! 726: <li><a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a> NAT and filter rules now all go in the one file (normally <a href="https://man.openbsd.org/?query=pf.conf&sektion=5">pf.conf(5)</a>). New <a href="https://man.openbsd.org/?query=pfctl&sektion=8">pfctl(8)</a> file syntax. Oh yes.
! 727: <li>Clean up semantics of <a href="https://man.openbsd.org/?query=gre&sektion=4">gre(4)</a> a bit.
! 728: <li><a href="https://man.openbsd.org/?query=ifconfig&sektion=8">ifconfig(8)</a> prints the Ethernet address. Yippee!
! 729: <li><a href="https://man.openbsd.org/?query=route&sektion=8">route(8)</a> now accepts DNS names (and naturally enough treats them as host routes).
! 730: <li>Stop <a href="https://man.openbsd.org/?query=isakmpd&sektion=8">isakmpd(8)</a> using the same range for SPIs and CPIs.
! 731: <li>Ports can now be specified in <a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a> NAT rules.
! 732: <li>Allow <a href="https://man.openbsd.org/?query=systrace&sektion=4">systrace(4)</a> to attach to a running process.
! 733: <li>Add ioctl <a href="https://man.openbsd.org/?query=systrace&sektion=4">systrace(4)</a> to retrieve the current emulation of a process.
! 734: <li>Remove <a href="https://man.openbsd.org/?query=dlopen&sektion=3">dlopen(3)</a> stuff from <a href="https://man.openbsd.org/?query=isakmpd&sektion=8">isakmpd(8)</a>.
! 735: <li>Fix BPF code for a <a href="https://man.openbsd.org/?query=gif&sektion=4">gif(4)</a> tunnel, and add some more sanity checks.
! 736: <li>Default RhostsAuthentication and RhostsRSAAuthentication to 'no' now that <a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a> is now longer setuid(root) by default.
! 737: <li><a href="https://man.openbsd.org/?query=ssh-add&sektion=1">ssh-add(1)</a> key lifetimes can now be specified in nice readable form, e.g. '-t 1h'.
1.1 deraadt 738: <li>Define __weak_alias() for mvme88k.
739: <li>Merge GNU TeXinfo 4.2.
1.61 ! tb 740: <li>Prevent <a href="https://man.openbsd.org/?query=mbuf&sektion=9">mbuf(9)</a> leakage from <a href="https://man.openbsd.org/?query=bridge&sektion=4">bridge(4)</a>.
! 741: <li>New <a href="https://man.openbsd.org/?query=bad144&sektion=8&arch=i386">bad144(8)</a>.
! 742: <li><a href="https://man.openbsd.org/?query=user&sektion=8">user(8)</a> now checks the username length against MaxUserNameLen.
! 743: <li>Add <a href="https://man.openbsd.org/?query=bio&sektion=4">bio(4)</a> device, so userland can talk to devices that don't have nodes in /dev.
! 744: <li>Remove KerberosIV startup code from <a href="https://man.openbsd.org/?query=rc&sektion=8">rc(8)</a> files.
! 745: <li>Make <a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a> NAT rules work more like normal filter rules.
! 746: <li>Add SIO*PHYADDR to <a href="https://man.openbsd.org/?query=gif&sektion=4">gif(4)</a> so <a href="https://man.openbsd.org/?query=ifconfig&sektion=8">ifconfig(8)</a> can set the outer address.
! 747: <li>Make published <a href="https://man.openbsd.org/?query=arp&sektion=8">arp(8)</a> entries work again (PR2635).
! 748: <li>Make <a href="https://man.openbsd.org/?query=dhcp&sektion=8">dhcp(8)</a> build faster (PR2715).
! 749: <li>Start converting <a href="https://man.openbsd.org/?query=netstat&sektion=1">netstat(1)</a> and <a href="https://man.openbsd.org/?query=systat&sektion=1">systat(1)</a> to <a href="https://man.openbsd.org/?query=sysctl&sektion=3">sysctl(3)</a> instead of kvm.
1.1 deraadt 750: <li>Set FDDI link MTU the same as IPv4 MTU, fixes PR2714.
1.61 ! tb 751: <li>Allow numeric group IDs in <a href="https://man.openbsd.org/?query=systrace&sektion=1">systrace(1)</a>.
! 752: <li>Changes to initialisation and media config of <a href="https://man.openbsd.org/?query=ep&sektion=4">ep(4)</a>.
! 753: <li>Add list support for <a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a> rdr rules.
! 754: <li>Fix a number of bad <a href="https://man.openbsd.org/?query=strlcpy&sektion=3">strlcpy(3)</a> calls.
! 755: <li>Fix PR2704 resuming <a href="https://man.openbsd.org/?query=eso&sektion=4">eso(4)</a> after standby.
! 756: <li>Change a lot of <a href="https://man.openbsd.org/?query=index&sektion=3">index(3)</a> calls to <a href="https://man.openbsd.org/?query=strchr&sektion=3">strchr(3)</a>.
1.1 deraadt 757: <li>Change "'cuz" to "because." Strewth!
1.61 ! tb 758: <li>Add another <a href="https://man.openbsd.org/?query=mbuf&sektion=9">mbuf(9)</a> flag M_AUTH_AH, changing the meaning of M_AUTH.
! 759: <li>Remove a bunch of '\n's from <a href="https://man.openbsd.org/?query=syslog&sektion=3">syslog(3)</a> and <a href="https://man.openbsd.org/?query=err&sektion=3">err(3)</a> calls.
! 760: <li>Make <a href="https://man.openbsd.org/?query=isakmpd&sektion=8">isakmpd(8)</a> IKECFG support work for both SET/ACK and REQ/REPLY modes.
! 761: <li>Fixes for OpenSSL when talking to hardware <a href="https://man.openbsd.org/?query=crypto&sektion=4">crypto(4)</a>.
! 762: <li>Stop <a href="https://man.openbsd.org/?query=ftp&sektion=1">ftp(1)</a> and <a href="https://man.openbsd.org/?query=ftpd&sektion=8">ftpd(8)</a> spilling the IPv6 scope ID onto the wire.
! 763: <li>The hardware is willing, and now <a href="https://man.openbsd.org/?query=xl&sektion=4">xl(4)</a> is able to offload TCP, UDP and IP checksumming to it.
! 764: <li>Support setting MTU on <a href="https://man.openbsd.org/?query=sk&sektion=4">sk(4)</a>.
! 765: <li>Add KERN_{NFILES,TTYCOUNT,NUMVNODES,MBSTAT} <a href="https://man.openbsd.org/?query=sysctl&sektion=3">sysctl(3)</a> entries.
! 766: <li>For a <a href="https://man.openbsd.org/?query=bridge&sektion=4">bridge(4)</a>, handle IPv4 frag-needed-but-DF-set just like on a regular interface.
! 767: <li>Pull in some <a href="https://man.openbsd.org/?query=pciide&sektion=4">pciide(4)</a> fixes from NetBSD.
! 768: <li>Remove (arguably) unnecessary setgid(operator) from <a href="https://man.openbsd.org/?query=df&sektion=1">df(1)</a>.
! 769: <li>Remove setuid(kmem) from <a href="https://man.openbsd.org/?query=ps&sektion=1">ps(1)</a> and <a href="https://man.openbsd.org/?query=w&sektion=1">w(1)</a> now kvm can use sysctl for some stuff. We don't need no proc filesystem...
! 770: <li>Make the <a href="https://man.openbsd.org/?query=kvm&sektion=3">kvm(3)</a> library try to use the shiny new sysctls to fetch process arguments and environment.
! 771: <li>Add flag to stop <a href="https://man.openbsd.org/?query=kvm_open&sektion=3">kwm_open(3)</a> opening any files, though limiting kvm functionality.
! 772: <li>Add <a href="https://man.openbsd.org/?query=sysctl&sektion=3">sysctl(3)</a> to retrieve process arguments and environment.
1.1 deraadt 773: <li>Tweak kernel memory allocation on i386 to work better on 4GB machines.
1.61 ! tb 774: <li>Work started on <a href="https://man.openbsd.org/?query=schizo&sektion=4&arch=sparc64">schizo(4/SPARC64)</a> PCI controller. Who said that?
1.1 deraadt 775: <li>Install script now puts FQDN in /etc/myname.
776: <li>Make more use of splsoftnet() (instead of splnet()) in IPv6 code.
777: <li>lo0 now only gets ::1 when it's brought up.
778: <li>Merge <a href="http://www.pdc.kth.se/kth-krb/">kth-krb</a> 1.1.1.
1.13 deraadt 779: <li>Enable weak aliases in libc for powerpc, sparc and alpha (already enabled on i386).
1.1 deraadt 780: <li>Add new splusb() to prevent USB initialisation lossage.
1.61 ! tb 781: <li>Improve SMART support in <a href="https://man.openbsd.org/?query=atactl&sektion=8">atactl(8)</a>.
! 782: <li>Silently ignore deprecated options to <a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a> since they may be passed in for a remote scp command.
! 783: <li>Remove FallbackToRsh from <a href="https://man.openbsd.org/?query=scp&sektion=1">scp(1)</a> as well.
! 784: <li><a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a> NAT rules now do macro expansion as well.
! 785: <li>Add Makefile-like (var += ...) macro concatenation to <a href="https://man.openbsd.org/?query=pfctl&sektion=8">pfctl(8)</a>, then remove it again.
! 786: <li>Add per-rule state timeouts to <a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a>.
! 787: <li>Fix well-hidden little bug in <a href="https://man.openbsd.org/?query=crypto&sektion=3">crypto(3)</a> to unbork <a href="sparc64.html">sparc64</a> SSL/TLS negotiation.
1.12 jcs 788: <li>On <a href="alpha.html">alpha</a>, don't allow kernel symbols to be paged out.
1.61 ! tb 789: <li>Deprecate FallbackToRsh and UseRsh options in <a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>.
! 790: <li><a href="https://man.openbsd.org/?query=ssh-keysign&sektion=8">ssh-keysign(8)</a> now insists on 20-byte session IDs.
1.1 deraadt 791: <li>Remove suspect DIAGNOSTIC block from softdep kernel code.
1.61 ! tb 792: <li>Make <a href="https://man.openbsd.org/?query=wsdisplay&sektion=4">wsdisplay(4)</a> screen blanker play nice with the X server.
! 793: <li><a href="https://man.openbsd.org/?query=lpr&sektion=1">lpr(1)</a> and friends go from setuid(root) to setgid(daemon). Connections can come from unprivileged ports for now.
! 794: <li>Add Realtek 8129/8139 cardbus device support to <a href="https://man.openbsd.org/?query=rl&sektion=4">rl(4)</a>.
1.12 jcs 795: <li>Switch <a href="macppc.html">macppc</a> to use gem instead of gm.
1.61 ! tb 796: <li>Multicast fixes and Gigabit Ethernet support for <a href="https://man.openbsd.org/?query=gem&sektion=4">gem(4)</a>.
1.1 deraadt 797: <li>Rule label length increased from 32 to 64 characters.
1.61 ! tb 798: <li>Allow modification of TTL with <a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a> return-rst.
! 799: <li>Timeout handling improvements to <a href="https://man.openbsd.org/?query=ohci&sektion=4">ohci(4)</a>.
! 800: <li>Make <a href="https://man.openbsd.org/?query=netstat&sektion=1">netstat(1)</a> print RIP6 statistics.
! 801: <li>Allow a per-rule limit to the number of state table entries a <a href="https://man.openbsd.org/?query=pf.conf&sektion=5">pf.conf(5)</a> rule can create.
! 802: <li>Switch <a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a> from AVL to red-black trees.
1.1 deraadt 803: <li>Add Gemplus GPR400 PCMCIA smartcard reader.
804: <li>Don't propose IDEA when negotiating SSL connections.
1.61 ! tb 805: <li>$srcaddr, $srcport, $dstaddr, $dstport, $proto and $nr (rule number) can now be used in <a href="https://man.openbsd.org/?query=pfctl&sektion=8">pfctl(8)</a> rule labels.
! 806: <li>Make a kernel TCP RST and a <a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a> return-rst look the same, to frustrate the nmap crowd.
! 807: <li>Some <a href="https://man.openbsd.org/?query=systrace&sektion=4">systrace(4)</a> filter list optimizations.
1.1 deraadt 808: <li>Remove IPv4 mapped address support from TCP input code, and remove is_ipv6().
1.61 ! tb 809: <li>Add net.inet6.ip6.v6only <a href="https://man.openbsd.org/?query=sysctl&sektion=8">sysctl(8)</a> flag.
! 810: <li>Add ikecfg as a valid flag in <a href="https://man.openbsd.org/?query=isakmpd.conf&sektion=5">isakmpd.conf(5)</a>. Start coding SET/ACK mode support.
! 811: <li><a href="https://man.openbsd.org/?query=inetd&sektion=8">inetd(8)</a> no longer accepts UDP packets if the source is a broadcast address.
1.1 deraadt 812: <li>Start work on <a href="http://www.xfree86.org/current/Xkdrive.1.html">KDrive</a> (TinyX) low-footprint X server support.
813: <li>Add a missing bzero() in sys/netinet/tcp_input.c to fix link-local TCP.
1.61 ! tb 814: <li>Add flow type to <a href="https://man.openbsd.org/?query=ipsec&sektion=4">ipsec(4)</a> and <a href="https://man.openbsd.org/?query=isakmpd&sektion=8">isakmpd(8)</a>.
! 815: <li>Fix <a href="https://man.openbsd.org/?query=isakmpd&sektion=8">isakmpd(8)</a> crasher PR2729.
1.1 deraadt 816: <li>Deprecate SIO.*IFPREFIX_IN6 ioctls.
817: <li>Merge <a href="http://www.stacken.kth.se/projekt/arla/">arla</a> release 0.35.7.
818: <li>Merge OpenSSL 0.9.7-stable-20020605.
1.61 ! tb 819: <li>TCP wrappers and <a href="https://man.openbsd.org/?query=pfctl&sektion=8">pfctl(8)</a> accept scoped IPv6 addresses.
1.1 deraadt 820: <li>Remove [gs]etprogname() from KerberosIV
1.61 ! tb 821: <li>Fix <a href="https://man.openbsd.org/?query=ipsec&sektion=4">ipsec(4)</a> crash described in PR2721.
1.1 deraadt 822: <li>Disable XF86_SVGA drivers in old XFree that are as good or better in XFree86 4.2.0, as defined in their <a href="http://www.xfree86.org/4.2.0/Status.html">status page</a>.
1.61 ! tb 823: <li><a href="https://man.openbsd.org/?query=bpf&sektion=4">bpf(4)</a> support for <a href="https://man.openbsd.org/?query=kqueue&sektion=2">kqueue(2)</a>
! 824: <li>In <a href="https://man.openbsd.org/?query=isakmpd&sektion=8">isakmpd(8)</a>, add netmask, subnet and DHCP server request support to IKECFG.
! 825: <li>Fix <a href="https://man.openbsd.org/?query=bktr&sektion=4&arch=i386">bktr(4)</a> stereo.
! 826: <li>Support the RNG of AMD-768 southbridge (device <a href="https://man.openbsd.org/?query=amdpm&sektion=4">amdpm(4)</a>).
! 827: <li>Fix DMA handing of <a href="https://man.openbsd.org/?query=hme&sektion=4&arch=sparc">hme(4)</a> (SPARC and SPARC64).
! 828: <li>Pull in libcsu change from NetBSD to allow <a href="https://man.openbsd.org/?query=dlopen&sektion=3">dlopen(3)</a> to be used much earlier.
! 829: <li>Add -t key lifetime option to <a href="https://man.openbsd.org/?query=ssh-add&sektion=1">ssh-add(1)</a>.
1.1 deraadt 830: <li>Use IPv4/IPv6 addresses in /etc/inetd.conf instead of 'localhost' to avoid DNS lookups.
1.61 ! tb 831: <li>Add predicate suffixes to <a href="https://man.openbsd.org/?query=systrace&sektion=1">systrace(1)</a>.
! 832: <li>Add -x and -X options to respectively lock and unlock <a href="https://man.openbsd.org/?query=ssh-agent&sektion=1">ssh-agent(1)</a>.
1.1 deraadt 833: <li>Compatibility tweaks to getpid(), getuid() and getgid() under Linux emulation.
834: <li>Start work on new debugger, pmdb.
1.61 ! tb 835: <li>Additional check (#ifdef DIAGNOSTIC) for duplicate <a href="https://man.openbsd.org/?query=uvm&sektion=9">uvm(9)</a> map entries.
! 836: <li>If <a href="https://man.openbsd.org/?query=syslog&sektion=3">syslog(3)</a> fails with ENOBUFS when sending to /dev/log, it now waits a millisecond and retries.
! 837: <li><a href="https://man.openbsd.org/?query=syslogd&sektion=8">syslogd(8)</a> doubles the socket receive buffer size.
! 838: <li>Automatic policy generation for <a href="https://man.openbsd.org/?query=systrace&sektion=4">systrace(4)</a>.
! 839: <li><a href="https://man.openbsd.org/?query=lynx&sektion=1">lynx(1)</a> now defaults to passive FTP.
1.1 deraadt 840: <li>Remove [gs]etprogname() from KerberosV.
1.61 ! tb 841: <li>New -a <bind_address> option to <a href="https://man.openbsd.org/?query=ssh-agent&sektion=1">ssh-agent(1)</a> so user can specify the agent's UNIX domain socket.
! 842: <li>Make <a href="https://man.openbsd.org/?query=tbrconfig&sektion=8">tbrconfig(8)</a> statically linked.
1.1 deraadt 843: <li>Remove assumptions about MTU values for certain media types.
1.61 ! tb 844: <li>Use the same byte-order kung fu as the kernel in <a href="https://man.openbsd.org/?query=atactl&sektion=8">atactl(8)</a>.
1.1 deraadt 845: <li>Don't automagically set -prefixlen 128 on IPv6 host route.
1.61 ! tb 846: <li>rasops instead of rcons for <a href="https://man.openbsd.org/?query=vgafb&sektion=4&arch=sparc64">vgafb(4/SPARC64)</a>.
! 847: <li>Add xsystrace(1) [no manpage yet] UI for <a href="https://man.openbsd.org/?query=systrace&sektion=4">systrace(4)</a>.
! 848: <li> Add sbus <a href="https://man.openbsd.org/?query=bwtwo&sektion=4&arch=sparc">bwtwo(4)</a> mono framebuffer support (untested).
1.58 tb 849: <li>PrivSep'd <a href="https://www.openssh.com/">ssh</a> monitor processes check each authentication method is enabled before use.
1.61 ! tb 850: <li><a href="https://man.openbsd.org/?query=systrace&sektion=1">systrace(1)</a> userland import.
! 851: <li>Use <a href="https://man.openbsd.org/?query=arc4random&sektion=3">arc4random(3)</a> for <a href="https://man.openbsd.org/?query=rtadvd&sektion=8">rtadvd(8)</a>.
! 852: <li>Make <a href="https://man.openbsd.org/?query=nice&sektion=3">nice(3)</a> standards compliant.
! 853: <li>More <a href="https://man.openbsd.org/?query=wi&sektion=4">wi(4)</a> tweaks for Symbol cards.
1.1 deraadt 854: <li>Recognise VIA VT8233 PCI-ISA bridge.
1.61 ! tb 855: <li>Fix <a href="sparc64.html">sparc64</a> 64-bit relocation masks in <a href="https://man.openbsd.org/?query=ld.so&sektion=1">ld.so(1)</a>.
1.1 deraadt 856: <li>Merge in <a href="http://www.sendmail.org/">Sendmail</a> 8.12.4.
1.61 ! tb 857: <li>Detect stereo radio reception in <a href="https://man.openbsd.org/?query=fms&sektion=4">fms(4)</a>.
! 858: <li>Compatibility tweaks to <a href="https://man.openbsd.org/?query=creator&sektion=0&arch=sparc64">creator(4/SPARC64)</a>.
! 859: <li>Replace <a href="https://man.openbsd.org/?query=mr&sektion=4&manpath=OpenBSD+3.1">mr(4)</a> radio driver with new <a href="https://man.openbsd.org/?query=gtp&sektion=4">gtp(4)</a> driver, which is better tested.
! 860: <li>'<a href="https://man.openbsd.org/?query=pfctl&sektion=8">pfctl</a> -s all' now prints labels as well.
1.1 deraadt 861: <li>Add volatile to sig_atomic_t. Stand well back.
1.61 ! tb 862: <li>Use rasops instead of rcons in <a href="https://man.openbsd.org/?query=cgthree&sektion=4&arch=sparc">cgthree(4/SPARC)</a> and <a href="https://man.openbsd.org/?query=cgsix&sektion=4&arch=sparc">cgsix(4/SPARC)</a>.
1.1 deraadt 863: <li>Simplify IPv6 link MTU code.
864: <li>Implement PMAP_CANFAIL flag for m68k pmap.
1.61 ! tb 865: <li>Enable console blanking on <a href="https://man.openbsd.org/?query=cgthree&sektion=4&arch=sparc">cgthree(4/SPARC)</a>.
1.1 deraadt 866: <li>Make sure some struct sockaddr are cleared before use.
1.61 ! tb 867: <li>Start work on NetOctave NSP2000 (hardware crypto) driver <a href="https://man.openbsd.org/?query=noct&sektion=4">noct(4)</a>. Just the RNG for now.
1.1 deraadt 868: <li>Apply <a href="http://www.dachb0den.com/projects/bsd-airtools.html">BSD Airtools</a> 0.2 patches.
1.61 ! tb 869: <li>Teach <a href="http://www.ietf.org/rfc/rfc3168.txt?number=3168">ECN</a> flags to <a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a>.
! 870: <li>Dump <a href="https://man.openbsd.org/?query=mkisofs&sektion=8&manpath=OpenBSD+3.1">mkisofs(8)</a> in favor of <a href="https://man.openbsd.org/?query=mkhybrid&sektion=8">mkhybrid(8)</a>.
! 871: <li>Avoid fd_set overruns in <a href="https://man.openbsd.org/?query=rtsold&sektion=8">rtsold(8)</a>, <a href="https://man.openbsd.org/?query=route6d&sektion=8">route6d(8)</a> and <a href="https://man.openbsd.org/?query=rtadvd&sektion=8">rtadvd(8)</a>.
! 872: <li>Clue in <a href="https://man.openbsd.org/?query=inetd&sektion=8">inetd(8)</a> to IPv6 FTP bounce attacks.
! 873: <li>Fix /etc/ptmp deletion bug that occurred if <a href="https://man.openbsd.org/?query=rmuser&sektion=8">rmuser(8)</a> was aborted.
! 874: <li>IBSS mode for Symbol cards (firmware >= 2.5) using the <a href="https://man.openbsd.org/?query=wi">wi(4)</a> driver.
1.58 tb 875: <li>Add leading-zero padding to RSA signatures in <a href="https://www.openssh.com/">ssh</a>.
1.61 ! tb 876: <li>Tweak <a href="https://man.openbsd.org/?query=altq&sektion=9">altq(9)</a> <a href="https://man.openbsd.org/?query=options&sektion=4">options(4)</a> so the kernel compiles on i[34]86.
! 877: <li>Add support in the <a href="https://man.openbsd.org/?query=fxp&sektion=4">fxp(4)</a> driver for more Intel PRO/100 VM cards.
! 878: <li>For those that do metric but refuse to work in meters and kilograms, <a href="http://www.unc.edu/~rowlett/units/dictK.html">kayser</a> conversion has been added to <a href="https://man.openbsd.org/?query=units&sektion=1">units(1)</a>. Wow.
! 879: <li>Fix signal races in <a href="https://man.openbsd.org/?query=ping&sektion=8">ping(8)</a>.
! 880: <li>Now that the Dungeon Master <a href="https://man.openbsd.org/?query=dm&sektion=0&manpath=OpenBSD+3.1">dm(1)</a> has gone into well-earned retirement, make those games that need to save high scores, etc. run setgid games.
! 881: <li>Per-socket <a href="https://man.openbsd.org/?query=ipsec&sektion=4">ipsec(4)</a> policies and options!
! 882: <li>Stop a potential <a href="https://man.openbsd.org/?query=ipsec&sektion=4">ipsec(4)</a> DoS where an attacker could falsely advance the replay counter and so force valid traffic to be discarded.
1.1 deraadt 883: <li>Add German keyboard map for Apple laptops.
1.61 ! tb 884: <li>On ELF platforms, allow <a href="https://man.openbsd.org/?query=gcc&sektion=1">gcc(1)</a> to link Fortran code with other languages.
1.1 deraadt 885: <li>Make sure every PCI interrupt is recorded, so ISA doesn't step on one of them later.
1.61 ! tb 886: <li>Better <a href="https://man.openbsd.org/?query=radio&sektion=4">radio(4)</a> devices attachment.
! 887: <li>Fix VIA8233 support in <a href="https://man.openbsd.org/?query=auvia&sektion=4">auvia(4)</a>.
! 888: <li>Make <a href="https://man.openbsd.org/?query=nc&sektion=1">nc(1)</a> timeouts behave more like netcat.
! 889: <li>Make sure user's shell is /usr/sbin/authpf before running <a href="https://man.openbsd.org/?query=authpf&sektion=8">authpf(8)</a> to prevent $SSH_CLIENT shenanigans.
! 890: <li>In <a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh</a>, use OpenSSL's AES implementation instead of our own.
! 891: <li>Add -[46] options to <a href="https://man.openbsd.org/?query=ftp&sektion=1">ftp(1)</a>.
1.1 deraadt 892: <li>Warn to syslog if IPv6 neighbor discovery tries to set the link MTU too small.
1.61 ! tb 893: <li>Make <a href="https://man.openbsd.org/?query=tip&sektion=1">tip(1)</a> query the driver with the user's baud rate setting rather than only accepting a compiled-in list.
! 894: <li>Cleanup and small fixes to <a href="https://man.openbsd.org/?query=skeyaudit&sektion=1">skeyaudit(1)</a>.
! 895: <li>Fixes to <a href="https://man.openbsd.org/?query=fms&sektion=4">fms(4)</a>.
! 896: <li>Various fixes and enhancements to <a href="https://man.openbsd.org/?query=mg&sektion=1">mg(1)</a>.
! 897: <li><a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a> no longer starts in privilege-separated mode unless the PrivSep user sshd and <a href="https://man.openbsd.org/?query=chroot&sektion=2">chroot(2)</a> dir /var/empty are both present.
! 898: <li>Fix potential time overflow in <a href="https://man.openbsd.org/?query=dd&sektion=1">dd(1)</a>.
! 899: <li>Make <a href="https://man.openbsd.org/?query=bridge&sektion=4">bridge(4)</a> refragment IP packets that are too large for the outgoing interface.
1.1 deraadt 900: <li>Remove libdl, support is in libc since a long time already.
1.61 ! tb 901: <li>Recognise Nokia C110 and C111 PC cards as <a href="https://man.openbsd.org/?query=wi&sektion=4">wi(4)</a> devices.
! 902: <li>Really sanitize <a href="https://man.openbsd.org/?query=ld.so&sektion=1">ld.so(1)</a>'s environment as promised in the manpage when running set[ug]id, and test for set[ug]id earlier.
! 903: <li>Don't allow <a href="https://man.openbsd.org/?query=mktemp&sektion=3">mktemp(3)</a> to back up past the beginning of its input buffer.
! 904: <li>Use the correct string buffer size for printing port numbers in <a href="https://man.openbsd.org/?query=pfctl&sektion=8">pfctl(8)</a>.
1.1 deraadt 905: <li>Remove arc4random_8().
906: <li>struct ifnet now has an array of pointers to data for each address family. Move per-interface IPv6 state and neighbor discovery stuff here.
1.61 ! tb 907: <li><a href="https://man.openbsd.org/?query=netstat&sektion=1">netstat(1)</a> cleanup.
! 908: <li><a href="https://man.openbsd.org/?query=ping6&sektion=8">ping6(8)</a> and <a href="https://man.openbsd.org/?query=traceroute6&sektion=8">traceroute6(8)</a> updates from <a href="http://www.kame.net/">KAME</a>.
1.1 deraadt 909: <li>unsigned -> unsigned int cleanup.
910: <li>Repair machdep.chipset sysctl on alpha.
911: <li>Audit pid_t type usage.
912: <li>Audit incorrect signal(2) usage.
1.61 ! tb 913: <li>Fix big <a href="https://man.openbsd.org/?query=snprintf&sektion=3">snprintf(3)</a>
! 914: parameter typo in <a href="https://man.openbsd.org/?query=strftime&sektion=3">strftime(3)</a>.
! 915: <li>Don't use <a href="https://man.openbsd.org/?query=execlp&sektion=3">execlp(3)</a> when invoking <a href="https://man.openbsd.org/?query=ssh-keysign&sektion=8">ssh-keysign(8)</a>.
! 916: <li>Fix <a href="https://man.openbsd.org/?query=kill&sektion=2">kill(2)</a> parameter brainfade in <a href="https://man.openbsd.org/?query=amd&sektion=8">amd(8)</a> and KerberosIV's rlogin.
1.12 jcs 917: <li><a href="vax.html">vax</a>: Add board type for VXT2000+.
1.1 deraadt 918: <li>More IANA interface type values, including IFT_BRIDGE.
919: <li>Split XFree86 bsd_video.c into architecture-specific files.
1.61 ! tb 920: <li>Add <a href="https://man.openbsd.org/?query=sysctl&sektion=8">sysctl(8)</a> toggle net.inet.icmp.tstamprepl (default: 1) for ICMP timestamp replies.
1.1 deraadt 921: <li>Even more steps toward the death of unsafe string functions.
922: <li>In XFree86 build, honour COPTS variable when building third-party apps.
923: <li>Add LIBS option for crunchgen so custom libraries can be added to boot images.
1.61 ! tb 924: <li>Run <a href="https://man.openbsd.org/?query=rpc.rstatd&sektion=8">rpc.rstatd(8)</a> and <a href="https://man.openbsd.org/?query=rpc.rusersd&sektion=8">rpc.rusersd(8)</a> as user nobody (boo!) from <a href="https://man.openbsd.org/?query=inetd&sektion=8">inetd(8)</a>.
! 925: <li>From <a href="https://man.openbsd.org/?query=ld.so&sektion=1">ld.so(1)</a>, remove tests that have no license, and for the same reason replace parts of <a href="https://man.openbsd.org/?query=ld&sektion=1">ld(1)</a> and <a href="https://man.openbsd.org/?query=ldconfig&sektion=8">ldconfig(8)</a>.
1.12 jcs 926: <li>Remove unnecessary instruction cache flushes on <a href="sparc64.html">sparc64</a>.
1.61 ! tb 927: <li>Many cleanups in <a href="https://man.openbsd.org/?query=ld.so&sektion=1">ld.so(1)</a>.
! 928: <li>Support mixed IPv4/IPv6 address lists in <a href="https://man.openbsd.org/?query=pfctl&sektion=8">pfctl(8)</a>.
! 929: <li>Add <a href="https://man.openbsd.org/?query=ssh-keysign&sektion=8">ssh-keysign(8)</a>.
! 930: <li>Remove obsolete <a href="https://man.openbsd.org/?query=dm&sektion=8&manpath=OpenBSD+3.0">dm(8)</a>.
1.1 deraadt 931: <li>Fix <a
1.61 ! tb 932: href="https://man.openbsd.org/?query=disklabel&sektion=8">disklabel(8)</a>
1.1 deraadt 933: warnings on CD-ROM
1.61 ! tb 934: (<a href="https://man.openbsd.org/?query=cd&sektion=4">cd(4)</a>)
1.1 deraadt 935: with no data track.
1.61 ! tb 936: <li>Allow incoming <a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a> connections in the temporary <a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a> ruleset installed by <a href="https://man.openbsd.org/?query=rc&sektion=8">/etc/rc</a>, just in case the real rulebase fails to load later on.
! 937: <li>Hunt for biodone() calls not made at splbio() <a href="https://man.openbsd.org/?query=spl&sektion=9">spl(9)</a>, and fix them.
! 938: <li>Improve <a href="https://man.openbsd.org/?query=mount_cd9660&sektion=8">cd9660(8)</a> filesystem read-ahead performance.
1.1 deraadt 939: <li>Support software brightness and backlight control on various macppc models.
1.61 ! tb 940: <li>Allow <a href="https://man.openbsd.org/?query=wsconsctl&sektion=8">wsconsctl(8)</a> to control brightness and backlight on displays which
1.1 deraadt 941: support this.
942: <li>New libc IEEE floating-point code and libm routines for hppa.
1.61 ! tb 943: <li>splassert (<a href="https://man.openbsd.org/?query=spl&sektion=9">spl(9)</a>) on i386.
1.1 deraadt 944: <li>More steps toward the death of unsafe string functions.
1.61 ! tb 945: <li>splassert (<a href="https://man.openbsd.org/?query=spl&sektion=9">spl(9)</a>) on sparc64.
! 946: <li>Add a <a href="https://man.openbsd.org/?query=creator&sektion=4&arch=sparc64">creator(4)</a> driver for sparc64 Creator and Creator3D cards.
! 947: <li>Jumbo <a href="https://man.openbsd.org/?query=lpr&sektion=1">lpr(1)</a> changes including IPv6 support, new features, and bugfixes.
1.1 deraadt 948: <li>Still more hppa memory management and low-level code fixes.
949: <li>Simple pmap optimization on macppc.
950: <li>Did we mention the cleaning of the installation scripts, adding functionality yet reducing size?
1.61 ! tb 951: <li>Allow <a href="https://man.openbsd.org/?query=ddb&sektion=4">ddb(4)</a> to do a stack trace into the kernel message buffer.
! 952: <li><a href="https://man.openbsd.org/?query=isp&sektion=4">isp(4)</a> fixes.
! 953: <li><font color="#e00000"><strong>SECURITY FIX: Fix incorrect ACL check when using BSD authentication in <a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>.</strong></font><br>
1.4 margarid 954: <a href="errata31.html#sshbsdauth">A source code patch is available</a>.<br>
1.5 naddy 955: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.61 ! tb 956: <li>Fix a memory leak in <a href="https://man.openbsd.org/?query=mg&sektion=1">mg(1)</a>.
1.1 deraadt 957: <li>New systrace facility.
1.19 david 958: <li>Better Cyrix CPU support.
1.1 deraadt 959: <li>ECN support.
1.61 ! tb 960: <li>Support SNTP in <a href="https://man.openbsd.org/?query=rdate&sektion=8">rdate(8)</a>.
1.1 deraadt 961: <li>Fix infinite SIGFPE loop situations on vax.
962: <li>Remove unnecessary setuid bit from binaries that either do not need it or
963: whose functionality requiring root privileges should only be invoked by root
964: anyways, or which can be changed into a setgid bit for a specific group.
1.61 ! tb 965: <li>Switch <a href="https://man.openbsd.org/?query=skey&sektion=1">skey(1)</a> management to per-user directories instead of a flat file and drop setuid bit on related tools.
! 966: <li>Lots of <a href="https://man.openbsd.org/?query=ppp&sektion=8">ppp(8)</a> goodies.
! 967: <li>New splassert (see <a href="https://man.openbsd.org/?query=spl&sektion=9">spl(9)</a>) debug functionality on sparc.
1.1 deraadt 968: <li>Enable Altivec instructions in macppc kernels.
1.61 ! tb 969: <li>Support more Hifn cards (7814, 7851, 7854) via the <a href="https://man.openbsd.org/?query=nofn&sektion=4">nofn(4)</a> driver.
1.1 deraadt 970: <li>OpenSSL 0.9.7.
1.61 ! tb 971: <li>Completely rework <a href="https://man.openbsd.org/?query=at&sektion=1">at(1)</a> and related binaries, and make them POSIX-compliant.
! 972: <li>More use of hardware crypto cards functionality via <a href="https://man.openbsd.org/?query=ubsec&sektion=4">ubsec(4)</a>.
1.1 deraadt 973: <li>More hppa memory management fixes.
974: <li>binutils 2.11.2.
1.61 ! tb 975: <li>Add per-gid filtering to <a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a>.
! 976: <li>Switch <a href="https://man.openbsd.org/?query=at&sektion=1">at(1)</a> to be setgid crontab as well.
! 977: <li>Handle host names resolving in several addresses in <a href="https://man.openbsd.org/?query=pfctl&sektion=8">pfctl(8)</a>.
1.1 deraadt 978: <li>Fix compilation warnings for various userland programs.
1.61 ! tb 979: <li>Add a new user, crontab, and change <a href="https://man.openbsd.org/?query=cron&sektion=8">cron(8)</a> from being setuid root to being setgid crontab.
! 980: <li>Add per-uid filtering to <a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a>.
! 981: <li>More <a href="https://man.openbsd.org/?query=usb&sektion=4">usb(4)</a> support updates.
! 982: <li>More <a href="https://man.openbsd.org/?query=ubsec&sektion=4">ubsec(4)</a>
1.1 deraadt 983: hackery to get it to do more crypto operations, and hack
1.61 ! tb 984: <a href="https://man.openbsd.org/?query=hifn&sektion=4">hifn(4)</a>
1.1 deraadt 985: and
1.61 ! tb 986: <a href="https://man.openbsd.org/?query=lofn&sektion=4">lofn(4)</a>
1.1 deraadt 987: to work with this.
988: <li>Your average extensive cleaning of the installation scripts, adding functionality yet reducing size.
1.61 ! tb 989: <li>Fix <a href="https://man.openbsd.org/?query=adb&sektion=4&arch=powerpc">adb(4)</a> french keyboard layout on macppc.
! 990: <li>Switch ELF platforms to the native <a href="https://man.openbsd.org/?query=gprof&sektion=1">gprof(1)</a>.
1.1 deraadt 991: <li>Obtain a better licence for the hppa spmath routines.
1.61 ! tb 992: <li>Add an <a href="https://man.openbsd.org/?query=url&sektion=4">url(4)</a> driver for Realtek RTL8150L-based USB cards.
1.1 deraadt 993: <li>mvme88k pmap bugfixes.
1.61 ! tb 994: <li>Various <a href="https://man.openbsd.org/?query=usb&sektion=4">usb(4)</a> driver updates.
! 995: <li>Remove <a href="https://man.openbsd.org/?query=rlogin&sektion=1&manpath=OpenBSD+3.0">rlogin(1)</a>,
! 996: <a href="https://man.openbsd.org/?query=rlogind&sektion=8&manpath=OpenBSD+3.0">rlogind(8)</a> and
! 997: <a href="https://man.openbsd.org/?query=rexecd&sektion=8&manpath=OpenBSD+3.0">rexecd(8)</a>.
! 998: <li>Fix several wrong computations in <a href="https://man.openbsd.org/?query=newfs&sektion=8">newfs(8)</a>.
! 999: <li>Workaround ghost pcibus detection in <a href="https://man.openbsd.org/?query=pchb&sektion=4">pchb(4)</a>.
! 1000: <li>Add a tuner driver for the <a href="https://man.openbsd.org/?query=fms&sektion=4">fms(4)</a> radio cards.
! 1001: <li>Allow userland to know which <a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a> rule created a specific state.
! 1002: <li>Prevent a 3.0 <a href="https://man.openbsd.org/?query=wsmoused&sektion=8&arch=i386">wsmoused(8)</a> binary from panic'ing the kernel.
! 1003: <li>Enable privsep by default in <a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>.
! 1004: <li>Fix <a href="https://man.openbsd.org/?query=find&sektion=1">find(1)</a>'s -anewer and -cnewer options behaviour.
1.1 deraadt 1005: <li>Sprinkle ptrdiff_t and size_t types instead of int all over the tree.
1.61 ! tb 1006: <li>Support LBA48 addressing in <a href="https://man.openbsd.org/?query=wdc&sektion=4">wdc(4)</a>.
1.1 deraadt 1007: <li>Bring back TURBOchannel alpha hardware support.
1.61 ! tb 1008: <li>Fix a slightly incorrect behaviour of the device cloning in UKC (<a href="https://man.openbsd.org/?query=boot_config&sektion=8">boot_config(8)</a>).
! 1009: <li><font color="#e00000"><strong>SECURITY FIX: cause the <a href="https://man.openbsd.org/?query=exec&sektion=3">exec(3)</a> to fail if we are unable to allocate resources when dup-ing <a href="https://man.openbsd.org/?query=null&sektion=4">/dev/null(4)</a> to <a href="https://man.openbsd.org/?query=fd&sektion=4">fd(4)</a>'s 0-2 for setuid programs.</strong></font><br>
1.4 margarid 1010: <a href="errata31.html#fdalloc2">A source code patch is available</a>.<br>
1.5 naddy 1011: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.1 deraadt 1012: <li>Extended Attributes code updates.
1.61 ! tb 1013: <li>Improve PS/2 mouse port detection in <a href="https://man.openbsd.org/?query=pckbc&sektion=4">pckbc(4)</a>.
! 1014: <li>Better <a href="https://man.openbsd.org/?query=hifn&sektion=4">hifn(4)</a> initialisation and memory usage.
1.1 deraadt 1015: <li>Extensive cleaning of the installation scripts, adding functionality yet reducing size. No, you're not having a deja vu.
1016: <li>Fix ethernet interrupt level on sparc, and rework the sparc interrupt framework.
1017: <li>Better color depth detection in Xwsfb.
1.61 ! tb 1018: <li>64-bit fixes in <a href="https://man.openbsd.org/?query=vmstat&sektion=8">vmstat(8)</a>.
! 1019: <li>Improve dma processing in <a href="https://man.openbsd.org/?query=bge&sektion=4">bge(4)</a>.
! 1020: <li><strong>RELIABILITY FIX: constrain readdirplus request count in the <a href="https://man.openbsd.org/?query=mount_nfs&sektion=8">nfs(8)</a> filesystem.</strong><br>
1.5 naddy 1021: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.1 deraadt 1022: <li>Switch macppc console from the rcons engine to the rasops engine.
1023: <li>Extensive cleaning of the installation scripts, adding functionality yet reducing size. Yes, once again.
1024: <li>Add IEEE754 floating point completion code on alpha.
1.61 ! tb 1025: <li>Improve dma processing in <a href="https://man.openbsd.org/?query=gx&sektion=4">gx(4)</a>.
1.1 deraadt 1026: <li>Build the XFree86 GLX extension on sparc64.
1027: <li>Hunt for outdated prototypes for character devices entry points and fix them.
1.61 ! tb 1028: <li>Switch mvme88k to the new <a href="https://man.openbsd.org/?query=MAKEDEV&sektion=8&arch=mvme88k">MAKEDEV(8)</a> generation framework.
! 1029: <li>Implement the -s option in <a href="https://man.openbsd.org/?query=m4&sektion=1">m4(1)</a>, for it to be POSIX-compliant.
1.1 deraadt 1030: <li>Kill all mvme68k kernel compilation warnings.
1031: <li>Assorted mac68k code cleanups.
1.61 ! tb 1032: <li>Shared key support in hostap mode in <a href="https://man.openbsd.org/?query=wi&sektion=4">wi(4)</a>.
! 1033: <li>Make Xwsfb support <a href="https://man.openbsd.org/?query=tga&sektion=4&arch=alpha">tga(4)</a> cards on alpha.
! 1034: <li>Fix a lock leak in <a href="https://man.openbsd.org/?query=ami&sektion=4">ami(4)</a>.
! 1035: <li><font color="#e00000"><strong>SECURITY FIX: update <a href="https://man.openbsd.org/?query=sudo&sektion=8">sudo(8)</a> to sudo 1.6.6.</strong></font><br>
1.4 margarid 1036: <a href="errata31.html#sudo">A source code patch is available</a>.<br>
1.5 naddy 1037: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.61 ! tb 1038: <li><strong>RELIABILITY FIX: avoid buffer overrun on PASV from a malicious server in <a href="https://man.openbsd.org/?query=ftp&sektion=1">ftp(1)</a>.</strong><br>
1.5 naddy 1039: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.61 ! tb 1040: <li>Add a Soundforte radio driver, <a href="https://man.openbsd.org/?query=sfr&sektion=4&arch=i386">sfr(4)</a>.
! 1041: <li>Add dynamic interface -> address translation in <a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a>.
1.1 deraadt 1042: <li>Add kernel hooks on ethernet interfaces, triggered by address changes.
1043: <li>Extended Attributes code updates.
1044: <li>Enable the Freetype library on sparc64.
1.3 mickey 1045: <li>Add queuing in the kernel crypto framework.
1.1 deraadt 1046: <li>Make the system includes C++ friendly.
1.61 ! tb 1047: <li>Allow explicit filtering of non-reassembled fragments in <a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a>.
! 1048: <li>Support more hardware and fix stability issues in the mac68k <a href="https://man.openbsd.org/?query=sn&sektion=4&arch=mac68k">sn(4)</a> network driver.
! 1049: <li>Improved Lithuanian keyboard map for <a href="https://man.openbsd.org/?query=wscons&sektion=4">wscons(4)</a>.
! 1050: <li><font color="#e00000"><strong>SECURITY FIX: fix a buffer overflow in AFS/Kerberos token handling in <a href="https://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>, and send a complete ticket.</strong></font><br>
1.4 margarid 1051: <a href="errata31.html#sshafs">A source code patch is available</a>.<br>
1.5 naddy 1052: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.61 ! tb 1053: <li>Fix a memory leak in <a href="https://man.openbsd.org/?query=mg&sektion=1">mg(1)</a>.
1.1 deraadt 1054: <li>Assorted hppa memory management fixes.
1.61 ! tb 1055: <li>Allow fractional delays in <a href="https://man.openbsd.org/?query=top&sektion=1">top(1)</a>.
1.1 deraadt 1056: <li>Enable upgrade functionality again on alpha installation media.
1057: <li>Extensive cleaning of the installation scripts, adding functionality yet reducing size.
1.61 ! tb 1058: <li>Make <a href="https://man.openbsd.org/?query=cvs&sektion=1">cvs(1)</a> create the .cvspass file on a login operation if it does not exist, rather than failing.
1.1 deraadt 1059: <li>Extend mac68k disklabels to 16 partitions, like all the other platforms.
1.61 ! tb 1060: <li>Add cddb support to <a href="https://man.openbsd.org/?query=cdio&sektion=1">cdio(1)</a>.
! 1061: <li>Support more network cards with the <a href="https://man.openbsd.org/?query=dc&sektion=4">dc(4)</a> driver.
1.1 deraadt 1062: <li>Improve sparc pmap behaviour in some low memory conditions.
1063: <li>sendmail 8.13.
1.61 ! tb 1064: <li>Switch mvme68k to the new <a href="https://man.openbsd.org/?query=MAKEDEV&sektion=8&arch=mvme68k">MAKEDEV(8)</a> generation framework.
! 1065: <li>Improve the library logic in <a href="https://man.openbsd.org/?query=ld&sektion=1">ld(1)</a> to increase speed and decrease memory usage on a.out platforms.
1.1 deraadt 1066: <li>New mvme68k installation media.
1067: <li>Change fpu probe routine on mac68k.
1.61 ! tb 1068: <li>Fix an obscure bug in <a href="https://man.openbsd.org/?query=sed&sektion=1">sed(1)</a>.
! 1069: <li>Support more wireless cards with the <a href="https://man.openbsd.org/?query=wi&sektion=4">wi(4)</a> driver, and fix a few issues within.
! 1070: <li>Fix 64-bit issues in <a href="https://man.openbsd.org/?query=pfctl&sektion=8">pfctl(8)</a>.
! 1071: <li>Remove the <a href="https://man.openbsd.org/?query=wx&sektion=4&manpath=OpenBSD+3.0">wx(4)</a> driver,
! 1072: which had been deprecated in favor of the <a href="https://man.openbsd.org/?query=gx&sektion=4">gx(4)</a> driver.
1.1 deraadt 1073: </ul>
1074: <p>
1075:
1076: This list mentions mostly platform-independent changes. For a list of changes
1077: made in a particular platform, please check the page for that platform. If you
1078: find them not listed there, the changes are either (1) not being documented or
1079: (2) are documented here.<br><br>
1080:
1081: </body>
1082: </html>