version 1.58, 2018/03/25 03:02:09 |
version 1.59, 2018/08/24 05:41:56 |
|
|
<!-- ^ 20030205 --> |
<!-- ^ 20030205 --> |
<li>Last part of the threaded fd improvements, fixing some bugs from stage one on the way. |
<li>Last part of the threaded fd improvements, fixing some bugs from stage one on the way. |
<li>Set an all-ones mask when doing <a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a> routing, since round-robin on the whole address space is unlikely to be the desired result. |
<li>Set an all-ones mask when doing <a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a> routing, since round-robin on the whole address space is unlikely to be the desired result. |
<li>First installment of improvements to threaded file descriptor handling (see the <a href="https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libpthread/uthread/uthread_fd.c.diff?r1=1.16&r2=1.17&cvsroot=openbsd&f=h">checkin comment</a> for details). |
<li>First installment of improvements to threaded file descriptor handling (see the <a href="https://cvsweb.openbsd.org/src/lib/libpthread/uthread/uthread_fd.c.diff?r1=1.16&r2=1.17&cvsroot=openbsd&f=h">checkin comment</a> for details). |
<li><a href="https://man.openbsd.org/?query=isakmpd&sektion=8">isakmpd(8)</a> now sets the Default-Phase-1-Configuration transform to 3DES-SHA-RSA_SIG, the same as OpenBSD 3.2. |
<li><a href="https://man.openbsd.org/?query=isakmpd&sektion=8">isakmpd(8)</a> now sets the Default-Phase-1-Configuration transform to 3DES-SHA-RSA_SIG, the same as OpenBSD 3.2. |
<li>Don't load a signed int into the <a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a> buffer when doing BSD auth; the buffer type only supports unsigned ints. |
<li>Don't load a signed int into the <a href="https://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a> buffer when doing BSD auth; the buffer type only supports unsigned ints. |
<!-- ^ 20030204 --> |
<!-- ^ 20030204 --> |
|
|
<li>Check TCP, UDP, ICMP and ICMP6 checksums in <a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a>, and make the sum isn't recalculated when the packet hits layer 4 in the kernel. Packets with invalid checksums are silently dropped, to avoid <a href="http://www.phrack.org/phrack/60/p60-0x0c.txt">firewall detection</a> by use of filter responses to bad packets. |
<li>Check TCP, UDP, ICMP and ICMP6 checksums in <a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a>, and make the sum isn't recalculated when the packet hits layer 4 in the kernel. Packets with invalid checksums are silently dropped, to avoid <a href="http://www.phrack.org/phrack/60/p60-0x0c.txt">firewall detection</a> by use of filter responses to bad packets. |
<li>Make <a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a>'s TCP state inspection RFC 763 compliant, and send a reset when presented with SYN-cookie schemes that send out-of-window ACKs during the TCP handshake. |
<li>Make <a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a>'s TCP state inspection RFC 763 compliant, and send a reset when presented with SYN-cookie schemes that send out-of-window ACKs during the TCP handshake. |
<li>Now that <a href="https://man.openbsd.org/?query=route&sektion=8">route(8)</a> is no longer setuid root, check the effective uid instead of the real uid. |
<li>Now that <a href="https://man.openbsd.org/?query=route&sektion=8">route(8)</a> is no longer setuid root, check the effective uid instead of the real uid. |
<li>Fix a number of filesystem locking issues, for details see the <a href="https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/kern/vfs_cache.c?rev=1.9&content-type=text/x-cvsweb-markup">checkin comment</a>. |
<li>Fix a number of filesystem locking issues, for details see the <a href="https://cvsweb.openbsd.org/src/sys/kern/vfs_cache.c?rev=1.9&content-type=text/x-cvsweb-markup">checkin comment</a>. |
<li>Fix an ICMP mbuf leak.<br> |
<li>Fix an ICMP mbuf leak.<br> |
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> <!-- XXX 3.2 --> |
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> <!-- XXX 3.2 --> |
<!-- ^ 20030131 --> |
<!-- ^ 20030131 --> |
|
|
<!-- ^ 20030128 --> |
<!-- ^ 20030128 --> |
<li>Make the resolver code in libc more thread-safe. |
<li>Make the resolver code in libc more thread-safe. |
<li>Fix an fd_set overflow in <a href="https://man.openbsd.org/?query=telnetd&sektion=8">telnetd(8)</a>. |
<li>Fix an fd_set overflow in <a href="https://man.openbsd.org/?query=telnetd&sektion=8">telnetd(8)</a>. |
<li>Improvements to pthreads signal handling. See the <a href="https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libpthread/uthread/uthread_sig.c?rev=1.18&content-type=text/x-cvsweb-markup">checkin comment</a> for details. |
<li>Improvements to pthreads signal handling. See the <a href="https://cvsweb.openbsd.org/src/lib/libpthread/uthread/uthread_sig.c?rev=1.18&content-type=text/x-cvsweb-markup">checkin comment</a> for details. |
<li>For <a href="https://man.openbsd.org/?query=eg&sektion=4">eg(4)</a>, <a href="https://man.openbsd.org/?query=el&sektion=4">el(4)</a>, <a href="https://man.openbsd.org/?query=ie&sektion=4&arch=hppa">ie(4/HPPA)</a> and <a href="https://man.openbsd.org/?query=url&sektion=4">url(4)</a> zero-pad frames smaller than the minimum frame length. |
<li>For <a href="https://man.openbsd.org/?query=eg&sektion=4">eg(4)</a>, <a href="https://man.openbsd.org/?query=el&sektion=4">el(4)</a>, <a href="https://man.openbsd.org/?query=ie&sektion=4&arch=hppa">ie(4/HPPA)</a> and <a href="https://man.openbsd.org/?query=url&sektion=4">url(4)</a> zero-pad frames smaller than the minimum frame length. |
<li>Update the termcap entry colours for wsvt25 to match reality. |
<li>Update the termcap entry colours for wsvt25 to match reality. |
<li>If the -a option is given to <a href="https://man.openbsd.org/?query=pfctl&sektion=8">pfctl(8)</a> to specify an anchor, don't allow operations that have a global effect. |
<li>If the -a option is given to <a href="https://man.openbsd.org/?query=pfctl&sektion=8">pfctl(8)</a> to specify an anchor, don't allow operations that have a global effect. |
|
|
<li>Have /etc/rc generate the BIND 9 <a href="https://man.openbsd.org/?query=rndc&sektion=8">rndc(8)</a> shared secret if it doesn't exist. |
<li>Have /etc/rc generate the BIND 9 <a href="https://man.openbsd.org/?query=rndc&sektion=8">rndc(8)</a> shared secret if it doesn't exist. |
<li>Add BIND 9 configuration files. |
<li>Add BIND 9 configuration files. |
<li>Skip DNSSEC programs in BIND 9. |
<li>Skip DNSSEC programs in BIND 9. |
<li>Begin import of BIND 9.2.2rc1. (Local changes documented in <a href="https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/bind/README.OpenBSD?rev=1.1&content-type=text/x-cvsweb-markup">README.OpenBSD</a>.) |
<li>Begin import of BIND 9.2.2rc1. (Local changes documented in <a href="https://cvsweb.openbsd.org/src/usr.sbin/bind/README.OpenBSD?rev=1.1&content-type=text/x-cvsweb-markup">README.OpenBSD</a>.) |
<li>Fix some silly pastos in <a href="https://man.openbsd.org/?query=pfctl&sektion=8">pfctl(8)</a> table code. |
<li>Fix some silly pastos in <a href="https://man.openbsd.org/?query=pfctl&sektion=8">pfctl(8)</a> table code. |
<li>Create /var/empty/dev/log for programs that <a href="https://man.openbsd.org/?query=chroot&sektion=2">chroot(2)</a> to /var/empty. |
<li>Create /var/empty/dev/log for programs that <a href="https://man.openbsd.org/?query=chroot&sektion=2">chroot(2)</a> to /var/empty. |
<li>Fix a typo in <a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a> DIOCRSETTFLAGS implmentation, so it doesn't look like changing a table flag created a table when in fact it deleted one. |
<li>Fix a typo in <a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a> DIOCRSETTFLAGS implmentation, so it doesn't look like changing a table flag created a table when in fact it deleted one. |
|
|
<!-- ^ 20030118 --> |
<!-- ^ 20030118 --> |
<li>Unbreak <a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a> nat random source port assignment. Now a rule has to actually ask for static-port in order to get it. |
<li>Unbreak <a href="https://man.openbsd.org/?query=pf&sektion=4">pf(4)</a> nat random source port assignment. Now a rule has to actually ask for static-port in order to get it. |
<li>Enable the <a href="https://man.openbsd.org/?query=pfctl&sektion=8">pfctl(8)</a> 'static-port' keyword. |
<li>Enable the <a href="https://man.openbsd.org/?query=pfctl&sektion=8">pfctl(8)</a> 'static-port' keyword. |
<li>Extensive <a href="https://man.openbsd.org/?query=ld&sektion=1">ld(1)</a> changes to better protect ELF executables from tampering (see the <a href="https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/gnu/usr.bin/binutils/bfd/elf.c?rev=1.13&content-type=text/x-cvsweb-markup">checkin comment</a> for details). |
<li>Extensive <a href="https://man.openbsd.org/?query=ld&sektion=1">ld(1)</a> changes to better protect ELF executables from tampering (see the <a href="https://cvsweb.openbsd.org/src/gnu/usr.bin/binutils/bfd/elf.c?rev=1.13&content-type=text/x-cvsweb-markup">checkin comment</a> for details). |
<li>Add new output format option '-f' to <a href="https://man.openbsd.org/?query=ncheck_ffs&sektion=8">ncheck_ffs(8)</a>. |
<li>Add new output format option '-f' to <a href="https://man.openbsd.org/?query=ncheck_ffs&sektion=8">ncheck_ffs(8)</a>. |
<li><a href="https://man.openbsd.org/?query=ncheck_ffs&sektion=8">ncheck_ffs(8)</a> no longer reports when the set[ug]id bits are set on directories, since these are meaningless in OpenBSD. |
<li><a href="https://man.openbsd.org/?query=ncheck_ffs&sektion=8">ncheck_ffs(8)</a> no longer reports when the set[ug]id bits are set on directories, since these are meaningless in OpenBSD. |
<li>Fix a missing YYERROR in the <a href="https://man.openbsd.org/?query=pfctl&sektion=8">pfctl(8)</a> parser. |
<li>Fix a missing YYERROR in the <a href="https://man.openbsd.org/?query=pfctl&sektion=8">pfctl(8)</a> parser. |
<!-- ^ 20030117 --> |
<!-- ^ 20030117 --> |
<li>Deal with <a href="https://man.openbsd.org/?query=cd&sektion=4">cd(4)</a> drives that are picky about being asked to play the leadout track. |
<li>Deal with <a href="https://man.openbsd.org/?query=cd&sektion=4">cd(4)</a> drives that are picky about being asked to play the leadout track. |
<li><a href="https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/pcidevs.diff?r1=1.586&r2=1.587&f=h">Note with regret and sadness</a> that the <a href="http://www.yourvote.com/pci/">freely available PCI vendor and device list</a> is no longer available. |
<li><a href="https://cvsweb.openbsd.org/src/sys/dev/pci/pcidevs.diff?r1=1.586&r2=1.587&f=h">Note with regret and sadness</a> that the <a href="http://www.yourvote.com/pci/">freely available PCI vendor and device list</a> is no longer available. |
<li>Bring <a href="https://man.openbsd.org/?query=protocols&sektion=5">protocols(5)</a> more into line with current reality. |
<li>Bring <a href="https://man.openbsd.org/?query=protocols&sektion=5">protocols(5)</a> more into line with current reality. |
<li>More improvements and device additions to <a href="https://man.openbsd.org/?query=pciide&sektion=4">pciide(4)</a>. |
<li>More improvements and device additions to <a href="https://man.openbsd.org/?query=pciide&sektion=4">pciide(4)</a>. |
<!-- ^ 20030116 --> |
<!-- ^ 20030116 --> |