Annotation of www/plus33.html, Revision 1.46
1.1 deraadt 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
2: <html>
3: <head>
1.4 deraadt 4: <title>OpenBSD 3.3 changes</title>
1.11 david 5: <meta name="description" content="OpenBSD 3.3 changes">
1.31 schwarze 6: <meta name="copyright" content="This document copyright 1996-2003 by OpenBSD.">
1.42 sthen 7: <link rel="canonical" href="http://www.openbsd.org/plus33.html">
1.1 deraadt 8: </head>
9:
10: <body bgcolor="#ffffff" text="#000000" link="#23238e">
11:
12: <a href="index.html"><img alt="[OpenBSD]" height="30" width="141" src="images/smalltitle.gif" border="0"></a>
13: <p>
1.4 deraadt 14: <h2><font color="#e00000">OpenBSD 3.3 released (May 1, 2003)</font></h2>
1.1 deraadt 15: <hr>
16:
17: <p>
18: This is a partial list of the major machine-independent changes
1.23 sobrado 19: (i.e., these are the changes people ask about most often). Machine
1.1 deraadt 20: specific changes have also been made, and are sometimes mentioned
21: in the pages for the specific <a href="plat.html">platforms</a>.
22:
23: <p>
1.28 jasper 24: Changes to the <a href="faq/faq15.html">ports</a> collection are documented
1.1 deraadt 25: <a href="portsplus/index.html">here</a>.
26:
27: <p>
28: Note: <font color="#e00000">Problems for which patches exist are marked in red</font>.
29:
30: <p>
31: For changes in other releases, click below:<br>
32: <a href="plus20.html">2.0</a>,
33: <a href="plus21.html">2.1</a>,
34: <a href="plus22.html">2.2</a>,
35: <a href="plus23.html">2.3</a>,
36: <a href="plus24.html">2.4</a>,
37: <a href="plus25.html">2.5</a>,
38: <a href="plus26.html">2.6</a>,
39: <a href="plus27.html">2.7</a>,
40: <a href="plus28.html">2.8</a>,
41: <a href="plus29.html">2.9</a>,
42: <a href="plus30.html">3.0</a>,
43: <a href="plus31.html">3.1</a>,
44: <a href="plus32.html">3.2</a>,
1.8 david 45: <a href="plus34.html">3.4</a>,
1.10 deraadt 46: <a href="plus35.html">3.5</a>,
1.12 miod 47: <a href="plus36.html">3.6</a>,
1.37 deraadt 48: <a href="plus37.html">3.7</a>,
1.22 deraadt 49: <br>
1.14 deraadt 50: <a href="plus38.html">3.8</a>,
1.16 deraadt 51: <a href="plus39.html">3.9</a>,
1.17 deraadt 52: <a href="plus40.html">4.0</a>,
1.18 deraadt 53: <a href="plus41.html">4.1</a>,
1.19 deraadt 54: <a href="plus42.html">4.2</a>,
1.21 deraadt 55: <a href="plus43.html">4.3</a>,
1.22 deraadt 56: <a href="plus44.html">4.4</a>,
1.24 deraadt 57: <a href="plus45.html">4.5</a>,
1.25 deraadt 58: <a href="plus46.html">4.6</a>,
1.26 deraadt 59: <a href="plus47.html">4.7</a>,
1.27 deraadt 60: <a href="plus48.html">4.8</a>,
1.29 deraadt 61: <a href="plus49.html">4.9</a>,
1.30 nick 62: <a href="plus50.html">5.0</a>,
1.31 schwarze 63: <a href="plus51.html">5.1</a>,
1.32 nick 64: <a href="plus52.html">5.2</a>,
1.33 deraadt 65: <a href="plus53.html">5.3</a>,
1.34 deraadt 66: <a href="plus54.html">5.4</a>,
1.35 deraadt 67: <br>
1.37 deraadt 68: <a href="plus55.html">5.5</a>,
1.40 brett 69: <a href="plus56.html">5.6</a>,
1.41 deraadt 70: <a href="plus57.html">5.7</a>,
1.44 deraadt 71: <a href="plus58.html">5.8</a>,
1.45 deraadt 72: <a href="plus59.html">5.9</a>,
1.1 deraadt 73: <a href="plus.html">current</a>.
74: <br>
75:
76: <p>
1.38 deraadt 77: <h3><font color="#0000e0">Changes made between OpenBSD 3.2 and 3.3</font></h3>
1.1 deraadt 78: <p>
79:
80: <ul>
1.3 deraadt 81: <li>3.3 release branch created.
82: <!-- ^ 20030326 -->
1.46 ! beck 83: <li><font color="#e00000"><strong>SECURITY FIX: A buffer overflow in the address parsing in <a href="http://man.openbsd.org?query=sendmail&sektion=8">sendmail(8)</a> may allow an attacker to gain root privileges.</strong></font><br>
1.5 deraadt 84: <a href="errata32.html#sendmail2">A source code patch is available</a>.<br>
85: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.46 ! beck 86: <li>Fix the <a href="http://man.openbsd.org?query=sftp-server&sektion=8">sftp-server(8)</a> race fix so that renames of symlinks and directories work again.
1.3 deraadt 87: <!-- ^ 20030325 -->
1.46 ! beck 88: <li>Have <a href="http://man.openbsd.org?query=lpr&sektion=1">lpr(1)</a> and <a href="http://man.openbsd.org?query=lprm&sektion=1">lprm(1)</a> do a better fake setuid(daemon), so that files to be printed no longer need to be world-readable.
! 89: <li>Some robustness fixes to <a href="http://man.openbsd.org?query=vlan&sektion=4">vlan(4)</a>.
! 90: <li>Set splimp() before resetting <a href="http://man.openbsd.org?query=xl&sektion=4">xl(4)</a> to prevent interrupts before we're ready to handle them.
! 91: <li>Recognise (and ignore) the --soname argument to <a href="http://man.openbsd.org?query=ld&sektion=1">ld(1)</a>.
! 92: <li>Add a missing return statement when dumping the state table in <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a>.
1.3 deraadt 93: <li>When adding hfsc queues in the kernel, return the correct value when unable to allocate memory, and add some missing error cleanup.
94: <!-- ^ 20030324 -->
1.46 ! beck 95: <li>Fix <a href="http://man.openbsd.org?query=ssh&sektion=1">ssh(1)</a> rekeying when running in privsep mode.
1.3 deraadt 96: <li>Add some extra quoting paranoia to /etc/rc.
97: <!-- ^ 20030323 -->
1.46 ! beck 98: <li>Don't close stdin in <a href="http://man.openbsd.org?query=md5&sektion=1">md5(1)</a>.
1.1 deraadt 99: <!-- ^ 20030322 -->
1.46 ! beck 100: <li>Stop <a href="http://man.openbsd.org?query=sendbug&sektion=1">sendbug(1)</a> reporting spurious errors.
! 101: <li>Restore <a href="http://man.openbsd.org?query=ac97&sektion=4">ac97(4)</a> state after an <a href="http://man.openbsd.org?query=apm&sektion=4">apm(4)</a> resume.
! 102: <li>Make the <a href="http://man.openbsd.org?query=syslogd&sektion=8">syslogd(8)</a> default facility LOG_USER instead of (due to a bug) LOG_UUCP.
! 103: <li>Make <a href="http://man.openbsd.org?query=netstat&sektion=1">netstat(1)</a> -m output of mbuf cluster stats much more useful.
! 104: <li>Fix memory use percentage output of <a href="http://man.openbsd.org?query=ps&sektion=1">ps(1)</a>.
! 105: <li>Some endianness fixes to <a href="http://man.openbsd.org?query=ahc&sektion=4">ahc(4)</a>, making it works on macppc.
! 106: <li>Fix some problems with <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> table statistics.
! 107: <li>Disable by default (and add a switch to enable) cross-realm authentication from Kerberos IV realms in Kerberos V <a href="http://man.openbsd.org?query=kdc&sektion=8">kdc(8)</a>. This addresses a recently found <a href="http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt">vulnerability</a>.<br>
1.1 deraadt 108: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.46 ! beck 109: <li>Disable the Kerberos IV <a href="http://man.openbsd.org?query=kdc&sektion=8">kdc(8)</a>, since all its functionality is available in the Kerberos V kdc.
1.1 deraadt 110: <!-- ^ 20030321 -->
111: <li>Enquote $lpd_flags in /etc/rc.
112: <!-- ^ 20030320 -->
1.46 ! beck 113: <li>Fix a logic error in <a href="http://man.openbsd.org?query=sudo&sektion=8">sudo(8)</a>'s SIGCHLD handler.
1.1 deraadt 114: <li><font color="#e00000"><strong>SECURITY FIX: OpenSSL is vulnerable to an extension of the `Bleichenbacher' attack designed by Czech researchers Klima, Pokorny and Rosa.</strong></font><br>
115: <a href="errata32.html#kpr">A source code patch is available</a>.<br>
116: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.46 ! beck 117: <li>Tweak <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a> host address parsing to catch exceptional cases.
! 118: <li>Fix parsing of the <a href="http://man.openbsd.org?query=dhcpd&sektion=8">dhcpd(8)</a> leases file.
1.1 deraadt 119: <!-- ^ 20030319 -->
1.46 ! beck 120: <li>Add a missing return statement in <a href="http://man.openbsd.org?query=mkhybrid&sektion=8">mkhybrid(8)</a>.
1.1 deraadt 121: <!-- ^ 20030318 -->
122: <li>Restore bootable tape functionality for sparc.
1.46 ! beck 123: <li>Longword-align struct sockaddrs passed to the kernel by <a href="http://man.openbsd.org?query=arp&sektion=8">arp(8)</a>.
! 124: <li>An RFC 2553 compliance tweak to <a href="http://man.openbsd.org?query=getaddrinfo&sektion=3">getaddrinfo(3)</a>.
! 125: <li>Change <a href="http://man.openbsd.org?query=perl&sektion=1">perl(1)</a>'s config hints file to reflect the promotion of <a href="http://man.openbsd.org?query=setreuid&sektion=2">setre[ug]id(2)</a> to real system calls.
1.7 deraadt 126: <li>Some (v)sprintf -> (v)snprintf in libcurses and libcurses++.
1.46 ! beck 127: <li>Bump <a href="http://man.openbsd.org?query=ssh&sektion=1">ssh(1)</a> version to 3.6.<br>
1.5 deraadt 128: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.1 deraadt 129: <!-- ^ 20030317 -->
1.46 ! beck 130: <li>Fix a bad string length when checking options to <a href="http://man.openbsd.org?query=login_passwd&sektion=8">login_passwd(8)</a>.
! 131: <li>Add a nicely free license to <a href="http://man.openbsd.org?query=hack&sektion=6">hack(6)</a>.
! 132: <li>Fix a bogus string initialisation when printing IPv6 addresses that was causing a segfault in <a href="http://man.openbsd.org?query=netstat&sektion=1">netstat(1)</a>.
1.1 deraadt 133: <!-- ^ 20030316 -->
1.46 ! beck 134: <li>More string function sanity in the 4.3BSD compat library, <a href="http://man.openbsd.org?query=crypto&sektion=3">crypto(3)</a><!-- 20030316 --> and <a href="http://man.openbsd.org?query=sudo&sektion=8">sudo(8)</a>.
! 135: <li>Fix a string under-allocation in <a href="http://man.openbsd.org?query=mountd&sektion=8">mountd(8)</a>.
! 136: <li>Update to <a href="http://man.openbsd.org?query=sudo&sektion=8">sudo(8)</a> 1.6.7.
1.1 deraadt 137: <li><font color="#e00000"><strong>SECURITY FIX: Various SSL and TLS operations in OpenSSL are vulnerable to timing attacks.</strong></font><br>
138: <a href="errata32.html#blinding">An `RSA blinding' source code patch is available</a>.<br>
139: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.46 ! beck 140: <li>Add a missing chroot path correction when creating the SSL mutex file in <a href="http://man.openbsd.org?query=httpd&sektion=8">httpd(8)</a>.
1.1 deraadt 141: <!-- ^ 20030315 -->
1.46 ! beck 142: <li>Another fix in the <a href="http://man.openbsd.org?query=gcc&sektion=1">gcc(1)</a> stack protector.
! 143: <li>More strcpy -> strlcpy, in <a href="http://man.openbsd.org?query=cron&sektion=8">cron(8)</a> this time.
1.1 deraadt 144: <li>After all the hard work making the X server run as a non-root user, stop the scheduler lowering non-root processes' priority if they've had more than ten minutes of CPU time.
145: <li>Check the length of all fixed-length IPv6 neighbor discovery options.
1.46 ! beck 146: <li>Enable RSA blinding in <a href="http://man.openbsd.org?query=keynote&sektion=3">keynote(3)</a>.
! 147: <li>Remove the redundant -t option from <a href="http://man.openbsd.org?query=mt&sektion=1">mt(1)</a>.
! 148: <li>Fix a bug in <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> tables that could cause table-based filtering of packets with a source or destination address of 0.0.0.0 (e.g. DHCP) to corrupt the kernel.
1.1 deraadt 149: <li>Enable RSA blinding for mod_ssl private key operations.
150: <!-- ^ 20030314 -->
1.46 ! beck 151: <li>Fix a bug that caused all jobs displayed by <a href="http://man.openbsd.org?query=atq&sektion=1">atq(1)</a> to appear to be owned by the owner of the last job in the queue.<br>
1.1 deraadt 152: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> <!-- XXX 3.2-stable -->
1.46 ! beck 153: <li>Require <a href="http://man.openbsd.org?query=spamd&sektion=8">spamd(8)</a> control connections to originate from a reserved port.
! 154: <li>Plug a <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> tables memory leak.
! 155: <li>Scale the <a href="http://man.openbsd.org?query=altq&sektion=9">altq(9)</a> RED thresholds to 10% (min) and 30% (max) of the queue limit.
! 156: <li>Fix a one-byte underflow in <a href="http://man.openbsd.org?query=raidctl&sektion=8">raidctl(8)</a>.
! 157: <li>Switch <a href="http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf">RSA blinding</a> on for <a href="http://man.openbsd.org?query=isakmpd&sektion=8">isakmpd(8)</a>, <a href="http://man.openbsd.org?query=ssh-agent&sektion=1">ssh-agent(1)</a> and <a href="http://man.openbsd.org?query=ssh-keysign&sektion=8">ssh-keysign(8)</a>.
1.7 deraadt 158: <li>Still more sprintf -> snprintf and strcpy -> strlcpy in many, many places.
1.1 deraadt 159: <!-- ^ 20030313 -->
1.46 ! beck 160: <li>More strcpy -> strlcpy, this time in <a href="http://man.openbsd.org?query=badsect&sektion=8">badsect(8)</a>, <a href="http://man.openbsd.org?query=restore&sektion=8">restore(8)</a> and <a href="http://man.openbsd.org?query=scsi&sektion=8">scsi(8)</a>.
! 161: <li>Fix a missing initialisation in <a href="http://man.openbsd.org?query=pckbc&sektion=4">pckbc(4)</a> when the ps/2 keyboard is not the system console. Avoids a panic on alpha.
1.1 deraadt 162: <li>Remove sbin/photurisd from the tree.
1.46 ! beck 163: <li>(v)sprintf -> (v)snprintf in <a href="http://man.openbsd.org?query=mrouted&sektion=8">mrouted(8)</a>.
! 164: <li>Add -c option to <a href="http://man.openbsd.org?query=md5&sektion=1">md5(1)</a>, for compatibility with GNU md5sum.
! 165: <li>Set IFCAP_VLAN_MTU for <a href="http://man.openbsd.org?query=sk&sektion=4">sk(4)</a>.
1.1 deraadt 166: <!-- ^ 20030312 -->
1.46 ! beck 167: <li>Add a missing endianness fixup to <a href="http://man.openbsd.org?query=bktr&sektion=4">bktr(4)</a>.
! 168: <li>Hack <a href="http://man.openbsd.org?query=compat_freebsd&sektion=8">compat_freebsd(8)</a> to pick up recent FreeBSD binaries such as Opera.
! 169: <li>Make <a href="http://man.openbsd.org?query=cron&sektion=8">cron(8)</a>'s parser detect many more syntax errors.
! 170: <li>Allow <a href="http://man.openbsd.org?query=bridge&sektion=4">bridge(4)</a> to send unfragmented full-length 802.1q packets on interfaces with IFCAP_VLAN_MTU set.
! 171: <li>Make sure that <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> queues have a queue ID that is unique across all interfaces.
! 172: <li>When acting on an anchor, make <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a>'s -F option traverse all subrulesets in the anchor.
! 173: <li>Remove <a href="http://man.openbsd.org?query=larn&sektion=6&release=OpenBSD+3.2">larn(6)</a> until some license issues are resolved.
1.1 deraadt 174: <!-- ^ 20030311 -->
1.46 ! beck 175: <li>Yet more <a href="http://man.openbsd.org?query=gcc&sektion=1">gcc(1)</a> stack-smash protector fixes.
1.1 deraadt 176: <li>Many spelling and double-word fixes.
1.46 ! beck 177: <li>Install <a href="http://man.openbsd.org?query=lpr&sektion=1">lpr(1)</a> and <a href="http://man.openbsd.org?query=lprm&sektion=1">lprm(1)</a> setuid root instead of setuid daemon (the latter is more risky) and setuid to daemon early on.
! 178: <li>Add a missing <a href="http://man.openbsd.org?query=getnameinfo&sektion=3">getnameinfo(3)</a> error check to <a href="http://man.openbsd.org?query=ftp&sektion=1">ftp(1)</a>.
! 179: <li>Always set a <a href="http://man.openbsd.org?query=bpf&sektion=4">bpf(4)</a> filter in <a href="http://man.openbsd.org?query=pflogd&sektion=8">pflogd(8)</a>, since bpf will otherwise grab full-length packets.
! 180: <li>strcpy->strlcpy in <a href="http://man.openbsd.org?query=mount_portal&sektion=8">mount_portal(8)</a>, <a href="http://man.openbsd.org?query=quotacheck&sektion=8">quotacheck(8)</a>, <a href="http://man.openbsd.org?query=route&sektion=8">route(8)</a> and <a href="http://man.openbsd.org?query=routed&sektion=8">routed(8)</a>.
! 181: <li>Make <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> queue code drop illegal non-PKTHDR mbufs, and whine loudly so any problem will get noticed and fixed.
! 182: <li>Allow <a href="http://man.openbsd.org?query=st&sektion=4">st(4)</a> tape density codes up to 0xff (the old limit was 0x45). <!-- Disallow negative density since antimatter tapes are not supported. -->
1.1 deraadt 183: <li>Continued assault on manpage errors, omissions and bad English.
184: <li>Fix a typo from pre-3.1 days that was stopping inode quotas from working.
1.46 ! beck 185: <li>Stop <a href="http://man.openbsd.org?query=spamd-setup&sektion=8">spamd-setup(8)</a> always returning an error code.
! 186: <li>Log that <a href="http://man.openbsd.org?query=cron&sektion=8">cron(8)</a> has started after detaching from the controlling terminal, rather than before.
! 187: <li>Make <a href="http://man.openbsd.org?query=cron&sektion=8">cron(8)</a> show the correct error line number when the command is missing.
! 188: <li>Make <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a> give a helpful error message when multiple same-named queues are added to an interface.
! 189: <li>Fix a problem in <a href="http://man.openbsd.org?query=sis&sektion=4">sis(4)</a>, found with a few DP83815 devices, where a cable length of less than 30m caused excessive receive errors.
1.1 deraadt 190: <!-- ^ 20030310 -->
1.46 ! beck 191: <li>Tighten <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> tcp state code in relation to a FIN received before any server response.
! 192: <li>Add spamd and spamd-cfg tcp ports to <a href="http://man.openbsd.org?query=services&sektion=5">services(5)</a>, and have <a href="http://man.openbsd.org?query=spamd&sektion=8">spamd(8)</a> obtain the port numbers from there.
! 193: <li>Fix some problems adding <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> child queues.
! 194: <li>Prise the correct line number for errors out of <a href="http://man.openbsd.org?query=cron&sektion=8">cron(8)</a>.
! 195: <li>Warn about garbage lines before the EOF in <a href="http://man.openbsd.org?query=crontab&sektion=1">crontab(1)</a>.
! 196: <li>Fix a panic in <a href="http://man.openbsd.org?query=ppp&sektion=4">ppp(4)</a> by making sure the first mbuf in a chain contains a packet header.
1.1 deraadt 197: <!-- ^ 20030309 -->
1.46 ! beck 198: <li>Disable <a href="http://man.openbsd.org?query=ptrace&sektion=2">ptrace(2)</a> for P_SUGIDEXEC as well as P_SUGID.
! 199: <li>Make the kernel's P_SUGIDEXEC flag semantics match those for <a href="http://man.openbsd.org?query=issetugid&sektion=2">issetugid(2)</a>.
! 200: <li>Make clear that <a href="http://man.openbsd.org?query=mailwrapper&sektion=8">mailwrapper(8)</a> error and warning messages are not from the wrapped program but from the wrapper itself.
! 201: <li>In <a href="http://man.openbsd.org?query=mountd&sektion=8">mountd(8)</a> only write to the pidfile if we've opened it.
! 202: <li>Honour the :sh: <a href="http://man.openbsd.org?query=printcap&sektion=5">printcap(5)</a> flag for remote printers, instead of requiring -h to be given to <a href="http://man.openbsd.org?query=lpr&sektion=1">lpr(1)</a>.
! 203: <li>Add <a href="http://man.openbsd.org?query=spamd.conf&sektion=5">spamd.conf(5)</a>, configuration for <a href="http://man.openbsd.org?query=spamd-setup&sektion=8">spamd-setup(8)</a>.
! 204: <li>Since <a href="http://man.openbsd.org?query=spamd-setup&sektion=8">spamd-setup(8)</a> is no longer a Perl script, remove the Net::Netmask module.
! 205: <li>Re-re-implement <a href="http://man.openbsd.org?query=spamd-setup&sektion=8">spamd-setup(8)</a>, this time in C.
1.1 deraadt 206: <li>Tweak queue rule expansion to fix problems when a queue spans multiple interfaces.
1.46 ! beck 207: <li>Base <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a>'s 'bandwidth too small' whine on interface-specific calculations rather than always using '6Kb'.
1.1 deraadt 208: <!-- ^ 20030308 -->
1.46 ! beck 209: <li>Have a separate flag (-g) for <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a> debugging output, instead of overloading -vv.
1.1 deraadt 210: <li>Fix a signedness bug (KAME PR 469) in the libc resolver.
211: <!-- ^ 20030307 -->
1.46 ! beck 212: <li>Set some missing flags and fix <a href="http://man.openbsd.org?query=ti&sektion=4">ti(4)</a>'s vlan tagging support.
! 213: <li>Stability fixes to <a href="http://man.openbsd.org?query=cac&sektion=4">cac(4)</a>.
1.1 deraadt 214: <li>A huge number of manpage cross-reference fixes.
215: <li>In kernel main(), configure devices later when process 0 is more fully initialised.
1.46 ! beck 216: <li>Avoid a null derefence in <a href="http://man.openbsd.org?query=isakmpd&sektion=8">isakmpd(8)</a> when converting text addresses to a sockaddr.
! 217: <li>Fix <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> queue assignments when an interface is not specified.
1.1 deraadt 218: <li>For IPv6 etherip packets, set the next protocol field in the header.
1.46 ! beck 219: <li>Pass IP proto 97 (Ethernet-in-IP) packets up to <a href="http://man.openbsd.org?query=bpf&sektion=4">bpf(4)</a>.
1.1 deraadt 220: <!-- ^ 20030306 -->
221: <li>In the installer, delete the FTP password when no sets are found, so it doesn't get displayed in the URL.
222: <li>Add a boot image ISO for alpha.
223: <li>New images; the last X update before the release.
1.46 ! beck 224: <li>Fix a number of memory leaks in <a href="http://man.openbsd.org?query=ssh&sektion=1">ssh(1)</a> and its related programs.
! 225: <li>Add a monolithic <a href="http://man.openbsd.org?query=openssl&sektion=1">openssl(1)</a> manpage, covering all the tool commands.
! 226: <li>Media handling fixes to <a href="http://man.openbsd.org?query=hme&sektion=4">hme(4)</a>.
! 227: <li>Set the right address family for IPv6 addresses in a <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> table.
! 228: <li>Update <a href="http://man.openbsd.org?query=named&sektion=8">named(8)</a> to BIND 9.2.2-release.
1.1 deraadt 229: <!-- ^ 20030305 -->
1.46 ! beck 230: <li>Only have /etc/rc generate the <a href="http://man.openbsd.org?query=rndc&sektion=8">rndc(8)</a> key if <a href="http://man.openbsd.org?query=named&sektion=8">named(8)</a> is to be started.
! 231: <li><a href="http://man.openbsd.org?query=named&sektion=8">named(8)</a> always does setuid(named) and chroots to /var/named, so remove the variables for those actions from /etc/rc.
! 232: <li>Turn off the stack protector when building <a href="http://man.openbsd.org?query=lkm&sektion=4">lkm(4)</a>s.
! 233: <li>Don't install <a href="http://man.openbsd.org?query=mrinfo&sektion=8">mrinfo(8)</a> and <a href="http://man.openbsd.org?query=mtrace&sektion=8">mtrace(8)</a> setuid root.
! 234: <li>Recreate the <a href="http://man.openbsd.org?query=rndc&sektion=8">rndc(8)</a> key if /etc/rndc.key and /var/named/etc/rndc.key are not identical, or if either is absent.
1.7 deraadt 235: <li>3.3-beta -> 3.3
1.46 ! beck 236: <li>Fix user and group keywords with IPv6 <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> rules.
1.1 deraadt 237: <li>Create a baby ISO for i386, with just the CD boot image on it.
238: <!-- ^ 20030304 -->
1.46 ! beck 239: <li>Move the <a href="http://man.openbsd.org?query=spamd&sektion=8">spamd(8)</a> configuration channel from the spamd listener port the next port up.
! 240: <li>Add to <a href="http://man.openbsd.org?query=file&sektion=1">file(1)</a> support for additional image formats and a first pass at reading jpeg size.
1.1 deraadt 241: <li>strncpy->strlcpy in libc resolver code.
1.46 ! beck 242: <li>Upgrade <a href="http://man.openbsd.org?query=file&sektion=1">file(1)</a> to 3.41, to fix a buffer overflow. Get improved 64-bit ELF support as well.<br>
1.1 deraadt 243: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> <!-- XXX 3.2-stable -->
244: <li>In the libc stack smash handler, straight away block all signal handlers from running.
1.46 ! beck 245: <li>More fixes and improvements to <a href="http://man.openbsd.org?query=isp&sektion=4">isp(4)</a>.
1.1 deraadt 246: <li>Sendmail updated to 8.12.8.
1.46 ! beck 247: <li><font color="#e00000"><strong>SECURITY FIX: A buffer overflow in the envelope comments processing in <a href="http://man.openbsd.org?query=sendmail&sektion=8">sendmail(8)</a> may allow an attacker to gain root privileges.</strong></font><br>
1.1 deraadt 248: <a href="errata32.html#sendmail">A source code patch is available</a>.<br>
249: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.46 ! beck 250: <li>Fix some nits in <a href="http://man.openbsd.org?query=m_pulldown&sektion=9">m_pulldown(9)</a>.
! 251: <li>Return a meaningful partition size from <a href="http://man.openbsd.org?query=rd&sektion=4">rd(4)</a>.
1.1 deraadt 252: <!-- ^ 20030303 -->
1.46 ! beck 253: <li>Fix <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a> display of altq bandwidth figures.
! 254: <li>Fix a missing configuration message validity check in <a href="http://man.openbsd.org?query=spamd&sektion=8">spamd(8)</a>.
1.1 deraadt 255: <li>Remove spamd-setup.sh script.
1.46 ! beck 256: <li>Add a configuration channel in <a href="http://man.openbsd.org?query=spamd&sektion=8">spamd(8)</a> so spamd-setup.pl can talk to it.
! 257: <li>New spamd-setup.pl script to set up <a href="http://man.openbsd.org?query=spamd&sektion=8">spamd(8)</a>, with support for multiple blacklists configured via <a href="http://man.openbsd.org?query=spamd.conf&sektion=5">spamd.conf(5)</a>.
! 258: <li>Add perl module Net::Netmask for new <a href="http://man.openbsd.org?query=spamd&sektion=8">spamd(8)</a> setup perl script.
1.1 deraadt 259: <li>Remove the redundant 'control' keyword from altq CBQ.
260: <li>Tag no-payload tcp ACK packets for priority queuing, see /usr/share/pf/ackpri for more information and an example.
1.46 ! beck 261: <li>Guarantee that two <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> queues with the same name on different interfaces have the same internal queue id.
1.1 deraadt 262: <!-- ^ 20030302 -->
1.46 ! beck 263: <li>Prevent <a href="http://man.openbsd.org?query=gem&sektion=4">gem(4)</a> removing DMA mappings that are still in use, which causes faults on sparc64.
1.1 deraadt 264: <li>Stop the installer mistakenly deleting a default route that an FTP install may need to use.
265: <!-- ^ 20030301 -->
266: <li>Add a bootable CD iso image for sparc64.
1.46 ! beck 267: <li>Fix a few bad printf format specifiers in <a href="http://man.openbsd.org?query=pflogd&sektion=8">pflogd(8)</a>.
1.1 deraadt 268: <li>Disable GNU mmalloc on all architectures.
1.46 ! beck 269: <li>Update all <a href="http://man.openbsd.org?query=disktab&sektion=5">disktab(5)</a> files to show support for 16 partitions, and fix a few other glitches.
! 270: <li>Finally, <a href="http://man.openbsd.org?query=mrouted&sektion=8">mrouted(8)</a> and fellows have proper licensing and are now built by default.
1.1 deraadt 271: <li>Make sure the error value is set properly on SA expiry for AH and ESP.
272: <li>Fix a Kerberos (IV and V) resolver overflow found by propolice.
1.46 ! beck 273: <li>Make libc <a href="http://man.openbsd.org?query=random&sektion=3">random(3)</a> and related functions use u_int32_t internally instead of long.
! 274: <li>Update the <a href="http://man.openbsd.org?query=isp&sektion=4">isp(4)</a> firmware images.
1.1 deraadt 275: <li>Increase the ata IDENTIFY command timeout from one to three seconds.
276: <li>Use a bss copy of basename(argv[0]) for __progname, so even when there is real stack carnage a propolice stack-smash report has the right program name.
1.46 ! beck 277: <li>Add a missing splsoftnet() in <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> tables code.
1.1 deraadt 278: <!-- ^ 20030228 -->
1.46 ! beck 279: <li>Add WANT_LIBMILTER, WANT_SASL and WANT_LDAP mk.conf hooks for <a href="http://man.openbsd.org?query=sendmail&sektion=8">sendmail(8)</a>.
! 280: <li>Add -trace-ctors-dtors option to <a href="http://man.openbsd.org?query=gcc&sektion=1">gcc(1)</a>'s collect2. See <a href="http://man.openbsd.org?query=gcc-local&sektion=1">gcc-local(1)</a>.
! 281: <li>Make <a href="http://man.openbsd.org?query=rndc&sektion=8">rndc(8)</a> die properly on errors.
! 282: <li>In libz, check <a href="http://man.openbsd.org?query=snprintf&sektion=3">snprintf(3)</a> return value to detect truncation.<br>
1.1 deraadt 283: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> <!-- XXX 3.2-stable -->
1.46 ! beck 284: <li>Stop <a href="http://man.openbsd.org?query=syslog&sektion=3">syslog(3)</a> always logging to the console when LOG_CONS is enabled.
! 285: <li>Have <a href="http://man.openbsd.org?query=updatedb&sektion=8">updatedb(8)</a> use /var/tmp instead of /tmp, and include ext2fs volumes in the database.
! 286: <li>Handle invalid step sizes properly in <a href="http://man.openbsd.org?query=cron&sektion=8">cron(8)</a>.
! 287: <li>Add IPv6 packet classification support for <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> queues.
! 288: <li>Fix <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> tables' IPv6 support.
1.1 deraadt 289: <!-- ^ 20030227 -->
1.46 ! beck 290: <li>Correctly set the priority queue when expanding <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> rules.
! 291: <li>Some cleanup in <a href="http://man.openbsd.org?query=ti&sektion=4">ti(4)</a>.
! 292: <li>Make libz use <a href="http://man.openbsd.org?query=snprintf&sektion=3">snprintf(3)</a> instead of sprintf(), since we're at it.<br>
1.1 deraadt 293: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> <!-- XXX 3.2-stable -->
294: <li>Fix a bug in bind's isc_print_vsnprintf(), even though it's not used in OpenBSD.
1.46 ! beck 295: <li>Have <a href="http://man.openbsd.org?query=named&sektion=8">named(8)</a> listen on IPv6 interfaces by default.
! 296: <li>More <a href="http://man.openbsd.org?query=gcc&sektion=1">gcc(1)</a> stack protector fixes.
1.1 deraadt 297: <!-- ^ 20030226 -->
1.46 ! beck 298: <li>Add 'show' and 'monitor' commands to <a href="http://man.openbsd.org?query=ipsecadm&sektion=8">ipsecadm(8)</a>.
! 299: <li>Update <a href="http://man.openbsd.org?query=xterm&sektion=1">xterm(1)</a> to fix <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0063">CAN-2003-0063</a> and <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0071">CAN-2003-0071</a>.
! 300: <li>Fix <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> binat rule matching.
! 301: <li>Clean up <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a> binat rule parsing.
! 302: <li>More bounds check fixes, in Linux compat and <a href="http://man.openbsd.org?query=gdt&sektion=4">gdt(4)</a>.
1.1 deraadt 303: <!-- ^ 20030225 -->
1.46 ! beck 304: <li>Correct two off-by-ones in <a href="http://man.openbsd.org?query=ami&sektion=4">ami(4)</a>.
! 305: <li>Fix a bad bounds check in <a href="http://man.openbsd.org?query=midi&sektion=4">midi(4)</a>.
! 306: <li>Revert to the old <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> macro redefinition code, to stop a bad next pointer causing an endless loop.
1.1 deraadt 307: <li>Fix a crasher in the pfkeyv2 debugging code.
1.46 ! beck 308: <li>Add LZS compression support to <a href="http://man.openbsd.org?query=hifn&sektion=4">hifn(4)</a>. Only usable by IPComp for now.
1.1 deraadt 309: <!-- ^ 20030224 -->
310: <li>Set the portal filesystem file change time properly.
311: <li>Remove tcfs due to licensing problems.
1.46 ! beck 312: <li>Fix a bogus <a href="http://man.openbsd.org?query=vmstat&sektion=8">vmstat(8)</a> warning message.
! 313: <li>Make libz use <a href="http://man.openbsd.org?query=vsnprintf&sektion=3">vsnprintf(3)</a> instead of vsprintf().<br>
1.1 deraadt 314: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> <!-- XXX 3.2-stable -->
315: <!-- ^ 20030223 -->
316: <li>Add privilege separation to the old X servers too.
317: <!-- ^ 20030222 -->
318: <li>In the X server, open the keyboard and framebuffer drivers using privsep.
1.46 ! beck 319: <li>Plug a couple of mbuf leaks on errors in <a href="http://man.openbsd.org?query=bridge&sektion=4">bridge(4)</a>.
! 320: <li>Pull in from FreeBSD a better environment variable parser for <a href="http://man.openbsd.org?query=cron&sektion=8">cron(8)</a>.
! 321: <li>Repair <a href="http://man.openbsd.org?query=httpd&sektion=8">httpd(8)</a> restarts, broken by the ETag inode leak fix. (The etags-state file wasn't readable after dropping privileges.)
1.1 deraadt 322: <li>Don't try to allocate < 0 bytes of memory in libcrypto.<br>
323: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.46 ! beck 324: <li>Re-enable 'set loginterface none' option in <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a>.
! 325: <li>Fix a bad sizeof in <a href="http://man.openbsd.org?query=ssh&sektion=1">ssh(1)</a> auth_krb4.
! 326: <li>Send BIND 4 to the attic. <a href="http://man.openbsd.org?query=named&sektion=8">named(8)</a> is now BIND 9.
! 327: <li>Still more fixes to the <a href="http://man.openbsd.org?query=gcc&sektion=1">gcc(1)</a> stack protector.
1.1 deraadt 328: <!-- ^ 20030221 -->
1.46 ! beck 329: <li>Have <a href="http://man.openbsd.org?query=tcpdump&sektion=8">tcpdump(8)</a> check AH and ESP packets are of valid length before dumping their contents.
! 330: <li>Teach <a href="http://man.openbsd.org?query=tcpdump&sektion=8">tcpdump(8)</a> to print IPComp packets.
! 331: <li>Fix a crasher in <a href="http://man.openbsd.org?query=systrace&sektion=1">systrace(1)</a> by reparing some locking code in the kernel, and removing a null deref in userland.
! 332: <li>Sync <a href="http://man.openbsd.org?query=cron&sektion=8">cron(8)</a> with ISC cron -current, keeping the OpenBSD-specific <a href="http://man.openbsd.org?query=at&sektion=1">at(1)</a> integration.
! 333: <li>Make <a href="http://man.openbsd.org?query=xconsole&sektion=1">xconsole(1)</a> run as user _x11 instead of root (like the X server,) and use privilege separation for the parts that need root.
! 334: <li>Add an empty cron.deny file, since POSIX requires that in the absence of cron.allow and cron.deny files, only root may run <a href="http://man.openbsd.org?query=crontab&sektion=1">crontab(1)</a>.
! 335: <li>Fix a null deref triggered by <a href="http://man.openbsd.org?query=ipcomp&sektion=4">ipcomp(4)</a>.
1.1 deraadt 336: <!-- ^ 20030220 -->
1.46 ! beck 337: <li><a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a> rejects non-existent interfaces in rules using dynamic interface syntax.
! 338: <li>Move /var/at files into /var/cron since <a href="http://man.openbsd.org?query=at&sektion=1">at(1)</a> is now a part of <a href="http://man.openbsd.org?query=cron&sektion=8">cron(8)</a>.
! 339: <li>Fix support for <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> syntax (if)/24 (dynamic interface name translation with a network prefix).
! 340: <li><font color="#e00000"><strong>SECURITY FIX: In <a href="http://man.openbsd.org?query=ssl&sektion=8">ssl(8)</a> an information leak can occur via timing by performing a MAC computation even if incorrect block cipher padding has been found, this is a countermeasure. Also, check for negative sizes in memory allocation routines.</strong></font><br>
1.1 deraadt 341: <a href="errata32.html#ssl">A source code patch is available</a>.<br>
342: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.46 ! beck 343: <li>Add a counter for <a href="http://man.openbsd.org?query=netstat&sektion=1">netstat(1)</a> showing how often <a href="http://man.openbsd.org?query=ipcomp&sektion=4">ipcomp(4)</a> was skipped because the packet size was below the compression threshold.
! 344: <li>Fix a buffer overflow in <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a> on 64-bit platforms.
! 345: <li>Stability updates to <a href="http://man.openbsd.org?query=vr&sektion=4">vr(4)</a>.
! 346: <li>LFS is not supported, so remove support for it from <a href="http://man.openbsd.org?query=df&sektion=1">df(1)</a>.
1.1 deraadt 347: <!-- ^ 20030219 -->
348: <li>More niggly fixes to newly-added LZS support.
1.46 ! beck 349: <li>Don't load <a href="http://man.openbsd.org?query=pf.conf&sektion=5">pf.conf(5)</a> options when one of <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a>'s load switches (-A, -N, -R) is in force.
1.1 deraadt 350: <li>Write the stack to core files properly for upward-growing stack architectures.
1.46 ! beck 351: <li>Enable LZS support in <a href="http://man.openbsd.org?query=ipcomp&sektion=4">ipcomp(4)</a>, missed when LZS was added earlier.
1.1 deraadt 352: <li>Turn of BIND 9's logging of lame servers; some people never learn, and we don't want to know about them.
1.46 ! beck 353: <li>Make min-ttl and random-id operate on inbound as well as outbound <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> scrub rules.
1.1 deraadt 354: <li>Many missing copyright notices added to manpages.
355: <!-- ^ 200300218 -->
356: <li>Add privilege separation support to the X server. Fixes a lot of problems.
1.46 ! beck 357: <li>Fix a double-free in <a href="http://man.openbsd.org?query=ftp&sektion=1">ftp(1)</a>.
! 358: <li>Add -n 'no daemon' option to <a href="http://man.openbsd.org?query=cron&sektion=8">cron(8)</a>.
! 359: <li>Enqueue the copy and not the original mbuf that's free four lines later, and so stop <a href="http://man.openbsd.org?query=bridge&sektion=4">bridge(4)</a> crashing the kernel.
1.1 deraadt 360: <!-- ^ 20030217 -->
361: <li>Improve default route setup in the installer.
1.46 ! beck 362: <li>Fix <a href="http://man.openbsd.org?query=ssh&sektion=1">ssh(1)</a> forced commands with 'PermitRootLogin forced-commands-only' set.
! 363: <li>Some RFC-compliance fixes to the <a href="http://man.openbsd.org?query=httpd&sektion=8">httpd(8)</a> multipart MIME pid leak fix.
! 364: <li>Clean up <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> macro parsing.
1.1 deraadt 365: <!-- ^ 20030216 -->
1.46 ! beck 366: <li>Fix format string bugs in <a href="http://man.openbsd.org?query=grep&sektion=1">grep(1)</a> and <a href="http://man.openbsd.org?query=nohup&sektion=1">nohup(1)</a>.
! 367: <li>strcpy -> strlcpy in <a href="http://man.openbsd.org?query=rpc.pcnfsd&sektion=8">rpc.pcnfsd(8)</a>.
! 368: <li>Add support framework for LZS compression to <a href="http://man.openbsd.org?query=crypto&sektion=9">crypto(9)</a> and <a href="http://man.openbsd.org?query=ipsec&sektion=4">ipsec(4)</a>.
! 369: <li>More write protection paranoia in <a href="http://man.openbsd.org?query=ld.so&sektion=1">ld.so(1)</a>.
1.1 deraadt 370: <li>Make bsd.rd an install/upgrade target.
1.46 ! beck 371: <li><font color="#e00000"><strong>SECURITY FIX: <a href="http://man.openbsd.org?query=httpd&sektion=8">httpd(8)</a> leaks file inode numbers via ETag header as well as child PIDs in multipart MIME boundary generation. This could lead, for example, to NFS exploitation because it uses inode numbers as part of the file handle.</strong></font><br>
1.1 deraadt 372: <a href="errata32.html#httpd">A source code patch is available</a>.<br>
373: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.46 ! beck 374: <li>Increase the size of the rates buffer in <a href="http://man.openbsd.org?query=wi&sektion=4">wi(4)</a> hostap so 802.11g stations can associate.
1.1 deraadt 375: <li>When outputting raw IP and generating the header manually, make sure the packet is large enough for a full IP header.<br>
376: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> <!-- XXX 3.2-stable -->
377: <!-- ^ 20030215 -->
378: <li>Fix an mbuf leak in IPv6 TCP.
379: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.46 ! beck 380: <li>Now that <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> tables spring into existence on demand, remove the unnecessary '-T create' option.
! 381: <li>Have <a href="http://man.openbsd.org?query=arc4random&sektion=3">arc4random(3)</a> stir the pool when the caller's pid changes.
! 382: <li>Add 'scrub in all no-df' to the initial <a href="http://man.openbsd.org?query=pf.conf&sektion=5">pf.conf(5)</a> installed by /etc/rc. This helps diskless booters using Linux NFS servers.
! 383: <li>Allow <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> redirect to loopback interfaces again, now that looping can't occur.
1.1 deraadt 384: <!-- ^ 20030214 -->
385: <li>Fix an fd locking bug in libpthread.
1.46 ! beck 386: <li>Have <a href="http://man.openbsd.org?query=spamd&sektion=8">spamd(8)</a> use tables instead of regular rules on an anchor.
1.1 deraadt 387: <li>Improvements to ATAPI PIO mode selection.
1.46 ! beck 388: <li>Fix an mbuf leak in <a href="http://man.openbsd.org?query=wi&sektion=4">wi(4)</a>.
! 389: <li><font color="#e00000"><strong>SECURITY FIX: A fix for an <a href="http://man.openbsd.org?query=lprm&sektion=1">lprm(1)</a> bug made in 1996 contains an error that could lead to privilege escalation. For OpenBSD 3.2 the impact is limited since lprm(1) is setuid daemon, not setuid root.</strong></font><br>
1.1 deraadt 390: <a href="errata32.html#httpd">A source code patch is available</a>.<br>
391: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.46 ! beck 392: <li>Finish nForce support in <a href="http://man.openbsd.org?query=pciide&sektion=4">pciide(4)</a>.
! 393: <li>When <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a> complains about an illegal netmask, have it show the offending article.
1.1 deraadt 394: <!-- ^ 20030213 -->
1.46 ! beck 395: <li>Fix busted <a href="http://man.openbsd.org?query=ypxfr&sektion=8">ypxfr(8)</a>, the key and values are no longer swapped around. Which is nice.
! 396: <li>Add libedit line editing support to <a href="http://man.openbsd.org?query=cdio&sektion=1">cdio(1)</a>.
! 397: <li>Teach <a href="http://man.openbsd.org?query=disklabel&sektion=8">disklabel(8)</a> to use units other than sectors on the command line.
1.7 deraadt 398: <li>3.2-current -> 3.3-beta.
1.46 ! beck 399: <li>Replace <a href="http://man.openbsd.org?query=ssh&sektion=1">ssh(1)</a>'s and <a href="http://man.openbsd.org?query=wi&sektion=4">wi(4)</a>'s crc32 code with BSD-licensed versions.
! 400: <li>Change <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> scrub option 'no-df' to better handle fragments with DF set, such as those sent by Linux NFS.
! 401: <li>When in async mode, signal the process group instead of the process from WSEVENT_WAKEUP in <a href="http://man.openbsd.org?query=wscons&sektion=4">wscons(4)</a>.
! 402: <li>In <a href="http://man.openbsd.org?query=newsyslog.conf&sektion=5">newsyslog.conf(5)</a>, users can separated from groups now with ':' as well as '.'.
! 403: <li><a href="http://man.openbsd.org?query=newsyslog&sektion=8">newsyslog(8)</a> can now rotate files at a specific time.
! 404: <li>Better <a href="http://man.openbsd.org?query=bind&sektion=2">bind(2)</a> error checking in <a href="http://man.openbsd.org?query=isakmpd&sektion=8">isakmpd(8)</a>.
! 405: <li>Be consistent with ntohs() in <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> translation code.
! 406: <li>Some consolidation and tidyup in <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a>'s rule parsing code.
1.1 deraadt 407: <!-- ^ 20030212 -->
1.46 ! beck 408: <li>More fixes to <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> routing.
! 409: <li>Don't ever send ICMP redirects for <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a>-redirected packets .
! 410: <li>Allow definition of <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> macros on the command line. Oh yes.
1.9 deraadt 411: <li>Remove sinful abbreviation of the unit of frequency as 'hz' (it's 'Hz', don't you know).
1.46 ! beck 412: <li><a href="http://man.openbsd.org?query=tcpdump&sektion=8">tcpdump(8)</a> now displays the DF flag for IP fragments.
1.1 deraadt 413: <!-- ^ 20030211 -->
1.46 ! beck 414: <li>Have <a href="http://man.openbsd.org?query=spamd&sektion=8">spamd(8)</a> pass sensible parameters to memset().
! 415: <li>Allow IPv6 addresses in <a href="http://man.openbsd.org?query=yp&sektion=8">yp(8)</a> host maps.
1.1 deraadt 416: <!-- ^ 20030210 -->
1.46 ! beck 417: <li>More <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> rule compression: 'from' and 'to' keywords are optional if 'any' is one of the addresses, and 'any' itself is optional when a port is specified.
1.1 deraadt 418: <!-- ^ 20030209 -->
1.46 ! beck 419: <li>Change <a href="http://man.openbsd.org?query=chroot&sektion=8">chroot(8)</a>'s -u and -g options' semantics (-u is now what -U used to be, unless -g overrides it,) and remove -U and -G.
! 420: <li>Sync up the <a href="http://man.openbsd.org?query=spell&sektion=1">spell(1)</a> dictionaries with FreeBSD and NetBSD changes.
! 421: <li>Add new 'random-id' option for <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> scrub rules. This randomises outbound IP IDs and defeats <a href="http://www.research.att.com/~smb/papers/fnat.pdf">NAT detection and OS fingerprinting</a>.
! 422: <li>Stop a number of scripts that use <a href="http://man.openbsd.org?query=mktemp&sektion=1">mktemp(1)</a> from leaving dead tempfiles around in failure cases.
1.1 deraadt 423: <!-- ^ 20030208 -->
1.46 ! beck 424: <li>A little extra paranoia in <a href="http://man.openbsd.org?query=chpass&sektion=1">chpass(1)</a>, check that the temp file is owned by our real uid.
! 425: <li>Don't burp <a href="http://man.openbsd.org?query=syslog&sektion=3">syslog(3)</a> output to the console unless <a href="http://man.openbsd.org?query=syslogd&sektion=8">syslogd(8)</a> was not contactable.
1.1 deraadt 426: <!-- ^ 20030207 -->
1.46 ! beck 427: <li>Stop <a href="http://man.openbsd.org?query=sshd&sektion=8">sshd(8)</a> leaking information when PermitRootLogin is set to 'no'.
! 428: <li>Install <a href="http://man.openbsd.org?query=pf.conf&sektion=5">pf.conf(5)</a> mode 0600 by default.
! 429: <li>Fix races in the rename and symlink commands of <a href="http://man.openbsd.org?query=sftp-server&sektion=8">sftp-server(8)</a>.
! 430: <li>Allow 'ProxyCommand none' in <a href="http://man.openbsd.org?query=ssh&sektion=1">ssh(1)</a>.
1.1 deraadt 431: <!-- ^ 20030206 -->
1.46 ! beck 432: <li>Hack around a tools bug in <a href="http://man.openbsd.org?query=disklabel&sektion=8">disklabel(8)</a>.
! 433: <li>Improve handling of invalid <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> redirections.
! 434: <li>Tidy up <a href="http://man.openbsd.org?query=ssh&sektion=1">ssh(1)</a> ProxyCommand option parsing.
1.1 deraadt 435: <!-- ^ 20030205 -->
436: <li>Last part of the threaded fd improvements, fixing some bugs from stage one on the way.
1.46 ! beck 437: <li>Set an all-ones mask when doing <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> routing, since round-robin on the whole address space is unlikely to be the desired result.
1.39 nick 438: <li>First installment of improvements to threaded file descriptor handling (see the <a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libpthread/uthread/uthread_fd.c.diff?r1=1.16&r2=1.17&cvsroot=openbsd&f=h">checkin comment</a> for details).
1.46 ! beck 439: <li><a href="http://man.openbsd.org?query=isakmpd&sektion=8">isakmpd(8)</a> now sets the Default-Phase-1-Configuration transform to 3DES-SHA-RSA_SIG, the same as OpenBSD 3.2.
! 440: <li>Don't load a signed int into the <a href="http://man.openbsd.org?query=ssh&sektion=1">ssh(1)</a> buffer when doing BSD auth; the buffer type only supports unsigned ints.
1.1 deraadt 441: <!-- ^ 20030204 -->
1.46 ! beck 442: <li>Note in the documentation that <a href="http://man.openbsd.org?query=snprintf&sektion=3">snprintf(3)</a> and <a href="http://man.openbsd.org?query=syslog_r&sektion=3">syslog_r(3)</a> are safe (with caveats) for use in signal handlers.
! 443: <li>Stop <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> {dup,reply,route}-to rules using a loopback interface as the target - currently this can create loops.
! 444: <li>Don't have <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a> expand altq rules (and so check for parent queues etc.) unless altq rules are actually being loaded.
! 445: <li>More <a href="http://man.openbsd.org?query=gcc&sektion=1">gcc(1)</a> stack protector fixes and tweaks.
1.1 deraadt 446: <!-- ^ 20030203 -->
1.46 ! beck 447: <li>Stop <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a> closing a file it hasn't opened.
! 448: <li>Make <a href="http://man.openbsd.org?query=chpass&sektion=1">chpass(1)</a> more paranoid when opening its temp file.
! 449: <li>Make <a href="http://man.openbsd.org?query=iostat&sektion=8">iostat(8)</a>'s disk throughput bar smarter.
! 450: <li>Implement key exchange guesses as per the secsh standard in <a href="http://man.openbsd.org?query=ssh&sektion=1">ssh(1)</a>.
! 451: <li>Relax parsing of usernames in <a href="http://man.openbsd.org?query=scp&sektion=1">scp(1)</a>.
1.1 deraadt 452: <!-- ^ 20030202 -->
1.46 ! beck 453: <li>Make <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> build without IPv6.
1.1 deraadt 454: <li>Fix an mbuf leak in the ESP code.
1.46 ! beck 455: <li>Correct a bad array index in <a href="http://man.openbsd.org?query=netstat&sektion=1">netstat(1)</a>.
1.1 deraadt 456: <!-- ^ 20030201 -->
1.46 ! beck 457: <li>Fix multicast problems with <a href="http://man.openbsd.org?query=vlan&sektion=4">vlan(4)</a>, and also remove some unnecessary Ethernet-specificity from the driver.
! 458: <li>Really fix combination of <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> translation and route-to/reply-to.
! 459: <li>Check TCP, UDP, ICMP and ICMP6 checksums in <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a>, and make the sum isn't recalculated when the packet hits layer 4 in the kernel. Packets with invalid checksums are silently dropped, to avoid <a href="http://www.phrack.org/phrack/60/p60-0x0c.txt">firewall detection</a> by use of filter responses to bad packets.
! 460: <li>Make <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a>'s TCP state inspection RFC 763 compliant, and send a reset when presented with SYN-cookie schemes that send out-of-window ACKs during the TCP handshake.
! 461: <li>Now that <a href="http://man.openbsd.org?query=route&sektion=8">route(8)</a> is no longer setuid root, check the effective uid instead of the real uid.
1.39 nick 462: <li>Fix a number of filesystem locking issues, for details see the <a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/kern/vfs_cache.c?rev=1.9&content-type=text/x-cvsweb-markup">checkin comment</a>.
1.1 deraadt 463: <li>Fix an ICMP mbuf leak.<br>
464: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> <!-- XXX 3.2 -->
465: <!-- ^ 20030131 -->
1.46 ! beck 466: <li>Create a fake siginfo_t for <a href="http://man.openbsd.org?query=pthread_kill&sektion=3">pthread_kill(3)</a>.
! 467: <li>Stop <a href="http://man.openbsd.org?query=dhcpd&sektion=8">dhcpd(8)</a> and <a href="http://man.openbsd.org?query=dhcrelay&sektion=8">dhcrelay(8)</a> trying to use dead interfaces.
1.1 deraadt 468: <li>For ELF images, put .rodata in a separate section to the program text, so the read-only data is no longer executable.
1.46 ! beck 469: <li>New <a href="http://man.openbsd.org?query=pf.conf&sektion=5">pf.conf(5)</a> interface modifiers: <if>:network for the interface's connected network(s) and <if>:broadcast for the interface's broadcast address(es).
! 470: <li>Have <a href="http://man.openbsd.org?query=spamd&sektion=8">spamd(8)</a> revoke privileges earlier so it can bind to a priviliged port if desired.
1.1 deraadt 471: <!-- ^ 20030130 -->
472: <li>Mirror the a.out initialise-dependent-libraries-first change for ELF.
1.46 ! beck 473: <li>For POSIX reasons, make <a href="http://man.openbsd.org?query=setreuid&sektion=2">setre[ug]id(2)</a> real system calls again (albeit still implemented using setres[ug]id()) instead of 4.3BSD compatibility library calls.
! 474: <li><a href="http://man.openbsd.org?query=authpf&sektion=8">authpf(8)</a> sets the process title to '<user>@<ip>'.
1.1 deraadt 475: <!-- ^ 20030129 -->
1.46 ! beck 476: <li>Add a missing ntohs in <a href="http://man.openbsd.org?query=tcpdump&sektion=8">tcpdump(8)</a> so that <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> actions get printed correctly.
1.1 deraadt 477: <!-- ^ 20030128 -->
478: <li>Make the resolver code in libc more thread-safe.
1.46 ! beck 479: <li>Fix an fd_set overflow in <a href="http://man.openbsd.org?query=telnetd&sektion=8">telnetd(8)</a>.
1.39 nick 480: <li>Improvements to pthreads signal handling. See the <a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libpthread/uthread/uthread_sig.c?rev=1.18&content-type=text/x-cvsweb-markup">checkin comment</a> for details.
1.46 ! beck 481: <li>For <a href="http://man.openbsd.org?query=eg&sektion=4">eg(4)</a>, <a href="http://man.openbsd.org?query=el&sektion=4">el(4)</a>, <a href="http://man.openbsd.org?query=ie&sektion=4&arch=hppa">ie(4/HPPA)</a> and <a href="http://man.openbsd.org?query=url&sektion=4">url(4)</a> zero-pad frames smaller than the minimum frame length.
1.1 deraadt 482: <li>Update the termcap entry colours for wsvt25 to match reality.
1.46 ! beck 483: <li>If the -a option is given to <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a> to specify an anchor, don't allow operations that have a global effect.
! 484: <li>Make sure <a href="http://man.openbsd.org?query=tcpdump&sektion=8">tcpdump(8)</a> correctly exits from the loop that prints IPv6 option headers.
1.1 deraadt 485: <!-- ^ 20030127 -->
1.46 ! beck 486: <li>Use record instead of play parameters to calculate the record high watermark in <a href="http://man.openbsd.org?query=audio&sektion=4">audio(4)</a>.
! 487: <li>Don't have <a href="http://man.openbsd.org?query=ftp-proxy&sektion=8">ftp-proxy(8)</a> remove leading spaces, this can break multiline commands.
1.1 deraadt 488: <li>Further cleanups and shrinkage of the installer scripts.
489: <!-- ^ 20030126 -->
1.46 ! beck 490: <li>Correct operation of <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> rdr rules involving port ranges. Now the from- and to-range sizes can differ.
! 491: <li>Stop bogus packet drops during <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> normalisation when an offset went negative.
! 492: <li>Fix <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a> -n option operation with table statements.
! 493: <li>Allow <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> tables to be initialised from a file listed in <a href="http://man.openbsd.org?query=pf.conf&sektion=5">pf.conf(5)</a>.
! 494: <li>Better checking and error reporting for illegal table-related constructs in <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> rules.
1.1 deraadt 495: <li>Improve TCP performance by sending segments of no more than half the send buffer space limit. This means that (if enough data is available to be sent) there will always be at least two segments sent. A BSD receiver-TCP will turn off delayed ACKs with more than one un-ACK'd packet on a socket.
496: <!-- ^ 20030125 -->
1.46 ! beck 497: <li>Improvements to <a href="http://man.openbsd.org?query=newsyslog&sektion=8">newsyslog(8)</a> monitor mode.
! 498: <li>Plug a potential memory leak in <a href="http://man.openbsd.org?query=spamd&sektion=8">spamd(8)</a>.
! 499: <li>Make sure <a href="http://man.openbsd.org?query=xinit&sektion=1">xinit(1)</a> never leaks the MIT_MAGIC_COOKIE via the command line.
! 500: <li>Fix <a href="http://man.openbsd.org?query=vipw&sektion=8">vipw(8)</a>'s use of timestamps to detect changes to the temp file.
1.1 deraadt 501: <li>Make sure a thread's signal handlers aren't run until the thread is made current.
502: <li>Save the fpu state when switching threads on i386 and sparc64, floating-point preemption regression tests now pass on these architectures.
1.46 ! beck 503: <li>Fix <a href="http://man.openbsd.org?query=ndc&sektion=8">ndc(8)</a>'s reading of the <a href="http://man.openbsd.org?query=rc.conf&sektion=8">rc.conf(8)</a> variable NAMED_FLAGS.
! 504: <li>Fixes to <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a>'s TCP window scaling support.
1.1 deraadt 505: <li>pfctl -vvsq display (altq stats) gets more useful, showing bandwidth and packet rate stats for CBQ and PRIQ.
1.46 ! beck 506: <li>Install <a href="http://man.openbsd.org?query=nslookup&sektion=8">nslookup(8)</a> along with BIND 9, and don't print the irritating deprecation warning.
1.1 deraadt 507: <!-- ^ 20030124 -->
1.46 ! beck 508: <li><a href="http://man.openbsd.org?query=ftp-proxy&sektion=8">ftp-proxy(8)</a> now honours the TCP_WRAPPERS setting in mk.conf.
! 509: <li>Allow <a href="http://man.openbsd.org?query=cvs&sektion=1">cvs(1)</a> Checkin-Prog and Update-prog to be disabled with the new CVSROOT/config option "DisableXProg"
! 510: <li>Always use <a href="http://man.openbsd.org?query=splimp&sektion=9">splimp(9)</a> in <a href="http://man.openbsd.org?query=wi&sektion=4">wi(4)</a>, fixing some transmission failures.
! 511: <li>Add -1 and -2 options to <a href="http://man.openbsd.org?query=scp&sektion=1">scp(1)</a> to force SSH protocol 1 or 2 respectively.
! 512: <li>New -l bandwidth-limiter option for <a href="http://man.openbsd.org?query=scp&sektion=1">scp(1)</a>.
! 513: <li>New -c option to <a href="http://man.openbsd.org?query=ssh-add&sektion=1">ssh-add(1)</a>, that forces <a href="http://man.openbsd.org?query=ssh-agent&sektion=1">ssh-agent(1)</a> to pop up a dialog requesting confirmation of the use of a stored key.
! 514: <li>Don't have <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> crash the kernel when translating icmp6 packets.
1.1 deraadt 515: <!-- ^ 20030123 -->
1.46 ! beck 516: <li>More updates to <a href="http://man.openbsd.org?query=unifdef&sektion=1">unifdef(1)</a>.
1.1 deraadt 517: <!-- ^ 20030122 -->
1.46 ! beck 518: <li>strcpy -> strlcpy in <a href="http://man.openbsd.org?query=ftp&sektion=1">ftp(1)</a> macro expansion.
! 519: <li><a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> tables automatically spring into existence when referred to by <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a> add or replace commands.
! 520: <li>Add <a href="http://www.ietf.org/rfc/rfc1323.txt">RFC 1323</a> TCP window scaling support to <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a>.
! 521: <li>Improvements to <a href="http://man.openbsd.org?query=wi&sektion=4">wi(4)</a> hostap timeouts.
! 522: <li>Add new <a href="http://man.openbsd.org?query=ssh-agent&sektion=1">ssh-agent(1)</a> -t option to set the default key lifetime.
! 523: <li>Add a generic watchdog interface and <a href="http://man.openbsd.org?query=sysctl&sektion=8">sysctl(8)</a> kern.watchdog.
! 524: <li>Shrink <a href="http://man.openbsd.org?query=wi&sektion=4">wi(4)</a> and save some space on the install floppies by removing hostap code when compiled with -DSMALL_KERNEL.
! 525: <li>Use the right variable type when <a href="http://man.openbsd.org?query=traceroute6&sektion=8">traceroute6(8)</a> fetches the default hop limit via <a href="http://man.openbsd.org?query=sysctl&sektion=3">sysctl(3)</a>.
! 526: <li>Tweak <a href="http://man.openbsd.org?query=compat_linux&sektion=8">compat_linux(8)</a> socket syscall emulation. Improves emulation of programs using UDP.
! 527: <li>Fix an incorrect argument length passed to <a href="http://man.openbsd.org?query=setsockopt&sektion=2">setsockopt(2)</a> by <a href="http://man.openbsd.org?query=traceroute6&sektion=8">traceroute6(8)</a>.
1.1 deraadt 528: <!-- ^ 20030121 -->
1.46 ! beck 529: <li>bzero() after <a href="http://man.openbsd.org?query=malloc&sektion=9">malloc(9)</a> in <a href="http://man.openbsd.org?query=siop&sektion=4">siop(4)</a>.<br>
1.1 deraadt 530: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.46 ! beck 531: <li>Have /etc/rc generate the BIND 9 <a href="http://man.openbsd.org?query=rndc&sektion=8">rndc(8)</a> shared secret if it doesn't exist.
1.1 deraadt 532: <li>Add BIND 9 configuration files.
533: <li>Skip DNSSEC programs in BIND 9.
1.39 nick 534: <li>Begin import of BIND 9.2.2rc1. (Local changes documented in <a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/bind/README.OpenBSD?rev=1.1&content-type=text/x-cvsweb-markup">README.OpenBSD</a>.)
1.46 ! beck 535: <li>Fix some silly pastos in <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a> table code.
! 536: <li>Create /var/empty/dev/log for programs that <a href="http://man.openbsd.org?query=chroot&sektion=2">chroot(2)</a> to /var/empty.
! 537: <li>Fix a typo in <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> DIOCRSETTFLAGS implmentation, so it doesn't look like changing a table flag created a table when in fact it deleted one.
! 538: <li>Stop <a href="http://man.openbsd.org?query=syslog&sektion=3">syslog(3)</a> from reconnecting to /dev/log on an ENOBUFS as this doesn't help, and it hurts <a href="http://man.openbsd.org?query=chroot&sektion=2">chroot(2)</a>'ed processes.<br>
1.1 deraadt 539: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> <!-- XXX 3.2-stable -->
1.46 ! beck 540: <li>Change <a href="http://man.openbsd.org?query=chroot&sektion=2">chroot(2)</a>'ed daemons <a href="http://man.openbsd.org?query=portmap&sektion=8">portmap(8)</a>, <a href="http://man.openbsd.org?query=rstatd&sektion=8">rstatd(8)</a> and <a href="http://man.openbsd.org?query=rusersd&sektion=8">rusersd(8)</a> to use <a href="http://man.openbsd.org?query=openlog&sektion=3">openlog(3)</a> with LOG_NDELAY.
! 541: <li>Implement <a href="http://man.openbsd.org?query=sigaltstack&sektion=2">sigaltstack(2)</a> under pthreads.
1.1 deraadt 542: <li>Copy the thread sources (including CVS history) from lib/libc_r to lib/pthread, and move libc_r into the Attic.
1.46 ! beck 543: <li>Make <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a> show more information with -vvs[rn] for rules containing tables.
1.1 deraadt 544: <!-- ^ 20030120 -->
1.46 ! beck 545: <li><font color="#e00000"><strong>SECURITY FIX: A double free in <a href="http://man.openbsd.org?query=cvs&sektion=1">cvs(1)</a> could allow an attacker to execute code with the privileges of the user running cvs. This is only an issue when the cvs command is being run on a user's behalf as a different user. This means that, in most cases, the issue only exists for cvs configurations that use the pserver client/server connection method.</strong></font><br>
1.1 deraadt 546: <a href="errata32.html#cvs">A source code patch is available</a>.<br>
547: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.46 ! beck 548: <li>Add an invalid ioctl sanity check to <a href="http://man.openbsd.org?query=gif&sektion=4">gif(4)</a>.
! 549: <li>Bring <a href="http://man.openbsd.org?query=perl&sektion=1">perl(1)</a>'s build into line with the libc_r -> pthread move.
1.1 deraadt 550: <li>Big improvements to a.out library dependency handling.
1.46 ! beck 551: <li>Make <a href="http://man.openbsd.org?query=select&sektion=2">select(2)</a> a thread cancellation point as per the standard.
! 552: <li>Fix some locking-related <a href="http://man.openbsd.org?query=raidctl&sektion=8">raidctl(8)</a> panics.
1.1 deraadt 553: <!-- ^ 20030119 -->
1.46 ! beck 554: <li>Updates to <a href="http://man.openbsd.org?query=unifdef&sektion=1">unifdef(1)</a>.
! 555: <li>Fix a null deref in <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a> when processing the -k option.
! 556: <li>Big cleanup of host() in the <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a> parser.
! 557: <li>When running <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a> with insufficient privileges to open /dev/pf, make the -n option work as a syntax checker for table commands.
1.1 deraadt 558: <!-- ^ 20030118 -->
1.46 ! beck 559: <li>Unbreak <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> nat random source port assignment. Now a rule has to actually ask for static-port in order to get it.
! 560: <li>Enable the <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a> 'static-port' keyword.
! 561: <li>Extensive <a href="http://man.openbsd.org?query=ld&sektion=1">ld(1)</a> changes to better protect ELF executables from tampering (see the <a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/gnu/usr.bin/binutils/bfd/elf.c?rev=1.13&content-type=text/x-cvsweb-markup">checkin comment</a> for details).
! 562: <li>Add new output format option '-f' to <a href="http://man.openbsd.org?query=ncheck_ffs&sektion=8">ncheck_ffs(8)</a>.
! 563: <li><a href="http://man.openbsd.org?query=ncheck_ffs&sektion=8">ncheck_ffs(8)</a> no longer reports when the set[ug]id bits are set on directories, since these are meaningless in OpenBSD.
! 564: <li>Fix a missing YYERROR in the <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a> parser.
1.1 deraadt 565: <!-- ^ 20030117 -->
1.46 ! beck 566: <li>Deal with <a href="http://man.openbsd.org?query=cd&sektion=4">cd(4)</a> drives that are picky about being asked to play the leadout track.
1.39 nick 567: <li><a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/pcidevs.diff?r1=1.586&r2=1.587&f=h">Note with regret and sadness</a> that the <a href="http://www.yourvote.com/pci/">freely available PCI vendor and device list</a> is no longer available.
1.46 ! beck 568: <li>Bring <a href="http://man.openbsd.org?query=protocols&sektion=5">protocols(5)</a> more into line with current reality.
! 569: <li>More improvements and device additions to <a href="http://man.openbsd.org?query=pciide&sektion=4">pciide(4)</a>.
1.1 deraadt 570: <!-- ^ 20030116 -->
1.46 ! beck 571: <li>Explicity use the first path found by <a href="http://man.openbsd.org?query=glob&sektion=3">glob(3)</a> instead of indexing with an uninitialised variable in <a href="http://man.openbsd.org?query=sftp&sektion=1">sftp(1)</a>.
! 572: <li>Small fixes to <a href="http://man.openbsd.org?query=whois&sektion=1">whois(1)</a>.
1.1 deraadt 573: <li>Create PIC archives for a number of X libs, useful for ports that create shared libraries.
1.46 ! beck 574: <li>Stop <a href="http://man.openbsd.org?query=nfsstat&sektion=1">nfsstat(1)</a> displaying info for the no-longer-supported <a href="http://docs.freebsd.org/44doc/papers/nqnfs.html">NQNFS</a> protocol.
! 575: <li>Fix <a href="http://man.openbsd.org?query=nfsstat&sektion=1">nfsstat(1)</a>'s filesystem id lookup, and a minor buffer overrun.
! 576: <li>Fix some minor bugs in <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> table creation.
! 577: <li>Have <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a> recognise the '-T load' option like it used to.
! 578: <li>Plug a memory leak in the <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> table code when using PFR_FLAG_DUMMY.
! 579: <li>For the benefit of <a href="http://man.openbsd.org?query=dhclient&sektion=8">dhclient(8)</a>, allow outbound pings from the initial <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> rulebase installed by <a href="http://man.openbsd.org?query=rc&sektion=8">rc(8)</a>.
1.1 deraadt 580: <!-- ^ 20030115 -->
1.46 ! beck 581: <li>Pull all the IP address parsing code of <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a> into one place.
1.1 deraadt 582: <li>Goodbye libc_r and libnpthread, hello libpthread.
1.46 ! beck 583: <li>Check for and report read errors in <a href="http://man.openbsd.org?query=md5&sektion=1">md5(1)</a>.
! 584: <li>Stop <a href="http://man.openbsd.org?query=sftp&sektion=1">sftp(1)</a> uploading or downloading non-regular files.
1.1 deraadt 585: <li>/etc/weekly is now built (by default) in /var/tmp rather than /tmp.
586: <!-- ^ 20030114 -->
1.46 ! beck 587: <li>Add an extra sanity check in <a href="http://man.openbsd.org?query=malloc&sektion=3">malloc(3)</a> to prevent size_t overflows.
! 588: <li>Better input checking and error handling in the <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> table code.
1.1 deraadt 589: <!-- ^ 20030113 -->
1.46 ! beck 590: <li>Begin converting <a href="http://man.openbsd.org?query=vmstat&sektion=8">vmstat(8)</a> with the -i option to use <a href="http://man.openbsd.org?query=sysctl&sektion=3">sysctl(3)</a> instead of kvm.
1.1 deraadt 591: <li>Start work on NVIDIA nForce support.
592: <!-- ^ 20030112 -->
1.46 ! beck 593: <li><a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a> now supports CIDR-notation IPv4 addresses when manipulating tables.
! 594: <li>Some command-line fixes and tweaks to <a href="http://man.openbsd.org?query=rusers&sektion=1">rusers(1)</a>.
! 595: <li>Stop <a href="http://man.openbsd.org?query=rm&sektion=1">rm(1)</a> with the -P option from overwriting files with multiple links.
1.1 deraadt 596: <!-- ^ 20030111 -->
1.46 ! beck 597: <li>Fix handling of addition and subtraction of negated addresses to tables in <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a>.
! 598: <li>In <a href="http://man.openbsd.org?query=ssh&sektion=1">ssh(1)</a> only show the <a href="http://man.openbsd.org?query=socket&sektion=2">socket(2)</a> error for the last address to which one tries to connect.
! 599: <li>Don't fill files full of holes with <a href="http://man.openbsd.org?query=ftruncate&sektion=2">ftruncate(2)</a> after a write error in <a href="http://man.openbsd.org?query=rcp&sektion=1">rcp(1)</a> and <a href="http://man.openbsd.org?query=scp&sektion=1">scp(1)</a>.
! 600: <li>Add a progress meter to the <a href="http://man.openbsd.org?query=sftp&sektion=1">sftp(1)</a> client.
1.1 deraadt 601: <!-- ^ 20030110 -->
1.46 ! beck 602: <li>Remove <a href="http://man.openbsd.org?query=fetch&sektion=9&release=OpenBSD+3.2">fetch(9)</a> and <a href="http://man.openbsd.org?query=store&sektion=9&release=OpenBSD+3.2">store(9)</a> from the kernel, and replace calls to them with their <a href="http://man.openbsd.org?query=copy&sektion=9">copy(9)</a> descendants.
! 603: <li>Various strl* return value checks in <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a>.
! 604: <li>Initial support for queue statistics display for <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a> (-vsq option).
! 605: <li>'Default-Phase-1-Configuration' -> 'Default-phase-1-configuration', 'Default-Phase-2-Suites' -> 'Default-phase-2-suites' in <a href="http://man.openbsd.org?query=isakmpd&sektion=8">isakmpd(8)</a>.
! 606: <li>New table manipulation syntax for <a href="http://man.openbsd.org?query=pf.conf&sektion=5">pf.conf(5)</a>, and a corresponding new -Tl option for <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a>.
! 607: <li>Add support for active/inactive <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> tablesets in the kernel
1.1 deraadt 608: <!-- ^ 20030109 -->
1.46 ! beck 609: <li>Enable SET/ACK in <a href="http://man.openbsd.org?query=isakmpd&sektion=8">isakmpd(8)</a> when acting as an ike-mode-cfg responder.<br>
1.1 deraadt 610: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> <!-- XXX 3.2-stable -->
1.46 ! beck 611: <li>Improvements and fixes to batch mode <a href="http://man.openbsd.org?query=sftp&sektion=1">sftp(1)</a>.
1.1 deraadt 612: <!-- ^ 20020108 -->
1.46 ! beck 613: <li>Big <a href="http://man.openbsd.org?query=strlcpy&sektion=3">strlcpy/strlcat(3)</a> makeover for <a href="http://man.openbsd.org?query=csh&sektion=1">csh(1)</a>.
! 614: <li>Stop <a href="http://man.openbsd.org?query=compress&sektion=1">compress(1)</a> from clobbering an existing output file if the input can't be opened.
! 615: <li><a href="http://man.openbsd.org?query=gcc&sektion=1">gcc(1)</a> attribute(sentinel) improvements.
! 616: <li>Improvements to <a href="http://man.openbsd.org?query=whois&sektion=1">whois(1)</a>: Can specify port with -p; recursive IP lookup; INICHOST (-i) is now netsol.
! 617: <!-- ^ <li>In the <a href="http://man.openbsd.org?query=gcc&sektion=1">gcc(1)</a> stack protector code, avoid using long integer addition on processors that don't support it. --> <!-- reverted anyway 20030112 - phew -->
! 618: <li>Remove old altq packet-classifier code from the kernel now that <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> does its job instead.
1.1 deraadt 619: <!-- ^ 20030107 -->
1.46 ! beck 620: <li><a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a>'s string parser can handle strings beginning with an underscore, useful for all those new daemon usernames.
! 621: <li>Have <a href="http://man.openbsd.org?query=authpf&sektion=8">authpf(8)</a> clean up after failed previous incarnations of itself.
! 622: <li>Don't allow s[eh]mmni to be set (via the newish <a href="http://man.openbsd.org?query=sysctl&sektion=8">sysctl(8)</a> interface) greater than 0xffff, to prevent id collisions due to wraparound.
! 623: <li><a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> tables now spring into and out of existence on demand.
! 624: <li>Fix the <a href="http://man.openbsd.org?query=sudoers&sektion=5">sudoers(5)</a> parser's handling of EOF not preceded by newline.
! 625: <li>Stop <a href="http://man.openbsd.org?query=sftp&sektion=1">sftp(1)</a> from always adding u+w permissions to files pulled by get -p.
! 626: <li>Values set in <a href="http://man.openbsd.org?query=sysctl.conf&sektion=5">sysctl.conf(5)</a> can contain spaces when quoted as for sh.
! 627: <li><a href="http://man.openbsd.org?query=shmctl&sektion=2">shmctl(2)</a> can now operate on segments marked for removal.
! 628: <li>In <a href="http://man.openbsd.org?query=compress&sektion=1">compress(1)</a>, don't trip the 'may not mix -o, -c or -t' warning by mistake, and don't choke on stdin when compressing.
! 629: <li>Add <a href="http://man.openbsd.org?query=mg&sektion=1">mg(1)</a> the +number option, which moves the point to the given line of each file.
1.1 deraadt 630: <li>Correct a couple of {dup,reply,route}-to problems related to nat pools.
631: <!-- ^ 20030106 -->
1.46 ! beck 632: <li>Create a new group, _lkm, and install <a href="http://man.openbsd.org?query=modstat&sektion=8">modstat(8)</a> setgid to it instead of to kmem.
! 633: <li><a href="http://man.openbsd.org?query=pstat&sektion=8">pstat(8)</a> now only does <a href="http://man.openbsd.org?query=kvm_openfiles&sektion=3">kvm_openfiles(3)</a> for the -v option, the rest is obtained using <a href="http://man.openbsd.org?query=sysctl&sektion=3">sysctl(3)</a>.
! 634: <li><a href="http://man.openbsd.org?query=cp&sektion=1">cp(1)</a> sets permissions later, so -R works when copying directories with no write access.
! 635: <li>Fix a null deref in <a href="http://man.openbsd.org?query=dlsym&sektion=3">dlsym(3)</a>.
1.1 deraadt 636: <!-- ^ 20030105 -->
1.46 ! beck 637: <li>Avoid a rare division-by-zero in <a href="http://man.openbsd.org?query=ps&sektion=1">ps(1)</a> that could occur on non-IEEE systems like the vax.
! 638: <li>Remove the endianness from <a href="http://man.openbsd.org?query=bktr&sektion=4">bktr(4)</a>. Enable on macppc.
! 639: <li>Make sure we don't try to free a null pointer in <a href="http://man.openbsd.org?query=whois&sektion=1">whois(1)</a>.
! 640: <li>Change 'no-route' implementation from a flag in the <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> rule address to an address type.
! 641: <li>Make <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> skip-step calculation honour the 'no-route' keyword.
! 642: <li>Remove code in <a href="http://man.openbsd.org?query=ld&sektion=1">ld(1)</a> to force linking against a specific library version.<br>
1.1 deraadt 643: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> <!-- XXX 3.2-stable -->
644: <li>Add console support for Polish and Turkish keyboard layouts.
645: <!-- ^ 20030104 -->
1.46 ! beck 646: <li>Add the userland support for <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> tables to <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a> and <a href="http://man.openbsd.org?query=authpf&sektion=8">authpf(8)</a>.
! 647: <li>Remove reference to the now obsolete <a href="http://man.openbsd.org?query=screenblank&sektion=0&manpath=OpenBSD+3.2&arch=sparc">screenblank</a> from /etc/rc.
! 648: <li>Fix <a href="http://man.openbsd.org?query=dig&sektion=1">dig(1)</a> time display on 64-bit big-endian targets.
! 649: <li>Do a <a href="http://man.openbsd.org?query=bridge&sektion=4">bridge(4)</a> routing update if the source interface is in the LEARNING state, not the destination interface.
1.1 deraadt 650: <!-- ^ 20030103 -->
1.46 ! beck 651: <li><a href="http://man.openbsd.org?query=ftp&sektion=1">ftp(1)</a> does a better job of detecting a failed cd command.
! 652: <li>Have <a href="http://man.openbsd.org?query=syslog&sektion=3">syslog(3)</a> parse '%%m' correctly.
! 653: <li>Fix a null deref in <a href="http://man.openbsd.org?query=at&sektion=1">at(1)</a>.
! 654: <li>Require a direction for <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> rules that do routing.
! 655: <li>When combining (route|reply)-to and translation in <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> rules, make sure a state table insertion is only attempted once.
1.1 deraadt 656: <!-- ^ 20030102 -->
657: <li>Note (in the system copyright message) that it's now 2003.
658: <li>Update to sendmail 8.12.7.
1.46 ! beck 659: <li>Have <a href="http://man.openbsd.org?query=tcpdump&sektion=8">tcpdump(8)</a> display all <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> rule types instead of just pass/block rules.
! 660: <li>Make the <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> table code handle duplicate table names and/or duplicate addresses in a single <a href="http://man.openbsd.org?query=ioctl&sektion=2">ioctl(2)</a> call.
1.1 deraadt 661: <!-- ^ 20030101 -->
1.46 ! beck 662: <li>Remove the <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> skip-step for rule action (scrub or no-scrub).
! 663: <li>Properly update <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> scrub rule statistics.
! 664: <li>Put <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> scrub rules into a ruleset separate to filter rules.
! 665: <li>Implement policy suggestions in <a href="http://man.openbsd.org?query=xsystrace&sektion=1">xsystrace(1)</a>.
1.1 deraadt 666: <li>Adios amiga and sun3 platforms.
667: <!-- ^ 20021231 -->
1.46 ! beck 668: <li>Don't overrun the buffer when listing route entries via <a href="http://man.openbsd.org?query=sysctl&sektion=3">sysctl(3)</a>.
! 669: <li>Fix <a href="http://man.openbsd.org?query=strtok_r&sektion=3">strtok_r(3)</a> breakage in libwrap that was causing EXCEPT rules to fail.
! 670: <li>Add a missing <a href="http://man.openbsd.org?query=exit&sektion=3">exit(3)</a> in <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a>.
! 671: <li>Correctly ignore the case where a directory with the desired executable name appears in one of the paths searched by <a href="http://man.openbsd.org?query=execvp&sektion=3">exec[vl]p(3)</a>.
! 672: <li>Set a default <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> state table size of 10000 entries.
! 673: <li>In <a href="http://man.openbsd.org?query=pf.conf&sektion=5">pf.conf(5)</a>, change keyword 'ipv6-icmp-type' to 'icmp6-type' and instead of 'proto ipv6-icmp' allow 'icmp6'
1.1 deraadt 674: <li>Fix a C++ compiler problem with Kerberos IV's krb.h, similar to the cdefs.h fix earlier.
1.46 ! beck 675: <li>Avoid a null deref when parsing the command line of <a href="http://man.openbsd.org?query=make&sektion=1">make(1)</a>.
! 676: <li>Allocate memory for connections to <a href="http://man.openbsd.org?query=spamd&sektion=8">spamd(8)</a> based on the -c command line option.
! 677: <li>Make <a href="http://man.openbsd.org?query=cd&sektion=4">cd(4)</a> try more often than other scsi devices, and don't ignore 'not ready' status from the bus.
1.9 deraadt 678: <li>Add a parameter for the number of retries when waiting for a scsi device to come ready (scsi_test_unit_ready()).
1.46 ! beck 679: <li>If <a href="http://man.openbsd.org?query=semop&sektion=2">semop(2)</a> has to do a <a href="http://man.openbsd.org?query=tsleep&sektion=9">tsleep(9)</a>, wake it back up at a much lower priority.
1.1 deraadt 680: <li>Wait until a semaphore undo structure can be allocated if one isn't available immediately, and check that another hasn't been allocated to our process while we were waiting.
1.46 ! beck 681: <li>Properly check SOCKS connection return code in <a href="http://man.openbsd.org?query=nc&sektion=1">nc(1)</a>.
1.1 deraadt 682: <li>More firewire fixes. Concurrent devices support on the way.
683: <li>Remove outdated references to NFS as an installation source from the install notes.
684: <!-- ^ 20021230 -->
1.46 ! beck 685: <li>Fix HOSTAP_FLAG_BITS in <a href="http://man.openbsd.org?query=wi&sektion=4">wi(4)</a>.
1.1 deraadt 686: <li>Make 'pfctl -a name -s[rn]' show all rules or nats in all rulesets on anchor 'name'.
1.46 ! beck 687: <li>In <a href="http://man.openbsd.org?query=authpf&sektion=8">authpf(8)</a>, set the macro '$user_id' to the username.
1.1 deraadt 688: <li>Fix a couple of missed semaphore counter updates.
1.46 ! beck 689: <li>Add kernel portion of <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> support for efficient tables of addresses (currently implemented as radix tables similar to the kernel routing table).
1.1 deraadt 690: <!-- ^ 20021229 -->
691: <li>Remove an extraneous semicolon in <sys/cdefs.h> that broke some C++ compilers.
1.46 ! beck 692: <li>Fix an amusingly incorrect <a href="http://man.openbsd.org?query=calloc&sektion=3">calloc(3)</a> size in <a href="http://man.openbsd.org?query=nc&sektion=1">nc(1)</a>.
1.1 deraadt 693: <!-- ^ 20021228 -->
1.46 ! beck 694: <li>Allow the log keyword in <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> scrub rules.
! 695: <li>Some fixes to <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> ioctl handling.
! 696: <li>When <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> is routing a stateful connection, use the correct pool address.
! 697: <li>Fix kernel <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a>'s ability to match binat-anchor rules.
! 698: <li>Add a missing initialisation that was causing a crash in <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a>.
1.1 deraadt 699: <!-- ^ 20021227 -->
1.46 ! beck 700: <li>Add <a href="http://man.openbsd.org?query=spamd&sektion=8">spamd(8)</a> support to <a href="http://man.openbsd.org?query=rc&sektion=8">rc(8)</a>. rc.conf and root's crontab.
! 701: <li>More paranoia checks in kernel <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> routing.
1.1 deraadt 702: <!-- ^ 20021226 -->
1.46 ! beck 703: <li>Unbreak <a href="http://man.openbsd.org?query=spamd&sektion=8">spamd(8)</a>'s connection timeout.
! 704: <li>Honour the -R and -N flags to <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a>.
! 705: <li>Tweak <a href="http://man.openbsd.org?query=gcc&sektion=1">gcc(1)</a>'s handling of inline functions w.r.t. the stack protector.
1.1 deraadt 706: <!-- ^ 20021225 -->
1.46 ! beck 707: <li>New _spamd user and group for, uh, <a href="http://man.openbsd.org?query=spamd&sektion=8">spamd(8)</a>.
! 708: <li>Fix <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a>'s display of 'control' keyword for CBQ rules.
1.1 deraadt 709: <!-- ^ 20021224 -->
710: <li>Make libc/md/md5c.c compile again for big-endian machines.
1.46 ! beck 711: <li>Avoid a null deref in <a href="http://man.openbsd.org?query=pppd&sektion=8">pppd(8)</a>.
! 712: <li>Remove a couple of extra <a href="http://man.openbsd.org?query=ntohs&sektion=3">ntohs(3)</a> calls in <a href="http://man.openbsd.org?query=pfsync&sektion=4">pfsync(4)</a>.
! 713: <li>Cleanup of <a href="http://man.openbsd.org?query=atactl&sektion=8">atactl(8)</a>.
! 714: <li>Fix device attachment bug in <a href="http://man.openbsd.org?query=siop&sektion=4">siop(4)</a>.<br>
1.1 deraadt 715: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
716: <!-- ^ 20021223 -->
1.46 ! beck 717: <li>Update Perl's <a href="http://man.openbsd.org?query=Safe&sektion=0">Safe(3p)</a> module to 2.09, fixing a <a href="http://archive.develooper.com/perl5-porters@perl.org/msg87643.html">security hole</a>.<br>
1.1 deraadt 718: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.46 ! beck 719: <li><a href="http://man.openbsd.org?query=newsyslog&sektion=8">newsyslog(8)</a> error messages now contain the line number.
! 720: <li>Have 'chroot -U' do a <a href="http://man.openbsd.org?query=setlogin&sektion=2">setlogin(2)</a> if the caller is, or can be made into, the session leader.
! 721: <li>Make <a href="http://man.openbsd.org?query=chroot&sektion=8">chroot(8)</a> check for $SHELL defined as null as well as for undef.
! 722: <li>Increase the receive buffer length of the correct socket in <a href="http://man.openbsd.org?query=syslogd&sektion=8">syslogd(8)</a>.
! 723: <li>Fix <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a>'s display of binat rules that use nat pools.
! 724: <li><a href="http://man.openbsd.org?query=authpf&sektion=8">authpf(8)</a> rules are now managed in their own anchor instead of at the end of the main rulebase. New *anchor rules are needed to activate authpf.
1.1 deraadt 725: <!-- ^ 20021222 -->
1.46 ! beck 726: <li>Make sure the queue identifier returned by <a href="http://man.openbsd.org?query=msgget&sektion=2">msgget(2)</a> is greater than zero.
! 727: <li>Correctly display <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> rdr rules with no proxy port.
! 728: <li>Fix a missing initialisation in <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a>.
1.1 deraadt 729: <!-- ^ 20021221 -->
1.46 ! beck 730: <li>Add <a href="http://man.openbsd.org?query=spamd&sektion=8">spamd(8)</a>, which uses new <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> features to stop spammers even hitting the mail server.
! 731: <li>Fix an Alpha-specific crash in <a href="http://man.openbsd.org?query=pfsync&sektion=4">pfsync(4)</a> by using bcopy() instead of structure assignment.
! 732: <li>Fix a use-after-free() in <a href="http://man.openbsd.org?query=mailwrapper&sektion=8">mailwrapper(8)</a>.
! 733: <li>Add a new kernel <a href="http://man.openbsd.org?query=pool&sektion=9">pool(9)</a> flag, PR_DEBUG, the use of which causes pool memory to be <a href="http://man.openbsd.org?query=malloc&sektion=9">malloc(9)</a>'d using M_DEBUG.
1.1 deraadt 734: <!-- ^ 20021220 -->
1.46 ! beck 735: <li>Add new kernel <a href="http://man.openbsd.org?query=malloc&sektion=9">malloc(9)</a> type M_DEBUG.
! 736: <li>Also support CORENIC handles in <a href="http://man.openbsd.org?query=whois&sektion=1">whois(1)</a>.
! 737: <li>Add dsiz and ssiz keywords to <a href="http://man.openbsd.org?query=ps&sektion=1">ps(1)</a> to show data size and stack size respectively.
! 738: <li>Update <a href="http://man.openbsd.org?query=awk&sektion=1">awk(1)</a> to '<a href="http://cm.bell-labs.com/cm/cs/who/bwk/">one true awk</a>' version 20021213 (Friday 13th ed.)
! 739: <li>Add the -6 and -c registry shortcuts to <a href="http://man.openbsd.org?query=whois&sektion=1">whois(1)</a>, and deal with VNIC handles starting with '!'.
! 740: <li>Better resolver error checking, a few fixes and a lot of message cleanup in <a href="http://man.openbsd.org?query=ftp-proxy&sektion=8">ftp-proxy(8)</a>.
! 741: <li>Stop '-k' being used as an abbreviation for '--keep-locals' in GNU <a href="http://man.openbsd.org?query=as&sektion=1">as(1)</a>.
! 742: <li>Optimise <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> skip-step calculation to O(n) from O(n-squared).
! 743: <li>Fix <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> 'no {binat,nat,rdr}' evaluation.
1.1 deraadt 744: <!-- ^ 20021219 -->
1.46 ! beck 745: <li>Allow <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a> (with the -vsn) option to display translation statistics as -vsr does for rules.
! 746: <li>When logging <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> rules from anchored rules, display the *anchor rule number, not the rule number within the anchored rules. (Hopefully both will be displayed sometime soon.)
1.1 deraadt 747: <li>Make sure that state table entry display doesn't try to print rules that are no longer in place.
1.46 ! beck 748: <li>Prevent changes to different rule types overwriting <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> DIOCCHANGE* tickets.
! 749: <li>Support a single destination port in <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> rdr-anchor rules.
! 750: <li>Match <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> {binat,nat,rdr}-anchor parsing to what is actually supported.
1.1 deraadt 751: <!-- ^ 20021218 -->
752: <li>Always compile in PRIQ and HFSC schedulers if ALTQ is included in the kernel.
1.46 ! beck 753: <li>Make SysV shared memory and semaphore limits configurable via <a href="http://man.openbsd.org?query=sysctl&sektion=8">sysctl(8)</a>. Oh yes.
! 754: <li><a href="http://man.openbsd.org?query=whois&sektion=1">whois(1)</a> no longer barfs totally if just one of its query list is not found.
! 755: <li>Add PRIQ scheduler support to <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a>.
! 756: <li><a href="http://man.openbsd.org?query=su&sektion=1">su(1)</a> only calls <a href="http://man.openbsd.org?query=setlogin&sektion=2">setlogin(2)</a> if it's the session leader (as noted in the setlogin manpage).
! 757: <li>More <a href="http://man.openbsd.org?query=compress&sektion=1">compress(1)</a>-works-like-<a href="http://man.openbsd.org?query=gzip&sektion=1">gzip(1)</a>: Add -r (recurse) option, and make it truncate existing files when extracting.
! 758: <li>Since <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> rule comparison is now done in userland, remove unused pf_compare* functions from the kernel.
! 759: <li><a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> DIOCCHANGE* ioctls now require a ticket, to prevent races.
! 760: <li>Merge <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> nat, binat and rdr structures and pools into pf_rule.
! 761: <li>Fix the signedness of <a href="http://man.openbsd.org?query=wsconsctl&sektion=8">wsconsctl(8)</a> variable display.focus, so a test against -1 now makes sense.
1.1 deraadt 762: <!-- ^ 20021217 -->
1.46 ! beck 763: <li>Teach <a href="http://man.openbsd.org?query=imake&sektion=1">imake(1)</a> how to detect automagically the <a href="http://man.openbsd.org?query=gcc&sektion=1">gcc(1)</a> stack protector.
! 764: <li>Now <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> supports other queue types, only try to create a root queue for CBQ.
! 765: <li>For some peculiar reason, support decoding in <a href="http://man.openbsd.org?query=ppt&sektion=6">ppt(6)</a>.
1.1 deraadt 766: <li>Make linux emultation *stat64() work again.
1.46 ! beck 767: <li>Convert <a href="http://man.openbsd.org?query=altq&sektion=9">altq(9)</a> disciplines HFSC, PRIQ and RIO to <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a>-based (CDNR and RED to come,) and remove other queuing disciplines.
1.1 deraadt 768: <!-- ^ 20021216 -->
1.46 ! beck 769: <li><a href="http://man.openbsd.org?query=iostat&sektion=8">iostat(8)</a>, <a href="http://man.openbsd.org?query=systat&sektion=1">systat(1)</a> and <a href="http://man.openbsd.org?query=vmstat&sektion=8">vmstat(8)</a> now update their disk stats automatically when a device is detached.
! 770: <li>Enable login failure recording by default, by installing a blank /var/log/failedlogin (see <a href="http://man.openbsd.org?query=login&sektion=1">login(1)</a>).
1.1 deraadt 771: <li>Fix some problems with the new inlined <ctype.h> functions on 64-bit architectures.
772: <!-- ^ 20021215 -->
1.46 ! beck 773: <li>Make <a href="http://man.openbsd.org?query=cdio&sektion=1">cdio(1)</a> deal properly with multiline CDDB responses.
1.1 deraadt 774: <!-- ^ 20021214 -->
1.46 ! beck 775: <li>Add a second 'priority' queue to be specified in a <a href="http://man.openbsd.org?query=pf&sektion=rule">pf(rule)</a>, currently used for low-delay ToS packets. Great for ToS-savvy programs like <a href="http://man.openbsd.org?query=ssh&sektion=1">ssh(1)</a>.
! 776: <li>Revert <a href="http://man.openbsd.org?query=nc&sektion=1">nc(1)</a> to the old behaviour, so it exits when the read descriptor is closed instead of requiring both read and write to close.
! 777: <li>Cosmetic fixes to <a href="http://man.openbsd.org?query=scp&sektion=1">scp(1)</a>.
! 778: <li>Allow some ordering freedom for <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> scrub rules.
1.1 deraadt 779: <!-- ^ 20021213 -->
780: <li>Lots of firewire fixes. Add SCSI-over-FireWire support
1.46 ! beck 781: <li>Compare all the bytes of a <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> nat pools key, instead of comparing the first byte four times.
1.1 deraadt 782: <li>Fix a linkage problem that stopped 'make build' working with DESTDIR set.
783: <!-- ^ 20021212 -->
1.46 ! beck 784: <li>Remove setgid(kmem) from <a href="http://man.openbsd.org?query=trpt&sektion=8">trpt(8)</a>.
! 785: <li><a href="http://man.openbsd.org?query=pstat&sektion=8">pstat(8)</a> can now get the tty list using <a href="http://man.openbsd.org?query=sysctl&sektion=3">sysctl(3)</a> insteam of <a href="http://man.openbsd.org?query=kvm_read&sektion=3">kvm_read(3)</a>.
! 786: <li>Fix <a href="http://man.openbsd.org?query=systrace&sektion=1">systrace(1)</a> logging so it works for non-translated calls too.
! 787: <li>Stop <a href="http://man.openbsd.org?query=close&sektion=2">close(2)</a> clobbering errno in <a href="http://man.openbsd.org?query=ld&sektion=1">ld(1)</a>.
1.1 deraadt 788: <li>Convert <ctype.h> macros into functions so they are consistent with those in libc.
789: <li>Change XDR.x_handy from int to u_int to avoid sign bugs.
1.46 ! beck 790: <li>Make <a href="http://man.openbsd.org?query=ar&sektion=1">ar(1)</a> work more like its GNU and Solaris counterparts and not require an archive for the d,m,q and r operations.
1.1 deraadt 791: <li>Fix an mbuf-related panic in kernel PF_KEY v2 code.
792: <li>More ANSIfication in /sbin.
1.46 ! beck 793: <li>Fix a potential (non-exploitable) buffer overrun in the <a href="http://man.openbsd.org?query=httpd&sektion=8">httpd(8)</a> macro FIX_PRECISION.
! 794: <li>Add missing <a href="http://man.openbsd.org?query=snprintf&sektion=3">snprintf(3)</a> error check to <a href="http://man.openbsd.org?query=config&sektion=8">config(8)</a>.
1.1 deraadt 795: <!-- ^ 20021211 -->
1.46 ! beck 796: <li>When mounting the root partition via NFS, call <a href="http://man.openbsd.org?query=inittodr&sektion=9">inittodr(9)</a> with the root filesystem's atime rather than its mtime (since it's likely to be read-only and pretty static).
! 797: <li>Renumber some (debug only) <a href="http://man.openbsd.org?query=tun&sektion=4">tun(4)</a> ioctls so they don't clash with <a href="http://man.openbsd.org?query=ppp&sektion=4">ppp(4)</a>.
! 798: <li>Make sure <a href="http://man.openbsd.org?query=user&sektion=8">user(8)</a> cleans up properly on failure by calling <a href="http://man.openbsd.org?query=pw_abort&sektion=3">pw_abort(3)</a>.
! 799: <li>Check the interface is running first to avoid doing unnecessary STP processing in <a href="http://man.openbsd.org?query=bridge&sektion=4">bridge(4)</a>.
! 800: <li>Before <a href="http://man.openbsd.org?query=login_getcapstr&sektion=3">login_getcapstr(3)</a> destroys the information, check that the value of $SHELL given to <a href="http://man.openbsd.org?query=ssh&sektion=1">ssh(1)</a> is the same as the user's real shell.
! 801: <li>Remember to take the address of the structure on which we're using <a href="http://man.openbsd.org?query=bzero&sektion=3">bzero(3)</a> in the libc stack protector code. <!-- "bug fix" is not a terribly helpful checkin comment. -Andre -->
! 802: <li>Hack <a href="http://man.openbsd.org?query=setsockopt&sektion=2">setsockopt(2)</a> under linux emulation so that SO_REUSEADDR works as expected.
1.1 deraadt 803: <!-- ^ 20021210 -->
1.46 ! beck 804: <li>Use libc's <a href="http://man.openbsd.org?query=getopt_long&sektion=3">getopt_long(3)</a> instead of the private version found in a number of GNU programs.
! 805: <li>Fix a typo in <a href="http://man.openbsd.org?query=bridge&sektion=4">bridge(4)</a> so that <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> actually gets applied to outbound frames...
! 806: <li>Yet more string function paranoia in <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a>.
! 807: <li>Allow <a href="http://man.openbsd.org?query=bridge&sektion=4">bridge(4)</a> to set the STP path cost.
! 808: <li>Add support for regular expression matches in <a href="http://man.openbsd.org?query=systrace&sektion=1">systrace(1)</a> filters.
! 809: <li>In <a href="http://man.openbsd.org?query=systrace&sektion=1">systrace(1)</a>, don't allow 'permit' to be used on aliases.
1.1 deraadt 810: <!-- ^ 20021209 -->
1.46 ! beck 811: <li>Now that options to <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> rules can mostly be in any order, check for and disallow repeated options.
! 812: <li>Handle '-' as stdin or stdout appropriately in <a href="http://man.openbsd.org?query=uniq&sektion=1">uniq(1)</a>.
! 813: <li>strncpy -> strlcpy in <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a>.
! 814: <li>Make <a href="http://man.openbsd.org?query=compress&sektion=1">compress(1)</a> accept most of <a href="http://man.openbsd.org?query=gzip&sektion=1">gzip(1)</a>'s long options. Some cleanup also.
! 815: <li>Continuing compatibility tweaks to <a href="http://man.openbsd.org?query=getopt_long&sektion=3">getopt_long(3)</a>.
1.1 deraadt 816: <!-- ^ 20021208 -->
1.46 ! beck 817: <li><a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> queue options can now be in any order. The 'scheduler' keyword is no longer used.
! 818: <li>More rule shrinkage: The 'fromto' part of a <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> is now optional and defaults to 'all', so e.g. 'block' == 'block all' == 'block from any to any'. <!-- Another uncommented feature, r1.244 -->
! 819: <li><a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> anchor rules now support parameters, so 'anchor name proto tcp from any to any port smtp' works.
! 820: <li>Remove support for the '-a otp' flag from <a href="http://man.openbsd.org?query=telnetd&sektion=8">telnetd(8)</a>. Use <a href="http://man.openbsd.org?query=login.conf&sektion=5">login.conf(5)</a> instead.
! 821: <li>Make <a href="http://man.openbsd.org?query=su&sektion=1">su(1)</a>'s -a flag work again.
1.1 deraadt 822: <li>'pfctl -s' now prints out addresses in rules in the order they are entered.
1.46 ! beck 823: <li>When <a href="http://man.openbsd.org?query=telnet&sektion=1">telnet(1)</a> receives a SIGPIPE when writing to the terminal, treat it like a user SIGQUIT.
! 824: <li>Have <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a> use the actual interface MTU instead of assuming 1500.
! 825: <li>Convert string key hashes in <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a> to network byte order.
! 826: <li>Fix a bug in Xaw that reads the wrong error return from <a href="http://man.openbsd.org?query=open&sektion=2">open(2)</a>.
1.1 deraadt 827: <!-- ^ 20021207 -->
1.46 ! beck 828: <li>All the games set up the RNG with <a href="http://man.openbsd.org?query=srandomdev&sektion=3">srandomdev(3)</a> instead of by lesser means.
! 829: <li>Have <a href="http://man.openbsd.org?query=isakmpd&sektion=8">isakmpd(8)</a> set the transform from the Default-Phase-1-Configuration.
! 830: <li>Make <a href="http://man.openbsd.org?query=srandomdev&sektion=3">srandomdev(3)</a> fall back to using sysctl if it can't open /dev/arandom.
! 831: <li>Make the libc <a href="http://man.openbsd.org?query=getopt_long&sektion=3">getopt_long(3)</a> more compatible with GNU.
! 832: <li>Output from 'pfctl -v' is now valid input to <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a>.
! 833: <li>Make section and tag comparisons in <a href="http://man.openbsd.org?query=isakmpd&sektion=8">isakmpd(8)</a> case-insensitive.
1.1 deraadt 834: <!-- ^ 20021206 -->
1.46 ! beck 835: <li>Allow a null direction in <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> rules, so e.g. 'block all' is now valid. <!-- Oh yes. Uncommented effect of r1.237 that introduced anchor rules. -->
! 836: <li>Add named rulesets support to <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a>, invoked from 'anchor' rules in the main ruleset.
1.1 deraadt 837: <li>Kernel memory allocation debugging can now be used anywhere - if the debugging pool is not yet initialised, it just does nothing.
1.46 ! beck 838: <li>Fixes to <a href="http://man.openbsd.org?query=getopt_long&sektion=3">getopt_long(3)</a>.
1.1 deraadt 839: <li>Rule numbers are no longer output by 'pfctl -v'. Use '-v -v' to get them back.
1.46 ! beck 840: <li>Make <a href="http://man.openbsd.org?query=scp&sektion=1">scp(1)</a> handle systems with odd block sizes better.
1.1 deraadt 841: <!-- ^ 20021205 -->
842: <li>Drop unnecessary altq devices from the kernel.
1.46 ! beck 843: <li>Pass correct sizes to memset in <a href="http://man.openbsd.org?query=ping6&sektion=8">ping6(8)</a>.
! 844: <li>Make <a href="http://man.openbsd.org?query=bridge&sektion=4">bridge(4)</a> behave better when running spanning tree: Flush the dynamic MAC cache when the forwarding/blocking state changes, and only forward packets while in the forwarding state.
! 845: <li>Make <a href="http://man.openbsd.org?query=isakmpd&sektion=8">isakmpd(8)</a> accept ACQUIRE requests with a null EXT_ADDRESS_SRC.
! 846: <li>In <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a>, apply a netmask consistently.
1.1 deraadt 847: <!-- ^ 20021204 -->
848: <li>Crank the major version numbers of the X libraries.
849: <li>Continuing cleanup and shrinkage of the installer scripts.
1.46 ! beck 850: <li><a href="http://man.openbsd.org?query=arp&sektion=8">arp(8)</a> now prints the interface name with which an address is associated.
! 851: <li>Big cleanup up <a href="http://man.openbsd.org?query=mixerctl&sektion=1">mixerctl(1)</a>.
! 852: <li>Import a GNUish <a href="http://man.openbsd.org?query=getopt_long&sektion=3">getopt_long(3)</a> from NetBSD.
! 853: <li>Add -4 and -6 command line options to <a href="http://man.openbsd.org?query=isakmpd&sektion=8">isakmpd(8)</a> to select the address family to use.
! 854: <li>Better MTU setting for <a href="http://man.openbsd.org?query=pfsync&sektion=4">pfsync(4)</a>.
! 855: <li>Correct a missed initialiser in <a href="http://man.openbsd.org?query=raid&sektion=4">raid(4)</a>.
! 856: <li>Have <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a> play nice and shut down its sockets when it's done.
1.1 deraadt 857: <!-- ^ 20021203 -->
858: <li>Crank all (system) library major numbers now that propolice is in.
1.46 ! beck 859: <li>Make a copy of rather than just refer to a string in <a href="http://man.openbsd.org?query=ld&sektion=1">ld(1)</a>. Cures some ports linking problems.
! 860: <li>Allow options at the end of <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> pass and block rules to come in any order.
1.9 deraadt 861: <li>Make the bandwidth specifier optional in altq rules (as well as queue rules). As a side effect, the altq rules can now have "bandwidth xx%" where the percentage is taken w.r.t. the interface bandwidth.
1.46 ! beck 862: <li>Implement legacy functions <a href="http://man.openbsd.org?query=ecvt&sektion=3">ecvt(3)</a>, fcvt(3) and gcvt(3) for standards compliance.
! 863: <li>Add <a href="http://www.trl.ibm.com/projects/security/ssp">propolice</a> stack attack protection into <a href="http://man.openbsd.org?query=gcc&sektion=1">gcc(1)</a>.
! 864: <li>Updated <a href="http://man.openbsd.org?query=unifdef&sektion=1">unifdef(1)</a>.
1.1 deraadt 865: <li>Make a copy of the return value of basename() before recording it in the bfd, fixes the "NEEDED crtend.o" problem that many ports had to work around.
866: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> <!-- XXX 3.2-stable -->
867: <!-- ^ 20021202 -->
868: <li>Don't have the X server drop privileges if started by root and from a non-standard config path.
1.46 ! beck 869: <li>Tweaks and fixes to <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a>'s ioctl code.
1.1 deraadt 870: <!-- ^ 20021201 -->
871: <!-- ^ 20021130 -->
1.46 ! beck 872: <li>Teach <a href="http://man.openbsd.org?query=tcpdump&sektion=8">tcpdump(8)</a> about <a href="http://man.openbsd.org?query=pfsync&sektion=4">pfsync(4)</a>.
! 873: <li>Add new pseudo-device <a href="http://man.openbsd.org?query=pfsync&sektion=4">pfsync(4)</a>, exposing changes to the <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> state table.
! 874: <li>Kill a null deref in <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a>.
1.1 deraadt 875: <li>Wrap some noisy altq printf()s with #ifdef ALTQ_DEBUG.
876: <!-- ^ 20021129 -->
1.46 ! beck 877: <li><a href="http://man.openbsd.org?query=file&sektion=1">file(1)</a> gets a new option, -b, which supresses the output of the pathname.
! 878: <li>Allow a qlimit to be specified in <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> altq rules as well as in queue rules.
! 879: <li>Use a custom hash function (based on that in if_bridge.c) for <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> source-hash nat pools instead of MD5.
! 880: <li><a href="http://man.openbsd.org?query=tcpdump&sektion=8">tcpdump(8)</a> checks for invalid icmp6 option length.
1.1 deraadt 881: <!-- ^ 20021128 -->
1.46 ! beck 882: <li>page_dir update fixed in <a href="http://man.openbsd.org?query=realloc&sektion=3">realloc(3)</a>. MALLOC_OPTIONS=J is now honoured in realloc() as well.
! 883: <li>'fc -e' now works when <a href="http://man.openbsd.org?query=ksh&sektion=1">ksh(1)</a> is invoked in 'sh' mode.
! 884: <li>Allow usernames given to <a href="http://man.openbsd.org?query=ssh&sektion=1">ssh(1)</a> to contain '@' characters, i.e. the hostname follows the last '@'.
! 885: <li>Tweaks to <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> altq rules display.
! 886: <li>Stop <a href="http://man.openbsd.org?query=daemon&sektion=3">daemon(3)</a> closing descriptors that <a href="http://man.openbsd.org?query=isakmpd&sektion=8">isakmpd(8)</a> needs.
! 887: <li>Have <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a> read correctly the tbrsize spec.
1.1 deraadt 888: <li>Fix underflow and wraparound in socket timeout calculation.
889: <li>Make IPv6 work in Linux emulation mode, though not for IPv4-mapped addresses.
890: <!-- ^ 20021127 -->
1.46 ! beck 891: <li>The bandwidth statement in <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> queue rules is now optional.
! 892: <li>Change <a href="http://man.openbsd.org?query=pf.conf&sektion=5">pf.conf(5)</a> ordering so translation is now after queue...
! 893: <li>Parse more include files so that <a href="http://man.openbsd.org?query=kdump&sektion=1">kdump(1)</a> knows about more ioctls.
1.1 deraadt 894: <li>Pass in the right structure to DIOCCHANGEADDR.
895: <!-- ^ 20021126 -->
1.46 ! beck 896: <li>Fix 'pfctl -Fq' so <a href="http://man.openbsd.org?query=altq&sektion=9">altq(9)</a> gets flushed and reset properly.
! 897: <li>setuid() -> seteuid() in <a href="http://man.openbsd.org?query=ftpd&sektion=8">ftpd(8)</a>.
! 898: <li>Tweak <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a>'s handling of address families in rules.
! 899: <li>Make <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a> fetch the address properly for <a href="http://man.openbsd.org?query=lo&sektion=4">lo(4)</a> with LINK1 set.
! 900: <li>Use 1KB = 1000B instead of 1024B when dealing with bandwidth in <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a>.
! 901: <li>Fix URL CRLF injection bug in <a href="http://man.openbsd.org?query=lynx&sektion=1">lynx(1)</a>.<br>
1.1 deraadt 902: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.46 ! beck 903: <li>Add a missing check for snprintf errors in <a href="http://man.openbsd.org?query=identd&sektion=8">identd(8)</a>.
1.1 deraadt 904: <li>Protect arc4_getbyte() with an splhigh().
1.46 ! beck 905: <li>Some cleanup in <a href="http://man.openbsd.org?query=talkd&sektion=8">talkd(8)</a>.
1.1 deraadt 906: <!-- ^ 20021125 -->
1.46 ! beck 907: <li>When <a href="http://man.openbsd.org?query=malloc&sektion=3">malloc(3)</a> stats dumps are enabled, warn if <a href="http://man.openbsd.org?query=atexit&sektion=3">atexit(3)</a> fails.
! 908: <li>Enforce new <a href="http://man.openbsd.org?query=pf.conf&sektion=5">pf.conf(5)</a> ordering: options, normalization, translation, queue, filter.
! 909: <li>Copy TAILQs properly in <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a>.
1.1 deraadt 910: <!-- ^ 20021124 -->
911: <li>Remove a potential access-after-free in libc's syslog code.
1.46 ! beck 912: <li>New manual page <a href="http://man.openbsd.org?query=gcc-local&sektion=1">gcc-local(1)</a> documenting OpenBSD-specific changes to <a href="http://man.openbsd.org?query=gcc&sektion=1">gcc(1)</a>.
! 913: <li>So farewell, then, <a href="http://man.openbsd.org?query=altqd&sektion=8&release=OpenBSD+3.2">altqd(8)</a> and friends.
! 914: <li>Better <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a> altq rule error checking.
! 915: <li>Fix a potential null deref in <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a>'s parser, and some general cleanup.
! 916: <li>Make sure <a href="http://man.openbsd.org?query=authpf&sektion=8">authpf(8)</a> and <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a> don't try to issue ioctls when running with -n.
1.1 deraadt 917: <!-- ^ 20021123 -->
1.46 ! beck 918: <li>Implement 'nat pools' in <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a>, allow redirection using (nat, rdr, route-to, dup-to and reply-to) to multiple addresses.
1.1 deraadt 919: <li>Improvements to the ELF loader.
920: <li>Some snprintf paranoia in BSD auth, also some extra initialisation.
921: <li>Added new example dir /usr/share/pf, and example queue rulebase /usr/share/pf/queue1 to show how cool pf+altq is.
1.46 ! beck 922: <li>Stop <a href="http://man.openbsd.org?query=authpf&sektion=8">authpf(8)</a> accepting non-interactive sessions.
1.1 deraadt 923: <li>'pfctl -v' displays altq and queue lines, including child queue assignment.
1.46 ! beck 924: <li>Match the queue to the return type (icmp-unreach or RST) for <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> block rules.
1.1 deraadt 925: <li>Use a quad_t instead of an int, and fix rlimit sizing for >2GB machines.
926: <!-- ^ 20021122 -->
1.46 ! beck 927: <li>Fix some <a href="http://man.openbsd.org?query=strncpy&sektion=3">strncpy(3)</a> lengths in <a href="http://man.openbsd.org?query=telnetd&sektion=8">telnetd(8)</a>.
1.1 deraadt 928: <li>Add _tokenadm and _radius groups so their respective login programs can be setgid instead of setuid(root).
929: <li>Add _shadow group and change group and mode of /etc/spwd.db to match
1.46 ! beck 930: <li>Add <a href="http://man.openbsd.org?query=atoll&sektion=3">atoll(3)</a> and <a href="http://man.openbsd.org?query=strerror&sektion=3">strerror_r(3)</a> to libc.
! 931: <li>Add simple multiple-card load balancing to <a href="http://man.openbsd.org?query=crypto&sektion=9">crypto(9)</a> and add a simplified driver registration API.
! 932: <li>Some int -> unsigned int in <a href="http://man.openbsd.org?query=isakmpd&sektion=8">isakmpd(8)</a>.
! 933: <li>New -n option for <a href="http://man.openbsd.org?query=syslogd&sektion=8">syslogd(8)</a> to disable DNS lookups.
1.1 deraadt 934: <!-- ^ 20021121 -->
1.46 ! beck 935: <li>Correct a format string bug in <a href="http://man.openbsd.org?query=routed&sektion=8">routed(8)</a>'s, er, Makefile.
! 936: <li>Fix <a href="http://man.openbsd.org?query=at&sektion=1">at(1)</a> breakage when two jobs are set for the same time.<br>
1.1 deraadt 937: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> <!-- XXX 3.2-stable -->
1.46 ! beck 938: <li>Correct a use-before-init in <a href="http://man.openbsd.org?query=xterm&sektion=1">xterm(1)</a>.
1.1 deraadt 939: <!-- ^ 20021120 -->
940: <li>Create a simple lookup table mechanism [dev/pci/pci.c:pci_matchbyid()] to match PCI device IDs, and have several drivers use it.
1.46 ! beck 941: <li><a href="http://man.openbsd.org?query=vi&sektion=1">vi(1)</a> catalog updates: Fix Russian, add Polish and Ukrainian.
! 942: <li>Fix an off-by-one when reading ICMP types and codes by name in <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a>.
1.1 deraadt 943: <!-- ^ 20021119 -->
1.46 ! beck 944: <li>Merge of <a href="http://man.openbsd.org?query=altq&sektion=9">altq(9)</a> and <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a>, still some work left to do.
! 945: <li>Don't overwrite SIG{INT,QUIT,TERM} handlers in <a href="http://man.openbsd.org?query=ssh&sektion=1">ssh(1)</a> if they're set to ignore. This mirrors <a href="http://man.openbsd.org?query=rsh&sektion=1">rsh(1)</a> behaviour.
1.1 deraadt 946: <!-- ^ 20021118 -->
947: <!-- ^ 20021117 -->
1.46 ! beck 948: <li>Make sure <a href="http://man.openbsd.org?query=skey&sektion=1">skey(1)</a> issues a fake challenge for a user without an S/Key file.
1.1 deraadt 949: <!-- ^ 20021116 -->
950: <li>Enable the pthread library, but install it as libnpthreads so autoconf scripts don't pick it up and use it with -lpthread as well as using -pthread.
1.46 ! beck 951: <li>In <a href="http://man.openbsd.org?query=ftpd&sektion=8">ftpd(8)</a>, prohibit user id changes once logged in, and run more stuff as the logged-in user.
! 952: <li>Add 'Default-Phase-1-Configuration' to <a href="http://man.openbsd.org?query=isakmpd&sektion=8">isakmpd(8)</a>.
! 953: <li>Be more careful when loading RSA1 key files in <a href="http://man.openbsd.org?query=ssh&sektion=1">ssh(1)</a>.
1.1 deraadt 954: <!-- ^ 20021115 -->
1.46 ! beck 955: <li>Fix <a href="http://man.openbsd.org?query=isakmpd&sektion=8">isakmpd(8)</a>'s handling of multiple values and continuation lines.
! 956: <li>Improvements to <a href="http://man.openbsd.org?query=ld.so&sektion=1">ld.so(1)</a> symbol lookup failure messages.
! 957: <li>Allow DNS queries from the initial rulebase loaded by /etc/rc, so <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a> can load at boot-time rulebases containing DNS entries.
1.1 deraadt 958: <!-- ^ 20021114 -->
1.46 ! beck 959: <li><font color="#e00000"><strong>SECURITY FIX: A buffer overflow in <a href="http://man.openbsd.org?query=named&sektion=8">named(8)</a> could allow an attacker to execute code with the privileges of named. On OpenBSD, named runs as a non-root user in a chrooted environment which mitigates the effects of this bug.</strong></font><br>
1.1 deraadt 960: <a href="errata32.html#named">A source code patch is available</a>.<br>
961: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.46 ! beck 962: <li>Create links from <a href="http://man.openbsd.org?query=curses&sektion=3">curses(3)</a> libs to ncurses, to satisfy autoconfiguration scripts that expect the latter instead of checking properly.
! 963: <li><a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> scrub rules now are subject to the same list expansion as other rules.
! 964: <li>Add label macro '$if' to <a href="http://man.openbsd.org?query=pf.conf&sektion=5">pf.conf(5)</a>, now we can have interfaces in expansion lists.
! 965: <li>Add some missing pointer initialisations in <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a>.
1.1 deraadt 966: <!-- ^ 20021113 -->
1.46 ! beck 967: <li>Add a null transform to <a href="http://man.openbsd.org?query=crypto&sektion=4">crypto(4)</a>, enabled via sysctl kern.cryptodevallowsoft=1.
! 968: <li>Fix <a href="http://man.openbsd.org?query=systrace&sektion=1">systrace(1)</a>'s determination of the <a href="http://man.openbsd.org?query=execve&sektion=2">execve(2)</a> filename.
1.1 deraadt 969: <li>Kernel IPsec code checks for short IP headers.<br>
970: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> <!-- XXX 3.2-stable -->
971: <!-- ^ 20021112 -->
972: <!-- ^ 20021111 -->
973: <!-- ^ 20021110 -->
1.46 ! beck 974: <li><a href="http://man.openbsd.org?query=systrace&sektion=1">systrace(1)</a> checks for invalid system call numbers.
1.1 deraadt 975: <!-- ^ 20021109 -->
1.46 ! beck 976: <li>Make <a href="http://man.openbsd.org?query=su&sektion=1">su(1)</a>'s login emultation mode work even more like <a href="http://man.openbsd.org?query=login&sektion=1">login(1)</a>.
1.1 deraadt 977: <li>Avoid a possible reference count leak in kernel file descriptor code.
978: <li>Remove bogus operations on the not-yet-existent file descriptor table in libc_r.
979: <!-- ^ 20021108 -->
980: <li>Implement simple vnodeops inheritance for specfs and fifofs,
1.46 ! beck 981: <li><a href="http://man.openbsd.org?query=ftp&sektion=1">ftp(1)</a> can now follow HTTP redirects.
! 982: <li>Have <a href="http://man.openbsd.org?query=scp&sektion=1">scp(1)</a> properly reflect check the exit status of its <a href="http://man.openbsd.org?query=ssh&sektion=1">ssh(1)</a> process if an error occurs.
! 983: <li>Fix some invalid pointers in <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a>'s <a href="http://man.openbsd.org?query=ioctl&sektion=2">ioctl(2)</a> handler.
! 984: <li>Stop <a href="http://man.openbsd.org?query=makewhatis&sektion=8">makewhatis(8)</a> moaning about non-existent directories.
! 985: <li>Don't use the HostbasedAuthentication switch to <a href="http://man.openbsd.org?query=ssh-keysign&sektion=8">ssh-keysign(8)</a>; instead, add new option EnableSSHKeysign to <a href="http://man.openbsd.org?query=ssh_config&sektion=5">ssh_config(5)</a>.
1.1 deraadt 986: <!-- XXX not added to ssh_config manpage though -->
1.46 ! beck 987: <li>Have <a href="http://man.openbsd.org?query=groupdel&sektion=8">groupdel(8)</a> check that the named group exists.
1.1 deraadt 988: <li>Allow '$' as the last character of a username, to appease Samba.
1.46 ! beck 989: <li>Make <a href="http://man.openbsd.org?query=sshd&sektion=8">sshd(8)</a>'s -e option (log to stderr) work.
1.1 deraadt 990: <li>Make the minimum file rotation size 512 bytes instead of 512Kbytes...
991: <li>Rearrange payload length check for ESP packets so packets with NULL encryption are tested also.<br>
992: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.46 ! beck 993: <li>Don't allow a simple non-existent server to crash <a href="http://man.openbsd.org?query=altqstat&sektion=1">altqstat(1)</a>.
1.1 deraadt 994: <!-- ^ 20021107 -->
995: <li>Solve problems static linking with -lpthread. (-static -pthread still broken.)
1.46 ! beck 996: <li>Stop up a couple of memory leaks in <a href="http://man.openbsd.org?query=isakmpd&sektion=8">isakmpd(8)</a>.
! 997: <li>Fix a few bugs in <a href="http://man.openbsd.org?query=mount&sektion=8">mount(8)</a>, and make its command line arguments handling more consistent.
! 998: <li>Keep a correct reference count to the file referenced by <a href="http://man.openbsd.org?query=ioctl&sektion=2">ioctl(2)</a> under SVR4 emulation.
1.1 deraadt 999: <!-- Applied to 3.2-stable -->
1000: <!-- ^ 20021106 -->
1001: <li>Gracefully handle broken firewalls that block ECN-enabled TCP sessions by falling back to non-ECN.<br>
1002: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> <!-- XXX 3.2 -->
1003: <li>Some thread-safety fixes to libc.
1.46 ! beck 1004: <li>Add a cast to handle properly size_t larger than u_int in <a href="http://man.openbsd.org?query=ssh&sektion=1">ssh(1)</a>.
! 1005: <li>Fix some problems <a href="http://man.openbsd.org?query=gzip&sektion=1">gzip(1)</a> had displaying information on files > 2GB.
1.1 deraadt 1006: <!-- ^ 20021105 -->
1.46 ! beck 1007: <li>Serve <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> a strong draught of CIDR (e.g. can use 10/8 now instead of 10.0.0.0/8).
1.1 deraadt 1008: <li>-STABLE branch created for 3.2. <a href="errata32.html#smrsh">smrsh</a>, <a href="errata32.html#pfpridge">pfbridge</a> and <a href="errata32.html#kadmind">kadmind</a> errata fixes applied to it.<br>
1.46 ! beck 1009: <li>When checking a filename in <a href="http://man.openbsd.org?query=ssh&sektion=1">ssh(1)</a>, don't fail when <a href="http://man.openbsd.org?query=realpath&sektion=3">realpath(3)</a> for the user's home directory - this happens legitimately when using AFS.
1.1 deraadt 1010: <!-- ^ 20021104 -->
1011: <!-- ^ 20021103 -->
1.46 ! beck 1012: <li>Do a better job when comparing dynamic addresses in <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a>.
! 1013: <li>In <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> AF macros, operate on the whole address (all 128 bits) unless AF_INET is set.
1.1 deraadt 1014: <!-- ^ 20021102 -->
1015: <!-- ^ 20021101 -->
1.46 ! beck 1016: <li>Fix <a href="http://man.openbsd.org?query=perl&sektion=1">perl(1)</a>'s MakeMaker so manpages get installed the way we like.
1.1 deraadt 1017: <li>Plug a memory leak in IPv6 (ip6_output.c)
1018: <!-- ^ 20021031 -->
1019: <li>Make sure processes aren't added to the process list until they're completely initialised.
1020: <li>Implement some 4.3BSD emulation functions in terms of setresuid() etc.
1021: <li>Use the new setresuid() etc. calls for FreeBSD, HP-UX and Linux emulation of the same calls.
1.46 ! beck 1022: <li>Implement <a href="http://man.openbsd.org?query=setresuid&sektion=2">[gs]etres[gu]id(2)</a> system calls. Minor version bump for libc and libc_r.
1.1 deraadt 1023: <li>Many fixes to signal and fd handing under threads.
1.46 ! beck 1024: <li>Fix <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> interface expansion.
1.1 deraadt 1025: <!-- ^ 20021030 -->
1.46 ! beck 1026: <li>Better GRE output from <a href="http://man.openbsd.org?query=tcpdump&sektion=8">tcpdump(8)</a>.
! 1027: <li>New -U option to <a href="http://man.openbsd.org?query=chroot&sektion=8">chroot(8)</a> that sets the uid, gid and group vector from the password database.
! 1028: <li>To a chorus of approval, add the 'set require-order [yes|no]' option to <a href="http://man.openbsd.org?query=pf.conf&sektion=5">pf.conf(5)</a>.
1.1 deraadt 1029: <!-- ^ 20021029 -->
1.46 ! beck 1030: <li>Remove a bogus test in <a href="http://man.openbsd.org?query=dd&sektion=1">dd(1)</a> that stopped a perfectly legal seek on a character device.
1.1 deraadt 1031: <li>Merge mod_ssl 2.8.12, fixing a cross-site scripting bug and two off-by-ones.<br>
1032: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.46 ! beck 1033: <li>Add a missing break statement in <a href="http://man.openbsd.org?query=systrace&sektion=1">systrace(1)</a>'s arguments parsing code.
1.1 deraadt 1034: <!-- ^ 20021028 -->
1035: <li>Add getdents64() support under Linux emulation.
1036: <li>Merge in Perl 5.8.0.
1.46 ! beck 1037: <li>Have pool elements' sizes rounded up to the alignment passed to <a href="http://man.openbsd.org?query=pool_init&sektion=9">pool_init(9)</a> instead of relying on the architecture's ALIGNBYTES value.
! 1038: <li><a href="http://man.openbsd.org?query=wi&sektion=4">wi(4)</a> can now do pointless-but-common WEP encryption in software for Prism and Symbol cards. Useful if your card doesn't do weak IV avoidance (or if you trust your BSD more than your hardware manufacturer,) and also serves as a framework for better wireless crypto protocols.
1.1 deraadt 1039: <li>The installer unpacks siteXX.{tgz,tar.gz} files last so that site-specific tarballs always overwrite standard files.
1.46 ! beck 1040: <li>Remove the error-prone and robustness-principle-defying 'flags X' (as opposed to 'flags X/Y') syntax from <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a>
1.1 deraadt 1041: <li>Be a little less 32-bit-centric in libcrypto.
1042: <!-- ^ 20021027 -->
1.46 ! beck 1043: <li>Have <a href="http://man.openbsd.org?query=route6d&sektion=8">route6d(8)</a> and <a href="http://man.openbsd.org?query=rtsold&sektion=8">rtsold(8)</a> use <a href="http://man.openbsd.org?query=poll&sektion=2">poll(2)</a> instead of <a href="http://man.openbsd.org?query=select&sektion=2">select(2)</a> as well.
! 1044: <li>Change <a href="http://man.openbsd.org?query=atoi&sektion=3">atoi(3)</a> to <a href="http://man.openbsd.org?query=strtoul&sektion=3">strtoul(3)</a> in <a href="http://man.openbsd.org?query=route6d&sektion=8">route6d(8)</a>.
1.1 deraadt 1045: <!-- ^ 20021026 -->
1046: <li>Change a number of header files so NULL is now defined as 0L instead of 0, and so is the same size as a pointer.
1.46 ! beck 1047: <li>Add to <a href="http://man.openbsd.org?query=chroot&sektion=8">chroot(8)</a> the ability to set the uid, gid and group vector after doing the <a href="http://man.openbsd.org?query=chroot&sektion=2">chroot(2)</a> call.
! 1048: <li>Some additional paranoia added to <a href="http://man.openbsd.org?query=authpf&sektion=8">authpf(8)</a>.
! 1049: <li>Have <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> test rule labels as well when comparing rules.
1.1 deraadt 1050: <li>Fix a few instances where %ul was used instead of %lu.
1051: <!-- ^ 20021025 -->
1.46 ! beck 1052: <li>Use <a href="http://man.openbsd.org?query=poll&sektion=2">poll(2)</a> instead of <a href="http://man.openbsd.org?query=select&sektion=2">select(2)</a> in <a href="http://man.openbsd.org?query=ping6&sektion=8">ping6(8)</a>
! 1053: <li>More picky argument parsing in <a href="http://man.openbsd.org?query=traceroute6&sektion=8">traceroute6(8)</a> and <a href="http://man.openbsd.org?query=ping6&sektion=8">ping6(8)</a>.
1.1 deraadt 1054: <!-- ^ 20021024 -->
1.46 ! beck 1055: <li>A couple of <a href="http://man.openbsd.org?query=tmpnam&sektion=3">tmpnam(3)</a>s become <a href="http://man.openbsd.org?query=mkstemp&sektion=3">mkstemp(3)</a> in <a href="http://man.openbsd.org?query=httpd&sektion=8">httpd(8)</a>.
! 1056: <li>Lots of int -> u_long in <a href="http://man.openbsd.org?query=traceroute6&sektion=8">traceroute6(8)</a>.
1.1 deraadt 1057: <!-- ^ 20021023 -->
1.46 ! beck 1058: <li>Correct an off-by-one in <a href="http://man.openbsd.org?query=wi&sektion=4">wi(4)</a>.
! 1059: <li>Fix a printf format string typo in <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a>.
! 1060: <li>Make <a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a> apply the netmask to addresses right away, so bogus netmasks show up as munges network numbers in -v output.
1.1 deraadt 1061: <!-- ^ 20021022 -->
1.46 ! beck 1062: <li>Correct a couple of typos in <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a>'s ioctl() code.
1.1 deraadt 1063: <li>Fix a null deref in libc_r.
1064: <li>Make sure the user process tally is right when kernel stack space can't be allocated for the new proc.
1065: <li>Correctly count the total number of processes in the system.
1.46 ! beck 1066: <li><font color="#e00000"><strong>SECURITY FIX: A buffer overflow can occur in the <a href="http://man.openbsd.org?query=kadmind&sektion=8">kadmind(8)</a> daemon, leading to possible remote crash or exploit.</strong></font><br>
1.1 deraadt 1067: <a href="errata32.html#kadmin">A source code patch is available</a>.<br>
1068: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1069: <!-- ^ 20021021 -->
1.46 ! beck 1070: <li>Add partial support for the 21145 chip to <a href="http://man.openbsd.org?query=dc&sektion=4">dc(4)</a>.
1.1 deraadt 1071: <!-- ^ 20021020 -->
1.46 ! beck 1072: <li>Have <a href="http://man.openbsd.org?query=xconsole&sektion=1">xconsole(1)</a> get a pseudoterminal using <a href="http://man.openbsd.org?query=openpty&sektion=3">openpty(3)</a> instead of going all #ifdef.
1.7 deraadt 1073: <li>More NULL -> (void *)NULL, this time in XFree, to make sure varargs sentinel is pointer-width.
1.1 deraadt 1074: <!-- ^ 20021019 -->
1.46 ! beck 1075: <li><a href="http://man.openbsd.org?query=pax&sektion=1">pax(1)</a> now honours @LongLink, and has a new option to stop the next volume prompt.
1.1 deraadt 1076: <!-- ^ 20021018 -->
1.46 ! beck 1077: <li>Improved media support and a boundary check fix for <a href="http://man.openbsd.org?query=wi&sektion=4">wi(4)</a>.
! 1078: <li>Have <a href="http://man.openbsd.org?query=route&sektion=8">route(8)</a> correctly interpret -prefixlen 32 (or 128 for IPv6) network as a host route.
1.1 deraadt 1079: <li>Enable uvm_tree_sanity() check #ifdef DEBUG.
1.46 ! beck 1080: <li>Fix a potential null deref in <a href="http://man.openbsd.org?query=route&sektion=8">route(8)</a>'s arguments parser.
! 1081: <li>Renumber <a href="http://man.openbsd.org?query=ch&sektion=4">ch(4)</a> CHIO* ioctls. Old definitions renamed to OCHIO*, binary backwards compatibility will be left in intact until post-3.3.
! 1082: <li>Teach <a href="http://man.openbsd.org?query=kdump&sektion=1">kdump(1)</a> to print AUDIO_* ioctls, and add a few missing syscall defines.
! 1083: <li>Support <a href="http://man.openbsd.org?query=fxp&sektion=4">fxp(4)</a> on big-endian architectures.
! 1084: <li><a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> allows protocols to be specified by a (valid) protocol number.
! 1085: <li>Add a missing free() in <a href="http://man.openbsd.org?query=pflogd&sektion=8">pflogd(8)</a>.
1.1 deraadt 1086: <!-- ^ 20021017 -->
1087: <li>Treat manually- and auto-configured IPv6 address prefixes the same way.
1.46 ! beck 1088: <li>For positively POSIX reasons, implement <a href="http://man.openbsd.org?query=isfdtype&sektion=3">isfdtype(3)</a>.
! 1089: <li>Bring <a href="http://man.openbsd.org?query=pax&sektion=1">pax(1)</a>'s date handling code back into sync with that in <a href="http://man.openbsd.org?query=date&sektion=1">date(1)</a>. Four digit years parse now.
! 1090: <li>Start to break out machine-dependent parts of <a href="http://man.openbsd.org?query=MAKEDEV&sektion=8">MAKEDEV(8)</a> into separate files.
! 1091: <li>Send <a href="http://man.openbsd.org?query=ksh&sektion=1">ksh</a>.kshrc label() and ilabel() output to /dev/tty insted of stdout, so command output streams doesn't get messed up.
! 1092: <li><a href="http://man.openbsd.org?query=systrace&sektion=1">systrace(1)</a> supports system call-granularity privilege elevation!
! 1093: <li>Correct a typo in <a href="http://man.openbsd.org?query=systrace&sektion=1">systrace(1)</a> that was causing group predicates to be evaluated incorrectly.
! 1094: <li>Range-check values given to <a href="http://man.openbsd.org?query=atactl&sektion=8">atactl(8)</a>.
! 1095: <li>Better mask comparison for <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> binat.
1.1 deraadt 1096: <!-- ^ 20021016 -->
1.46 ! beck 1097: <li>Remove the setuid bit from <a href="http://man.openbsd.org?query=login&sektion=1">login(1)</a>. If run with a non-root euid, it invokes <a href="http://man.openbsd.org?query=su&sektion=1">su(1)</a> with the new -L flag.
! 1098: <li>Add '-L' flag to <a href="http://man.openbsd.org?query=su&sektion=1">su(1)</a> to make it work like <a href="http://man.openbsd.org?query=login&sektion=1">login(1)</a>.
! 1099: <li>Enable the META key in <a href="http://man.openbsd.org?query=ksh&sektion=1">ksh(1)</a> for 7-bit locales.
1.1 deraadt 1100: <li>Make sure some varargs end-of-list sentinel NULLs are pointer-width.
1101: <li>Fix a subtle dangling pointer bug in BSD auth.
1102: <li>Sync Brazil's Daylight Savings Time handling with new reality.<br>
1103: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.46 ! beck 1104: <li>Stop <a href="http://man.openbsd.org?query=makewhatis&sektion=8">makewhatis(8)</a> grumbling about having Perl 5.8.x instead of 5.6.x.
1.1 deraadt 1105: <!-- ^ 20021015 -->
1106: <li>In the X server, work around problems caused by certain MTRR configurations whose details are only available under NDA.
1107: <li>Kernel tweaks and hacks in preparation for GCC 3.x (kern/subr_prf.c)
1.46 ! beck 1108: <li><font color="#e00000"><strong>A logic error in the <a href="http://man.openbsd.org?query=pool&sektion=9">pool(9)</a> kernel memory allocator could cause memory corruption in low-memory situations, causing the system to crash.</strong></font><br>
1.1 deraadt 1109: <a href="errata32.html#pool">A source code patch is available</a>.<br>
1110: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.46 ! beck 1111: <li><a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> can now binat a whole netblock with one rule.
1.1 deraadt 1112: <!-- ^ 20021014 -->
1113: <li>Remove a potential null pointer deref in BSD authentication code.
1.46 ! beck 1114: <li>Fix a bad printf format string in <a href="http://man.openbsd.org?query=ftpd&sektion=8">ftpd(8)</a>. Non-critical because it's only ever fed by parts of the authentication system which sanitise the input first.<br>
1.1 deraadt 1115: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> <!-- XXX 3.2 -->
1.46 ! beck 1116: <li>Do some more unsigned checks to system call parameters, as with the <a href="http://man.openbsd.org?query=setitimer&sektion=2">setitimer(2)</a> <a href="http://www.openbsd.org/errata31.html#kerntime">erratum</a>.<br>
1.1 deraadt 1117: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1118: <!-- ^ 20021013 -->
1119: <li>Prepare the GNU floating-point emulation code on i386 for ELF.
1120: <!-- ^ 20021012 -->
1121: <li>Update <a href="stable.html">stable</a> to OpenSSH 3.5.
1.46 ! beck 1122: <li>Catch some endianness nits and add zero-padding of keys in <a href="http://man.openbsd.org?query=wi&sektion=4">wi(4)</a>.
! 1123: <li>Teach ALTQ CBQ the <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> API. The old API remains for now.
1.1 deraadt 1124: <!-- ^ 20021011 -->
1125: <li><font color="#e00000"><strong>RELIABILITY FIX: Network bridges running pf with scrubbing enabled could cause mbuf corruption, causing the system to crash.</strong></font><br>
1126: <a href="errata32.html#pfbridge">A source code patch is available</a>.<br>
1127: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.46 ! beck 1128: <li>Fix a bug in <a href="http://man.openbsd.org?query=mbuf_tags&sektion=9">m_tag_copy_chain()</a>.
1.1 deraadt 1129: <!-- ^ 20021010 -->
1130: <li>Hush up noisy IPv6 neighbor discovery. Can be made loud again using sysctl net.inet6.icmp6.nd6_debug.
1131: <!-- ^ 20021009 -->
1.46 ! beck 1132: <li><font color="#e00000"><strong>SECURITY FIX: An attacker can bypass the restrictions imposed by sendmail's restricted shell, <a href="http://man.openbsd.org?query=smrsh&sektion=8">smrsh(8)</a>, and execute arbitrary commands with the privileges of his own account.</strong></font><br>
1.1 deraadt 1133: <a href="errata32.html#smrsh">A source code patch is available</a>.<br>
1134: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1.46 ! beck 1135: <li>Make predicates part of <a href="http://man.openbsd.org?query=systrace&sektion=1">systrace(1)</a>'s grammar.
1.1 deraadt 1136: <!-- ^ 20021008 -->
1.46 ! beck 1137: <li>Start work on a merge of <a href="http://man.openbsd.org?query=altq&sektion=9">altq(9)</a> and <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> functionality. Oh yes.
! 1138: <li>Add a missing htons() in <a href="http://man.openbsd.org?query=talkd&sektion=8">talkd(8)</a>.
1.1 deraadt 1139: <li>In pmdb, fix a crash that occurred when an attempt to set a breakpoint failed.
1140: <li>Support SA_RESETHAND support to libc_r, in preparation for SA_SIGINFO support.
1141: <li>Merge in Apache 1.3.27 and mod_ssl 2.8.11.
1142: <li>New block-policy option to set the default response to a block rule.
1143: <li>More rulebase reduction: "block return ..." now does The Right Thing, RST for TCP, ICMP for UDP, silent block otherwise.
1.46 ! beck 1144: <li><a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> support for icmpv6 returns in response to block rules.
! 1145: <li>New reply-to rule option for <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a>, works like route-to but applies to reply packets in a stateful connection.
! 1146: <li><a href="http://man.openbsd.org?query=httpd&sektion=8">httpd(8)</a> restarts work even when srm.conf is not present.
1.1 deraadt 1147: <li>Have the X server complain less about unknown scancodes.
1148: <!-- ^ 20021007 -->
1.46 ! beck 1149: <li>Initialise the <a href="http://man.openbsd.org?query=uvm&sektion=9">uvm</a>_pglistalloc result list in the function, instead of requiring the caller to do it.
! 1150: <li><a href="http://man.openbsd.org?query=syslog&sektion=3">syslog(3)</a> and <a href="http://man.openbsd.org?query=syslog_r&sektion=3">syslog_r(3)</a> now take the new __syslog__ format attribute.
! 1151: <li>Make the default <a href="http://man.openbsd.org?query=httpd&sektion=8">httpd(8)</a> config files use php4 instead of php3.
1.1 deraadt 1152: <!-- ^ 20021006 -->
1.46 ! beck 1153: <li><a href="http://man.openbsd.org?query=pfctl&sektion=8">pfctl(8)</a> expands lists left-to-right instead of right-to-left.
! 1154: <li>Teach <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a> how to filter on the IP TOS field.
1.1 deraadt 1155: <!-- ^ 20021005 -->
1156: <li>Fix list handling problem in ALTQ CBQ that showed up with three or more CBQ instances.
1.46 ! beck 1157: <li><a href="http://man.openbsd.org?query=smtpd&sektion=8&release=OpenBSD+3.2">smtpd(8)</a> has left the building.
! 1158: <li>By default, add the -H option to the <a href="http://man.openbsd.org?query=sort&sektion=1">sort(1)</a> invoked by <a href="http://man.openbsd.org?query=locate.updatedb&sektion=8">locate.updatedb(8)</a>.
! 1159: <li>Give <a href="http://man.openbsd.org?query=window&sektion=1">window(1)</a> the stdarg treatment.
! 1160: <li>When routing via <a href="http://man.openbsd.org?query=pf&sektion=4">pf(4)</a>, use the outgoing interface as decided by the normal routing code, not the interface to which the rule applies.
! 1161: <li>Fix cross-site scripting vulnerability (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0840">CAN-2002-0840</a>) in the default error page of <a href="http://man.openbsd.org?query=httpd&sektion=8">httpd(8)</a>. Only applies under specific (and non-OpenBSD default) conditions.
1.1 deraadt 1162: <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
1163: <!-- ^ 20021004 -->
1.46 ! beck 1164: <li>In kernel IP processing, block interrupts with <a href="http://man.openbsd.org?query=splsoftnet&sektion=9">splsoftnet(9)</a> around interface address routing table manipulations.
! 1165: <li>Make sure <a href="http://man.openbsd.org?query=wi&sektion=4">wi(4)</a> doesn't accept out-of-range TX keys.
! 1166: <li>Stop <a href="http://man.openbsd.org?query=ami&sektion=4">ami(4)</a> matching I2O-configured devices.
1.7 deraadt 1167: <li>3.2 -> 3.2-current.
1.1 deraadt 1168: <!-- ^ 20021003 -->
1169: </ul>
1170: <p>
1171:
1172: </body>
1173: </html>
![[BACK]](/icons/back.gif){kind=icon}
Return to plus33.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www