OpenBSD 2.8 released (December 1, 2000)
This is a partial list of the major machine independent changes
(i.e., these are the changes people ask about most often). Machine
specific changes have also been made, and are sometimes mentioned
in the pages for the specific platforms if you
are interested in further port-specific details. Many ports
have had architecture-specific enhancements relative to NetBSD,
but when they do not they certainly have plenty of platform-independent
changes, starting with those listed below.
Note: Problems for which patches exist are marked in red.
For changes in other releases, click below:
2.0,
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.6,
4.7,
4.8,
4.9,
5.0,
5.1,
5.2,
5.3,
5.4,
5.5,
current.
Changes made between OpenBSD 2.7 and 2.8
- RELIABILITY FIX: Carefully check that a.out executable objects are rounded to a page.
A patch is available.
[Applied to stable]
- OpenSSH 2.3.0 released.
[Applied to stable]
- SECURITY FIX: Hostile servers can force OpenSSH clients to do agent or X11 forwarding.
A patch is available.
[Applied to stable]
- Support Macronix 98727/98732 chips in dc(4).
- Use mkstemp(3) in csh(1).
- In dhclient(8), accept unknown options by default.
- Repair mips support in gcc(1).
- Repair config(8) ECOFF support.
- In config(8), permit redefinition of pseudo-device directives.
- Get rid of ST506 phantoms in wdc(4).
- Handle Davicom dc(4) devices better.
- Deny agent/X11 forwarding unless requested, in sshd(8).
- Non-blocking IO on pty channels in sshd(8).
- Avoid accidental random subsystem re-seeding.
- Change BUFCACHEPERCENT calculations.
- Remove the notion of "Copybuffer ownership" from pcvt(4).
- Minor tweaks to isakmpd(8).
- Significant pcidevs update.
- Many man page changes.
- Handle more Via chipsets in pcibios(4) interrupt repair.
- Fix bpf(4) support in powerpc gm(4) driver.
- Support Xircom X3201-based cardbus cards in dc(4).
- In dhclient(8), only DHCPNAK bootreplies may be a yiaddr of 0.0.0.0.
- Support older vandyke software in sshd(8).
- Man page fixes.
- Avoid NULL-deref in ipsec(4) + pmtu case.
- Stop IPv6 multicast moaning and groaning on enc(4) interfaces.
- Mark swap16() and swap32() with __extension__.
- Restore i386 boot block pciprobe code, since some non-PCIBIOS machines need it to determine of pci bus is in mode 1 or 2.
- spltty protection in pcvt(4) mouse support.
- Unsigned counters in vmstat(8).
- Support ^T status messages on the install media.
- Add shared library awareness to powerpc gdb(1).
- Fix setupterm() issues in telnetd(8) and telnet(1).
- In hifn(4), only accept interrupts the driver really generated.
- SECURITY FIX: 2 possible overflows exist in X11 xtrans code.
A patch is available.
- Solve some of the powerpc data fault issues.
- Many more vax improvements.
- Fix hifn(4) on very fast machines, like p3/933.
- Fix alignment fault in ssh(1).
- Many documentation cleanups.
- Use clearerr(3) in disklabel(1) so that ^D works in aborts.
- Update to ncurses 5.2
- Fix noprint/print/octal options in vi(1).
- Add support for i815 motherboards and their devices.
- Disable DMA support for Opti pciide(4) devices, since there are some boards that apparently wired them up wrong...
- Use echo(1) instead of printf(1) to repair the format string bugs in /etc/security
- Do not free an uninitialized variable in curses(3).
- Switch to 2.8 release numbering.
- Print powerpc MHz ratings.
- Add support for major/minor numbers to powerpc shared library implementation.
- Support ulpt(4) printers on powerpc.
- Fix random(4) ioctl functions, to work as intended.
- Fix -fpack-struct bug in i386 boot blocks.
- Support random number generators on more Intel pchb(4) devices.
- tcpdump(8) support for STP (spanning tree) packets.
- Discover correct ethernet address for powerpc gm(4) ethernet driver.
- Fix nasty dl_strcmp() bug in powerpc ld.so(1).
- Generate proper /etc/resolv.conf files from dhclient(8).
- Repair quotas greater than 4GB in quota(1).
- SECURITY FIX: httpd(8) mod_rewrite and
mod_vhost_alias modules could expose files on server if used.
A patch is available.
[Applied to stable]
- More cool vax stuff.
- In perl(1), set siteprefix and siteprefixexp to /usr/local as they should be.
- Give bridge(4) devices their own IFT_BRIDGE type, so that IPv6 does not attempt to configure up.
- Repair a short read issue in scp(1).
- For i386 apm(4), if periodic checking fails repeatedly, shut it down.
- Very amusing printf(1)-based format string bugs in /etc/security.
- Prevent vlan(4) status changes until configuration is complete.
- Workaround i386 bios serial call problem (helps DSR issues on some BIOS).
[Applied to stable]
- Better error message out of ftp(1) regarding invalid port numbers.
- Repair certain copyout() calls in bridge(4).
- New amphy(4) driver, replacing dmphy(4).
- Update tx(4) driver.
- Authentication support in ray(4).
- Fix file descriptor leak in ssl(3).
- isakmpd update.
- Fix byte order bug in ipsecadm(8).
- Fix httpd(8) building for gcc -shared.
- On i386, build a private descriptor for bios32 accesses, thus fixing even more pcibios(4) bugs.
- Fix channel printing for pciide(4).
- Repair probe vs attach confusion in the mii(4) layer.
- In pcibios(4), protect %edx register from being whacked.
- Update nearly entire isp(4) device driver.
- Update isp(4) sbus microcode.
- Various small fixes to moused(8) to make it more reliable.
- Enable gm(4) ethernet driver on G4-style powerpc machines.
- Lots of documentation improvements.
- Repair gcc(1) shared library linking on powerpc.
- Fix an uninitialized variable issue in xl(4) that prevented dual NICs from working.
- Repair empty password support in login(1), for when kerberos is compiled in.
- The 3c556 MiniPCI cards now work in the xl(4) driver.
- Fix key option handling in sshd(8).
- sshd(8) implementation of AllowTcpForwarding.
- For ipsec(4), an ASKPOLICY message implementation in pfkeyv2.
- TCP wrapper support for IPv6.
- Vax support in ssl(3).
- Fix a library buffer overflow in the X11 libraries.
- Build a minimal powerpc CD boot image.
- In sshd(8), rijndael/aes support in SSH2 protocol.
- Fix -i handling in wicontrol(8) and ancontrol(8).
- In sshd(8), a kludge for F-Secure Macintosh < 1.0.2.
- Add lmccontrol(8) and spppcontrol(8).
- Fix TM_YEAR_BASE issue in touch(1).
- More isakmpd(8) updates.
- setenv(3) cleanups in make(1).
- Change powerpc crt0 startup code to deal with ctors/dtors properly.
- New aue(4) supplies support for the usb(4) Kingston KNU101TX USB Ethernet adapter.
- Some more DELAY() calls in hifn(4) permits some fast machines to work better.
- Avoid a nasty mbuf sharing case in ip_forward().
- Nuke old timeout code in mii(4) drivers, which collided with new timeout code in the same blocks.
- Many manual page cleanups.
- Change /root to be mode 0700 instead of 0755.
- Enable DES support in SSH1 protocol clients (for compat with exported Cisco routers).
- Fix numerous erroneous mmap(3) calls in the source tree.
- Fix cc -shared issues in perl(1).
- Fix scan code bug in pcvt(4) that prevented RIGHT_SHIFT+PGUP/DN key combinations from activating scrollback.
- New cipher framework in sshd(8).
- Add support for s/key (kbd-interactive) support in sshd(8) SSH2 protocol.
- Implement -o support in scp(1).
- Use terminfo(5) interfaces in tn3270(1).
- In dc(4), fix ethernet address reading on ADMtek AN983.
- In inetd.conf(5), disable talkd(8) and fingerd(8) by default.
- Nuke IPv4 mapped address support in IPv6.
- Implement diffie-hellman group exchange in ssh(1) and sshd(8).
- Add mkhybrid(8) [need this for the powerpc port HFS CD].
- Deal with KA52/53 in vax port, and other vax stuff.
- Add /etc/primes, used for diffie-hellman key exchange.
- Link telnetd(8) and telnet(1) against curses(3) instead of ocurses(3).
- Correct environment variable handling in curses(3) library.
- fd_set overflow handling in curses(3) library.
- ICMP and RST rate limitation code, controlled using sysctl(8) on net.inet.icmp.errppslimit, net.inet6.icmp6.errppslimit, and net.inet.tcp.rstppslimit.
- ppsratecheck(9) code added.
- Alpha portability for routed6(8).
- SECURITY FIX: Prune more environment variables in telnetd(8).
A patch is available.
[Applied to stable]
- Avoid fd_set overflow in kerberos(8) and identd(8).
- RELIABILITY FIX: Repair non-exploitable buffer overflow in sendmail(8).
A patch is available.
[Applied to stable]
- libkeynote update.
- isakmpd(8) update.
- In login.conf(5), crank maxproc for staff login class.
- In dump(8), do not dump core if the raw device cannot be determined.
- More vax fixes.
- In ppp(8), try to deal with bugs in pppoe(8).
- Permit install time passwords to contain meta-characters.
- AES support in ipsec(4).
- Uninitialized variable in bridge(4).
- Move gcc(1) to using -shared, as well as -fpic or -fPIC as relevant.
- ncurses-5.1-20001007
- Add support for Symbios 53C1510 and 53C1510D to ncr(4).
- New isakmpd(8).
- Permit moused(8) and X11 to coexist.
- For now, work around powerpc pmap/cache bug by having ld.so(1) do extre cache flushes.
- Use -q flag to ls(1) in /etc/security, for safety against non-printable characters.
- Avoid fd_set overflows in ping(8), ping6(8), traceroute(8), traceroute6(8), ampd(8), kadmin(8), getty(8), ppp(8),
- Remove unimplemented -edebug flag from telnetd(8).
- Various improvements to ppp(8).
- pthread support on the powerpc.
- Check for root privs on SIOCSIFPHY*, and SIOCGIFP*ADDR repairs
[Applied to stable]
- Fix format string bug in top(1).
- Finally make sparc pthread support work.
- Many vax fixes.
- Fix bugs in libc db(3) functions.
- Enhance hash buffer size in dev_mkdb(8)).
- IKE support in tcpdump(8).
- More careful byte order handling in tcpdump(8) bgp support.
- SECURITY FIX: Ignore $HOME/.termlib in curses for setuid/setgid executables.
A patch is available.
[Applied to stable]
- Routing header typo in inet6 fixed.
[Applied to stable]
- SECURITY FIX: talkd(8) format string vulnerability.
A patch is available.
[Applied to stable]
- More (low priority) format string errors.
- Prevent panic in speaker(4).
- Attempt to deal with Davicom DM9102A homePNA bugs in dc(4).
- Make moused(8) support work in modes other than 25-line.
- Do not attempt to use a copybuffer in pcvt(4) before it has been set.
- Fix recently introduced bugs in rbootd(8).
- New libkeynote.
- Fix an ipsec(4) panic on alphas.
- In chpass(1), do not permit non-printable characters in the passwd(5) file.
- Implement getnulldev() machine-dependent API, and use it for the hack that stops fd 0, 1, and 2 from being played with in setuid programs.
- More games fixes!
- Cleanups in nc(1).
- Ensure that ICMPs generated from date over IPSEC go back over the same IPSEC tunnel, if at all possible.
- Performance improvement to twe(4).
- Fix off-by-one in getnameinfo(3).
- Support i82562 fxp(4) device.
- More tweaking in pcibios(4) code for dealing with busted BIOS implementations.
- gcc 2.95.pre3
- Attempt to deal with a cardbus shutdown hang on some Toshiba systems.
- Fix memory leak in kernel internal fdalloc() function.
- Fix a locking bug in the pthreads implementation of getgrent(3) functions.
- More games fixes.
- In newfs(8), if a cylinder group does not fit inside a block, adjust secpercyl and ntracks until it does. Perhaps weird geometry setups to still build filesystems.
- Clear pcvt(4) copy buffer as soon as any console device gets a last close.
- Make pcvt(4) mouse copying mimic xterm functionality more.
- Repair a mapping problem in pcibios(4).
- Repair random number generation in pms(4).
- More volatiles in hifn(4) (but all the bugs are not yet gone).
- Trim RSS text relocation warnings in old ld(1).
- Extend auth methods support in sshd(8).
- In ssh(1), more bug compat for old ssh.com software.
- Panic bugfix to tl(4).
- Correct some -fPIC handling in old ld(1).
- Fix year handling in touch(1).
- Some pcibios changes, mostly in addresses repair.
- Lots more ipsec changes, for automatic IKE setup.
- Support 64 bit BARs on PCI.
- subr_extent had a off by one in a validity check.
- Correctly calculate MSS in tcp pmtu cases.
- In ipsec(4) pfkeyv2, allow IDENTITY payloads in ADDFLOW messages.
- Various ioctl additions so that X11 works on the powerpc.
- On powerpc, use BATs to map devices.
- Lots and lots of changes to ipsec internal layout.
- Display SPD entries in netstat(8)'s -r option.
- Path MTU discovery support in openbsd, enabled using the sysctl(3) variable net.inet.ip.mtudisc.
- Repair AFS support on the mips platforms.
- Some more fixes to the games!
- Fix old bug with wildcard interfaces
[Applied to stable]
- Various fixes to clcs(4) PCI audio driver.
- RELIABILITY FIX: Drop dubious ESP/AH packets without crashing.
A patch is available.
[Applied to stable]
- ldd(1) for powerpc ELF binaries.
- Other misc improvements to ssh(1).
- Support fxp(4) devices on cardbus(4), including detach.
- Support 3C3FE575CT CardBus xl(4) devices.
- Attempt to support 3C556[B] MiniPCI xl(4) devices.
- Repair IPv6 multicast support.
[Applied to stable]
- Fixes to faithd(8).
- Many improvements in ep(4) support, including support for more eject/mii, and other newer models.
- Support twe(4), the 3Ware IDE raid controller.
- Check all calls to setenv(3) in userland.
- More puc(4) devices.
- Support IPSEC data flow in ppp(8).
- More cleanups in make(1).
- Use vis(3) for outputting data in syslogd(8).
- Fix sorting bugs in the miniroot.
- Multiple debug levels in ssh(1).
- Cause getsid(2) and getpgid(2) to return EPERM if requesting out of session/pgrp, as well as fix other bugs.
- natm fixes.
- binutils 2.10
- Fix INET6 components of atm support.
- Update powerpc miniroot install stuff.
- Handle LBA partitions even better in fdisk(8)
- Fix user quota reporting in repquota(8)
- arla-current
- Re-enable ray(4) after resume.
- Linux mmap() ignores the fd argument when MAP_ANON is set.
- Some reliability fixes to asc(4) for pmax.
- Another one byte overflow in getty(8)
- ums(4) support.
- More cleanups in pcibios(4)
- Clarify licencing on components of ssh(1) and such.
- Repair dcphy(4) problems for Macronix PMAC 98715 and family.
- Fix TAILQ_FOREACH_REVERSE.
- More use of new timeouts in the kernel.
- Avoid excessive wakeup() in crypto subsystem.
- Run powerhooks at splhigh(), and backwards from initialization order.
- Bounds checking code in compat/emul code.
- Open a file with egid in wall(1).
- Inconsequential Buf overflow in getty(8).
- When cards come up with very bad MAC addresses, generate a fake one.
- tzdata2000f.
- Start sendmail(8) even more carefully in /etc/rc, to avoid whining.
- Mag tape ioctl emulation for compat_osf1(8).
- Many improvements to powerpc, including wscons(4), usb(4), and rebooting support, amongst many other things.
- Support different font sizes in wscons(4).
- Fix inquiry problems in adw(4).
- Various fixes to SACK and FACK.
- Powerhook workaround, so that wi(4) suspends wake up properly.
- Enable ssh-add(1) deletion support for DSA keys.
- Support detach for cardbus(4) xl(4) devices.
- Fix IO/memory space allocation in cardbus(4)/pci(4) rbus handling, so that some devices do not map on top of each other.
- Increase page use in i82365 pcic(4).
- Portability fixes to sftp-server(8).
- Fix login time handling in sshd(8).
- In sshd(8), cause SSH_ORIGINAL_COMMAND environment variable to be initialized.
- Fix file descriptor leak in ssh(1).
- Install kerberosIV info file.
- Make pcvt(4) mouse support act more like an xterm.
- Improvements in pcic(4) attachment on pci(4).
- Fix EDP register handling in xe(4).
- In ray(4), fix panic on detach.
- More changes to hppa.
- Add the L: modifier to all tweakable var tests in various Makefiles.
- Various fixes to ppp(8).
- Fix parsing problems in netstart(8) when reading hostname.if(5).
- Cleanup and fix -S support in scp(1).
- Add joy(4) driver for amiga.
- Import moused(8), a userland mouse daemon the for new pcvt(4) features.
- Add kernel console mouse support to pcvt(4).
- In rtadvd(8), repair a routine to grab interface MTU information.
[Applied to stable]
- Add sftp-server(8), capable of doing the things needed by ssh.com's scp2 and sftp clients. We have no client to talk the protocol ourselves.
- Various build tweaks in kerberos.
- In getaddrinfo(3), fix canonical name for /etc/hosts file-based search.
- OpenSSH 2.2.0 released.
[Applied to stable]
- Use arc4random(3) in ppp(8) plus various other fixes.
- Correctly read MAC addresses on all ne(4) cards.
- More svr4 emulation fixes.
- Prevent csh(1) from coredumping in some situations.
- Use srandom(3) in ppp(8).
- x11-ssh-askpass 1.0.1.
- In IPv6, do not forward packets with unspecified source.
- Add filters logging and radius accounting support to ppp(8).
- Lot of sun3 changes.
- Various ssh(1) improvements.
- brgphy(4) driver for broadcom 5400 and xmphy(4) for XAQTI XMACII phys.
- ssh(1) compatibility with future ssh.com versions (which contain a bug in their HMAC handling).
- Add detach support for xe(4) and aue(4).
- Import newer mii(4) code, supporting mii subdevice detach.
- In dc(4), avoid freezes on large data transfers.
- ssh(1) now talks to ssh.com 2.3.0.
- Some clarifications in manual pages regarding the format string bug in printf(3), setproctitle(3), syslog(3), warn(3), and err(3).
- Performance improvements to sis(4).
- Correctly match Promise Ultra/100 in pciide(4).
- Fix shared library creation problems on mips.
- Fix IPSEC flow deletion problem when using -transport.
[Applied to stable]
- In scp(1), repair copying of files 2GB in size or larger.
- Crank some defaults in login.conf(5).
- Various fixes to lpc(8).
- Repair sendmail(8) options handling.
- Make timeouts happen with the expected frequency.
- Implement svr4 emulation for pread64, pwrite64 and fcntl DUP2FD.
- Manpage fixes.
- We're at 2.8-beta now.
- Use the user's default groups if user is specified in inetd.conf, but group is not.
- Be more paranoid in cron(8).
- Fix var handling in make(1).
- Support FIONBIO and FIOASYNC on rnd.
[Applied to stable]
- Proper template file creation on ksh(1).
- Implement resource limits in several daemons.
- Add login.conf(5) support, making possible limiting resources per class.
- Minor bug fixes associated with the use of the UseLogin directive in sshd_config.
- Bypass key generation in mod_ssl if SSL is not enabled in any (virtual) servers.
- Add SSH2/DSA support to ssh-agent(1) and some DSA related cleanups.
- Use specified home directory, if specified, and other fixes to user(8).
[Applied to stable]
- Resolve a driver name conflict in the pmax platform. The pmax dc(4) driver has been renamed to dz.
- Many updates to the ubsec(4) code.
- Various IPv6 fixes.
- Add -S option to scp(1) and ssh(1) to use a program for encrypted connections.
- Lot of manpage updates.
- Various improvements to linux emulation.
- Add IPv6 support to telnetd(8).
- Allow ppp(8) to be used without SUID privs.
- Make pcibios(4) a real device making possible the use of flags.
- Avoid duplicate utmp entries in ssh(1).
- Update awi(4) driver.
- Various ppp(8) improvements.
- More fixes to ubsec(4) auth+enc code.
- Convert pccom(4) to new timeouts.
- Implement -a option on wicontrol(8), was documented but not present.
- In mail.local(8), fix sendmail.cf location.
- Catch bogus MAKEDEV(8) mouse and spit out an reasonable error.
- In ppp(8), ISDN B channels have a bandwidth of 64000, not 65535.
- More format string paranoia.
- Several setproctitle(3) fixes in ppp(8).
- SECURITY ISSUE: format string localhost root vulnerability in xlock(1).
A patch is available.
[Applied to stable]
- Improvements and fixes in hppa land.
- Increase if_obytes and if_omcasts in vlan(4) output routine as done in ether_output.
- In ubsec(4), deallocate resources on attachment failure.
- Fix auth-only mode in ubsec(4).
- In hifn(4), deallocate resources on error and workaround memory problems in rev A boards.
- mod_ssl 2.6.6.
- fix locking in threaded getgrent(3)
[Applied to stable]
- gdt(4) cache fixes and additional card support
[Applied to stable]
- SECURITY ISSUE: several DoS holes in libX11, libICE and X clients.
A patch is available.
[Applied to stable]
- mod_ssl 2.6.5
- Repair ntpd/ntpdate handlings in /etc/rc.
- Various improvements and fixes to ppp(8).
- Correctly handle ip_off in a corner case of IPSEC.
[Applied to stable]
- i386 now has another install floppy: floppyC27 contains cardbus support.
- In ssh(1), disable FallBackToRsh by default.
- In TCP, compute correct window scale when recvpipe option is set in route.
- KTH Kerberos4 1.0.2
- In sshd(8), fix MaxStartups code to work with -d.
- RE-RELEASE: Re-release pmax release after dmesg(8) and /kern/msgbuf was fixed.
A patch is available.
[Applied to stable]
- Fix simpleroot support.
- ncurses 5.1
- Do not default to empty passwords in adduser(8), simply because it's stupid.
- Use strsep(3) instead of strtok(3) in ssh(1) and sshd(8).
- Add -flags option to find(1).
- In inetd(8), handle IPv6 addresses in hostname specifiers.
- In systat(1), correct layout of the io page.
- Support Intel 440MX Ultra/33 controller in pciide(4).
- Handle Promise Ultra/100, deal with D2 AMD K7 controllers, and various other tweaks to pciide(4).
- New release(8) page describes how to build a distribution.
- Fix an spinning select(2) loop in nc(1).
- For select(2) and poll(2), if we are awakened by a collision the timeout must be recalculated.
- On powerpc, handle late configuration of the interrupt controller.
- Fix port and X11 forwarding in sshd(8).
- Change fingerd(8) back to using fgets(3) instead of fgetln(3), to reduce denial of service attacks.
- Change compat_linux(8) so that it logs and returns ENOSYS rathern than deliver SIGSYS for unimplemented system calls.
- Add ucomm(4) support to MAKEDEV.
- Delay slightly longer after reset in xl(4) for some configurations.
- Add support for National Semiconductor DP83815 fast ethernet to sis(4).
- Ensure PCIBIOS32 does not panic if the BIOS lies.
- Add support for 82801AA_LPC in PCIBIOS32.
- Add spllowersoftclock() on all architectures, and correct splsoftclock() to avoid races.
- Fix pmap activation on mvme68k.
- Support ddb(4) entry from cl(4) on mvme68k.
- In user(8), ensure that we do not generate passwd lines longer than 1023 characters.
[Applied to stable]
- Latest wx(4) driver, works better with more switches.
- Improve support for Ricoh cardbus bridges.
- CardBus and PCIBIOS32 support enabled by default in i386 GENERIC kernel.
- Update isp(4) driver.
- Add a timeout structure per scsi transfer, so that controllers can do timeouts easier.
- Fixed numerous cases of printf(3)-style functions being called with their first argument being user controlled, where it should be %s
- More careful handling of IPV6 mapped addresses in the IPV6 code.
- Repair X11 forwarding in ssh(1).
- Make dmesg(8) once again work on the alpha.
- setproctitle(3) misuse in faithd(8).
- SECURITY ISSUE: remote hole via setproctitle(3) misuses in ftpd(8).
A patch is available.
[Applied to stable]
- In /etc/rc, start sendmail(8) in the background.
- Prepare ddb(4) internals for KGDB support.
- Fix spl usage in sparc magma(4).
- Stop kernel sleeps from returning up to a tick early by fixing hzto(9).
- Latest version of the pcvt(4) scrolling region patch...
A patch is available.
[Applied to stable]
- Make getaddrinfo(3) return EAI_NODATA for name resolution errors.
- Greater care of rlimit handling in sbrk(2).
[Applied to stable]
- Cleanup spl handling on the sparc.
- Fix dmesg(8) and /kern/msgbuf on the pmax.
- Support bigendian hardware in ahc(4).
- Fix tail queue leakage in the crypto queue support.
- New wscons on the alpha.
- More carefully reset pcic registers when testing for working pcmcia(4) interrupts.
- Plug two memory leaks in brconfig(8).
- Various gcc(1) fixes for the vax.
- SECURITY ISSUE: Buffer oflows in mopd(8).
A patch is available.
[Applied to stable]
- More fixes in the games.
- Make ipnat(4) detaching work with pcmcia(4).
- Correct interrupt sharing types in pcmcia(4).
- Fix to a fix in uvm.
[Applied to stable]
- Change to 16 partitions in sun3 port.
- Dynamically size the m4(1) internal machine stack.
- Faster C version of ffs(3).
- In vr(4), support VIA vt6102.
- Import wsconsctl(8), wsconscfg(8), and wsfontload(8).
- In fdisk(8), be more verbose about partition layout errors.
- To aucat(1), add -f option for specifying audio device.
- More regression tests for m4(1).
- In xl(4), add support for 3CCFE575BT and 3CCFEM656C.
- Import a regression suite for m4(1).
- In make(1), recognize +cmd as a command that should still execute in make -n mode.
- Correct giftunnel handling in ifconfig(8).
- New fix for the pcvt(4) scrolling region bug.
A patch is available.
[Applied to stable]
- mod_ssl 2.6.4
- clcs(4) driver for the cs4280 Crystal Clear audio hardware found in some laptops.
- Make UVM work on the powerpc.
- Convert much kernel code to the new timeout API.
- Fix multicast hashing problem in xl(4).
A patch is available.
[Applied to stable]
- Fix numerous more bugs in the games.
- Fix MAC address matching in pcap(3).
- Make the ep(4) driver more friendly during detach.
- Fix bpf code in ray(4).
- For the err(3) family of calls and syslog(3), ensure that dynamic content never appears as the second argument -- use at least %s.
- Update adw(4) driver.
- Add creat64 and mmap64 system calls to svr4 emulation.
- Handle strtol(3) instead of atoi(3) in the kill implementation in csh(1) and ksh(1).
- Fix COPTS vs CFLAGS issues in the source tree.
- Fix panic message from i386 in_cksum.
- Fix path to kerberos master key file.
[Applied to stable]
- SECURITY ISSUE: Stop libedit from opening the .editrc file in the current directory.
A patch is available.
[Applied to stable]
- Fix an infinite loop in fsck_msdos(8).
- Fix some racy interaction between pcmcia(4) insertion and suspends.
- Add -U option to ldconfig(8).
- Fix a stupid bug in m4(1) argument handling.
[Applied to stable]
- Repair stupid bugs in ste(4), which prevented it from working in 2.7 release.
A patch is available.
[Applied to stable]
- Connection limitation code for sshd(8).
- Allow svnd(4) to work on sparse files.
- In pciide(4), support CMD 648/649 UDMA66 controllers, and also fix the Promise UDMA66 cable check code.
- ncurses 2000/6/10 update to termtypes.master.
- In ne(4), re-fix Linksys Combo PCMCIA EthernetCard (EC2T) after AX88190 broke it.
- Disable automatic crash(8) dumps for swap encryption.
- SECURITY ISSUE: Be much more careful about dhclient(8)'s handling of external variables.
A patch is available.
[Applied to stable]
- Implement svr4 emulation for getdents64, lstat64 and stat64.
- Do not start snmpd by default if it is installed.
- Implement sort(1) as a shell function on the boot floppies, to save a lot of space.
- Ensure sshd(8) does not misbehave if the skey key file is missing.
- Cleanups to tail(1).
- Significant performance improvements to make(1).
- Numerous more fixes to an(4), regarding bridging, ipv6, bpf logic, and pcmcia detach.
- Newer ppp(8) code.
- Change dhcpd(8) so that it is not as susceptible to abandoning addresses.
[Applied to stable]
- For crypted vnd(4), zero the key on unconfig.
- Kill the legacy vtrace(2) system call.
- Avoid using 3c905b-specific multicast hash code, it is buggy.
[Applied to stable]
- IPv6 support in the resolver. The nameserver line can now take ipv6 addresses.
- Soft updates is now free.
- Add epsv4 command to ftp(1), to disable epsv negotiations on IPv4 connections.
- Fix various bugs in ip gatewaying that angelos introduced.
- Sync with newed ndp(8).
- Allow vnconfig(8) to turn on encryption for vnd(4).
- Fix bpf mishandlings in an(4).
- Avoid using IO port 0x370 on laptops for pcmcia(4), since some sound cards sometimes land there.
- On i386, if only one CPU family is specified, pass flags to the optimizer.
- Merge in new isakmpd(8) changes.
- Funnel crypto completion events via crypto_done(), not directly to the caller.
- Closer towards making some more sm(4) pcmcia(4) cards work.
- More verbose information for pppoe(8) in tcpdump(8).
- Teach ipv6 AH & ip-over-ip code to deal with ipv6 scoped addresses better.
- Initialize mtu/hlim for enc(4) so that IPv6 icmp reflect works properly.
- Do not double-log ipf(8) information into /var/log/messages.
- Repair bridging issues in an(4) and tl(4).
- Fix ipv6 ipsec AH length checks.
- ncurses-5.0-20000617.
- ipv6 ipsec(4) outbound direction code.
- De-#ifdef bpf(4) code.
- Start at fixing ubsec(4) AH support.
- isakmpd(8) update.
- Honor scopeid in inetd(8).
- Fix sun3 pmap, MAKEDEV, and disktab(5) bugs.
- Make ssh(1) userauth+pubkey interoperate with ssh.com-2.2.0.
- More bugs in an(4) and wi(4). Anyone see a trend?
[Applied to stable]
- Kill /etc/ifaliases in favor of the functionality in hostname.if(5).
- Fix more pesky buffer overflows in ancontrol(8).
- Import tcfs userland tools: tcfsuse(1) and tcfsmng(8).
- Fix pesky buffer overflows in ancontrol(8) and wicontrol(8).
- Fix many more things in tcfs.
- Parse ${local_rcconf} in /etc/rc.conf instead of /etc/netstart.
- More fixes to an(4).
[Applied to stable]
- Modify vmstat(8)'s -f option to show kernel threads as yet another kind of process.
- Modify ps(1) to hide system processes unless -k is given.
- Mark kernel threads as system processes.
- Cleanup some things in sparc hme(4) and qe(4).
- Numerous other IPV6 kernel changes.
Too many for me to list in detail, but Itojun is busy in the other room hunched over a laptop screen with Angelos, and we are sure more are coming.
- Do not mess with non-blocking mode on ttys in ssh(1).
- Repair some multicast problems with IPV6.
[Applied to stable]
- Fake FIONBIO and FIOASYNC in random(4).
- Support i82559ER in fxp(4).
- Improve handling of RIP in tcpdump(8).
- Add Rijndael support to ipsec(4).
- Import pppoe(8).
- Fix some bugs in the IPSEC getsockopt(2)/setsockopt(2) API regarding sizeof(int) vs sizeof(u_char).
- Support IPV6 in identd(8).
- Move IPV6 mbuf alignment requirements into input routine, removing the last performance critical one in loopback.
- ubsec(4) fixes to queue requests to the hardware properly. The device can now do ipsec with itself over loopback or the network, but something is still mangled about the actual ipsec packets.
- SECURITY ISSUE: Two localhost denial of service problems in the an(4) Aironet Communications 4500/4800 IEEE 802.11DS driver. One bug prevents ancontrol(8) from working correctly, instead causing a panic, while the other allows unauthorized users to change settings.
A patch is available.
[Applied to stable]
- crypto(9) kernel thread permits hardware crypto devices to run at any spl they prefer.
- Initial OpenSSH support for ssh.com's 2.2.0.
- For setsockopt(2) and getsockopt(2), do not assume non-PF_INET6 address family to be PF_INET.
- In sshd(8), implement bug compatibility with ssh-2.0.13.
- In ssh(1), include = in WHITESPACE, permitting commands like ssh -o keyword=argument.
- Enable IPV6 support in sendmail(8).
- Change ipsec processing sequence to handle inner and outer layers much better.
- Add support for SSH2 subsystems in sshd(8).
- On ifconfig(8) down & up operations, mark all radix tree routes down or up for the specified interface.
- In mount_ffs(8), permit the -f command to mount dirty file systems. This is dangerous, but makes more sense now that we are moving towards soft update file systems, where the inherent danger is much less.
- In ftpd(8), make -u block the chmod client command.
- Allow extended server banners in sshd(8).
- In mount(8), -o force is not a negative option.
- Add support for AMD 53c974 scsi chipset.
- Import of tcfs into the kernel, a file content crypto file system.
- Remove traffic-time debugging messages in ssh(1).
- Repair small list-based errors and uglinesses in make(1).
- Commonalize MIN() and MAX() macros inside the kernel.
- Use memcmp(3) in bridge(4) to fix a hashing algorithm error.
[Applied to stable]
- memcmp(3) in the kernel as well, since implementing it in terms of bcmp(3) is very wrong.
- Update vnode flag printing in pstat(8).
- Do not whack directory in user(8).
[Applied to stable]
- Hardware random number generator in i840 also works, like i810.
- Fix an ESP status message in netstat(1).
- Put RSA into our ssl(3) tree. Since our next release is not till after the patent expires, it's OK.
- Split sysctl information for swapencrypt into an tree, and add more gunk.
- In ftpd(8) correct STAT command output for LPSV output.
- Correct an ipsec esp bug.
- In ftp(1) make both ls and dir send a LIST command.
- Minor bug fixes and optimizations in /etc/rc.
- Update of ppp(8).
- Put an upper bound on transaction queue of the ubsec(4).
- Correct source length calculation in hifn(4).
[Applied to stable]
- Initial import of ELF ld.so, for powerpc initially.
- Correct secondary mbuf setup in hifn(4).
- Broadcom Bluesteel 5x0x ubsec(4) crypto cards now supports ESP 3DES modes properly. No AH or MAC stuff yet.
- Make flags field in newsyslog(8) files optional.
- Modifications to traceroute6(8)
- Fix ADMtek identity crisis in dc(4).
- In ftpd(8) make sure that -h does high port binding in EPSV.
- Correct ENI_SALEN case in getnameinfo(3).
- Correct getnameinfo(3) behaviour against invalid sockaddr.
[Applied to stable]
- Better fix for the pcvt(4) scrolling region problem.
- Grok Plan9 file systems in fdisk(8).
- Merge newer ppp(8) code.
- Do not add empty lines to history in ftp(1).
- Grok QNX file systems in fdisk(8).
- Fix about 10 bugs in ubsec(4), which can now move a few packets before dying.
- Support multiple pid files in newsyslog(8).
[Applied to stable]
- On-going cleanup to make(1).
- Add pci(4) routines for dealing with Cypress 82c693 chips.
- Minor cleanup to pax(1).
- Merge chgrp(1) and chown(8) into chmod(1), and provide backwards compat hard and soft links.
- In xl(4), add support for 3c656, which is just the 3c575 + 56k modem.
- SECURITY ISSUE: A serious bug in isakmpd(8) policy handling wherein policy verification could be completely bypassed in isakmpd.
A patch is available.
[Applied to stable]
- Merge to new isakmpd(8).
- OpenSSH is now at version 2.1.1
[Applied to stable]
- RELIABILITY FIX: Avoid extra vrele in msdosfs, which would lead to a panic in some operations.
A patch is available.
[Applied to stable]
- RELIABILITY FIX: Permit NFS export of CDs without panicing the system.
A patch is available.
[Applied to stable]
- Fix ping6(8) -w option.
- Let flags in kernel config(8) specify apm protocol version and other operation modes for apm(4), for machines apm fails on.
- Change amiga ports loadbsd command to act more like other bsd loaders.
- Add -iname support to find(1).
- Sort option list in find(1); oops, "-and" was broken.
- Catch a malloc(3) failure in paste(1).
- Fix linux_compat(8) [gs]etrlimit emulation.
[Applied to stable]
- Update ti(4) to support newer cards with more memory.
- Kernel malloc(9) debug code.
- Make quot(1) work when passed mount points.
- Fix stack mishandling bugs in i387 libm, in particular, in exp(3) and friends.
[Applied to stable]
- Be more careful about tuples in pcmcia(4).
- gcc 2.95.3 (pre-release)
- Busify eg(4), to avoid conflict with ne2000 at 0x300.
- SECURITY ISSUE: Do not use the (non-default) UseLogin option in OpenSSH 2.1.*, it has a hole on other operating systems and does not work right in OpenBSD.
Update to OpenSSH 2.1.1 or later, or simply avoid using UseLogin.
[Applied to stable]
- sudo 1.6.3p4
- Fix a kernel race in _exit(2).
- In cut(1) deal with last input line not containing a newline
- One byte overflow in systat(8).
- Add D and z commands to disklabel(8) to use the default partition or zero it.
- A SIGCHLD fix in cron(8).
- More work on ubsec(4).
- Bug fixes to spif(4).
- Bridge packets before vlan'ing them.
- Fix a subtle bug in xe(4) which had a number of side effects.
- In sshd(8), fix login count failures in SSH2 support.
- Whack packet m_recvif field on bridged packets, permitting ipnat(4) to work with the bridge.
- More visible /tmp file (and failure removal) in makewhatis(8).
- Be more careful reading panic string from core in savecore(8).
[Applied to stable]
- Many other changes to ssh(1).
- Fix short malloc in faithd(8).
- In ssh(1), permit logins if temporary file systems are full.
- ich(4) audio driver onboard the Intel 810/820/440MX-based machines.
- Support ax88190 in ne(4).
- In apm(4) the time is kept in hours, not minutes.
- Add -A support to ssh(1).
- Support for 3c574 and 3CCFEM556BI pcmcia(4) in ep(4).
- A start at documenting what goes on inside config(8) files.
- Enable mg(1).
- Space treatment in ipcs(1).
- Do not treat bind(2) with IPv4 mapped address in a special way.
- Creation of 2.7-stable release, see our page describing it.
- Convert amiga port to UVM.
- Arrange to have ahc(4) support Adaptec 2930CU.
- SECURITY ISSUE: It was possible to bypass the learning flag on a bridge.
A patch is available.
[Applied to stable]
- In ftp(1), do not attach Host: directive if we are using the proxy.
- Make almost all manual pages machine independent.
- DRIVER FIX: The isapnp(4) ef(4) driver failed to configure properly.
A patch is available.
[Applied to stable]
- Helper script cleanup in httpd(8).
- SECURITY ISSUE: Update to ipf 3.3.16.
A patch is available.
[Applied to stable]
- On i386, place extra byte at end of pcb so that the iomap works for last 8 ports.
- Fix some key parsing routines in ssh(1).
- Permit detach of audio devices.
- Properly configure multicast table in wi(4).
- Handle 64 bit architectures in pstat(8) -f.
- Update rtadvd(8).
- Remove nfsiod(8) and replace it with an in-kernel thread based implementation.
- Make ssh(1) X11 forwarding work on localhost.
- Crank vnode use counts to 32 bits.
- Correct ifconfig(8) printing of gif physical address on non-IPV6 kernel.
- RELIABILITY FIX: Repair a routing table panic.
A patch is available.
[Applied to stable]
- Make ancontrol(8) act like our changed wicontrol(8) semantics.
- Use getifaddrs(3) in libc rpc code.
- For boot_config(8) code, save enable command in the history for config(8)'s -eu updating.
- Update multicasting support for IPV6.
- Fix usage printing in passwd(1).
- By default, do not vsync blank sparc cgsix(4) monitors, but provide a sysctl to do so.
- Start at a BlueSteel (Broadcom) 5[56]01 crypto accelerator driver.
- Accept empty shell specifications in sshd(8).
- In ssh(1), do non-blocking on ssh1 protocol sockets too.
- In makewhatis(8), do not stop if the directory does not exist.
[Applied to stable]
- Some additions to keynote(3).
- Crank rt_refcnt to 32 bits.
- Supply entropy from i386 mouse drivers to the kernel random number generator.
- Correct p2p interface address handling and various other bugs in route6d(8).
- Few more tweaks to pcvt termcap definition.
- Ensure SIOCSETVLAN gets a valid vlan tag.
- After ftp(1) finishes downloading, change progress meter to show the total elapsed time.
- Handle 0-size files in ftp(1)'s progress meter.
- Parse RFC2732 ftp URLs in ftp(1).
- In IPV6, perform NUD on p2p link, only if the destination/gateway is real neighbor.
- In getaddrinfo(3), translate DNS error code into getaddrinfo error code (EAI_xxx).
[Applied to stable]
- RELIABILITY FIX: Parse IPv4 options more carefully.
A patch is available.
[Applied to stable]
- Translate DNS error codes in getaddrinfo(3).
- cardbus(4) com(4) driver.
- Support debugging libraries via DEBUGLIBS in /etc/mk.conf.
- Driver for tcic(4) style pcmcia adapters.
- Fix ipsec(4) ESP sanity checks that caused really short packets to be dropped. Only icmp was affected.