OpenBSD 2.9 changes

OpenBSD 2.9 released (June 1, 2001)

This is a partial list of the major machine independent changes (i.e., these are the changes people ask about most often). Machine specific changes have also been made, and are sometimes mentioned in the pages for the specific platforms.

Changes to the ports collection are documented here.

Note: Problems for which patches exist are marked in red.

For changes in other releases, click below:
2.0, 2.1, 2.2, 2.3, 2.4, 2.5, 2.6, 2.7, 2.8, 3.0, 3.1, 3.2, 3.3, 3.4, 3.5, 3.6, 3.7,
3.8, 3.9, 4.0, 4.1, 4.2, 4.3, 4.4, 4.5, 4.6, 4.7, 4.8, 4.9, 5.0, 5.1, 5.2, 5.3, 5.4,
5.5, current.

Changes made between OpenBSD 2.8 and 2.9

SECURITY FIX: Avoid DoS attack in ftpd using glob patch.
A patch is available.
[Applied to stable]
...
SECURITY FIX: Fix ipf(8) fragment caching bug.
A patch is available.
[Applied to stable]
...
SECURITY FIX: Fix buffer overflows contained in glob(3) function.
A patch is available.
[Applied to stable]
...
Check for short packets and bad types sent to timed(8).
[Applied to stable]
...
OpenSSH 2.5.2 released.
[Applied to stable]
...
SECURITY FIX: Be careful with file permissions in readline library
A patch is available.
[Applied to stable]
...
Make buffer size 8k on NE1000, and 16k otherwise for ne.
[Applied to stable]
...
Move bogus packet length test in udp packets to avoid being stuck at splsoftnet.
[Applied to stable]
...
SECURITY FIX: on i386, check arguments to USER_LDT (not enabled by default) mappings.
A patch is available.
[Applied to stable]
...
IMPLEMENTATION FIX: fix port number computation in libwrap client side ident implementation.
A patch is available.
[Applied to stable]
...
Fix several copyin/copyout bugs in sys/compat.
Provide a random start for tcp timestamps.
Support sharing disks between MacOS and the PowerPC port.
Add support for the SaramNcom NS-1100M in the wi(4) driver.
Fix support for the D-Link DE660 pcmcia card in ne(4)
In sis(4) add support for reading the MAC address from the APC CMOS RAM in SiS630E-based chipsets.
In ne(4), changes in media type initializion on DP8390-compatibles.
Implement read/write access to an IEEE 802.3u mii(4) bus using the bit-bang method.
Add support for DOZE mode on powerpc processors that support it.
Add support for the Symbios 53c1010 in the siop(4) driver.
Implement mincore(2), mlockall(2) and munlockall(2).
Added support for ami(4) MegaRAID Controllers.
Fixed several occurrences of exit(-#); exit(3) only passes the lower 8 bits of status on to the parent.
Fixed several occurrences of PATH_MAX+1 that should be PATH_MAX.
Fix interrupt handler registration on the mvme88k port, remove 68k-isms and add UKC support.
Add some non-US encodings to the USB keyboard driver.
Disable bogus file check in cvs(1).
[Applied to stable]
Enable tag queuing and fix some wide/sync negotiation problems in the siop(4) driver.
Add support for isapnp(4) i82365-based pcmcia(4) controllers.
Many man page fixes.
Fix checksum calculations in bridge(4) setups.
Avoid reading some AC97 registers in neo(4) driver as needed by some devices.
Avoid a deadlock condition in the syncer.
wscons(4) support for powerpc adb keyboard.
Plug many memory leaks in the libc rpc(3) code.
Drop packets with 127.0.0.0/8 in header field, if the packet is from outside. RFC1122 dictates that 127.0.0.8 must not appear on the wire.
In sudo(8), fix negation of path-type Defaults entries in a boolean context in sudoers(5).
Add open hashing functions to libc.
fsck(8) changes for soft updates support.
Extend kqueue(2) down to the device layer for better device support.
ncurses-5.2-20010224
In the i386 bios(4) driver, add a check for ROMs mapped into memory and setup an extent for each one found. This fixes a problem with ISA cards using iomem space already claimed by a ROM.
Update to sendmail(8) 8.11.3 which fixes potential data loss if a machine crashes.
A number of filesystem races and locking problems have been fixed.
In ne(4), add support for a D-Link DFE-650 model with a different vendor ID.
Improved stability with soft updates.
WEP support for the an(4) Aironet driver.
Default SSID in the an(4) Aironet driver; now it will connect to any SSID.
Better detection of the VAX VS4000/VLC and MV3100/{3,4}0.
Improved S3 Savage X11 driver for XFree86 3.3.6.
Add mii(4) support to the vr(4) Via Rhine network driver.
Add support for the Dlink 530TX+ to the rl(4) RealTek 8129/8139 network driver.
SECURITY FIX: for ipsec(4), handle AH packets with IP options more strictly.
A patch is available.
[Applied to stable]
In the powerpc port, add edge/level sense detection capability to the interrupt controller.
Add uftdi(4) driver for the FTDI USB->Serial converter device.
Tone down the verbosity levels in many SCSI drivers.
OpenSSH 2.5.1 released.
[Applied to stable]
Fix DMA memory allocations in twe(4).
SECURITY FIX: update to sudo-1.6.3p6 which fixes a non-exploitable buffer overflow on very long argv components.
A patch is available.
[Applied to stable]
Correctly detect Daylight Saving Time changes in cron(8).
Add bash-like double-tab completion support to ksh(1).
Avoid losing RTC after suspend/resume on some laptops.
Repair an integer conversion bug in pms(4) which fixes the mouse resolution setting in X.
Fix non-TCP protocol mappings in ipnat(4).
In isakmpd(8), encode X509 expirations into KeyNote credientials/policies.
In pppoe(8), try every BPF device, not just even-numbered ones.
Support -C flag in nm(1).
Update ISC cron(8) to 4.0b1, maintaining our local changes, including signal handling fixes.
Rename old mvme68k and mvme88k siop(4) driver to ssh(4) to avoid naming conflicts.
Fix an uninitialized variable in wsmouse(4).
Some games fixes.
Nuke nlist(3) and kvm(3) usage in top(1).
More careful buffer handling in rusers(1).
Add MII support to the vr(4) driver.
Several IPv6(4) improvements from KAME.
OpenSSH 2.5.0 released.
[Applied to stable]
Sync many parts of the alpha port with NetBSD.
Fix 64-bit issues with the IPv6(4) multicast API.
Rewrite libwrap RFC931 support to avoid stdio issues with sockets.
Many man page fixes.
Pull in latest faithd(8) daemon from KAME.
In tcpdump(8), deobfuscate some IP protocols and improve IPsec(4) tunnelmode printing.
Set the offset for SCSI chain B properly in the VAX ncr(4) driver.
Import XFree86 4.0.3.
Long username fixes to lpd(8) and lprm(1).
Convert the powerpc port to UVM(9).
Import siop(4), a replacement for the ncr(4) SCSI driver.
Support more NE2000 PCMCIA devices.
Avoid passing shared mbufs around the kernel to prevent accidental overwrites.
Add pcscp(4), a driver which supports AMD Am53c974 SCSI controllers.
Modify sliplogin(8) to handle long usernames.
Add portsplus which tracks changes to the ports collection.
Allow X to work without pcvt(4).
Fix an authorizer removal problem in keynote(3).
Deactivate function pointers upon interface detach to avoid crashes.
Deal with the real time clock losing interrupts on i386.
Bump maxusers to 32 in the alpha port.
Avoid a theoretical buffer overflow in getpwent(3).
Fix an uninitialized variable in bsd.port.mk(5).
Disregard ospeed in tetris(6).
Modify wall(1) to handle long usernames.
Many isp(4) SCSI driver improvements and updates.
Fix goto-line 0 case in mg(1).
Fix PermitRootLogin option in ssh(1).
In brconfig(8), skip empty lines in the rulefile.
Fix HTTP installs, which were broken for quite awhile.
Repair statclock on mvme88k.
Ensure softupdates is enabled before performing softupdates-specific operations.
Define a sendmail(8) variable to workaround broken name servers.
Allow up to 12 virtual terminals in wscons(4).
Correct VAX signal handling.
Cleanup MAC support in SSH2.
Support attachment of Cheetah devices to vsbus as well as ibus in the VAX port.
Disable a bogus file check in cvs(1) to ease the pain of having replicated repositories.
Ensure $RSH is set in the rcmd(3) functions.
String table fixes to ddb(4) and modload(8).
Update wscons(4) code.
Pull in fixes for potential buffer overflows in xdm(1).
Compatibility fixes to tar(1).
Many OpenSSH cleanups and improvements.
New ELF symbol handling in ddb(4).
Enable wscons support in XFree86.
Modify PCI power state for clct(4) devices so they work after warm reboots.
Repair BPF support in gre(4).
Fix an uninitialized variable in wsdisplay(4).
Fix file attribute passing in sftp-server(8).
Correct a memory usage error in ssh-keyscan(1).
Add support to the powerpc for loading the bootloader and kernel from an HFS filesystem.
Better failure handling in vr(4).
Add support to dc(4) for parsing media blocks from Intel 21143 SROMs.
Strengthen SSH1 to make traffic analysis more difficult.
Updates to /etc/services from IANA.
In ssh(1), enforce non-batch_mode if StrictHostKeyChecking is set to "ask".
Backport a buffer overflow fix from XFree86 4.0.2 to in-tree XFree 3.3.6.
Stricter prototypes, type fixes, and other cleanups in OpenSSH.
Switch IPv6 raw socket code from NRL to KAME.
Stricter checking in SSH2.
OpenSSH 2.3.2 released.
[Applied to stable]
Implement an upper limit for icmp6(4) redirects.
Fix rwhod(8) to work, and make debug code a flag option.
Mark our tree such that we use wscons(4) as if it is vt220, instead of vt100.
In wscons(4), when scrolled back, if a new key is pressed, reset us to our previous location, as pcvt(4) used to do.
Permit sftp(1) over SSH1 protocol.
In sftp(1), do not forward agent or X11 traffic.
In tar(1), fix -T option and add support for -C option
Honor TMPDIR variable in tar(1), cpio(1), and pax(1).
perl(1) patch CHANGE6214.
New route6d(8).
Numerous more changes to sftp-server(8) and sftp(1).
Changes to accept(2) to permit return of ECONNABORTED.
Quieten IPv6 DN message reporting by default.
Improve xmalloc() and friends in ssh(1) code..
Remove dead architecture support from the tree.
Remove support for #! from syslogd(8).
cac(4) driver to support Compaq Smart ARRAY RAID controllers.
Ignore blank lines in hostname.if(5) files.
In ssh(1), add -1 option to force protocol 1.
Enable sftp-server(8) by default.
Numerous bug fixes to sftp-server(8) and sftp(1).
Make scsi work on the vaxstation 4000/90.
Same for tun(4), gif(4), and others..
Change lo(4) initialization code so that boot -c pseudo-device editing code can affect it in the expected fashion.
If kernel has ddb(4) support, add a ddb sub-command inside boot -c.
Teach the bridge to deal with ARP alignment in the presence of numerous previous layers...
EtherIP support in tcpdump(8).
Fix a bug introduced a few weeks ago in yppush(8).
A bit of a trawl through the source tree to please the alpha, since various problems occur in the absence of perfect weak symbols.
libc_r works on the alpha now.
Many new fixes to sort(1).
Teach config -e and boot -c about pseudo-devices.
Fix perl(1) h2ph scripts.
More bridge(4) fixes for unicast learning.
Add sftp(1) client.
Fix an off-by-{1,2,4} error in i386_space_copy(). wscons(4) now works perfectly.
More fixes to rtadvd(8).
Fix bugs in atc(6), snake(6), battlestar(6), phantasia(6), and adventure(6).
Enable scrollback from USB keyboards.
Numerous improvements in ppp(8).
At ELF execve(2) time, check for the OpenBSD note first, so that native binaries run best.
Attempt to share crtbegin/crtend in ELF csu, including an OS note.
Change powerpc ld.so(1) so all architectures use DT_INIT for ctors/init.
Fix overlapping bus space copy operations on i386.
Move EtherIP to version 3 (2 byte padded header).
Art does battle with ksyms(4), gets wounded, but eventually wins.
In sshd(8), S/Key is now called ChallengeResponse.
Make ReverseMappingCheck optional in sshd_config.
Mickey the madman goes on a new timeout crawl through pci and isa drivers.
Fix nlist(3) emulation for cases where the ELF header does not exist; permits /dev/ksyms to work on ELF machines.
Emulate some new freebsd signal(2) related things in compat_freebsd(8).
In IPv6, avoid panic when packet to nonexistent link-local address is issued.
xl(4) no longer needs to whine about tx underruns.
Fix ELF support for compat_freebsd(8).
Catch the alpha up to wscons(4) changes.
Fix wscons(4) wsmux(4) attachment.
Support mvme188 card in mvme88k port.
If a pccbb(4) bridge does not have the right voltages, assume it is dead. Permits single connector adapters to work.
Fix some bugs in the bridge(4), especially regarding gif(4).
IMPLEMENTATION FIX: fix memory allocation in the PCI LANCE ethernet driver, le(4).
A patch is available.
[Applied to stable]
In config(8) -e and -u, do not write out a new kernel if nothing changed.
Numerous fat utmp(5) changes to utilities.
Move utmp(5) to large format.
Fix some incorrect return values for mmap(2) functions.
[Applied to stable]
Make top(1) not setgid.
Update X11 to support the new i386 changes.
Configure wscons(4) defaults to be what our users expect.
moused(8) is dead for now.
Enable uhci(4) and ohci(4) devices by default in GENERIC.
Range-check invalid .max fields in inetd(8).
Various post-merge ipf(8) fixes. Some previous fixes got removed and had to be put back in.
In ATAPI code, ignore PIOMODE errors.
On many architectures, change console name to ttyC? instead of ttyE?.
Add -U option to ELF ldconfig(8).
Move i386 to wscons(4).
Re-org the alpha boot floppies.
More improvements against the Bleichenbacher pkcs#1 attack.
Fix more select overflow issues in ssh(1).
gcc 2.95.3, test 2.
ises(4), start of a driver for the Pijnenburg PCC-ISES crypto chip. Does random entropy insertion.
Permit many compat system calls to match to the same native call (was not permitted before).
A bunch of people are doing a kernel trawl to update drivers to new timeouts.
Support boot -c on the sparc.
Fix an early timeout bug in wdc/ata support, which caused problems with atapi tape drives.
Niklas runs through the tree doing commits in an attempt to keep up with Todd's much higher commit count.
Receive random numbers from ubsec(4) cards.
Make wdc mode printing more portable, so that the powerpc can use it too.
adb(4) drivers in powerpc port.
New upl(4) driver for Prolific PL2301/PL2302 USB host-to-host driver. This acts like a network device.
Remove -Q flag from sshd(8).
Change audio-driver interface so drivers can supply a minimum delta for mixer value changes.
USB sync.
SECURITY FIX: fix some buffer overflows in named(8).
A patch is available.
[Applied to stable]
Support Cheetah vaxes.
Improve MAKEDEV(8) manual pages on many architectures.
Cause pcibios(4) to route interrupts via the pci router at the time interrupts are established for each driver, not before.
Optimize pcidevs, usbdevs(8), and other tables in the kernel.
Both wi(4) and awi(4) now support more models of cards.
skey(1) SHA1 is supposed to be little endian.
Improve ping6(8) signal handling further.
Merge isakmpd(8) in. It is no longer separate.
Many ppp(8) improvements.
Handle binary data in install floppy dmesg.
Improve ELF handling of nlist(3).
Print CPU speed in GHz if it is that fast.
Detect Transmeta CPUs.
On powerpc, ensure that signal delivery fills in rval[1]; at least pthread was affected.
Move powerpc to MACHINE_NEW_NONCONTIG.
In mg(1), do not use rename(2) on the ~ file; make a new copy so that vipw(8) and crontab(1) do the right thing.
Tweak alpha so it sends SIGBUS for unaligned access, and does NOT do a fixup. This encourages people to fix their code.
KGDB support for the i386.
Pack alpha definition of infinity properly, other architectures too.
Recognize Intel P4 CPU.
Various space optimizations for alpha boot floppies.
Fix CF wdc, which was broken for a while.
Add "enable" keyword in config(8) files.
Merge and simplify emulation directory handling code.
Support Initio INI-91xx cards via new iha(4) driver.
In accept(2), when peer disconnects before accept is issued, do not return junk in mbuf by setting length to 0.
Support Hardware RNG on i850 and i860 hubs.
Fix sysctl(3) so that you can clear a string with it.
In sshd(8), rename "skey" to "challenge response", since this mechanism is now more flexible.
Reduce how long we wait for scsi devices to come ready; 50 seconds is enough.
pcvt(4) keyboard LED update lockup patch.
ncurses-5.2-20010114
Fix many more sshd(8) memory leaks.
Fix memory leak in isakmpd(8).
In timed(8), do not accept packets with an unterminated hostname.
[Applied to stable]
Alias map bios rom at both real address and it's own zero-relative address, because bios roms contain bugs.
In rtadvd(8), sync router renumbering flag bit to conform to 2292bis-02 and RR RFC.
Get rid of -R flag in ssh-keygen(1).
Avoid memory leak in ndp(8).
Establish pccbb(4), ohci(4), and uhci(4) interrupt handler much earlier, because of coming pcibios(4) changes.
Numerous small fixes to sshd(8) and friends.
In ssh(1), fix SIGSEGV for -o "".
On i386, validate gate targets.
The easy delete key always returns ^?, while the more difficult one returns ^H.
Incorporate a set of post-4.4BSD changes to the kernel routing code.
Support more than 256MB of ram on powerpc.
Be more careful with assuming with VIA chips can handle U66.
Document better how code using sigblock(3) and sigsetmask(3) would be converted to use sigprocmask(2).
Get sshd(8) ready for auth-login.
In ifconfig(8), permit prefixlen to work against ipv4 addresses.
Change savecore(8) to deal with machines dumping 1GB or more..
Attempt to deal with inverted signal races in terminal handlers better, throughout the source tree -- ie. main code is deep inside stdio, signal handler calls exit().
Document rules that apply to signal handlers in signal(3) and sigaction(2).
ipf 3.4.15
Fix a vi(1) crash.
SECURITY FIX: The rnd(4) device does not use all of its input when data is written to it.
A patch is available.
[Applied to stable]
Fix C sequence point issues in dd(1), monop(6), tail(1), and rbootd(8).
Fix previous inetd(8) fix.
Fix signal handler race in apmd(8), bootpd(8), syslogd(8).
Constrain isp(4) openings to 128, since the vendor code lies, cheats, steals, and makes us cry.
Fully support SSH2 RSA keys in sshd(8).
Change alpha bootblocks to ELF.
Fix fd_set overflows and signal races in pppoe(1).
Important pthread fix.
Large block of documentation and functionality changes to mail(1).
fd_set overflow fix to routed(8).
Signal handler fix to newfs(1).
Cleanup various signal races and buffer overflows in ed(1).
Fix signal race in mountd(8) by writing our own svc_run() routine.
Fix uninitialized variable bug in config(8) UKC code that ignored first command sometimes.
Various changes ensure that all known le(4) cards now work on sun4, sun4c, and sun4m machines.
Tweak subr_extent code with respect to boundary cases.
sftp-server(8) draft came out; convert our sftp-server(8) to be compliant.
sendmail 8.11.2
Signal race fixes to fsck_ffs(8), rcp(1), slattach(8), shutdown(8).
Change asm and volatile to __asm__ and __volatile__ in any file which might be compiled using -ansi -pedantic or similar.
Some signal handler cleanup in rcp(1).
Cleanup timeout code in adw(4).
Numerous alpha catchups.
New rtadvd(8) code.
Compute UDP checksum in dhcpd(8).
Move mvme88k to UVM(9).
clct(4) driver for Cirrus Logic CS4281 sound chips.
Support {Allow,Deny}Groups in sshd(8).
sshd(8) SSH2 protocol support for keepalives, IPTOS_LOWDELAY, TCP_NODELAY, and IPTOS_THROUGHPUT.
Add kerberos(1) password handling in sshd(8) for kerberosIV.
More memory leak fixes to sshd(8) and ssh(1).
Tweak strlcat(3) to not crash for a certain "illegal pointers, length 0" situation.
Clarify setjmp(3) variants in the manual pages.
Correct fd_set and signals in ping6(8).
Un-race three signal handlers, and fix select overflows in inetd(8).
Fix signal race in route6d(8).
Move mvme88k to MACHINE_NEW_NONCONTIG.
Fix signal races in rwhod(8).
Fix fd_set overflow in yppush(8).
Fix closedown stub generated and hand-whacked by rpcgen(1) in ypserv(8).
Audio driver for most ESS maestro(8) models.
Signal race repairs in talkd(8) and comsat(8).
Fix select overflow in ssh-agent(1).
Fix rpcgen(1) to deal with large fd_set.
Document various signal races in the source tree which are very difficult to fix, or which turn out to be safe even if they look flawed.
Rename ich(4) to auich(4).
Cleanup the sftp-server(8) implementation.
Support !command feature in bridgename.if(5) files as well.
Numerous other small changes to isakmpd(8).
Handle memory failures in passwd(1).
In finger(1), fail nicely if memory allocation fails.
Handle DELETE payloads in isakmpd(8).
Remove signal races from sshd(8).
Ease support for road-warrior scenarios in isakmpd(8), by intuiting the Local-ID when possible.
Change 802.11 DS drivers to operate in BSS mode by default.
Create links for FD_SET(3) and such to point to the select(2) page.
Support TCP_NDELAY on ipv6(4) in ssh(1).
Numerous spelling error corrections in the system.
Various other calendar updates.
Ensure replydirname in ftpd(8) does not ever truncate names.
Ensure ftpd(8) does not sometimes return a stray " at the end of a string.
Various large updates to isp(4).
In restore(8), do not skip TS_BITS or TS_CLRI are set.
Change our own custom EtherIP protocol to the standard one (which is very badly designed, but we are trying to get them to fix that).
Fix KerberosIV code to build better if src and obj are in strange places.
Support Banner option in sshd(8).
Make the openssh-p effort a bit easier by merging some simpler portability hacks.
Various missing free(3) calls repaired in ssh(1).
Attempt to support cardbus 3CXFEM656C 56k Global modem.
In pciide(4), support U100 on ICH2, U66 on Via Apollo, and other repairs to Promise.
Spelling changes to calendar files.
Be more careful with stat(2) handling in mv(1).
Fix %p handling in strptime(3).
Fix various buffer overflows and other fixes in indent(1).
Do not spit out icmp6 checksum messages if not a debug kernel.
Permit stripped VAX kernels to load despite unexpected values from libsa.
Simplify locking and a few more fixes to twe(4).
Plug some memory leaks in OpenSSH.
Fix -P in ftpd(8).
Emulation fixes to the VAX code.
Protect bits of dhclient(8) with a locking mechanism to prevent multiple instances from using the leases file simultaneously.
Fix 3 cases in mv(1) relating to the moving of symlinks across filesystems.
In ftpd(8), expand the tilde character in ftp-dir login.conf variable.
Prohibit binding to an anycast, notready, or detached IPv6 address.
Rename fsinfo(8) to xfsinfo in X11 to avoid naming conflict.
Set the correct pfkeyv2 direction for KAME SPD entries in isakmpd(8).
Save and restore errno properly in flex(1) since it may be whacked by isatty(3).
Fix sending/receiving passwords in routed(8).
Add an i386-specific sysctl(3) that modifies halt -p processing in APM to deal with some quirky machines.
More sun3 fixes, mostly to conform better to other m68k architecture code.
Handle login banners better in SSH2 instances of ssh(1).
Various spelling and grammar fixes across the tree.
Use new sysctl(3) interface for kernel memory bucket statistics and clock information.
Correctly check for empty mailq(1) in /etc/daily.
Y2K fix in the mvme68k NVRAM code.
Extend sysctl(3) to support quad values.
Improve SMB packet printing in tcpdump(8).
Add common pidfile-writing code to DHCP so each program doesn't need to roll its own.
To please cap_mkdb(1), make it an error to open a zero-length file for read-only access in hash(3).
Some sun3 architecture fixes.
Ignore environment variables in libssl if we're running setugid.
In ssh(1), log the remote IP address on disconnect.
Check for memory allocation failure in vmstat(8).
Fix a buffer overflow in fsinfo(8).
Handle another special case in apm(4).
Fix a panic in the RAIDframe locking management code.
Add setpid command to fdisk(8) for setting the partition ID.
Change bridge(4) to use gif* instead of enc*.
Set SO_REUSEPORT socket option in DHCP code, so multiple dhclients work.
Allow printing of 8-bit ASCII characters in talk(1) through an option.
Do not perform getnetbyname() in mountd(8) if the address is already in dot-notation.
In ftpd(8), log the actual number of bytes transferred instead of the original file size.
Fix ^C in termtype prompt.
Prevent fsck_ffs(8) from marking a filesystem clean if fsck(8) needs to be rerun.
Resolve scheduling conflict in newsyslog(8).
In dhclient(8), set a reasonable default lease time if the server does not provide one.
Suppress uninteresting PCI bus error messages in ahc(4).
Add m88k support to gprof(1).
Add HostKeyAlias option to ssh(1).
Behave nicely with fixed-rate codecs in auvia(4).
Fix a minor off-by-one error in gprof(1).
In the ports infrastructure, take the old non-fake code out-of-line.
Repair a disgusting rwhod(8) crash.
Fix buffer overflow in csh(1) builtin printf(1) implementation.
Convert atoi(3) to strtoul(3) in top(1).
Emulate Linux truncate64, stat64, lstat64, and fstat64 syscalls.
Revoke root privileges earlier in ping6(8) and traceroute6(8).
[Applied to stable]
Many man page fixes.
Use arc4random(3) in jot(1).
Handle quotas over 4GB in edquota(8) and repquota(8).
Fix IPv6 Path MTU Discovery.
Give up euid more carefully in mrinfo(8) and mtrace(8).
Various OpenSSH fixes.
Add support for ActivCard, CRYPTOCard, and SNK-004 authentication for the BSD authentication framework.
In ksh(1), remain in non-blocking mode if the shell is not interactive.
SECURITY FIX: xlock now authenticates via a pipe.
A patch is available.
[Applied to stable]
IMPLEMENTATION FIX: PS/2 mouse driver, pms, lockup fix.
A patch is available.
[Applied to stable]
Implement a workaround in atapiscsi(4) for buggy Toshiba drivers.
SECURITY FIX: Fix holes in procfs(8).
A patch is available.
[Applied to stable]
Put strlcat(3) and strlcpy(3) into libkern for kernel use.
Fix setting of nwid for wi(4).
[Applied to stable]
Change /etc/security to spit out unified diffs.
Add driver for Compaq SMART Array RAID controllers, cac(4).
Extend the i386 allowaperture sysctl(3) to allow access to the whole 1st MB of memory.
Add some more sanity checking to the PCMCIA code to fix some obscure panics.
Import Apache 1.3.14 + mod_ssl 2.7.1.
Support multiple pfkeyv2 keying daemons.
Compute diffie-hellman in parallel between server and client in OpenSSH.
Support Amigas with more than 64MB of RAM.
Ensure /etc/sudoers is created with a proper secure mode.
Import OpenSSL 0.9.6.
More photurisd(8) improvements.
Update kernel pfkeyv2 code for better conformance to the RFC.
Enable loading of ELF kernels for alpha.
Add extraction support for shell archives to the bsd.port.mk infrastructure.
In ipsec(4), look for TDB if gateway is unspecified.
[Applied to stable]
Fixes to patch(1) -f and -b.
Convert some more drivers to the new timeout(9) interface.
Add bytecounter statistics reporting to netstat(1).
Instrument more random TCP sequence numbers.
IMPLEMENTATION FIX: Compute crypto(9) session IDs correctly for kernel.
A patch is available.
[Applied to stable]
In sshd(8), permit logins with read-only root filesystems if the tty already has sane modes set.
Source port < 1024 is no longer required for rhosts-rsa in sshd(8).
Remove dead code in hifn(4) driver.
Proper getopt(3) usage in compress(1).
Fix a time specification in last(1).
Do not disable PMTU for established TCP connections unless there is data to send.
Add support for the 802.1D spanning tree protocol to bridge(4).
New BSD authentication login scripts.
Listen to pfkeyv2 acquire messages in photurisd(8), and setup SAs accordingly.
isakmpd(8) update.
apm(4) bug fix that helps a few laptops.
Remove unnecessary code from photurisd(8) in preparation of new SPD framework.
Repair a memory leak in ICMPv6 code.
Turn off PMTU when ICMP needfrag messages get blocked.
Finnish updates for inter.phone.
Display number of successful IPv6 PMTU changes in netstat(1) -s output.
Do not re-print ETA on completion in scp(1) when copying 0-sized files.
Validate ICMPv6 "too big" messages based on PCB.
Do not use already-freed memory in route(8).
Avoid repeated host controller halted messages in uhci(4).
Remove unused libgmp.
Import KerberosIV v1.0.4.
Always request a new challenge for skey/tis-auth in ssh(1).
Support newer cy(4) communication cards.
Provide new international keymaps for pcvt(4).
Ignore filesystems marked "xx" in the install scripts.
Document that pipe(2) is bidirectional, although this behavior is unportable.
Move the default cvs(1) connection protocol from rsh(1) to ssh(1).
Remove a bogus memory free in getnetgrent(3).
Fix a buffer overflow in bad144(8).
Revert back to the old rijndael implementation and solve byte ordering bugs there instead.
Drop unneeded support for RTF_TUNNEL in route(8).
Maintain count of routing table timer entries in route(8).
In makewhatis(8), strip weird characters first, then sequences of spaces.
Big improvements to adw(4).
Teach tcpdump(8) about VRRP, SMB, and timed.
Force calendar(1) to only accept real calendar files as input.
Fix various perror(3) overflows in pcvt(4).
Repair a tftp(1) argv parsing overflow.
Conditionalize some BPF code in wx(4).
Finally remove remaining references to extra RSA libs, since the patent has expired.
New rijndael implementation which solves endian issues.
Support Intel 82801BA pciide(4) controllers.
Exercise more paranoia with passed KRB environment settings in telnetd(8).
Convert some more drivers to the new timeout(9) interface.
Many improvements and modernizations to isp(4).
Update wx(4) with LIVENGOOD support.
Recognize and support the IODATA USB-ET/T Ethernet adapter in kue(4).
Implement asynchronous connections for ssh(1) -R and -L.
Simplify atrun(8) tasks by using asprintf(3).
Kill unused libtermlib.
Import new pool(9) code.
Fix RIPv0 packet printing and NFS port number parsing in tcpdump(8).
Make pcap(3)-generated BPF filters work on the tun(4) interface.
Import David Maziere's ssh-keyscan(1).
SECURITY FIX: Fix buffer overflow in ftpd(8).
A patch is available.
[Applied to stable]
IMPLEMENTATION FIX: Fix fastroute related panic.
A patch is available.
[Applied to stable]
Teach OpenSSH about more version strings to improve interoperability.
SECURITY FIX: Fix another security problem in the KerberosIV code.
A patch is available.
[Applied to stable]
SECURITY FIX: Fix two security problems in the KerberosIV code.
A patch is available.
[Applied to stable]
Permit ftpd(8) umask setting via both the command line and through a login class in login.conf(5).
Prevent vlan(4) devices from emitting packets if the parent interface is not up and running.
Better error checking in ping6(8).
[Applied to stable]
Some stability fixes to isakmpd(8).
In ssh(1), disable agent/X11 port forwarding if the hostkey has changed.
Fix a coredump in ssh-agent(1).
Reset 16-bit PCMCIA during chip initialization in pccbb(4).
Correct PCI interrupt setup for TI PCI113X CardBus bridges.
Properly powerdown PC cards in pccbb(4) at shutdown time.
Add -D option to sshd(8) to cause startup without a daemon.
Show both the IP address and hostname when a new key is encountered in ssh(1).
Fix a bug in MSChapv2 challenge hashing in ppp(8).
More make(1) tweaks.
Use -n to test for non-zero variables in /etc/netstart.
Be more careful with ARP packets.
Fix deletion of flows in pf_key_v2 handling of isakmpd(8)
[Applied to stable]
Prevent setusercontext(3) in ftpd(8) from setting the umask as this conflicts with any command-line umask specification.
clock(3) fixes for the alpha architecture.
Print select collisions in vmstat(8) -s output.
Implement login_check_expire(3) for libutil.
Add -u username support to pwd_mkdb(8).
Properly implement errno handling for the threaded libc (libc_r) on powerpc.
In adduser(8), get rid of a race condition and use /etc/ptmp as a lock file.
Set reasonable defaults for RSA1, RSA, and DSA keys in ssh-keygen(1).
Reorder check for illegal ciphers in ssh(1) protocol 1 connection code.
Fix pciide(4) support on Alpha 164SX models.
Support 16 slices per device on VAX machines.
Considerable cleanups to make(1).
Improve key repeat logic in wskbd(4).
Changes from KAME to make ifm_data available in getifaddrs(3).
Fix absolute path handling in crunchgen(1).
Shorten /dev/ttyC* device names.
Complain about invalid ciphers in ssh(1), falling back to reasonable defaults when necessary.
Avoid tty races in wsdisplay(4) when switching virtual terminals.
Update isakmpd(8).
Repair lun support in umass(4).
Zero pw_passwd before freeing its memory in the libc BSD authentication routines.
Train makewhatis(8) to handle more special cases.
Avoid double fclose(3) in getcap(3).
Increase delay in RAM probe for hifn(4).
Suffix list fix in make(1).
Various bug fixes in ksh(1).
When using the tail(1) -f flag on stdin, don't reopen a local file named stdin.
Extend kqueue(2) to support kernel events on vnodes.
Bring in BSD authentication support for sudo(8).
Zap MULOG in inetd(8) to improve code readability.
Avoid whacking errno in top(1) signal handlers.
Do not include MFS partitions in quot(8) statistics output.
Add support for the Acenic Copper and Netgear GA620T Gigabit Ethernet cards.
Prevent a type overflow in recno(3).
IMPLEMENTATION FIX: Imac DV reports the VGA device improperly.
A patch is available.
[Applied to stable]
Import BSD authentication mechanisms from BSDI BSD/OS.
Implement pw_dup(3), a function which copies struct passwd.
Replace getpass(3) with a more flexible readpassphrase(3) interface.
Add strnvis(3), a length-bounded version of the strvis(3) libc function.
Better prompting logic in libskey.
Resurrect binutils on alpha.
Recognize newer Intel audio devices in auich(4).
Stop amphy(4) from attaching to network devices it doesn't belong to.
Enable support for pciide(4) found in newer Intel chipsets.
Correct URL handling in the install scripts.
Limit the number of SCSI luns in umass(4).
Page size fixes to the alpha port.
Import ssh-ask-pass support for X11.
Fix a signal race in ypserv(8) SIGHUP handling.
Enable uaudio(4) by default in GENERIC/i386.
Reserve all-1s addresses in the IPsec code for future policy discovery features.
Resolve HMAC nomenclature issues.
Be sure to clear passwords out of memory after use in ppp(8).
Support kernel event queues.
Add support for USB scanners through the uscanner(4) driver.
More fixes to qec(4).
Recognize newer AMD CPUs.
Repair incorrect buffer size logic in telnetd(8).
Add a slew of devices to usbdevs(8).
Do not use perror(3) in sshd(8) after forking a child.
RELIABILITY FIX: The qec+qe ethernet cards should not generate NMIs.
A patch is available.
[Applied to stable]
Add ifmedia(4) support to qec(4), among other improvements.
Extra sanity checking in skeyinit(1).
Repair timeout computations in atapiscsi(4).
Add initial support for DEC Alpha 21264 systems.
Bring the alpha port a bit closer to a fully operational console.
Support Accton EN2242 MiniPCI Ethernet adapters.
Permit O_RDWR on FIFOs to handle legacy applications that depend on it.
Add scrollback support to wscons(4) through the vga(4) driver.
Color change in wscons(4) vt100 emulation to more closely imitate PCVT.
Repair overriding of pseudo devices in config(8)
[Applied to stable]
Accept -inet and -inet6 as options for the show command in route(8).
Don't reorder keys in ssh-agent(1) upon key removal.
Avoid parsing options in ssh(1) if there is an RSA key mismatch.
Various cleanups to ftpd(8).
In many programs, sync usage() output with their respective man page SYNOPSIS.
RELIABILITY FIX: The ThunderLAN driver, tl(4), should not claim all interrupts.
A patch is available.
[Applied to stable]
In pciide(4), do not map unsafe registers from controllers that require 16-bit I/O space.
Import new pckbc(4), pckbd(4), vga(4), pcdisplay(4), and ega(4) drivers for wscons(4).
In ftpd(8), assert check_login upon receipt of EPSV/LPSV.
Make the aha(4) driver compile without UVM.
Enforce non-cacheable device space on real 80386 machines.
Add RSA authentication support for SSH2 to OpenSSH.
Allow serial mice to work with moused(8) and XFree86 simultaneously.
Repair an off-by-one error in ssh-agent(1).
Convert some old drivers to the new timeout(9) interface.
RELIABILITY FIX: repair AES (rijndael) kernel support.
A patch is available.
[Applied to stable]
Import PCI support for Alpha EB164 machines.
Add bus_space_barrier macros for the powerpc.
Endian fixes to the USB code.
Better command line parsing in encrypt(1).
Numbering fixups in pfkeyv2 to match IANA assignments.
Crank maximum mbuf size in ppp(8) in order to handle full-sized HDLC frames.
Improve handling of IPv6 Node Information Query packets for better specification conformance.
Fix a panic induced by assigning lo0 an IPv6 alias.
IMPLEMENTATION FIX: In sshd(8), fix skey support in SSH1 protocol.
A patch is available.
[Applied to stable]
Deprecate pltime=0 in ifconfig(8).
Modifications to the ktrace(2) interface to reduce redundancy.
Do not advertise dynamic/cloned routes in route6d(8).
Allow ping6(8) to send ICMP6 packets smaller than 8 bytes.
[Applied to stable]
Correct free-before-reference bugs in rshd(8) and rlogind(8).
Improve queue handling in gdt(4).
New Adaptec FSA RAID driver called aac(4).
Fix DMA error problems in adw(4).
[Applied to stable]
If MANPS environment variable is set, the system will also build and install postscript manual pages into /usr/share/man/ps[1-9]/.
In date(1), fix an off-by-one error which would happen when changing time over DST.
Permit -Tps in nroff(1).
Make some pfkeyv2 interfaces conform to RFC 2367 numbering.
New timeouts in a couple of network drivers.
Prevent nfsd(8) from swapping out.
Use PHOLD/PRELE in various kernel components.
Buffer overflow fix to telnet(1).
Many man page improvements.
Permit handling more than 6 arguments in a hostname.if(5) file.
kcore handling in kvm(3) for alpha.
Update usb(4) code.
Update alpha architecture support. A snapshot will come out soon.
In pchb(4), for Intel random devices, do not busy wait for data.
Switch amiga to uvm(9).
Fix amiga pmap module submap allocations.
Centralized netisr dispatching.
ppp(8) updated.
In aue(4), fix multicast filter programming.
Repair an uninitialized variable bug in ipsec(4) output.
[Applied to stable]
Add pcibios(4) interrupt setup support for AMD750 chipset.
RELIABILITY FIX: In sparc zs(4), when using serial console, the interrupt routine was unable to distinguish it's own interrupts.
A patch is available.
[Applied to stable]
Generate new hashkey every time a bridge(4) is brought up.
Change bridge(4) code to use lower spl.
Passive FTP support in lynx(1).
In ssh(1), downgrade to SSH1.3 if server is SSH1.4.
In sshd(8), do not disable rhosts(rsa) if server port greater 1024.
In sshd(8) Agent forwarding and -R support for SSH2 protocol.
ipsecadm(8) man page repairs.
[Applied to stable]
In pfkeyv2, send the message to registered promiscuous listeners.
[Applied to stable]
Some minor bridge(4) fixes.
ld.so(1) support for the pmax.
On powerpc, print out the size of the L2 cache size on G3 and G4 machines.
2.8 release builds are running, but some of us are already working on post-release hacking.