OpenBSD 3.4 changes

OpenBSD 3.4 released (November 1, 2003)

This is a partial list of the major machine-independent changes (i.e., these are the changes people ask about most often). Machine specific changes have also been made, and are sometimes mentioned in the pages for the specific platforms.

Changes to the ports collection are documented here.

Note: Problems for which patches exist are marked in red.

For changes in other releases, click below:
2.0, 2.1, 2.2, 2.3, 2.4, 2.5, 2.6, 2.7, 2.8, 2.9, 3.0, 3.1, 3.2, 3.3, 3.5, 3.6, 3.7,
3.8, 3.9, 4.0, 4.1, 4.2, 4.3, 4.4, 4.5, 4.6, 4.7, 4.8, 4.9, 5.0, 5.1, 5.2, 5.3, 5.4,
5.5, current.

Changes made between OpenBSD 3.3 and 3.4

SECURITY FIX: A buffer overflow in the address parsing in sendmail(8) may allow an attacker to gain root privileges.
A source code patch is available.
[Applied to stable]
Bump OpenSSH version to 3.7.1 after the buffer management fixes.
SECURITY FIX: All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. It is unclear whether or not this bug is exploitable.
A source code patch is available.
[Applied to stable]
On i386, don't try to enable EDD support if the BIOS doesn't support extended disk access.
Add support for the AES instruction on new VIA C3 CPUs.
SECURITY FIX: Root may be able to reduce the security level by taking advantage of an integer overflow when the semaphore limits are made very large.
A source code patch is available.
[Applied to stable]
Pass -a to fgrep(1) in Texinfo to make sure info files don't get treated as binary.
Have grep(1) check for the correct error value from mmap(2), fixing a crash.
Allocate enough space for sysctl(3) in pstat(8).
Fix the endianness of tcpdump(8)'s icmp echo output.
Match up kernel and userland ioctls for AFS, allowing afsd(8) to turn on kernel debugging (PR#3442).
Mirror the crypto(9) sha2 context fix in libc sha2(3).
Make an invalid '-<num>' option to diff(1) give an error.
Fix grep(1)'s parsing of the '-<num>' option where num has more than one digit.
Resurrect the -u<num> unified context length syntax for diff(1).
Use more bytes of the file when testing for binary in grep(1).
Test more than just the first character of the input file for ASCIIness in diff(1).
Stop pppctl(8) coredumping (PR#3454).
Fix i386 hang on 'boot -a' (PR#2122, PR#3437).
Have the upgrader script perform the ssl -> openssl includes dir change, both in /usr/include and /usr/libdata/perl5/site_perl/*-openbsd.
Make strxfrm(3) standards-compliant.
Machine-dependent installation notes added or updated. Note especially upgrade instructions for i386.
Add a wi_detach() function for, uh, wi(4) and use it to shut down PC cards properly.
Sync pf.os(5) database with p0f 2.0 release.
Allow compress(1) to read from a symlink when writing to stdout (PR#3409).
Only trigger the gcc(1) bounds checker warning if the bounds length is less than zero, since some legal code uses the zero case.
Fix some bugs in the pkg_* tools (PR#3414).
Don't leak a socket in the isakmpd(8) setsockopt error path.
Add a SMALL define in compress(1) that leaves out bits not needed by the installer.
Add a null compressor to compress(1) so gzcat and friends can work on uncompressed files.
Fix a FILE* leak in sup(1).
Fix a crasher in netstat(1) by adding descriptions for icmp types up to ICMP_MAXTYPE (PR#3439).
Correct some ld.so(1) logic so that the GOT and PLT always get W^X applied.
Add a GOT symbol lookup cache to ld.so(1).
A few more bzero(sizeof pointer) fixes.
Temp file security fixes for sup(1).
Add dummy syscalls under Linux emulation for *xattr(), all returning ENOATTR.
Make the small window size feature of spamd(8) optional (see PR#3435).
Plug memory leaks in lpd(8) and lpq(1) (PR#3425).
Fix sizeof(pointer) bzero(3) args in crypto(9) sha2 code.
Add Broadcom BC5823 crypto accelerator support to ubsec(4).
OpenBSD 3.4 images for xdm(1).
Make xdm(1)'s error file directory (when under /tmp or /var/tmp) have a more random name.
Fix a missing initialisation in faithd(8), and specifically request a TCP socket just in case getaddrinfo(3) is SCTP-aware. From KAME.
Use poll(2) instead of select(2) in faithd(8).
Bump eephy(4)'s mode autonegotiation timeout to 5s so slow copper switches can do their work. Fixes sk(4) boottime problems.
Change vi(1) to use a dynamic select(2) fd_set for curses mode, and poll(2) in ex(1) mode.
More conservative settings and an additional error check for aac(4) to improve reliability.
3.4-beta -> 3.4.
Disable the patented TrueType bytecode interpreter code in freetype.
Sync up the X fontconfig int overflow fixes with those in the XFree86.org repository.
Add '?' and '!' as punctuation characters in mdoc(7). Lots of manual pages updated to reflect this.
Require encryption for all isakmpd(8) Phase 2 messages.
Add a random offset in the range 0-256MB to the address returned to uvm_map(9) by uvm_map_hint(), scattering libraries and mmaps about the place.
Fix old-style suser() calls in atalk(4).
Fix a use-after-free in libutil check_expire(3).
Bump OpenSSH version to 3.7.
[Applied to stable]
Fix symbol lookup in objects opened with dlopen(3) (PR#3371).
Add Solaris-compatible RTLD_* defines in <dlfch.h>.
Fix a memory leak in sshd(8) GSSAPI authentication.
New 'emacs-usemeta' +o option for ksh(1) that allows 8-bit characters to be input in emacs mode.
Add fadvise64() dummy syscall under Linux emulation, for compatibility with recent glibc.
Make pf(4) translation rules update the table counters, since that's the only place it could occur for a 'nat pass' rule.
In the Alpha X server config, disable the segfault-prone freetype module for now.
Since the freetype renderer can also render Type 1 fonts, remove the obsolete type1 module from default X server configurations.
A few GSSAPI fixes in ssh(1).
Fix truncation of filenames by ssh(1)'s progress meter.
Unbreak mopd(8)'s -a flag interface detection.
Apply the X font library fixes to the XFree 3.3.6 servers.
Pull in fixes from XFree 4.3 for a number of potential int overflows in the font libraries.
Remove three potential use-after-frees in pf(4) scrub code.
Remove some recent pfctl(8) binary operator sanity checks that were broken on big-endian architectures.
isakmpd(8) now supports AES for phase 1 also.
Remove Kerberos support from SSHv1 code in favour of GSSAPI, but keep Kerberos password authentication in SSHv1 and SSHv2.
Fix a bad size argument to bzero(3) in dc(4).
Correct pfctl(8) -vvsr output for tables inside anchors.
Fix a missing initialisation in the aic(4) microcode. From NetBSD.
Fix some memory leaks in sup(1).
Updates to the pf.os(5) database.
Remove a dangling else in OS fingerprint code, fixing the M and W tcp options.
Add some X key bindings missed in the XFree86 4.3.0 merge.
Make the pf(4) OS fingerprint allow for 'smart' DSL and NAT routers that tweak the tcp mss.
Escape out any special characters in the output of the ksh(1) emacs mode function 'expand-file.'
Remove a whole bunch of httpd(8) modules not used by OpenBSD.
Don't set the hostname from /etc/myname unless that file exists. Netbooted systems don't need it.
Install sed(1) USD docs.
Fix pkg_create(1)'s handling of the @cwd directive.
Remove the RNF_IGNORE route(4) flag.
Make pfctl(8) choke on port range binary operators (<>, ><) unless the first port given is less than the second.
Put back spamd(8) logging of blacklist matches.
Unbreak ksh(1) emacs-mode forward- and backwards-delete.
Fix afsd(8) crashes on alignment-sensitive architectures.
Do a dummy password calculation for nonexistent usernames in sshd(8), to prevent username discovery by timing.
Add new route(4) flag RTF_CLONED (displayed with a 'c' in netstat(1),) set for cloned routes and used to delete such routes when the parent goes away.
Don't insert the full gcc(1) string into objects by default (see -findent in gcc-local(1)).
Have pfctl(8) disallow return-rst ttl values greater than 255.
Add an interface init routine to struct ifnet, required for 802.11 support.
Correct a divide-by-zero in sftp(1)'s ls implementation.
Fix static ssh(1) builds.
Some 64-bit cleanup in the new ssh(1) GSSAPI code.
Stop pfctl(8) rejecting perfectly legitimate nat-with-tables rules.
When tables are used in pf(4) routing rules with address pools, only allow round-robin mode.
Structure and defines for generic IEEE 802.11 framework.
'Implement' pread(2) and pwrite(2) under FreeBSD emulation (they're identical to the native calls).
In the installer, if an interface is configured using DHCP then assume that the default route is via DHCP also.
Improvements to spamd(8):
- New -s option to specify the delay in seconds between each character sent.
- Shrink the TCP receive window to one byte, hurting the sender's stack.
- Keep the connection open until ten lines of mail body have been received.
- Better logging via syslog.
Use the correct format for printing time values in spamd(8).
Check the maximum size of an exec header after lkm(4) load or unload, since the module may just change it.
Allow sysctl(8)-toggled emulations to be switched off after being switched on.
Fix a bug in ksh(1) emacs-mode filename completion.
Fix 64-bit breakage in pfctl(8) counters output.
Build sendmail(8) with support for DSN-specific timeouts, so bounces can be timed out more quickly.
Fix ksh(1)'s end-of-word detection.
Remove ssh(1) and sshd(8) support for the kerberos-2@ssh.com authentication method, now obsoleted by GSSAPI.
Add GSSAPI authentication support to ssh(1) and sshd(8).
Don't age IPv6 non-gateway host routes. (NetBSD PR bin/22568.)
New keywords @extra and @extraunexec for pkg_create(1), to specify 'extra' package files that are only undeleted with pkg_delete -c.
tcpdump(8) can now show the operating system of TCP SYN packets with the -o option.
Add passive OS fingerprinting capability to pf(4), via the 'os' keyword.
Add pf.os(5) passive OS fingerprint database.
Add kern.emul.* sysctl(8) toggles for the various OS emulations instead of compile-time options.
Fix Apache bug #21737 (zombie suexec processes) by reverting to 1.3.27 behaviour.
Merge in Apache 1.3.28 and mod_ssl 2.8.15.
By default, use spamhaus instead of spews for spamd(8).
In libcrypto, add bignum zero to bignum zero without corrupting the result.
Backport a fix for an obscure g++(1) bug which propolice trips.
RELIABILITY FIX: An improper bounds check in the semget(2) system call can allow a local user to cause a kernel panic.
A source code patch is available.
[Applied to stable]
Queues that list themselves as a child queue are now disallowed by pfctl(8).
Have pfctl(8) print a more helpful error messages for bad queue definitions and invalid CBQ priorities.
Convert bootpd(8) from select(2) to poll(2).
Increase the default FD_SETSIZE from 256 to 1024.
Set the select(2) timeout properly for active mode FTP under faithd(8).
Change ioctl(...SIOCFIGCONF...) to getifaddrs(3) in lots of places.
Add dynamic select(2) fd_set handling to ypbind(8).
Convert map-mbone(8), mrinfo(8), mtrace(8), pppctl(8) and timed(8) from select(2) to poll(2).
Fix accidental fallthrough from SIOCSIFADDR to SIOCIFFLAGS for tl(4), tx(4) and wb(4).
As well as recommending su(1) instead root logins, clearly and distinctly suggest the user read afterboot(8). If that doesn't work, banner(1) is available...
Change /etc/mtree/4.4BSD.dist to reflect the move from /usr/include/ssl to /usr/include/openssl.
New mtd(4) driver for Myson Technologies 3-in-1 Fast Ethernet boards. From NetBSD.
New NOFONTS define for XF4, stops fonts being built. Oh yes.
Handle target lookup using the shell PATH nicely in pmdb(1).
Do a tzset(3) in syslogd(8) before doing the chroot.
Don't treat PKG_PATH-built URL paths to pkg_info(1) as if they refer to local files.
Make pkg_info(1)'s -a option look only at installed packages.
Have pfctl(8) detect nonsensical max-mss > 65535 in scrub rules.
Don't loop back a copy of a broadcast or multicast packet to a simplex interface if pf(4) routing is involved, preventing lockups.
Enable the --initial-tab long option to diff(1) by spelling it correctly.
Use only sysctl(3) to stir arc4random(3) using kernel arc4random(). No more messing with /dev/arandom.
Add a bunch of emacs commands to mg(1) dired mode.
Unbreak mg(1) dired mode directory listings.
In the kernel, change arguments to suser(), and add new suser_ucred() for instances where caller doesn't have a process.
New -S option to pkg_create(1), like -s only better.
Zero out unused directory entry fields on FAT12 and FAT16 filesystems, to avoid breakage on Win2k and WinXP (PR#3400).
Add a bunch more syscall stubs and implement exit_group() under Linux emulation. Needed for newer glibc binaries.
Fix wrongness, memory leakage and a panic on directory reads in other-OS emulation mode on some filesystems.
Have ssh-keygen(1) exit nicely after screening candidate primes (-T option).
Much cleanup in the new safe(4) driver.
Add the POSIX-mandated struct itimerspec to sys/time.h .
Install the sendmail(8) TUNING guide.
Better memory-use optimization for diff(1).
Remove the very deprecated RhostsAuthentication feature from ssh(1).
Use tcsendbreak(3) in sshd(8) instead of ioctl(...TIOCSBRK...), for portability.
Convert rshd(8) to use poll(2) instead of select(2).
Don't blindly pass FD_SETSIZE as the first argument to select(2), that's bad mmmkay?
New driver, safe(4), for the SafeNet crypto accelerator. From FreeBSD.
Remove a bunch of AFS stuff that isn't used by OpenBSD.
Merge in xfs from the ARLA-current as of 20030805.
Stop pkg_create(1) erasing the last checksum from CONTENTS.
Kill a panic when creating a block device on a full filesystem (NetBSD PR#22419).
[Applied to stable]
ftp(1), rsh(1) and talk(1) now use poll(2) instead of select(2).
Unbreak pf(4) DIOCCHANGEADDR.
[Applied to stable]
Some nice robustness-in-the-face-of-spam tweaks to the example sendmail(8) config in cf/courtesan.mc.
Do dynamic select(2) fd_set allocation in nfsd(8).
Handle realloc(3) failure nicely in the libedit tokenizer.
3.3-current -> 3.4-beta.
Implement CLOCK_MONOTONIC for clock_gettime(2). From NetBSD.
Don't attach a le(4) device if the interrupt for it can't be established.
Stop patch(1) adding an extraneous newline at the end of its output.
Have patch(1) warn if a context or unified diff comes without a context, since this makes detection of a previously applied patch impossible.
Remove uvm_useracc() from uvm(9).
Fix an off-by-one in vacation(1).
Allow tables to be used in pf(4) translation and routing rules.
In diff(1), do the initial memory allocation using a guesstimate based on the file size.
Fix a bunch of potential null derefs in isakmpd(8).
Stop patch(1) scanning the input file twice.
Disable a gcc(1) optimization, enabled by -fexpensive-optimizations and hence by -O2, on platforms where it was generating incorrect code.
Fix some memory leaks in ed(1).
Allow 192- and 256-bit AES in crypto(4).
Use setusercontext(3) instead of roll-your-own in httpd(8), so that login.conf(5) values apply.
Make pf(4) matching code handle 32-bit uid and gid values properly.
Make the sysctl(3) toggle net.inet6.ip6.redirect work as expected.
Fix a potential use-after-free in icmp6 redirect code.
Fix the abnormal exit code in ohci(4).
Plug memory leaks in modload(8), pkg_add(1) and usb(4).
Add -h option to ls(1) for human-readable sizes.
The gcc(1) -Wbounded checker can't handle variable-length arrays yet, so don't try.
Stop gdb(1) crashing on 'set enum' without an argument.
Now the information is actually copied into place, make mount(8) show procfs info.
Have procfs copy its mount options into statfs.mount_info.
Add a debugging lever that forces patch(1) to use plan B.
In patch(1) plan A, use mmap(2) instead of read(2)/malloc(3).
strlcpy() -> strncpy() in bos(8), un-busting the AFS wire protocol.
Merge in ARLA -current, set version to 'arla-20030805'.
systrace(1) updates from NetBSD and monkey.org.
Add a missing close() in libsa's exec().
Use strlcpy(3) to guarantee null termination of the coredump process name.
Implement the WCONTINUED flag in wait*(2), as per POSIX. Adapted from FreeBSD.
Fix Linux truncate64() emulation as well.
Remove GNU gzip from the tree.
New, BSD-licensed znew(1) script.
Properly check the result of attempts to read from and write to processes in pmdb(1).
Stop ksh(1)'s Emacs mode yank-pop command dumping core when run twice (PR#3384).
Correct emulation of Linux ftruncate64().
SECURITY FIX: An off-by-one error exists in the C library function realpath(3). Since this same bug resulted in a root compromise in the wu-ftpd ftp server it is possible that this bug may allow an attacker to gain escalated privileges on OpenBSD.
A source code patch is available.
[Applied to stable]
Back out the pthread itimer change (except when profiling) for compatibility reasons.
Add __bounded__ attribute definitions (see gcc-local(1)) for many library functions.
Don't print a pointless read-only warning message when running vi(1) in read-only mode.
New -q flag for pkg_delete(1) that doesn't do a checksum before removing package files.
Support for Marvell-based devices in sk(4).
Make pf(4) table tickets per-ruleset instead of global.
Remove undocumented '-p' == '-p0' behaviour from patch(1), like GNU patch and in accordance with POSIX.
Repair patch(1)'s relative path handling by not nuking a parameter needed later in the function.
Change the hash function used in the internals of diff(1) so it generates fewer collisions.
Privilege separation for syslogd(8). Note new HUP behaviour.
Have patch(1) complain about non-existent lines at most once per patch.
Make sure pfctl(8) doesn't attempt to display no-longer-existent queues.
In sshd(8), check that password authentication is enabled before trying to authenticate users using the 'none' method (i.e. a blank password).
Add a new, BSD-licensed gzexe(1).
Fix diff(1) exit codes when comparing against stdin.
Remove GNU diff from the tree.
Add basic support for ftp:// package paths via the PKG_PATH environment variable.
Make patch(1) prompting more POSIX, and add the POSIX -i option.
Make ifconfig(8) die (instead of just complaining) when addition or deletion of an interface address fails.
Use a sockaddr_storage instead of a sockaddr to avoid a stack smash in bpf(4).
Remove a stray backslash and unbreak 'make release' for XF4.
Save the interface associated with a pf(4) state table entry when the entry is first created, not when another packet matches the entry.
When running fsck(8) as root, bump the data size resource limit up to unlimited (instead of up to the hard limit) to avoid problems with large filesystems.
Better TMPDIR environment variable handling in patch(1).
Improved test for output on stdout in compress(1).
New ssh(1) progress meter implementation, with better licensing.
Add 'pass on lo' to the temporary boottime pf.conf(5) (PR#3376).
Fix ftp-proxy(8)'s handling of multiline server responses (PR#3378).
Add a new, BSD-licensed zforce(1) script.
Make compress(1) do the right thing when confronted with (e.g). 'gzip -lN < foo.gz'.
Another missing netinet byte-order fixup, this time in fragment reassembly code.
Fix a printf(%s) off-by-one in isakmpd(8).
Improvements to pf(4) skip-step calculation.
More propolice fixes.
Add growfs(8) from FreeBSD.
Remove unlicensed MATH_EMULATE code (written by some guy named Torvalds) from the kernel, leaving only the GNU emulation code for the moment.
Don't treat consecutive slashes as path components in patch(1), for POSIX reasons.
Make patch(1)'s exit value consistent with POSIX and with diff(1).
Add mbuf(9) markup (M_TUNNEL) for tunnel-mode IPsec connections so that gif(4) over IPsec can be detected and unencapsulated consistently (PR#3023).
ssh-keygen(1) can now generate the Diffie-Hellman groups as needed by moduli(5).
If compress(1) detects that compressed output would be larger than the input, fail so that the .gz file gets removed.
Fix a missing initialisation and cure a hang that could occur when diff(1)ing a directory.
Try to bound memory and CPU usage of diff(1), old (unbounded) behaviour available with -d.
Install ed(1) tutorial papers.
Stop mtree(8)'s -s option enabling -t by mistake.
More tweaks to compress(1).
Fix an x86 DoS (reported by Michal Zalewski) by zeroing the SYSENTER registers at kernel boot time.
[Applied to stable]
Remove some in-place IP header byte order changes in bridge(4), missed out before.
Print the right error line number in newsyslog(8).
Change references to the now non-existent kerberos(1) manpage to point at 'info heimdal.'
Add sha2 support to isakmpd(8).
A few *printf cleanups in sys/net/.
New __kprintf__ format attribute for gcc(1) that groks kernel *printf(9) format arguments. See gcc-local(1) for details.
Change patch(1)'s -b option to be POSIX ('save a backup') and give the old functionality (specify backup filename suffix) to the -z option like GNU patch. For now, -b is on by default.
Fix IP packet length setting for IPsec tunnels, lost in recent byte order changes.
Add sha2 support for IPsec.
Add _syslogd user for, um, syslogd(8), soon to get the privsep treatment.
Allow the kernel to build with inet enabled but ether disabled (PR#3356).
New APIWARN libc/Makefile define, disabled by default, which makes the linker complain whenever unsafe string functions are used.
Move nasty SCSI utility code out of libutil and into scsi(8), the only place it's used.
When detaching an interface, remove from software interrupt queues any packets pointing to that interface.
Enable DMA on all but really old Promise pciide(4) controllers.
Add some fixups for LBA48 support on old Promise pciide(4) controllers. From NetBSD, fixes from FreeBSD.
In Linux emulation mode, don't pass (as yet) unimplemented vfat ioctls through.
Remove unused scanner stuff in src/usr.sbin/ssio.
Implement the sysinfo() system call under Linux emulation.
Remove AFS code from sshd(8).
Redo the 'invalid line number' fix for patch(1).
Update CGI(3p) to version 2.98 to fix a cross-site scripting bug.
[Applied to stable]
Use libc getopt_long(3) in patch(1) instead of a local version.
POSIX tweaks to patch(1).
Switch over to the new diff(1) and diff3(1) code, disabling GNU diff. sdiff is no more.
Remove obsolete KerberosIV and AFS code from ssh(1) and re-enable the -k option.
Implement diff(1) options -L and -T for GNU diff compatibility.
getaddrinfo(3) and getaddrinfo(3) now share a mutex.
Check for invalid flags to mmap(2) and mprotect(2) and bomb out on errors.
A number of compatibility and POSIX compliance tweaks to diff(1)'s output.
Back out the patch(1) line number fix, it coredumped sometimes.
Add llabs(3) function for C99 compliance.
Add ftw(3) and nftw(3) functions, implemented using fts(3), for XPG compliance.
Dynamically grow diff(1)'s array of changes as required.
Fix a redraw bug in vi(1) that could cause endless recursion.
Compile modload(8) with the -Z option to ld(1) (disabling W^X).
Fix a typo in md5(1) that created an array of ints instead of chars.
Allow uhid(4) devices to be used as 'mice' for the X server.
In wd(4) only use LBA48 when absolutely necessary, to cut down on register-writing overhead.
Have ac(8) ignore entries that go back in time.
Fix a bug causing a segfault in grep(1) (PR#3358).
With MALLOC_EXTRA_SANITY defined, have malloc(3) just warn instead of dying on mmap(2)/brk(2) errors.
Updates to systrace(1): Bug fixes and new 'ask' action.
Fix sftp filename parsing for arguments with escaped quotes (OpenSSH bug #517).
Don't flip compress(1) into 'zcat' mode if the -o option is given.
Check that the mountpoint of the descriptor passed to fstatfs(2) is non-NULL.
Un-swap ld.so(1)'s display of (requested, available) library revisions when the available library is less than that requested.
GNU diff compatibility and many other fixes and cleanups to diff(1).
Fix pf(4) scrub rule fragment reassembly after the netinet byte order changes.
Add ESP decryption support to tcpdump(8) (-E option).
Make diff(1)'s no-newline-at-end-of-file handling consistent with GNU diff, now that patch(1) is expecting this.
Fix a sizeof(wrongthing) bug in grep(1).
Teach patch(1) how to deal with "\ No newline at end of file" as produced by GNU diff (and soon OpenBSD diff(1) as well). From NetBSD.
In newfs(8), remove the ffs default limit of 16 cylinders per group, and simply set to match other parameters. Change the default frag size to 2048, which bumps the block size to 16k. (From FreeBSD newfs.c late 2001.)
React rationally to bogus line numbers in input to patch(1).
Don't store Kerberos credentials in the privileged sshd(8) process.
Clear IUCLC flag (uppercase-to-lowercase translation) when setting raw tty mode in ssh(1).
Allow as many -d (sshd(8)) or -v (ssh(1)) options as the user cares to give. Max debug/verbose level is still 3.
Have mkdep(1) correctly handle '-o <file>' on the compiler command line.
In xargs(1), don't call err(3) (which uses exit(3)) after doing vfork(2).
Fix line ranges for unified diff(1) output.
Unbreak pflog(4) after the recent netinet byte ordering changes.
Stop compress(1) from re-compressing a file with a suffix indicating it's already compressed.
Fix memory management in pfctl(8)'s table parsing code.
Range-check numeric arguments to grep(1) against INT_MAX.
Un-swap the sec and usec uptime stats in an(4).
Fix file suffix handling code in compress(1).
Allow compress(1) to accept -t and an implied -c when we're taking piped input (normally -t and -c are mutually exclusive).
Enable build of KerberosV libraries under lib/.
More manpage cleanup.
Remove undocumented sshd(8) option '-V'.
Remove error(1).
Fix a couple of cases where malloc(3) fails due to lack of memory, but doesn't set ENOMEM.
Make fwohci (IEEE1394) cardbus code compile on big-endian systems.
Add zdiff(1) script using our new improved compress(1).
Remove a couple of unnecessary htons() calls in the pf(4) routing code.
Parsing improvements and better debugging/regression test support for tables in pfctl(8).
Make compress(1) magic number checking work when decompressing on a pipe.
Make sure an unlock message gets sent when handing NFS receive errors.
Add a cast to 64 bits to prevent a statfs(2) overflow on large disks.
Fix grep(1)'s -v semantics (print if no match of any pattern).
LBA48 support and compatibility tweaks for atactl(8).
Set the correct return code when grep(1) dies due to an error.
Fix parsing of -<num> (context) option to grep(1).
Bring in a diff3 from 32V UNIX, and start hacking it into shape.
Tweak the installer's ftp client operation so that sets are always fetched from the exact same place as the set list.
Prevent excessive rekeying in ssh(1) for ciphers with block size <= 128 bits by enforcing a fixed 1GB rekey limit for these ciphers.
Set all ulimit values to 'unlimited' in the installer, unbreaking fsck(8) for large filesystems.
Fix a couple of broken IPv6 packet length tests.
Unbreak merging of host lists in pfctl(8).
Stop spell(1) misinterpreting '+X' as option '-X'.
Tidy up a bunch of missing include files all over the place.
Have the IPv6 normalizer detect short packets, since the 'exact length' match was just removed.
When normalizing IPv6 packets, don't check against length fields that are only set after filter processing.
In the netinet stack, don't cheat by NTOHS()'ing ip_len and ip_off (modifying the packet buffer directly). Instead, call ntohs() every time.
Make ld.so(1) compatible with newer binutils.
Stop pkg_add(1) dumping core when the package contains an invalid package name.
Fix a double free in ex(1).
Give gem(4) a performance boost on sparc64 and macppc.
Merge in libevent 0.7a.
New 'remove manpage' option -u to makewhatis(8).
Fix a dangling pointer when deleting multicast router virtual interfaces (option MROUTING required).
Fix some PHY problems in sis(4).
Better temp file handling in diff(1).
diff(1)'s -l (paginate) option works again.
Sync USB code with NetBSD, in preparation for USB 2.0 support.
Don't kill other users' states when logging in to authpf(8). When killing (the correct user's) states, make sure they're all zapped.
[Applied to stable]
When using IPsec, fix a panic by not trying to forward truncated IP-in-IP encap packets.
Clear down multicast forwarding on IPv6 interface detach.
Make httpd(8)'s (normally not compiled) DBM SSL cache code build again.
Fix a double free in diff(1).
Try to avoid using an unnecessary temp file when diff(1)'ing against a regular file redirected to stdin.
If syslogd(8) is given (via -p) a UNIX socket name that's too long, fail instead of silently truncating the name.
Make sure compress(1) closes its open files properly.
Fare thee well, rpc.pcnfsd(8).
Fix security(8)'s password expiry check.
Pass the right length to readlink(2) in rdistd(1).
When given a unix domain socket name that's too long, nc(1) gives a helpful error instead of silently truncating the name.
Implement the cpuid() function for generic i386, not just for longrun.
Print dump(8) times correctly (PR#3296).
raidctl(8) dies noisily instead of silently truncating overlong command line options.
mount_nfs(8) now gives a helpful message when the hostname is too long.
Major updates to BSD diff, implementing many more 'standard' options and tidying up somewhat.
Properly reset all fields of a deleted ext2fs inode, fixing a panic. From NetBSD.
[Applied to stable]
Fix an off-by-one in kernel ext2fs filesystem code, the first ext2 inode is numbered one not zero.
[Applied to stable]
Further strn*() -> strl*() fixes.
Back out routing socket exact match fix after reports of problems.
Remove -h functionality from BSD diff, but allow the option for compatibility like GNU diff.
Various cleanup in pkg_add(1) et al.
Add 'pass' pf(4) modifier for nat rules, allowing a translation rule to bypass the filter ruleset altogether.
Remove a redundant (and wrong) copy in pf(4) tcp test code.
Better umask setting detection in security(8).
Use realpath(3) instead of roll-your-own code in mount_*(8) helpers. Fixes PR#1662.
String function cleanup in getNAME(8).
Table code and exit handling cleanup in pfctl(8).
Fix config file parsing of the ssh(1) AddressFamily option.
Make sendmail(8) use the system setreuid(2) instead of its own.
Add a 'real' mmap2() system call under Linux emulation, using the new MAP_TRYFIXED mmap(2) option so it works the way Linux does.
In ssh(1) force the host key alias to lowercase before matching.
Add SOCKSv5 support to ssh(1) with the -D option, as well as SOCKSv4.
Better ld.so(1) versioned library search algorithm.
Bump mktemp(3) randomness in lots of places from 6 to 10 'X's.
Allow newsyslog(8)'s -a option to archive across filesystems.
Add MAP_TRYFIXED option to mmap(2) to turn off heap address avoidance, which helps when emulating other OSes.
Remove the sys_omquery() compatibility system call.
Better umask safety check in security(8).
Stability fixes to siop(4).
Stop using mmap(2) in tail(1), fixes a variety of bugs and performance issues.
Fix a bad bounds check in the grep-without-regex part of grep(1).
Under-the-hood improvements to speed up m4(1).
Add some buffer management functions for pf(4) tables.
unifdef(1) fixes from FreeBSD.
Reset pf(4) interface statistics when the loginterface is changed (PR#3332).
Properly purge pf(4) tags when flushing bridge(4) filter rules.
Don't generate an icmp6 redirect if pf(4) rewrote the destination address.
Improve compress(1)'s gzip compatibility with silly configure scripts that expect 'gzip -h' to return success.
First pass at pf(4) normalisation of IPv6 packets. No fragment reassembly yet.
Improvements to the lm(4) hardware sensor driver.
Make compress(1) respond more usefully to gzip CRC errors.
Many manual page fixes and cleanups.
Fix some target probe problems in siop(4).
Unbreak string printing in locate(1).
Fix mdoc bug that put random blank lines into manpages. From NetBSD.
Better type checking for ssh(1) atomic I/O.
Don't give pfsync(4) interfaces an IPv6 link-local address.
sshd(8) now logs pidfile creation errors.
Allow ddb(4) to log output via syslog. Controlled via sysctl ddb.log.
Handle IPv6 neighbor discovery timers more quickly and with greater accuracy.
Make the installer mount all possible swap before creating devices, in an attempt to stop MAKEDEV bombing through lack of memory.
Make sure getanswer() (called by gethostbyname(3) etc.) doesn't stray past the end of its reply packet.
Remove a memory leak in arp(8).
Fix string cleanup breakage in siop(4).
Unbreak compress(1) gzip code on big-endian architectures.
Some more agressive string fixes in named(8).
Fix compress(1)' -t option.
Add kqueue support for ugen(4), uhid(4), usb(4) and uscanner(4). From NetBSD.
Fix pf(4) tag lookup for DIOCCHANGERULE.
Fix a subtle tag reference count bug in kernel pf(4).
Add alaw <-> ulaw conversion to the kernel ( alaw_to_mulaw(), mulaw_to_alaw() )
Check that the argument to "-o ProxyCommand" exists on the ssh(1) command line, instead of dumping core.
Add a simple static bounds checker to gcc(1). (See gcc-local(1).)
Switch diff3(1) and sdiff(1) to use libc getopt_long(3).
Add USD Beginners Guide document, and some historical papers.
Add USD docs for awk(1), ed(1) and sed(1), and PSD docs for m4(1), lint(1) (as xlint) and the ms macros.
Fix temp file handling and an off-by-one in BSD diff.
Fix isp(4)'s PCI probe.
Pad the osiop(4) script data scructure to 256 bytes to avoid cache problems.
Fix an endianness bug in an(4).
Add unified diff support to the BSD diff.
Have asn1_compile use arc4random(3).
Function prototype cleanup all over the tree.
New extensible bufq mechanism for manipulating buf queues, only in wd(4) for now.
Add -C option support (number of lines of context) to the BSD diff.
Fix some suspect type conversions in grep(1).
Allow bridge(4) to tag packets for later use in pf(4) rules. Oh yes.
Fix backwards arguments when seeking within gzipped files in grep(1).
Major cleanup (safe string functions, signal race avoidance) in the recently imported BSD diff.
Fix division-by-zeros in atapiscsi(4) that could occur when the system is unable to determine even the unit's blocksize.
Add diff program from 4.3BSD Reno. Much work to be done.
Add i386 a.out emulation for dynamic binaries.
Fix grep(1)'s -w option.
Make grep(1)'s -E, -F and -G options override the program name, and mutually exclusive.
Make fgrep functionality of grep(1) work.
Unbreak POSIX:: functions under Perl 5.8.0.
[Applied to stable]
Make pf(4)'s route-to option work for IPv6 link-local addresses.
Reintroduce some routing socket code (lost in a previous update) that could cause less-specific routes to be updated by mistake.
Lots of int -> u_int in ssh(1).
IPv6 neighbour discovery updates from KAME.
Avoid using regexes completely for simple string searches in grep(1).
Improve the compress(1)-based zmore(1) script and install instead of the GNU gzip version.
Teach kdump(1) about many more dev/, net*/ and crypto/ ioctls.
Remove the unnecessary (and broken) printf builtin from csh(1).
Don't use getopt(3) in printf(1) since this causes formats beginning with a hyphen to be interpreted as flags.
Add a simple zmore(1) script using compress(1).
Add pcmcia(4) and wi(4) support for sparc.
Install a host route for a point-to-point interface even if a connected net route via a broadcast interface exists (NetBSD PR 21903).
Check for nfds<0 in poll(2).
Better temp file handling in XFree's gccmakedep(1).
Temporarily work around a tables-related use-after-free in pf(4).
Improve grep(1)'s detection of binary files, and add/fix a number of compatibility options.
Improvements to the installer's handling of network settings when upgrading.
Remove ypserv(8) files without copyright information.
Install freegrep as {e,f,z,ze,zf}grep as well as grep(1).
Upgrade (non-GNU) grep(1) to freegrep 0.16.
Remove GNU grep and (most of) GNU gzip from the tree. BSD-licensed alternatives do the same jobs.
Reenable the ld.so(1) library load order randomiser, with fixes.
Make user filename selection in the installer more robust.
fflush(3) stdout when doing continuous queue monitoring with pfctl(8).
Add fine-grained counters for pf(4) state entries, allowing for traffic reporting via pfsync(4).
Add per-process exec/fork/exit hooks, use them the fix up brk(2) under Linux emulation, and so fix Java.
Add MSS support to pf(4)'s synproxy.
Initialise properly before calling getusershell(3) in su(1).
More helpful pf(4) BAD ICMP debug message.
Make isakmpd(8) print some log messages when giving up on a response to the last message.
Use _PW_NAME_LEN instead of a hard-coded 8 char username limit in top(1).
Remove roll-your-own string functions from top(1).
Have comsat(8) use fseeko(3) instead of fseek().
rpcgen(1) now generates much prettier ANSI C code.
Back out the recent xdm(1) '-nolisten tcp' change.
Plug some memory leaks in popa3d(8) and systrace(1).
Strip the newline from user input when requesting a continuation filename in restore(8) (PR#3324).
Fix a bug that condemned fortune(6) to be always inoffensive.
Have bpf(4) return ENOBUFS on malloc(9) failure instead of causing a panic (PR#2235,PR#2236,PR#2640).
Make m4(1)'s handling of builtin and user macros more consistent, and allow pushdef to work for builtins.
xdm(1) now passes '-nolisten tcp' to Xserver(1) by default for local display :0.
Re-enable UDMA mode 5 for HPT370A pciide(4) devices, now that timing and interrupt problems are fixed.
Fix a sizeof oops that broke less(1)'s -N option.
hme(4) now advertises its VLAN capability.
Properly display no-route addresses when expanding label macros in pfctl(8).
Back out the recent ssh(1) smartcard key fix, it violates PKCS#1.
When the expansion of the $srcaddr or $dstaddr label macro is a table, have pfctl(8) print the table name instead of garbage.
Unbreak vmstat(8) on diskless machines (PR#3322).
Relax rtadvd.conf(5) syntax, removing the need for the addrs option.
Use getifaddrs(3) in amd(8), fixing the 'wire' location selector.
Return the correct error message if the user tries to kill a non-existent process from top(1).
Add a few missing dead-key composition entries (PR#3295, with an entry for cedilla as well as for double-quote).
Avoid a null deref in cnkqfilter() (/dev/console kqueue(2) crash, PR#3317).
Fix a logic bug in mtree(8) that was making -U return an error just like -u.
Make ssh-add(1) redisplay the key comment when prompting after a bad passphrase.
Fix "bad decrypted len" errors in ssh(1) when using smartcard-stored public keys (OpenSSH bug 592).
Updates for systrace(1), support freeing of old policies and escaping of special characters.
Better byte-swapping behaviour in dc(4), fixing mac address reads on big-endian architectures.
Make dhclient-script(8) fix up resolv.conf(5)'s permissions.
Stop isakmpd(8) losing ID information when rekeying.
Add new '-c class' option to encrypt(1), which will use the login class to select the password cipher.
Fix kqueue(2) on ptys (PR#3209).
In user(8), only check login class validity when the login class is set.
Fix some sizeof oopses in top(1).
Allocate cleared memory for isakmpd(8) payload buffers.
Fix pf(4) TCP state checks when using a combination of asymmetric window scaling and SACK.
[Applied to stable]
Add __LP64__ and _LP64 cpp(1) predefined macros for alpha and sparc.
Sync em(4) with FreeBSD updates and enable on sparc64.
Add -0 (zero) flag to pax(1) allowing the filename separator to be a NUL instead of a newline (PR#3310).
In xargs(1), don't close the descriptor we just created with dup2(2).
security(8) allows dots in usernames consistent with user(8) changes.
pfctl(8)'s show anchor command now respects the 'quiet' flag.
Make dhclient-script(8) respect symlinks.
Remove obsolete Rijndael code from libcrypto.
Support more Intel Fast Ethernet and Gigabit Ethernet cards.
Use real varargs in top(1) instead of hacking it.
ssh(1) and ssh-agent(1) now use the key label from a PKCS#12 cert if one is available, instead of just showing 'smartcard key.'
Stop security(8) complaining about usernames ending in '$'.
Speed up m4(1) traced macros, helps with recent GNU autoconf.
Make queues work on tun(4) interfaces. Not recommended (should assign to tun, then queue on physical interface) but sometimes necessary, e.g. for pppoe(8).
In pfctl(8) don't apply a netmask to an interface name.
[Applied to stable]
Allow the kernel to compile with NFS but without FIFO.
POSIXify xargs(1), mostly from FreeBSD.
Much ansification and de-registering.
Add NAT-T dump support to tcpdump(8).
Make ssh-agent(1) lifetime and confirmation features work with smartcard keys.
Build bs(6) and hunt(6) again now that they have good licenses.
Add option MFS to the kernel on several architectures, to fix upgrade breakage.
Some RFC3542 Advanced Sockets API for IPv6 updates.
Add an ARM target for gcc(1).
De-uglify dhclient-script(8), and (mostly) fix resolv.conf(5) update problems.
Allow zero intervals in newsyslog(8) config files.
Fix a missing initialisation in pf_test() and avoid random state table additions.
Add login class support (-class option) to adduser(8).
rmail(8) now tells sendmail to deliver in the foreground.
Make rmail(8) pass the -G flag to sendmail(8) as expected.
Install rcs2log(1) properly (PR#3298).
In user(8) check that a login class exists before using it (PR#2699).
user(8) changes from NetBSD:
- useradd(8) and usermod(8) now check that the encrypted password length is correct.
- Log user and group modifications via syslog.
- Pickier command line option checks.
- When deleting a user including the profile, remove all references to that user from /etc/group.
- Checks that a group is in the local files (not from YP) before attempting to modify it.
Don't allow /dev/crypto to be opened at all if the kernel is compiled without the CRYPTO option.
[Applied to stable]
Make mount(2) return EROFS instead of EPERM when trying to mount a dirty filesystem.
Make isakmpd(8) more robust when faced with unknown ID types.
[Applied to stable]
Change the timer pthread uses, allowing threaded apps to be profiled.
Allow newsyslog(8) to detect negative numbers in pid files.
Stop sudo(8) busy-waiting when waiting for sendmail(8) to do its work.
Better CDDB input checking for cdio(1).
Make the byte order more uniform in the pf(4) nat code.
Back out tcp_trace IPv6 changes and fix PR#3283.
Stability fixes for siop(4) when under heavy load.
[Applied to stable]
Allow user(8)'s -e and -f to accept both month-day-year and seconds-since-epoch times. From NetBSD.
Detect oversized usernames in pwd_mkdb(8).
Check for oversize group names to user(8) and fail the command.
Fix an off-by-one in user(8).
m4(1)'s patsubst command now accepts null patterns. This appears to fix GNU Autoconf 2.57.
A pf(4) table on an anchor rule creates a real anchor, so pfctl(8) works the way one expects.
Stop pfctl(8) (with the -ss option) printing IPv4 address/netmask pairs as a.b.c.d/128.
Have identd(8) run by default as user _identd if possible, and fall back to user nobody if that fails.
Replace setjmp/longjmp in less(1) with interruptible system calls.
Avoid a null deref in fontconfig(3) when $HOME is not set.
Fix the addition of /usr/local/lib/X11/fonts to /etc/fonts.conf.
Don't use M_WAIT in atalk(4).
Don't forward IPv6 multicasts to an interface that's no longer around to receive them.
Add large file support to distrib/special/more.
Teach distrib/special/more how to handle arbitrarily long lines and \r\n line endings.
Set rusers(1)' column width to 80 if stdout isn't a tty.
Add generic '-fno-builtin-<function>' option to gcc(1) (see gcc-local(1)).
Kill the parent ssh(1) process when scp(1) or sftp(1) receive a signal (OpenSSH bug 241).
Only drop setgid privileges the once in sshd(8).
Disable ssh(1) challenge/response and keyboard-interactive authentication methods if there's a host key mismatch, to reduce the likelihood of MiTM attacks catching out ignorant users (OpenSSH bug 580).
Make less(1)'s --More-- prompt more --less--, less More, and more POSIX.
Fix distrib/special/more on machines with unsigned chars.
Simply and fix tty handing in /distrib/special/more.
Stop event(3) honouring EVENT_NOKQUEUE when running set[ug]id.
Disable the ld.so(1) library load order randomiser, it seems to be exposing bugs elsewhere.
Provide a fast path for userland crypto(9) requests, bypassing the kernel queues where possible.
Add some tag-related utility functions in kernel pf(4).
In pfctl(8) process 'show' options before options that change the rulebase.
Huge license cleanup all over the tree.
Fix random lockups of cac(4) devices.
[Applied to stable]
Deprecate the dangerous VerifyReverseMapping sshd(8) option, and replace with new UseDNS option (enabled by default).
Install OpenSSL include files in /usr/include/openssl instead of ../ssl.
Remove the advertising clause from many license statements.
Use getopt_long(3) for getopt(3), instead of the old implementation.
Remove a potential double-free from systrace(1).
Fix a bad string bounds check in libedit.
String cleaning bootblocks for all architectures. Now only bind and src/gnu use unsafe string functions.
Fix a few long-missing initialisations, so we don't end up using random stack noise as a hint to uvm_map(9) via uvm_km_suballoc().
Improve ddb(4)'s symbol table lookup algorithm.
Properly mask off all but the last 8 bits of status in WSTOPSIG and WEXITSTATUS.
Add preliminary LBA support to the i386 bootloader.
Build a dynamic com_err(3) library.
Add pmdb(1) to the default build.
Fix timeout signedness bugs in brconfig(8) and bridge(4).
Some deeper string cleaning in bind9.
Stop pmdb(1) dumping core when the program to be run doesn't exist.
Add LD_NORANDOM to the list of environment variables that get zapped when running setuid/setgid.
Load dynamic libraries in random order, to reduce the probability of an attacker guessing the address of the loaded code. Define LD_NORANDOM to disable.
Make dhclient(8) more robust by accept non-DHCPNAK messages with yiaddr=0.0.0.0, as sent by some common DHCP servers that ignore the RFC.
[Applied to stable]
Reorder the sections in many manpages.
Use sete[ug]id(2) as well as set[ug]id() in ssh(1) when doing privsep and when permanently setting the [ug]id.
When setting the tcp6 mss, fetch the link mtu using IN6_LINKMTU() (which takes neighbour discovery mtu settings into account) instead of always using the interface mtu.
Allow numeric uid and gid in systrace, and '<' and '>' operators for ids.
Add support for IPv6 jumbograms.
Fix some bugs IPv6-related bugs in tcp_trace().
Incorporate distrib/special/more's helpfile into the program itself.
Fix the endianness of fxp(4)'s statistics for netstat -i.
Fix tab expansion, handle EDITOR not being a full pathname, and much cleanup in distrib/special/more,
Add pthread support for vax.
Don't risk an M_WAIT deadlock when processing raw IP output.
Make libwrap check for bogus PTR records containing numeric IP address in string form.
Make df(1) use the new fmt_scaled(3) stuff in libutil.
Fix a few bad *printf format strings in ssh(1).
Install the mod_ssl headers under /usr/lib/apache/include/
Add IPv6 support to trpt(8).
Fix xdm(1)'s XDMCP queries (XFree86 bug #277).
Unbreak pf(4) binat rules after recent netmask check changes.
Improve pfctl(8)'s netmask validity check.
Have pfctl(8) properly free buffers and initialise pointers when working on tables.
Push ssh(1) syslog output through strnvis(3) first.
Fix an fdset leak in ssh(1).
Remove unsafe sprintf(9) and vsprintf() functions from the kernel.
Ignore media changes for the first command issued to an sd(4) device. See the checkin comment for details.
Match kernel vprintf(9) prototype to that of userland.
Have getconf(1) return _POSIX_PATH_MAX instead of _POSIX_PIPE_MAX when asked for the former.
Now that kernels are built with propolice, build modules with it too.
New hardware monitoring sensors driver it(4).
Fix endianness problems in dc(4) that caused multicast reception to fail when using Centaur chips.
Add a missing initialisation in altq HFSC.
Add read-only NTFS support, ported from NetBSD. Not enabled in GENERIC.
Add a flag to reverse the stereo on auich(4).
Limit the return value of nice(3) to -NZERO ≤ nice ≤ NZERO, where NZERO=20.
Make pfctl(8) fail hard when fed invalid hostnames and netmasks.
Many games fixes from NetBSD.
Allow the i386 and hppa bootloaders to skip the interactive portion altogether.
Fix a badly broken switch statement affecting SO_DEBUG in tcp_input.c.
Stop lpr(1) from checking if the printed file is an executable. Leave this to lpd(8) filters.
Use a decay filter to get better altq throughput statistics out of pfctl(8).
In ssh(1)'s do_log(), use syslog_r(3) in code that can be called from a signal handler.
Severely restrict the paths that privsep isakmpd(8) can read from and write to.
Use sockaddr_storage instead of sockaddr in isakmpd(8) to fix interface rescanning.
Keep X.509 private keys only in the privileged part of privsep isakmpd(8).
When using the pf(4) SYN proxy, make sure ACKs are sent with the correct window size.
Wait longer for slow USB devices to be ready for attachment.
Don't build libperl in the libraries pass of 'make build', as we want Perl's configure to pick up details of the libraries that the build may be changing. Another leapfrog-in-waiting.
Add regen target in libkrb5 to remove (again) the dependency on an up-to-date asn1_compile.
Complain more consistently about a missing 80-wire IDE cable (for UDMA mode > 2).
In syslogd(8) don't use strlcpy(3) when printing strings out of struct utmp, since those strings aren't null terminated.
Don't ARP for our IP address aliases, treat them as local.
Merge in a number of USB SCSI device updates from NetBSD.
Add experimental support for aes-ctr ssh(1) ciphers.
Apply some of the USB SCSI improvements to the FireWire code as well.
Add string length bounds to an sscanf(3) in ssh(1)'s rhosts auth code.
Pull in a fix for directory creation under systrace(1).
Fix pf(4) rdr rules with address pools using bitmask and source-hash address selection.
[Applied to stable]
Allow inverse matching of pf(4) tags.
Fix media handling for Intel dc(4) devices.
Use the right buffer in spamd(8)'s connection handler.
Use mmap(2) instead of malloc(3) in vfprintf(3) when more memory is needed to store arguments. See the checkin comment for why.
New Renegotiate-on-HUP option for the [general] section of isakmpd.conf(5) will cause all Phase 2 SAs to be renegotiated.
Fix a couple of signedness nits in ksh(1).
Improvements to USB SCSI support.
Fix mg(1)'s up and down cursor movement.
Have ksh(1) use the libc dup2(2) instead of its own.
Fare thee well, Kerberos IV.
Another big-bucks firewall feature performed by pf(4): TCP SYN proxy, enabled with 'synproxy state' (this implies modulate state).
New AddressFamily option for ssh(1) that works like the -4 and -6 command line options (portable OpenSSH bug 534).
Allow address comparison in wi(4) to work on sparc64.
Prevent a spamd-setup(8) crash with a config file consisting of only invalid input.
Don't assume that rt->rt_ifp is valid in IPv6 neighbour discovery.
Add new ConnectTimeout option to ssh(1).
Disable Kerberos options to ssh(1) programs if Kerberos isn't compiled in, and warn if they're used.
Have 'ssh -V' print the OpenSSL version properly, instead of trying to %s on a long.
Repair IPsec forwarding for IPv6, fixing PR#3231.
Fix a hang in libwrap when the hosts_access(5) file has a line containing > 2048 characters. (NetBSD pr#15025.)
Add multi-column output to the ls command of sftp(1).
Wash untrusted input to mail(1) through vis(3) before display.
In isakmpd(8), don't store the private key in data structures we pass around a lot.
Fix a missing freerrset(3) in new ssh(1) dnsfp code.
New fmt_scaled(3) and scan_scaled(3) functions in libutil, for writing and reading numbers with human-readable scales.
Like for sysctl(8), add a -q option to shut mixerctl(1)'s -w option up.
Preliminary privilege separation support for isakmpd(8), not enabled by default for now.
Fix deregistration of per-authentication method handlers in ssh(1).
In faithd(8) specify IPPROTO_TCP explicitly in anticipation of a day when getaddrinfo(3) supports sctp.
Prepare to move all KerberosV libraries to /usr/lib.
More TCP scrubbing: Modulate TCP timestamps to frustrate NAT detection and prevent remote uptime guesses. New scrub option 'reassemble tcp'.
Kill more unwanted le(4) 'lost carrier' moans.
Remove the rather short-lived kernel option LONGRUN, it's now standard except SMALL_KERNEL is defined.
Enable pf(4) tagging support for rdr and binat rules.
Add _isakmpd user and group for isakmpd(8) privsep.
Allow ssh(1) clients to send a BREAK to the remote server if it supports it (SSHv2 only).
Add _kdc and _kadmin users and groups for the respective KerberosV kdc(8) and kadmind(8) daemons.
On i386, support Transmeta LongRun power management (kernel option LONGRUN, enabled by default).
Add a pf(4) tag for each rule that matches, not just the last one.
Remove gated stuff from /etc/rc and /etc/rc.conf.
Add experimental support for ssh(1) host key fingerprint verification using DNS records (dnsfp). Not built by default. See src/usr.bin/ssh/README.dns for details and build instructions.
Unbreak malloc(3) map_pages() failure test on 64-bit architectures.
Back out many recent isakmpd(8) changes until they're working right.
Disable KerberosIV support in XFree.
Make sure ssh(1) privsep children die when the monitor parent goes away (OpenSSH bug 560).
Upgrade pflogd(8) to use the new bpf(4) link type too.
Teach tcpdump(8) and libpcap about the new pflog(4) link type in bpf(4).
Upgrade bpf(4) support for the pflog(4) link type to the 'official' and more extensible version from the libpcap people.
Start stripping out KerberosIV support from programs.
When handling a numeric nodename in getaddrinfo(3), set the canonical hostname to the numeric address as per RFC3493.
Make vis(3)'s VIS_SAFE behaviour match the manpage w.r.t isgraph(3).
Allow tags to be specified for pf(4) block rules (which aren't allowed to keep state).
Allow the pf.conf(5) scrub keyword to take a protocol specifier again.
Remove KerberosIV support from KerberosV code.
Add packet tag support for pf(4) nat rules.
Correct a string length problem and a missing null init in libreadline.
Add kerberos-over-ssh2 support to ssh(1).
Reapply the move of Ethernet definitions to <net/ethertypes.h>, but this time have <netinet/if_ether.h> read them in for compatibility reasons.
New -q flag for sysctl(8) to suppress output from the -w option.
Fix a circular dependency by removing libtelnet, instead compile the code directly into telnet(1), telnetd(8) and tn3270(1) from files in libexec/telnetd.
Move contents of libkafs into libkrb5, leave libkafs as an empty dummy library.
Fix a use-after-free in the new pf(4) tagging code in the kernel.
Enable the increasingly popular em(4) driver by default on i386 RAMDISK* kernels.
Sync rdist(1) with freerdist version 0.92, minus the compress option.
Don't build KerberosIV programs. Libraries still built for the moment.
Move blktochr() and chrtoblk() into kernel MI code.
Add [bc]devsw_lookup() kernel convenience functions.
In pfctl(8) make sure packet tagging is only used on stateful filter rules.
Add NO_PROPOLICE kernel config(8) option to build the kernel without the stack protector. Handy for install media.
Fix a string length off-by-one in libreadline.
Add userland portion of pf(4) packet tagging support.
Disable afs until it can be made to work sans KerberosIV.
Force global 'time' structure to be quad_t aligned, unbreaking sparc microtime(9) and possibly other things too.
Add support in kernel pf(4) for tagging packets, and filtering based on those tags.
New mbuf(9) tag PACKET_TAG_PF_TAG.
Make sure lndir(1) doesn't try to use -1 as an array index when reading a directory.
On ELF architectures, support the blocking of thread switches during non-thread-safe dynamic loader operations.
Sync ELF identification indexes with the System V ABI specs.
Stop AM7990 (le(4)) devices emitting 'lost carrier' messages.
Back out <netinet/if_ether.h> changes after they caused userland meltdown.
Add propolice stack-smash protector support to the kernel, and build the kernel using it on architectures that support propolice.
Re-enable NULLFS, UMAPFS and UNION in the GENERIC kernel.
Move Ethernet definitions from <netinet/if_ether.h> to new <net/ethertypes.h>, like NetBSD.
Disable Kerberos V-to-IV conversion in login_krb5(8) and login_krb5-or-pwd(8)
Stop building login_krb4(8) and login_krb4-or-pwd(8).
Remove references to krb4 from login.conf(5).
Changes to the way protection fault traps are handled on i386, see the checkin comment for details and Intel abuse.
Merge in Heimdal KerberosV 0.6.
Stop user(8) from accepting usernames beginning with a slash.
Don't report unsupported scsi(4) devices as offline.
When testing TCP window sizes in pf(4), don't apply the window scaling factor for SYN packets. Do, however, apply the scaling factor when testing ACKs.
Fix a bug in pkg_add(1) that was causing recursive dependency searches to fail.
More isakmpd(8) definitions for NAT-T, IKEv2 and EAP.
Locking and other fixes to unionfs.
Add BLOCK_SIZE attribute to isakmpd(8), and rename AES ESP transform to AES_128_CBC.
Add UDP encapsulation type definitions (not code) to isakmpd(8) with an eye to future NAT-T support.
Adapt nullfs and umapfs to use common code from genfs.
New genfs code for layered filesystem support.
Wash print queue names through vis(3) before output.
Teach ctags(1) to understand '//' comments, ignore declarations of function types, and accept __attribute__. From NetBSD.
Correctly check for empty output from an at(1) command (PR#3252).
New ddb(4) command 'show proc' which, er, shows process information.
Sync popa3d(8) to version 0.6.2.
Improvements and bugfixes to the installer's handing of ftp and http downloads.
Reorder pf(4) IPv6 address comparison to check the least-significant bits first, since these are more likely to differ.
Make sure the state search trees are properly in initialised when attaching pf(4).
Remove a number of KerberosV files that are not used by OpenBSD.
When doing pubkey authentication in ssh(1), prefer agent-stored keys that are referred to in the config file. This can reduce the likelihood of the server disconnecting before it gets to a valid key when the agent is storing many keys.
Start preparations to remove KerberosIV.
Remove a number of redundant declarations in games/. From NetBSD.
file(1) now recognises Ogg Vorbis audio files.
Use the asn1_compile in src/usr.bin instead of that in src/kerberosV.
More string fixes to libreadline, this time with no ABI changes.
Fix a sign overflow in csh(1).
Merge in OpenSSL 0.9.7b (without IDEA, MDC2 and RC5).
Implement adaptive state table timeouts in pf(4), reducing the state timeout value inversely with the number of states present.
Break asn1_compile out from KerberosV into src/usr.bin.
First phase of pf(4) stateful TCP scrubbing: Frustrate TTL-based NIDS evasion by determining on the fly the highest TTL, and enforcing it as the minimim TTL for all subsequent packets.
In ssh(1), Do the xstrdup() of the remote_name inside channel_new() instead of making the caller do it.
Start to fix the annoying asn1_compile leapfrog problem when upgrading KerberosV by putting the generated files into the tree.
Make sure a hole at the end of a sparse file created by install(1) actually gets written on all filesystems.
The installer now accepts absolutely absolute paths (relative to the installer's root directory, not the virtual mountpoint) for local sets.
Make ssh-keygen(1)'s -e option fail gracefully if the user specifies an SSH1 key. (NetBSD pr#20550.)
Avoid offence to Klingons by spelling 'Kang' correctly.
Merge in Heimdal KerberosV 0.6rc1.
Since mfs doesn't try to force an unmount on receipt of a signal, there's no need to try to fix up processes' working dirs - the unmount(2) will fail.
Fix isakmpd(8)'s handling of the IPV6_ADDR ID-type.
Remove an unnecessary ntohs(3) in pfctl(8), unbreaking 'nat ... -> $if port n' rules.
The pf(4) return keyword now generates an ICMP unreachable message for all protocols other than TCP (rather than just UDP and ICMP).
Have the compiler generate warnings if unsafe string functions are used in the kernel.
Back out libreadline string fixes until static build works.
Consign swapon(2) to COMPAT_25 in favour of swapctl(2).
Clear unused and/or invalid globals in authpf(8) to prevent confusion.
Update authpf(8) to spot (and reject) the new 'load...from' syntax.
Support loading of anchors from the main pf(4) ruleset with new syntax 'load anchorname:rulesetname from filename'.
Allow for the null-terminator when calling strlcpy(3) in gcvt(3).
Remove a number of unnecessary executable mappings in the kernel, e.g. framebuffers and page tables don't really need to be x.
Add sha2(3) digest support to libc.
Clear libc digest buffers allocated on the stack with memset(3) before returning.
Move setrgid(3) and setruid(3) from libc to libcompat.
Move insque(3) and lsearch(3) and remque(3) from libcompat to libc, since they are now POSIX functions.
Don't leak socket fds in pfctl(8) queue code, otherwise we can hit the file limit if many queues are defined.
Fix a number of readlink(2) calls that forgot to leave space for the null-terminator that needs to be added manually.
Update sudo(8) to 1.6.7p5.
Add support for the userland portions of XFree86 DRI. Not yet enabled by default.
In csh(1), null-terminate the string returned by readlink(2) before passing it on.
Fix mmap(2)'ing of the dynamic linker hints file when the file size exceeds one page.
[Applied to stable]
Stop gcc(1) from inlining strcpy(3) so it can be more easily spotted in object files.
Add missing device name parameter when printing a nofn(4) RNG underflow error.
Fix a bad sizeof() in xedit(1).
Fix some sscanf(3) off-by-ones in makepsres(1).
Remove a string memory leak in ld(1).
Change xclock(1)'s default behaviour back to -norender.
Fix a few instances of sizeof(pointer instead of object) in expand(1), lbxproxy(1), skeyinit(1) and in the Kerberos IV and BIND libraries.
Plug a memory leak in the kernel ELF loader.
In the installer, give the -h option to tar(1) so symlinks on the existing system are honoured.
Make lynx(1) try active FTP if passive mode fails. This was missed out in the recent upgrade.
Have rdist(1) use POSIX regex(3).
Update rdist(1) to cope with rcmdsh(3)'s new ability to handle command line options.
Make pf(4) rdr and binat rules work again on protocols other than TCP, UDP and ICMP.
[Applied to stable]
After a forced unmount, try to change process back into real directories now that namei() won't do lookups under the old mountpoint.
Stop namei() doing lookups on unmounted volumes, prevents crashes with forced unmounts. From NetBSD.
Don't use M_WAITOK to sleep on failures when allocating hashtables for IP protocols (in_pcbinit()). Fail and panic.
Pretty up sysctl(8) display units for hw.sensors.
Only do setusercontext(3) in skeyaudit(1) when running as root.
Don't use string functions on non-strings in sd(4).
Kill a small asprintf(3) memory leak in mg(1).
In skeyinfo(1), convert the username to seven-bit before doing the skeylookup(3).
Make the fsirand(8) functionality built into newfs(8) non-optional.
Allow command-line arguments in rshprog passed to rcmdsh(3).
Add backquote to the list of characters escaped in ksh(1)'s vi-{esc,tab}complete mode.
Fix a couple of sscanf(3) off-by-ones in afs and makeinfo(1).
Write the correct amount of data when disconnecting tip(1) on biz22.
Another memory layout change on i386 to allow a larger MAXDSIZ (see the tech@ archive for details).
Add a mail mode to mg(1) that does proper line wrapping, and add the '-f' command line option to set the mode.
Properly restore the syncer vnode if unmount(2) fails.
Use the right buffer size for getcwd(3) to avoid unnecessary truncation in at(1).
Replace local (and wrong) basename logic in ln(1) with a call to the real basename(3).
Don't leak an mbuf when dropping non-ARPHRD_ETHER arp packets.
[Applied to stable]
Compatibility improvements to ossaudio(3), mostly from NetBSD.
Ditch newfs(8)/mount_mfs(8)'s homespun malloc() in favour of mmap(2).
Prevent a couple of use-after-frees in pfctl(8).
Defensively zero the m_flags field in mbuf(9) structures allocated on the stack.
Make what(1) more POSIX-compliant.
Stop skeyaudit(1) leaking file descriptors in -a mode, and be more paranoid about stdin, stdout and stderr.
Add Doug Gwyn's portable alloca(3) on platforms for which no assembler version yet exists, and use instead of gcc(1)'s alloca().
Greatly improved SIS chipset support in pciide(4).
Make eso(4) work on sparc64 and (probably) macppc.
A number of vnode(9) fixes and additions. See the checkin comment for details.
Update lynx(1) to 2.8.4release, patchset 1d, including IPv6 support.
Allow pf(4) antispoof rules to have labels.
Keep trying to unbreak apachectl(8) restarts for shared modules when running under the chroot.
Improve forward compatibility of fsck_ffs(8) by comparing only what we understand instead of trying to ignore what we don't.
Make the newly deprecated omsync() work under NetBSD emulation.
Several strvis(3) -> strnvis(3) changes, all part of the continuing Battle for Safe String Functions.
Fix some pthreads signal bugs that were causing MySQL to crash (PR#3179, PR#3238).
[Applied to stable]
Allow pf(4) tables to be loaded into anchors. pfctl(8) table options except show and flush now honour -a.
Have the dynamic linker stub functions in libc return -1 if called from a statically linked program.
Only build shared libXv if the target arch supports shared libraries.
Consign the omsync() system call to COMPAT_25 obscurity.
Fix parsing of the noac option to mount_nfs(8).
In netinet/tcp_input.c, correct a long-standing typo made when applying a deadlock-avoidance bug fix (TCP/IP Illustrated volume 2 fig. 28.30).
Fix a crasher in lkm(4), tripped when loading a module twice.
Make ELF dlfcn(3) calls thread-safe.
Add /usr/local/lib/X11/fonts to fontconfig(3)'s search list, to help ports.
Add some missing X server key definitions.
Re-introduce the mquery(2)-has-mmap(2)'s-signature change, once again renaming the old syscall to omquery().
Only close the keyfile once in skeyaudit(1) -a mode.
Do a return from main() instead of an exit(3) in md5(1) and spamd-setup(8),
Fix some more unbounded sscanf(3) calls in KerberosIV, still more to come.
Lock earlier when doing vnode ops in procfs to avoid a possible race condition.
Remove a potential double-free in the XFree wsfb driver.
Prepare pf(4) table structures for anchor support.
Much string cleanup in sys/dev.
Fix the isakmpd(8) fifo 'C set' command (PR#3148).
Use strdup(3) and asprintf(3) to eliminate some string length guesswork in rpcgen(1).
Allocate enough space for a *printf() %u in rpc.yppasswdd(8).
Correct libXp's shared library dependencies
Fix fat32 filesystem corruption when renaming directories.
New lm(4) (National Semiconductor LM78, LM79 and compatible) and viaenv(4) (VT82C686A South Bridge) hardware monitor drivers, adapted from NetBSD to use the new sysctl hw.sensor interface.
Make funopen(3)'s declaration match its prototype (PR#3236).
Back out the recent mquery(2)-uses-mmap() API change.
Add new sysctl(3) node hw.sensors for, er, hardware monitoring sensors.
Don't assume that asprintf(3) failures won't clobber the tempfile name in mktemp(1).
In the IPv4 case of inet_net_pton(3), infer the netmask the same way for all address classes (i.e. don't assume multicast networks are always */4).
Be more portable and check the asprintf(3) return value against -1 in pfctl(8).
Add size bounds to sscanf(3) strings in edquota(8) and tn3270(1).
Match mquery(2)'s function signature to that of mmap(2).
Fix pf(4) nat proxy port allocation for manually specified ranges.
[Applied to stable]
If one is given, properly copy the second port of a nat proxy spec in pfctl(8).
Fix a bad strlcpy(3) bound in the AFS library (PR#3228).
Use asprintf(3) to fix some buffer length problems in pdisk(8/MAC68K)
When handling the packet size option in traceroute(8), bounds check the right variable.
Properly detect EOF when generating policy interactively.
Stop pflogd(8) generating syslog messages on startup.
Swap a strchr(3) for a strrchr(3) in md5(1).
When upgrading, treat the /altroot filesystem like a 'noauto' filesystem and omit it from the upgrade fstab.
Do a proper bounds check when reading in the lynx(1) news server name from a file.
less(1)'s glob now does tilde and brace expansion as well.
On gre(4) IP input, use m_pullup(9) instead of assuming the header is in the first mbuf's data region.
Have make(1) stop parsing command line arguments after a '--'.
Better bounds checks when expanding curly braces in make(1).
In ld.so(1), don't set the object load_size field to a negative value because this is likely to be wrong.
Copy the null at the end of the name when adding a realm in Kerberos V.
Make authpf(8) die the way it should when authpf.conf is missing (PR#3217).
Fix ubsec(4) output statistics.
Sync sudo(8) with its CVS and bump the version to 1.6.7p4.
Some typedef perfectionism in libwrap.
String cleanup and extra paranoia in rd(4) and vnd(4).
The string cleanup drive continues.
Add support for the Davicom DM9009 chip to dc(4).
Help ld.so(1) further by making mquery(2) return EINVAL (instead of ENOMEM) if MAP_FIXED was requested but is unavailable.
New -x option for mount_msdos(8) to automagically make directories executable if they're readable.
Unbreak Emacs 21 by fixing a problem with the new mquery(2) part of ld.so(1).
Make tun(4) work when only IPv6 endpoints are specified.
Add 4.3BSD's more command for use on some floppies instead of less(1). More is less.
Change some return values in config(8) and cron(8) from char to int.
Changes to support the new i386 W^X scheme.
Move i386 to ELF, a binary upgrade is required for now.
Use the new mquery(2) syscall in ld.so(1), i386 only for now.
Avoid teeth-gnashing delays by making the installer use 'route -n show' instead of 'route show'.
In the kernel ELF loader, use the uvm(9) to make sure that ld.so(1) doesn't overwrite an area that's already in use.
Fix a buffer overflow that was causing a crash in mg(1) (PR#3090).
apachectl(8) now honours $httpd_flags from rc.conf(8).
Remove a race condition in mount_mfs(8).
Fix some allocation bugs in mg(1).
In the kernel's standalone ISO9660 driver, collapse extra slashes in the pathname. This allows files to be loaded from the root of a cd.
Uncomment the line that unloads httpd(8) shared modules on a server shutdown or restart.
Many string fixes to named(8), more to come.
pfctl(8) can now display basic HFSC stats.
Much cleanup in elf2ecoff(1) (not installed by default).
Allocate the right getaddrinfo(3) buffer size in rip6query(8) and route6d(8).
In audioctl(1), size(1) and spamd(8), don't use snprintf(3)'s return value for pointer arithmetic.
Back out the 'long ATAPI detection delay' fix due to problems with some devices.
Add a missing globfree(3) in sftp(1).
Correct a number of short space allocations for *printf() integer-to-string conversions.
Fix some problems with the xdm(1) OpenBSD logo, caused by the XFree86 4.3.0 merge.
Don't increment the ping(8) sequence number until we know the packet has been successfully queued for sending.
Include the at(1) job number in the process title.
Put less(1)'s help text back into a separate file, and allow a reduced-size build for the boot floppies.
Stop using hardcoded SOCK_* types when creating sockets in ssh(1), to facilitate ssh-over-sctp.
Have isakmpd(8) unlink its fifo and pid file on a clean shutdown (PR#3199).
Allow ping(8) to send zero-length packets with the -s0 option.
Some snprintf(3) buffer length fixes in isakmpd(8).
Add new mquery(2) system call, to provide hints (especially to ld.so(1)) on where to put memory mappings.
Make sure systrace(1) leaves space for the trailing null when displaying open(2) flags.
Fix bad format strings in extattrctl(8) and mopd(8).
Prevent timeout_add(9) from wrapping around on machines with a long uptime.
Fix some bogus size_t values in grops(1) and mg(1).
Update less(1) to version 381.
Have spamd(8) set file descriptor limits with setrlimit(2).
Relax the license on strlcat(3) and strlcpy(3) to encourage their bundling with other programs.
Initial support for HFSC queueing, pf(4)-style.
Back out recent 'X looks like a package' stuff.
Merge in expat-1.95.4 from XFree86-current.
Fix long delays when detecting ATAPI devices.
sudo(8)'s Makefile now honours the LDSTATIC flag.
Move queue ID assignment into the kernel and away from pfctl(8), solving a bunch of problems.
Back out the earlier fix for PR#2230, which is a no-op since zombies aren't on the allproc list being scanned.
De-allocate bus space on wi(4) device failures.
Only print the less(1) -d prompt if there's enough space left on the status line (PR#3189).
When fixing up process root and working directories after a filesystem mount, leave zombies well alone. (PR#2230.)
Fix an off-by-one in kernel malloc(9) diagnostic code.
Correctly initialise xkb memory in the X server.
Plug some file descriptor leaks in xman(1) (PR#3186).
Fix a broken sizeof() in gcc(1) when allocating a new sentinel_info.
Demote the isakmpd(8) 'missing CRL dir' moan to a debug message.
The kernel pf_state structure now points to both a rule and an anchor, so states created on anchors can use rule options properly.
Create the /etc/isakmpd/crls directory from 4.4BSD.dist to stop isakmpd(8) complaining about its absence.
Strip trailing whitespace before parsing ssh(1) options (OpenSSH bug 528).
Disable ssh(1)'s Kerberos IV support.
Fix spamd(8)'s select(2) error handling.
mg(1) now remembers the previous 'M-x compile' command.
Add a missing free() in httpd(8)'s dbm processing.
More fixes to osiop(4).
Change some old-style chown(8)s (user.group) to POSIX user:group style.
Fix a null deref in savecore(8).
Add some missing NetBSD copyright information to ftp(1).
Make ktutil(8) work properly over the network.
Improvements to string handling (not str[ln]* for once) in adventure(6).
Add fake package information so ports can check for XF4 installation.
Use ksh(1) instead of csh(1) for XFree distrib scripts.
Make pfctl(8) reject invalid ICMP types (>40) and codes (>255).
Fix a typo in the new ssh(1) rekeying code that was causing the wrong packet state counter to be fetched.
Update sudo(8) to 1.6.7p3.
Handle buffer length for strlcpy(3) properly in kvm_mkdb(8).
Many fixes to osiop(4).
Improve (as part of string function fixes) sort(1)'s handling of old-style + and - format specifiers.
Don't treat disklabel fields d_packname and d_typename as null-terminated fields when they're not.
Fix a bounds-check off-by-one in lam(1).
Simplify pfctl(8)'s parsing of CIDR masks.
Add 'queue foo on $i_bar' syntax to allow pf(4) queue specs to apply only to specified interfaces.
Add 230400 to the list of speeds supported by termios under compat_linux(8).
Use the default rule when a packet passes due to the implicit 'pass all' at the top of the rulebase, eliminating many NULL tests.
Add a `default' pf(4) rule and use it to store the default timeouts.
Add some shared library version updates missed in the XFree86 4.3.0 merge.
Many string function fixes all over the tree.
Fix a bad bounds check in OpenSSL's ASN.1 parser.
Back out the earlier realloc() change to tcpdump(8).
Update sectok_fmt_fid(3) to take a string length parameter, and crank libsectok's major version for the new API.
With the XFree86 4.3.0 merge, add an additional definition so that ports libs end up in /usr/local/lib/X11.
Update sudo(8) to 1.6.7p2.
Fix user(8)'s empty group test (PR#3178).
Improve PRIQ queue id assignment, so same-priority queues on different interfaces work properly.
Use realloc(3) instead of leaking memory in tcpdump(8).
Some cleanup in ipcomp(4) and ipsec(4).
Add a missing initialisation in ssh(1) (OpenSSH bug #526).
When an interface doesn't support altq(9), have pfctl(8) print the interface name in the error message.
Add automatic ssh(1) rekeying in accordance with the current secsh newmodes draft, and fix some rekeying bugs.
Fix kqueue(2) notification of immediate-mode bpf(4) events (PR#3175).
Merge in XFree86 4.3.0.
Update sudo(8) to version 1.6.7p1, to fix some overzealous paranoia.
Bump OpenSSH version to 3.6.1.
[Applied to stable]
Fix an mbuf leak in icmp6.
Have ftp(1) treat empty environment variables as if they were unset.
Fix some use-after-FREE when handling crypto errors in ipcomp(4) and ipsec(4).
Add a missing splx() in ipcomp(4).
Clean up and additional paranoia in setusercontext(3).
Only remove a kernel pf(4) rule structure when no states refer to it.
Helpfully, allow netinet/tcp_debug.c to compile when TCP_DEBUG is defined.
Fix ahc(4)'s probe of dual-channel 7899 cards.
Use snprintf to construct device names in the kernel, instead of hand-rolling.
Give a more consistent message when passwd(1) is aborted one way or another by the user.
Begin the process of eradicating the remaining strcpy, sprintf, and strcat calls from the tree.
Fix logging bustage in spamd(8).
Update sendmail(8) to 8.12.9 to fix a buffer overflow in address parsing. Note that this fix went onto the OpenBSD 3.3 CDs and so is not a 3.3 erratum.
More fixes to iha(4).
Stop pmdb dumping core on stripped executables.
Show in log output the list against which spamd(8) matched.
Have spamd(8) report exactly how much of the filthy spammer's time was wasted.
Add a missing strdup(3) error check in pwd_mkdb(8).
Change login_passwd(8) from setuid(root) to setuid(_shadow).
Remove OCHIO* binary compatibility hacks from ch(4).
When retrieving the size of a ccd(4) device, check the device is initialised before attempting to open it.
Add USER_LDT to the list of kernel options(4) controllable via sysctl(3).
Sync the SMP branch to 3.3.
Improve iha(4)'s REQUEST_SENSE handling based on hard-won experience with osiop(4).
Actually look for the lpr(1) -q option when calling getopt(3).
Fix handling of -f and -h options to lpr(1).
Improve error handling for invalid pf(4) cbq and priq flags.
3.3 -> 3.3-current.