OpenBSD 3.6 changes

OpenBSD 3.6 released (November 1, 2004)

This is a partial list of the major machine-independent changes (i.e., these are the changes people ask about most often). Machine specific changes have also been made, and are sometimes mentioned in the pages for the specific platforms.

Changes to the ports collection are documented here.

Note: Problems for which patches exist are marked in red.

For changes in other releases, click below:
2.0, 2.1, 2.2, 2.3, 2.4, 2.5, 2.6, 2.7, 2.8, 2.9, 3.0, 3.1, 3.2, 3.3, 3.4, 3.5, 3.7,
3.8, 3.9, 4.0, 4.1, 4.2, 4.3, 4.4, 4.5, 4.6, 4.7, 4.8, 4.9, 5.0, 5.1, 5.2, 5.3, 5.4,
5.5, current.

Changes made between OpenBSD 3.5 and 3.6

Fix tcpdump(8)'s bpf(4) attachment on atw(4) devices.
SECURITY FIX: Eilko Bos reported that radius authentication, as implemented by login_radius(8), was not checking the shared secret used for replies sent by the radius server. This could allow an attacker to spoof a reply granting access to the attacker. Note that OpenBSD does not ship with radius authentication enabled.
A source code patch is available.
[Applied to stable]
Bail out of newfs(8) on errors when making very small filesystems.
Move MIPS to 64-bit.
Fix copyout(9) of pf(4) anchors with relative paths and wildcards.
Track the peer count correctly in bgpd(8) and ntpd(8), fixing memory corruption in both.
Fix a null dereference in dhcpd(8).
Just print the raw IP protocol number in netstat(1) instead of fetching the protocol name.
Stop routed(8) fiddling with routes controlled by bgpd(8).
SECURITY FIX: httpd(8)'s mod_rewrite module can be made to write one zero byte in an arbitrary memory position outside of a char array, causing a DoS or possibly buffer overflows. This would require enabling dbm for mod_rewrite and making use of a malicious dbm file.
A source code patch is available.
[Applied to stable]
Stop telnetd(8) closing the slave fd from openpty(3) and then reopening it.
Set a cleanup handler for HUP as well as INT, TERM and WINCH on the ssh(1) multiplex control socket.
Stop ntpd(8) dying on sendmsg(2) failures.
Unbreak route(8)'s -netmask option.
Fix a bad cast from mode_t to short in ar(1).
Check for interrupted waits in inetd(8), fixing late reaping of zombie processes and other ignored signals.
Don't busy-wait on ENOBUFS in pppoe(8).
Stop the mixer resetting emu(4)'s volume to very very loud.
Make sure kernfs_xread() isn't called with a negative offset.
SECURITY FIX: Chris Evans reported several flaws (stack and integer overflows) in the Xpm library code that parses image files (CAN-2004-0687, CAN-2004-0688). Some of these would be exploitable when parsing malicious image files in an application that handles XPM images, if they could escape ProPolice.
A source code patch is available.
[Applied to stable]
Stop non-MASTER carp(4) hosts replying to ARP requests, as this upsets some layer 3 switches.
Stop login(1) treating the 'bar' in username foo.bar as a Kerberos instance, that's a krb4 syntax we no longer use.
Fix fd passing problems with S/Key on sparc*.
Don't do DNS lookups when reading ntpd(8)'s config, save them for later.
In ntpd(8), don't log transient network errors from sendto(2).
Fix pfsync(4)'s handling of adaptive timeouts.
Enforce minimum lease time of 60 seconds in dhclient(8), to stop bogus 0s leases from the server causing the client to spin.
Fix oversized copies that were causing memory faults in usb(4).
Don't close stdin in sshd(8) unless we're reexec'ing.
Make sure pkg_create(1) keeps track of the current working directory.
RELIABILITY FIX: Due to incorrect error handling in zlib an attacker could potentially cause a denial of service attack (CAN-2004-0797).
A source code patch is available.
[Applied to stable]
Have /etc/security(8) store a copy of the disklabel and report any changes.
Only allow SIOCGET{VIF,SG}CNT from the multicast router socket (PR#3825).
Document the fact that collisions have been found for MD4, MD5 and ripemd.
Don't make ntpd(8) explode when getaddrinfo(3) returns EAI_NONAME.
Base the value of uvm_km_pages_lowat on the amount of physical memory.
Back out the IPv6 prefix len 'fix', the old code was right.
Make xargs(1)' behaviour match the manpage when the utility can't be executed.
Fix fgetln(3) and realloc(3) handling in libedit.
Do the '%s' replacement for less(1)'s LESSOPEN and LESSCLOSE environment variables ourselves instead of using snprintf(3).
Don't send a SIGINT or SIGTERM to the entire process group when received by the shell unless the shell is the process group leader (PR#3820).
In isakmpd(8), fix the test for whether a newly-created SA replaces an old one.
Enable Dead Peer Detection in isakmpd(8) by default.
Don't overwrite the raw IPv6 checksum field in a shared mbuf.
Fix high interrupt load in ste(4).
Remove the need for isakmpd.policy(5) file when starting isakmpd(8) from rc(8).
Fix the IPv6 prefix length sanity checks in in6_are_prefix_equal().
3.6-beta -> 3.6.
Add a new control message to bgpd(8) that allows a session to be downed and restarted, accessible with the bgpctl(8) command 'clear'.
Unbreak parsing of multiple -o options to mount_nfs(8).
Stop bge(4), sk(4) and ti(4) complaining about a lack of jumbo frame buffers for inbound frames, unless debugging is on.
On nexthop reachability status changes always notify the bgpd(8) RDE, not just when the nexthop was previously unavailable.
Don't send bad IP packets via bpf(4) when monitoring a gre(4) interface (PR#3852).
Fix descriptor passing in bgpd(8).
Stop networks disappearing on bgpd(8) reload by always updating the prefix timestamp.
Remove a null deref in isakmpd(8).
Implement the SMTP 'QUIT' command in spamd(8).
Fix an out-of-bounds read in makeinfo(1).
Remove ip6.int from the named(8) example config files.
Bump OpenSSH to version 3.9.
Put in a temporary fix for wi(4) cards with station firmware < 1.8. Real fix after the 3.6 release.
Remove spamd(8) greylist entries the second they expire.
Back out the recent pf(4)-skips-downed-interfaces change, it breaks IPv6.
Add an example sendmail(8) /etc/mail/genericstable.
When isakmpd(8)'s -K switch is active, check the peer's proposal against isakmpd.conf(5).
Map the whole ld.so hints file for a.out in one mmap(2), as was done for ELF.
Fix auto request sense handling in ahc(4) and ahd(4).
Stop a coredump in libregex(3).
Fix a busy-wait on transmit failure in ntpd(8).
Add an extra check for a NULL message in the privsep code for isakmpd(8), named(8), pflogd(8), sshd(8), syslogd(8), tcpdump(8) and the X server.
Finally fix ntpd(8) problems with DNS non-availability at startup.
Fix a bad dereference in gcc(1).
In bgpd(8), ignore RFC2545 and don't allow IPv6 link-local addresses to be a next hop.
Stop a core dump in newfs(8) by checking the block size against MAXBSIZE.
Validate the superblock size recorded in the superblock, to prevent a panic.
Use atomicio instead of a few pieces of homegrown code in ssh(1).
Some signedness cleanups in ssh(1).
Add dladdr(3) support to the dynamic loader, and extend dlsym(3) to match 'standards'.
Plug a memory leak in kvm_close(3).
Fix bgpd(8) MRT dumps from cloned sessions.
With -q in effect, stop grep(1) searching as soon as a match is found.
Skip over non-UP interfaces in pf(4), fixing some problems with pppd(8).
Fix a missing lseek(2) error check in sshd(8).
Only close a pipe if it's open in sshd(8).
Fix a minor memory leak in sshd(8).
Surround pkg_delete(1)'s main loop with an eval{} block, so that ldconfig(8), directory removal, manpage and font directory processing always occur.
Back out the mmap(2)-based malloc(3) for now, some architectures aren't working right yet.
A stack of ohci(4) fixes from NetBSD.
RELIABILITY FIX: Improved verification of ICMP errors in order to minimize the impact of ICMP attacks against TCP.
A source code patch is available.
[Applied to stable]
Show the difference between the expected and received IP checksum in tcpdump(8).
Now that tcpdump(8) decodes the IP fragment returned in an ICMP error message, allow the TCP parser to print the source and destination ports from incomplete TCP headers.
When tcpdump(8) receives an ICMP error and -vv is in effect, also dump the IP packet embedded in the error message. Based on tcpdump.org.
Fix a bad sizeof in ntpd(8).
Implement better RFC 3706 Dead Peer Detection in isakmpd(8).
Fix the MED setting in outgoing bgpd(8) updates.
In ntpd(8), handle DNS lookup failures properly in the case of server pools.
Have pkg_add(1)'s @mandir and @fontdir keywords do the right thing on package delete, and have @fontdir do the necessary font processing.
Fix a dynamic group-related panic in pf(4).
Support the setenv capability in login.conf(5) like in NetBSD, including '~' and '$' macro expansion for the homedir and username respectively.
Import and merge Perl 5.8.5 from CPAN. Crank libperl's major number.
3.5-current -> 3.6-beta.
Stability and performance fixes to ste(4) from FreeBSD.
Fix an out-of-bounds write in libafs, caught by the mmap(2)-based malloc(3).
Fix a missing initialisation of the route info structure in the kernel and stop a panic.
Stop doing unnecessary PHY resets on hme(4).
Remove the need for -w when setting values in radioctl(1).
Fix iostat(8)'s average KB per transfer calculation.
Do a chroot(2) before running ldconfig(8) when DESTDIR is set in pkg_add(1).
Add IPv6 router solicitation and router advertisement ICMP messages to the default pf(4) filter loaded in rc(8).
Initial work on SGI MIPS64 support.
Only close the stream passed to pclose(3) if it was opened by popen(3).
In pkg_add(1), invoke the OpenBSD::Makewhatis module directly insteading of forking makewhatis(8).
Reorganise makewhatis(8) to avoid using unnecessary code, and allow invocation as a perl(1) module.
Big update to bgpd(8), moving towards IPv6 support.
New @lib marker in pkg_add(1) packing lists, that lets the tools know when to run ldconfig(8).
Many more pkg_add(1) fixes and improvements.
Refactor pkg_add(1) etc. packing list code.
Now that malloc(3) uses mmap(2) instead of sbrk(2), remove the rlimit check from the userland code and let the kernel do it.
Use the new fd-passing functionality in BSD_AUTH(3) to implement record locking for S/Key logins.
Stop trying to change the cwd of processes after a forced unmount.
Don't send signals from hardclock to prevent SMP problems in the near future.
Add interrupt coalescing support to fxp(4)
Fix jumbo frames support in sk(4).
In ssh(1), return DH group 14 when /etc/moduli is empty, fixing a hang.
Allow a file descriptor to be passed on the BSD_AUTH(3) back channel, to be used for stateful login scripts.
Do a check for minval>maxval in strtonum(3)
Change the minval and maxval parameters to strtonum(3) from unsigned to signed long long, simplifying the code.
Allow an autonegotiation to be forced at mii(4) attach time.
Don't crash the kernel in autoconf when matching an indirect device with verbose mode switched on.
Allow NFS commits to be coalesced instead of always sending a commit for each block.
MRT dump compatibility fixes for bgpd(8).
Add route label support to route(8) via the -label keyword.
Introduce 'route labels', allowing up to 32 bytes of information to be attached to a route.
Fix reference counting bugs in isakmpd(8), avoiding leaks.
Make disk geometry parameters in fdisk(8/i386) unsigned values to avoid some signedness problems.
Don't trim device major and minor numbers to 8 bits when accessing device nodes over NFS.
Allow pfsync(4) to use a unicast sync peer, via the new 'syncpeer' keyword to ifconfig(8). This lets pfsync operate over IPsec.
Show if locking is present in pstat(8) -f output.
Add fxp(4) microcode for interrupt coalescing. From Intel via FreeBSD.
Have lint(1) allow more integer types in bitfields.
Set initial latency and cacheline size for cardbus(4) devices.
Out-of-line some functions in isp(4) to shrink the kernel a bit.
In isakmpd(8) don't expire phase 2 SAs that are not yet established on receipt of a SIGHUP.
Fix pcmcia(4) crashes (PR#3732, PR#3881). More work required.
New @man element for packing lists.
If LK_NOWAIT is passed to vget(9), return EBUSY if the vnode is lock(9)ed.
Rewind the tape less often when repositioning an st(4) device.
New malloc(3) implementation using mmap(2) instead of sbrk(2). This means that malloc now gets all the benefits of mmap's randomisation feature.
Deal with upward-growing stacks when checking for the end of the stackgap in sys/compat/common.
Major updates to ahc(4). From FreeBSD.
Kill GATEWAY and IPFORWARDING config(8) options, since their functionality has long been available from sysctl(8).
Have httpd(8) correctly use port information supplied by the client (if available) when UseCanonicalName is off.
New bgpd.conf(5) announce type "default-route", which will only announce the default route to a specified neighbour.
Drain hotplug(4)'s event queue on close, fixing a hang on shutdown (PR#3874).
Fix siop(4) probe problems on hppa.
Call /bin/ksh instead of /bin/sh in the installer scripts, since the ksh(1) mannerisms will be disabled when invoked as sh(1) soon.
Fix a missing initialisation when processing an RDE update in bgpd(8).
Helpfully, don't truncate the lease file to zero length on dhcpd(8) startup.
Keep a unique ID for each server ntpd(8) talks to.
Display IKE Dead Peer Detection notifications in tcpdump(8).
Fix the conditions under which pool_put(9) frees a page.
Fix NAT-T Aggressive Mode by putting NAT-D checks in the right place.
Don't set the output filename in compress(1) when in -t mode, avoiding an error which the input filename doesn't end in '.gz'.
Drop ip6.int query support for IPv6 reverse lookups with gethostbyaddr(3).
Use SHA1Pad(3) in libskey, instead of relying on undocumented behaviour from SHA1Final(3).
Add new timekeeping code, MI-only for now and not yet enabled anywhere.
In bgpd(8), prefer the path with the lowest MED value, not the highest.
Have bgpd(8) retry failed DNS lookups from the config file every sixty seconds.
Set the default localpreference in bgpd(8) to 100 instead of 0.
Fix a leak when passing a file descriptor between processes.
Support lists-within-lists for the AS and prefix in bgpd.conf(5).
Support list expansion for the AS in bgpd.conf(5).
In tcpdump(8), only print TCP sequence numbers for SYN, FIN or RST packets if -vv is in effect.
Use pool(9)s instead of R_Malloc() for rtentry and rttimer structs. Adapted from NetBSD.
Have inetd(8) set the user and group on UNIX domain sockets.
Add -ttttt option (timestamp difference since the first packet) to tcpdump(8).
In ssh(1), call setsid(2) before doing re-exec.
Support pf-style macro expansion for the peer spec and prefix in bgpd.conf(5).
Backport from Apache 2.0 a fix for a mod_usertrack coredump in httpd(8).
Some atw(4) fixes from NetBSD.
Fix IP header alignment in an(4).
Fix a use-after-free(3) in gprof(1).
Add in a missing NULL check in DIOCCHANGERULE, preventing a rare crash.
[Applied to stable]
Use 'directory/' instead of '@dir directory' in packing lists.
Ignore utime(3) failure in cron(8) poke_daemon(), it doesn't matter any more since tickling the socket is enough.
Use mutex instead of SIMPLELOCK around the kernel's deadproc list.
Don't allow m_dup1() to return an mbuf chain when it should return a single mbuf.
Start work on removing the size limit from the mg(1) minibuffer.
Fix a problem with X on 64-bit architectures that was causing some wsmouse(4) input events to be lost.
Don't clobber an existing /etc/fonts/local.conf in XF4 make install.
kqueue(2) support for NFS, adapted from NetBSD.
Use fseek(3) instead of fseeko(3) in hexdump(1), since the argument being used is an off_t.
Don't mess up the internal state of a pipe(2) when pipelock() fails, just return with an error.
Fix an unnecessary fatal() in sshd(8) when the remote dies quickly.
Don't display invalid usernames using setproctitle(3) in ssh(1) (OpenSSH bugzilla #899).
Fix a multiple-free in ntpd(8).
More umass(4) fixes from NetBSD.
Fix CPU speed-related sound slowdown in auich(4) (PR#3814).
More pointless inline removal in the kernel.
Implement outgoing interrupt pipes (part of the USB 1.1 spec) in usb(4). From FreeBSD.
Disable the XFree86 module loader on powerpc, ahead of upcoming malloc() changes.
Strip the strcpy() and strcat() builtins from GCC 3 (as was done for GCC 2) to make them easier to spot and eradicate.
New cdce(4) driver supporting USB CDC Ethernet devices.
Use mutexes in a few places where SIMPLELOCK was used before.
Add i386 and AMD machine-dependent mutex implementations.
Introduce mutex support to the kernel. Not optimally efficient, and not MP-safe.
New @info keywork to pkg_add(1) etc., supporting GNU info documents.
Reintroduce standalone popa3d(8) after fixes and more testing.
Stop wicontrol(8) displaying garbage when run against a nonexistent interface.
Make gprof(1) work properly on 64-bit architectures where the text is above 4GB.
Display correct labels in the output from pfctl(8) -st.
Fix an atw(4) panic on detach.
Correct mg(1)'s error checks for strtonum(3).
Start work on a tutorial for the make(1) we have, not PMake.
strtonum(3)ify id(1).
Fix a signal race in make(1).
Fix a leak in getrrsetbyname(3).
Don't let xterm(1) crash when selecting text.
React more rationally in ntpd(8) to (possibly) transient network errors from recvfrom(2).
More improvements to ntpd(8)'s query interval scaling.
Return EINVAL if a negative offset is passed to ftruncate(2).
Don't check for the non-existent md5 of an '@link' in pkg_delete(1).
Add bsd.rd to the list of filesets installed by default.
For NFS and URL installs, assume the network is already set up the way the user wants it.
Back out standalone support from popa3d(8).
Remove K&R support from libc/sys/makelintstub.sh.
Fix a use-after-free(3) in amd(8)'s AFS code.
Fix missing ssh(1) lastlog messages under certain circumstances (OpenSSH bugzilla #463).
Add an stty command to the boot.conf(8/i386) to set the serial console speed.
Deal gracefully with a null sub-timezone in the installer.
Unbreak the pf(4) normaliser's use of the timestamp as an extension to the sequence number.
Add a ruleset optimiser to pfctl(8) (new -o and -oo options).
In strtonum(3), add a test of the lower bound when the upper bound is greater than LLONG_MAX.
Updates to the san(4) driver.
Kill ksh(1) history functions on non-interactive shells. Based on NetBSD.
Back out a TCP change that left the ends of a newly-ESTABLISHED connection with asymmetric congestion windows.
Unbreak antenna diversity setting in ancontrol(8).
Stop pkill(1) whining when a process that it expects to be running has died, e.g. a privsep child that got reaped right away by the parent.
Fix core dumps from wicontrol(8) when fetching values a card doesn't support.
New -D option to nc(1) switching on SO_DEBUG.
In pkill(1), skip the pkill process itself and any processes marked P_SYSTEM every time.
The netiso code was removed from the tree. Noone cared.
Many fixes and improvements to atw(4) from NetBSD and the reference driver via NetBSD.
Add compat versions of msgctl(2), semctl(2) and shmctl(2) with 16-bit mode_t.
Add new versions of the msgctl(2), semctl(2) and shmctl(2) functions to deal with the changes to mode_t (included in struct ipc_perm).
Refactor SysV shared memory functions, allowing them to automagically handle conversions between new and old structures in compatibility mode.
Back out last vestiges of IPv6 fragment reassembly using pf(4) scrub.
Drop the stratum calculation from ntpd(8).
Ignore clock synchronisation status returned to rdate(8) -n clients.
Zero out the NFS generation number in struct stat in OpenBSD 3.5 and 4.3BSD compatibility modes.
Only retransmit relevant NFS requests on nfs_reconnect().
Rework pkg_add(1)/pkg_create(1)'s @dirrm directive, and add @dir.
Fix a double-free and some backwards logic in passwd(1).
Finally remove the deprecated passwd.conf functionality and files.
Change mode_t and nlink_t from u_int16_t to u_int32_t.
Add weak-aliased __errno(3) function to libc and bump all library major versions.
Have ntpd(8) return decent server statistics to the client, including the stratum, reference time and synchronisation status.
Ignore obviously malformed queries in ntpd(8).
Use socketpair(2) instead of pipe(2) in ntpd(8).
In pkg_create(1), mark links as what they are instead of computing a size and checksum for them.
When pkg_add(1) detects a file conflict, helpfully list the clashing file's originating package.
strtoul(3) -> strtonum(3) in mg(1).
Deal with count==0 correctly in newsyslog(8).
Save process context in namei(9) avoiding a crash (PR#3842).
Back out IPv6 fragment reassembly under the pf(4) scrub directive, it's not ready yet.
Have pf(4) create a group when adding a dynamic interface that's not yet plumbed in.
More usb(4) fixes from NetBSD.
An endianness fix in nm(1).
Fix lockup when unmounting a union filesystem.
Fix TCP NFS mount hangs after a server reset.
Scale ntpd(8)'s query interval based on the local clock offset. More work to come.
Endianness fixes to ehci(4) from NetBSD.
Remove descriptions of partition types from fdisk(8/i386), shrinking the executable.
HP-UX compatibility stuff for hppa.
Fix sed(1) failure when the last character of the line buffer was a backslash. From FreeBSD and NetBSD.
strtonum(3)ify procmap(1).
Fix cd9660 buffer writing code.
Improve patch(1)'s detection of whether or not a patch has already been applied.
Miscellaneous cleanup in reboot(8).
Don't use strlcpy(3) on a string that's not null-terminated in ftp(1).
Some ANSI prototypes in games, sbin and usr.sbin.
Don't update the clock in ntpd(8) without data.
When saving a file, have mg(1) check if it's null terminated and prompt the user to add it if desired.
Rework ntpd(8)'s DNS handling to better deal with responses containing multiple addresses. Two keywords, 'server' and 'servers', with different semantics.
Set the correct poll(2) timeout in ntpd(8).
A couple of network mask issues with pf(4) tables.
Fix a few missing close(2) and free(3) calls in an isakmpd(8) error path.
Fix overwriting of virtual MAC address by carp(4) on FDDI interfaces.
Don't mistakenly skip a file in rcp(1) and scp(1) by mistake when fchmod(2) fails twice.
Sync gdb(1)'s kvm interface with FSF, adding 'kvm proc' and 'kvm pcb' commands.
Check for stat(2) failure in pkg_add(1)'s virtual filesystem.
Fix a couple of MRT bugs in ntpd(8).
Open the dhclient(8) script execution window from 1 to 3 seconds.
Return -1 from ftw(3) and nftw(3) if fts_close(3) fails without returning an error.
Fix a memory leak in isakmpd(8).
Better client responses from ntpd(8).
Better time handling code for ntpd(8).
Fix a systrace(1) problem where argv[0] would be normalised and so break scripts that depend on the original path.
Stop logging ntpd(8) responses with bad cookies, so attackers can't spam the log files. Back off logging in general.
Don't listen by default in ntpd(8). New 'listen on' directive must be used instead.
Allow for multiple IP addresses associated with hostnames listed in ntpd.conf(5).
Add a 'trustlevel' for ntpd(8) peers, using the peer's timely network responses to judge its worthiness to affect the clock offset, and to set how often queries are sent.
Implement filtering on peer replies in ntpd(8).
Fix a couple of sizeof(wrongthing) in ntpd(8).
New -R option fro ftp-proxy(8) allowing pf(4) to safely accept client PASV-mode connections to a protected FTP server.
Have ntpd(8) log the IP address NTP replies and incorrect cookies are received from.
Allow and resolve hostnames in ntpd.conf(5).
Add a couple of missing initialisations in ntpd(8).
Set FTS_LOGICAL in ftw(3) and nftw(3) (unless FTS_PHYSICAL is explicitly passed in to the latter) as required by fts(3).
Some string cleaning and other fixes to ul(1).
Back out the bogus fix for the TCP simultaneous close bug from TCP/IP Illustrated vol. 2, exercise 29.5.
Some ehci(4) fixes from NetBSD. Multiple devices can now be simultaneously active.
Don't require -w for writes with audioctl(1).
Keep track of historical offset and delay values in ntpd(8), for later use in filtering.
RELIABILITY FIX: Under certain network load the kernel can run out of stack space. This was encountered in an environment using CARP on a VLAN interface. this issue initially manifested itself as an FPU-related crash on bootup.
A source code patch is available.
[Applied to stable]
Fix a segfault in routed(8) with rtquery(8) messages from a non-local host (PR#3841).
Fix ntpd(8)'s conversion from seconds to microseconds.
Don't queue hotplug(4) events if there's no hotplugd(8) running. When the last listening daemon exits, flush pending events.
strtonum(3)ify chpass(1).
Allow the argument to fstab(5) options groupquota and userquota to be optional
Implement 'set nexthop blackhole' and 'set nexthop reject' in bgpd(8).
Give a helpful error message when pkg_create(1) fails due to a missing @name.
Remote the single-server limitation in ntpd(8).
Use adjtime(2) to sync the local clock in ntpd(8), based on the median offset from the configured servers for now.
Some ehci(4) updates from NetBSD.
Keep track of the device and inode of objects loaded by ld.so(1), so that it's no longer possible to have the same object loaded from two different locations.
Die nicely if dhclient(8) can't read its config file.
Fix a few missing freeaddrinfo(3)s in spamd(8)
Drop the requirement in the installer for a 'b' partition. If one exists use it as swap, and don't allow a mount point to be created there.
SCHED_LOCK() before proc_stop() in issignal(), avoiding a panic from splassert(9) #ifdef MULTIPROCESSOR.
In ntpd(8) compute the local clock offset as per RFC 2030 section 5.
Make the backspace and delete keys do the right thing by default in xterm(1).
calloc(3) the right structure in ntpd(8) client_peer_init().
Some cleanup in lam(1).
Fix a vnode leak in mount(2).
Change bgpd(8)'s MRT dump code to use fd passing.
Put skey(1) code inside #ifdef SKEY in ssh(1). From FreeBSD.
Bypass the pf(4) normaliser for now when forwarding ip6 packets.
Support '@host:port' syntax in syslog.conf(5), allowing specification of the remote port.
Respect TMPDIR when creating a temporary mountpoint for the new mount_mfs(8) -P option.
Use strtoul(3) instead of strtol(3) in setmode(3), and return ERANGE consistently for invalid octal modes.
Update savecore(8) to new-style kernel time handling.
Allow (but ignore) the -E and -X options in src/distrib/special/more.
Fix a few division-by-zeros in vmstat(8).
Fix rare cases of bogus permissions from mtree(8), caused by a missing initialisation.
Add a few md use-before-init sanity checks in kvm(3).
Check for a nonexistent name in kvm(3) and print a useful error message.
Use the evcount API for interrupts counting on hppa.
Test for a tty break in the right place in ssh(1).
Fix inetd(8)'s handling of UNIX domain sockets.
In mpt(4) use SCSI_POLL during the probe since MP kernels don't enable interrupts until after the probe has completed.
strlcpy(9) -> copyoutstr(9) when copying from kernel to userland in vnd(4).
Allow shared library revision numbers to be overridden for libOSMesa, libXRes, libxkbfile and libkbui.
Remove interface name verification code from pfctl(8), so that once again a rule referring to a non-existent interface simply never fires. This has the handy side-effect of allowing pfctl to be run as non-root again.
Unbreak MSCHAP in pppd(8) due to local MD4Update(3) differences.
Don't allow bogus routes with a nexthop inside 127/8 in bgpd(8).
If no listener address is given to ntpd(8), listen on every IP address.
Change a few memcpy(3) into strlcpy(3) in pfctl(8) when copying the interface name.
Install sendmail(8)'s libmilter by default.
In net80211, allow WEP keys to have lengths other than 40 or 108 bits.
Don't try to strlcpy(9) from userland into the kernel in vnd(4).
Update zoneinfo files and ctime(3) to tzdata2004a. Respect Georgia's wish to have the right timezone again.
Remove '#if 0' around the real code for net80211 ioctl WI_RID_PRISM2. This allows atw(4) to do AP scanning via wicontrol(8).
New -z option for vmstat(8) to show devices even if they haven't generated an interrupt.
Use the new event counter API for interrupt counting on alpha, amd64, i386, macppc and sparc64.
Add generic interrupt counter retrieval via sysctl(3), removing the need for i386-specific code in vmstat(8) and systat(1).
Add generic 'evcount' event counter API to the kernel.
Hack around a panic in 802.11 crypto startup due to the rnd device not being initialised.
Add missing 802.11g and 802.11 'turbo' media types for the 802.11 framework to <net/if_media.h>.
Use congestion-sensitive IF_INPUT_ENQUEUE() in gre(4).
Alignment fixes in ppp(8) lcp and ipcp handling.
Allow the default console to be changed to a serial device from the installer. Only i386 uses this for now.
In fvwm(1), use two va_list and va_copy(3) instead of reusing a single va_list.
New -P option to mount_mfs(8), used to populate the mfs volume immediately after creation.
Make the root of an mfs partition inherit modes, owner and group from the mountpoint.
Only add the ipcomp(4) header if compression is actually used, i.e. if the packet got smaller after compression.
New timeslot keyword for ifconfig(8), used by telco cards.
Add SIOC[GS]IFTIMESLOT ioctls for telco cards (currently just san(4)).
New san(4) driver for Sangoma T1/E1 cards.
More narrowing down of isakmpd(8)'s privsep interface.
After switching most of the device drivers to use generic ether_crc32_be(), add a table-driven implementation of this function. From FreeBSD PR#49957.
Don't allow nanosleep(2) called with a zero timeout to sleep indefinitely, sleep for at least 1/hz seconds.
Enable ipsec(4) UDP encapsulation by default.
Allow keynote(1) policy checking to be disabled in isakmpd(8).
Remove netiso code from netstat(1).
Use the extended protocol in syslogc(8) to detect overflows (-o option).
Extend the syslogd(8) memory buffer protocol to include flags, starting with one to indicate that the buffers have overflowed.
Fix sshd(8) re-exec file descriptor handling.
Introduce interface groups, accessible via new ifconfig(8) keyword 'group'.
String cleaning in twm(1).
More work on IPv6 normalisation in pf(4).
Add SMP support for amd64.
Fix re(4) MAC address setup on big-endian machines.
When renaming files in the sftp(1) server, fall back to stat(2)-then-rename(2) if the underlying filesystem doesn't support link(2).
Some more string cleaning in the X server.
Fix a misplaced closing brace that was breaking xtrans unix socket creation (freedesktop.org bugzill #363).
Add layer 2 tunnelling (tap) support to tun(4).
Don't allow IPsec udpencap (4500/udp) to be a dynamic bind(2) port.
Enable propolice on XFree86 modules.
In sshd(8), only do TCP wrappers checks when the incoming connection is on a socket.
Narrow down isakmpd(8)'s privsep interface a bit.
Ditch autoconf stuff in libkeynote, it's not used here.
Set stricter modes on shared memory segments used by the X server.
Do IPv6 fragment reassembly with the pf(4) scrub directive. Work in progress.
String cleaning in the X server, fvwm(1) and xtrans.
Convert libXt to ANSI C. From XFree86 HEAD.
Some work on bgpd(8) multiprotocol support.
Reprint the boot(8) identity string after changing the console line.
Disable the boot(8) timeout once the user hits a key.
Big tidyup of sys/net/rtsock.c.
Some alignment fixups in bgpd(8).
In systrace(4), quit early if detached after an exec*(3), and avoid a double-free.
Remove the 8-page size limit on the sysctl(3)-returned argv array.
Strip netiso code from ifconfig(8) and route(8).
Make all kernel time access via functions so that locking is possible.
Re-exec(3) sshd(8) after accept(2). Can be turned off with the -r command line option.
Add C++ inclusion guards into <pcap.h> and <keynote.h>.
Add genericstable to the list of sendmail(8) databases that /etc/mail/Makefile can create automatically.
Don't realloc(3) so often when fetching process args in libkvm. Will be needed soon.
If one of pkill(1)'s targets can't be killed, carry on and kill the rest instead of stopping.
Fix SIGCHLD handling in isakmpd(8) so SIGSTOP and SIGCONT now work as expected.
Gracefully handle line buffer overruns when reading boot.conf.
Do ehci(4) on macppc as well.
Crank libc and libpthread majors again after hsearch(3) addition.
Allow isakmpd(8) to handle keys from X.509 certs embededed in keynote credentials.
Implement hsearch(3) and friends, for XPG4.2 reasons. From NetBSD.
Update sendmail(8) to 8.13.0.
Correct a missing dereference and unbreak logging of IPV4_ADDR_SUBNET IDs in isakmpd(8).
Fix the for loop that counts passed environment variables in multiplex ssh(1).
As with sysctl(8), make the -w option for writes with wsconsctl(8) optional.
Have tcpdump(8) show the time between packets when prodded with -tttt.
Some setuid(2)/setgid(2) fixes for systrace(1).
Shrink the dhclient(8) die-on-RTM_DELADDR window to one second.
Remove another stat(2)-then-open(2) from isakmpd(8).
Enable ahd(4) by default for i386.
Unbreak phase 1 IPV[46]_ADDR_SUBNET IDs in isakmpd.conf(5)
New config option 'Acquire-Only' (-a on the command line) for isakmpd(8), to stop the daemon playing with existing flows.
Add cdboot(8), a CD-specific second-stage bootstrap for i386.
In bgpd(8), support the NOPEER community from RFC 3706.
Import atw(4) ADMtek ADM8211 wireless driver from NetBSD.
Some strncpy(3) -> strlcpy(3) in sys/compat/*.
Add a no-emulation CD boot sector, based on a FreeBSD implementation.
Only ignore dhclient(8)-generated RTM_DELADDR messages for a five-second window after process startup, so that new instances of dhclient (started outside this window) cause the older instance to die like before.
Teach mkhybrid(8) how to create an El Torito no-emulation boot CD (for i386), with a 2048-byte boot sector.
Import the generic IEEE 802.11 framework from FreeBSD and NetBSD.
Fix probe hangs on some ahd(4) cards.
In the X server, fix malloc corruption when sending multiple glyphs to RenderAddGlyphs() (XFree86 bugzilla #1276, freedesktop.org bugzilla #349).
Rewrite mount(8)'s mount options parser, making it more robust and removing the need for duplicate code in mount_nfs(8) (PR#3642).
Fix some logic errors introduced in recent string changes to cron(8).
Don't exit wicontrol(8) if SIOCGWAVELAN fails, just print a warning and get whatever information is available without it.
Change bgpd(8)'s internal prefix lookup from a hash table to a per-address family red-black tree(3).
Don't assume in make(1) that '.' and '..' are the first two entries in a directory.
Handle division-by-zero in m4(1) with an error message instead of a core dump.
Fix a segfault in xdm(1) if a LISTEN keyword without hosts is found in the Xaccess file.
When decoding fragmented IPv6 packets in tcpdump(8), only try to interpret the contents of the first fragment.
Back out source-based routing code while some problems are fixed.
Start work on support for IPv6 routes (not just IPv6 sockets) in bgpd(8).
Wire ntpd(8) into the build.
Fix libXi XSelectExtensionEvent(3) on 64-bit machines (freedesktop.org bugzilla #285).
Remove pointless 5-second sleep(3)s in xtrans (freedesktop.org bugzilla #297).
Sync lynx(1) to 2.8.5.rel2.
Fix some endianness problems in X-Resource (freedesktop.org bugzilla #267).
Add a new 'filter drop' flag to bpf(4), so that an interface may be notified that a packet matches a filter and should be dropped.
Update to lynx 2.8.5rel1.
Have isakmpd(8) drop IKE messages arriving on port 500 after the NAT-T exchange has switched to port 4500.
Allow a bgpd(8) template peer with unknown AS to be an IBGP peer, instead of always being an EBGP peer.
Allow the IKE parser in tcpdump(8) to recognise a NAT-T payload.
Teach tcpdump(8)'s IKE parser about NAT-T keepalive packets.
In bgpd(8), don't reallocate the pollfd array every time the size changes because there's a risk that realloc(3) can fail. Reallocate only when there's a large potential saving.
String cleaning in cron(8).
time -> arc4random(9) in sppp(4).
Fix bogus 'panic: cylinder group too big' message from newfs(8).
Don't exit dhclient(8) on receipt of an RTM_DELADDR routing message, as this sometimes be generated by the dhclient itself. Instead, exit on RTM_NEWADDR iff an IP address is set that doesn't correspond to our lease. Not a perfect solution.
More sftp(1) ls(1) emulation: Don't show .dotfiles unless -a is specified.
Handle interface resets gracefully in dhclient(8).
Do more retries on st(4) devices to allow the tape drive to recover after a reset.
New xetc installation fileset, for all X configuration files installed under /etc.
Keep separate, 1-second resolution counters for walltime and uptime, and have code that only needs 1-second resolution use those instead of the microsecond counters.
Clean up properly on in_ifinit() failure.
Turn isakmpd(8) NAT-T support on. The crowd goes wild.
Implement NAT-T keepalive messages in isakmpd(8).
Check that UDP encapsulation is enabled (sysctl(8) net.inet.esp.udpencap) before allowing encapsulated SAs to be created in the kernel.
Add bounds-check gcc(1) attributes to libkern strl*() functions, and to strncpy().
Implement ls(1)-compatible sorting for sftp(1)'s ls command.
Allow ipsec(4) on IPv6 link-local addresses.
Have isakmpd(8) save the destination port if it is NATed, as one might reasonably expect it to be when using NAT-Traversal.
Don't leak a cloned PMTU route in netinet/ip_output.c.
arc4random(9)ise a previously time-based ID in atalk(4).
Fix an fd leak in ssh(1) when multiple subsystems are present.
Use arc4random(9) instead of the time for the ARCnet sequence ID.
Use getaddrinfo(3) and getnameinfo(3) instead of old-style conversion functions in spamd(8), but restrict resolution to AF_INET for now.
Allow - with a warning - the old package keyword @src, in pkg_add(1) etc.
Import and merge fontconfig 2.2.2.
Set the ESP marker on isakmpd(8) captured packets for NAT-T SAs.
If the pkg_add(1) 'don't run scripts' (-I) option is present, don't run scripts.
Have isakmpd(8) turn on kernel ESP-in-UDP encapsulation for NAT-T SAs.
Switch to port 4500 when required for isakmpd(8) NAT-T exchanges.
Use a red-black tree(3) instead of a hash table to track multiply-linked inodes in du(1).
Time is as dumb a 'random' value for IPX and ISO CLNP as it is for IP, so use arc4random(9) instead.
Add IPv6 support for standalone popa3d(8) as well as when run from inetd(8).
In crypto(9), always store the value returned by splimp(9) so we have something meaningful to give to splx(9).
Fix broken process runtimes in i386 MP.
Use the RTF_MPATH routing flag to skip over multipath routes in bgpd(8), since mpath make no sense for BGP.
For sftp(1)'s 'ls' command, make -l show user and group names, and -n show uid and gid just like real ls(1).
New -I option for diff(1), which ignores changes matching the supplied regex.
Have vnconfig(8) (with the -l option) use the new VNDIOCGET ioctl to fetch vnd(4) device status.
New VNDIOCGET ioctl for vnd(4) devices.
Fix a bad format string in tcpdump(8)'s IKE parser.
In bgpd(8), use descriptor passing to allow the creation of new listen sockets on privileged ports.
For multiplexed ssh(1) connections, filter passed environment variables in the slave.
Add bounds-check compiler attributes for memcpy(3) etc.
Remove support for TUBA (TCP/UDP over CLNP-Addresses Networks, as if you didn't know).
Change isakmpd(8) payload handling to deal with pre-RFC NAT-T messages.
Don't try to carry on in pax(1) if the chdir(2) needed by the -C option fails.
Start work on both RFC 3706 Dead Peer Detection, and full-on NAT-Traversal support for isakmpd(8).
Have isakmpd(8) accept an unencrypted final IKE message (Aggressive Mode only) for compatibility reasons.
New -dd switch for isakmpd(8) to make debugging the privsep child easier.
Let popa3d(8) work with IPv6 sockets, no daemon mode support yet.
Fix a rather serious SMP merge error affecting scheduler timeouts.
Correct some logic errors in kernel malloc_debug().
Fix congestion-sensitive IF_INPUT_ENQUEUE() so that freed mbuf(9)s no longer show up on interface input queues under certain circumstances.
Require the setting of new route flag RTF_MPATH (corresponding switch -mpath for route(8)) to add a multipath route.
Add defines in <net/if_media.h> for various telecoms carrier circuit types, i.e. E1, T1 etc.
Save curproc in svnd(4) so that lockmgr(9) doesn't get passed a null process. Stops svnd(4) blocking indefinitely (PR#3214).
Fix a null deref in make(1) if the .DEFAULT target has no commands.
Fix sending of jumbo frames on em(4) and ti(4).
Unbreak patch(1) when using standard diffs (i.e. no context).
Allow the user to interrupt the setup of a multiplexed ssh(1) connection (if, for example, the master gets wedged) by deferring signal setup until the connection is established.
Merge adjacent hunks in diff(1), making the output more like that from GNU diff.
Use execvp(3) instead of execv(3) in sftp(1) so -S ssh will work.
Use dynamically allocated pollfd struct for ntpd(8), just like bgpd.
Fix a bunch more memory leaks in isakmpd(8).
Be more careful in isakmpd(8) when evaluating the return code from X509_verify_cert(3).
Add much of the NTP client functionality to ntpd(8).
Abort rdate(8) on calloc(3) failure, warnx(3)ing and carrying on is just postponing the inevitable.
Add an option (ControlMaster=ask) to require confimation via ssh-askpass(1) before allowing a multiplexed ssh(1) connection.
Support environment variable passing over multiplexed ssh(1) connections.
Back out the recent IPv6 multicast change so that mandatory groups get joined, but achieve the same result by testing for a new host address before adding the multicast entries.
Add '-n' option to last(1) to do the same job as -number in a less ugly way.
Make <netinet/if_ether.h> safe for inclusion in C++ code.
Fix a bad dereference leading to a memory leak in isakmpd(8).
Fix a pasto in isakmpd(8)'s message decoder when printing IPv6 address/mask pairs.
Unbreak the IN6_LOOKUP_MULTI() macro definition.
Add support for new crypto functions on upcoming VIA C3 processors.
Build X on cats systems.
Fix a null deref crash in route(8)'s show command.
Don't add multiple multicast filter entries for a single IPv6 multicast address.
Remove the old pf(4) BEGIN*, COMMIT* and ROLLBACK* ioctls.
Use the newer pf(4) BEGIN and COMMIT ioctls in authpf(8).
Set the relay session id properly for outgoing pppoe(8) packets.
Teach patch(1) to detect already-applied diffs when the diff creates a file, or adds to an empty file.
In du(1), use a hash table instead of a linear list to keep track of multiply-linked files.
Use fmt_scaled(3) instead of do-it-yourself in du(1).
In ld.so(1), allow _dl_malloc() to allocate more than 4KB.
Fix a few stat(2)-then-open(2) races in isakmpd(8).
After going to the trouble of pulling the tcp6 options into a contiguous region with IP6_EXTHDR_GET, use the returned pointer instead of doing mtod() again.
Unbreak vmstat(8) on older kernels.
Build an SMP kernel (bsd.mp) in make release(8) for i386, and allow the user to install it.
Merge the SMP branch onto the trunk. Let the party begin.
Just quit rather than panic in cy(4) if interrupts can't be established for PCI.
Fix an off-by-one buffer size in sed(1).
Implement client-side session multiplexing (see ssh_config(5) options ControlMaster and ControlPath) for ssh(1), scp(1) and sftp(1). The server has supported this for some time.
Add diffie-hellman-group14-sha1 KEX method support to ssh(1).
Fix pf(4) table add/replace commands at securelevel 2.
Have mg(1)'s M-x gid command use the current word to try and guess which symbol to look up.
Make route(8) 'show' command output more like netstat -r.
Support the IPV6_USE_MIN_MTU option, mainly because BIND 9 wants it.
Disable apm(4) on i386 MP machines.
Show systat(1) and vmstat(8) where to find interrupt stats on MP i386 machines.
Only print 'status/cpu#' in top(1) if there's more than one CPU.
Fix a dereference-after-free (actually after pool_put(9)) in pf(4) tables.
In pax(1), fix backreference substitution in -s mode and unbreak bad regex detection.
Add a cpuid field to struct kproc2, and teach ps(1) and top(1) how to make use of it.
Only install the Intel F00F bug workaround once on MP machines, avoiding a panic.
Zero the restart counter before use, to fix a problem with uhub(4) port restarts giving up before starting. From FreeBSD.
Fix a sizeof(pointer) bug in carp(4).
Don't leak a softc when detaching a carp(4) cloned interface.
SECURITY FIX: Multiple vulnerabilities have been found in httpd(8) / mod_ssl. This is the second of two sets of fixes.
- CAN-2004-0488: Stack-based buffer overflow ... in mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow attackers to execute arbitrary code via a client certificate with a long subject DN.
- CAN-2004-0492: [mod_proxy] Reject responses from a remote server if sent an invalid (negative) Content-Length: header.
A source code patch is available.
[Applied to stable]
SECURITY FIX: As disclosed by Thomas Walpuski, isakmpd(8) is still vulnerable to unauthorized SA deletion. An attacker can delete IPsec tunnels at will.
A source code patch is available.
[Applied to stable]
Add src/lib/libintl and libc i18n directories to the repository.
First merge of SMP code into the trunk, mainly structures to allow gradual introduction of the new APIs.
Fix IPv4 name-to-address translation, so invalid octet values won't be accepted and CIDR address/mask pairs finally work the way one expects.
In tcpdump(8)'s privsep localtime(3) replacement, deal better with timezones with granularity of less than one hour.
SECURITY FIX: Multiple remote vulnerabilities have been found in the cvs(1) server that will allow an attacker to crash the server or possibly execute arbitrary code with the same privileges as the CVS server program.
A source code patch is available.
On i386 (ppro and above), use the calibrated value for the CPU speed over the value returned by the CPU itself, fixing PR#3814.
Use a dynamically allocated array of pollfds in bgpd(8).
Try to prevent isakmpd(8) deleting SAs on receipt of malicious IKE messages.
rdate(8) improvements:
- RFC 2030 compliance for NTP mode.
- Much more robust error handling, with better messages.
- Better detection of stale or spoofed NTP responses.
- Support for multiple addresses if returned by the DNS, trying each listed server until one works.
Remove NMBCLUSTERS settings from config(8).
Factor out TCP md5sig code into tcp_subr.c:tcp_signature().
Fix buffer usage in umass(4) CBI transfers (NetBSD PR#25676).
Allow arc4random(3) code in ksh(1) to actually work.
Break the dependency of libc on <pthread.h>. Bump the major version of libc and libpthread.
Teach kdump(1) about gpio(4) ioctls.
Allow an authtype (-a option) in skeyinit(1) even when secure mode (-s) is in effect.
Add an alternative algorithm to make pf(4) table deletions faster for a small number of deleted items.
SECURITY FIX: Multiple vulnerabilities have been found in httpd(8) / mod_ssl. This is the first of two sets of fixes.
- CAN-2003-0020: Apache does not filter terminal escape sequences from its error logs.
- CAN-2003-0987: Apache mod_digest does not properly verify the nonce of a client response by using an AuthNonce secret.
A source code patch is available.
[Applied to stable]
Out-of-line spl(9) functions in SMP on i386, mirroring the UP change to fix VFS corruption.
Add SMP-related devices for i386 on the SMP branch.
Many fixups on the SMP branch for non-MP kernels.
Rework bgpd(8)'s listen socket handling to better support multiple listen addresses.
New -src and -srcmask options for route(8) supporting the new source-address routing functionality.
New -S flag for netstat(1) and route(8), to show the new source selector part of a route entry.
Extend the routing table to allow routing based on source as well as destination. IPv4 only for now, more to come.
Set the skey(1) first sequence number to 100 as promised by the manpage.
spl(9) and alignment fixes in portalfs.
Much merging and fixup as SMP is readied for prime-time.
Resurrect the 'fork1(9)-can-take-null-retval' change, this time leaving the setup of struct proc setup well alone.
Fix a bug with X and wsmouse(4) where an event of unknown type could cause a whole batch of other events to be discarded.
Set the length field in the TCP packet header earlier in tcp_output().
New re(4) driver supporting RealTek Gigabit Ethernet devices.
Clean up multicast addresses when unconfiguring carp(4) interfaces.
Clarify user(8) docs and error messages (PR#3792).
Add startup code for hotplugd(8) to rc(8) and rc.conf(8).
New usbhid(3) API hid_start(3), a non-noisy version of hid_init(3).
Don't send mail at all from cron(8) if MAILTO is set but empty.
Cleanup in at(1)/cron(8):
- Check argc before using argv[0] in at(1).
- Print the right filename for a job in the email.
- Reset the sockaddr length value every time before accept(2).
New gpioctl(8) program to go with new gpio(4).
Have dhclient(8) fall back to user nobody if user _dhcp doesn't exist. Helps with upgrades.
In getopt(3)/getopt_long(3), don't allow an optional argument if it begins with a '-'.
Allow cron(8) to accept crontabs with more strict permissions than is the default.
New General Purpose I/O device gpio(4). Only enabled on i386 for now.
New '!!<prog>' syntax for syslogd(8), used to force messages from the named program to only go to certain files regardless of the rest of syslog.conf.
Update file(1)'s magic to that from file version 4.09, with a few local changes and additions.
Use the old _nointr pool(9) allocator for pf(4) tables.
Rearrange the pool(9) allocator code so the old allocation method can be used again.
Use the quirks mechanism to fix wdc(4) hangs on Geode SC1100 devices (PR#3729).
Implement SCSI-style quirks for wdc(4).
Use errx(3) instead of err(3) in find(1) when errno isn't set by the error.
When calling err(3) after a malloc(3) failure, don't specify a message.
Cleanup in rm(1).
Support multicast on kue(4).
Add IPv6 support to uucpd(8).
Trivial changes (sockaddr_in -> sockaddr_storage) to add IPv6 support to rpc.rquotad(8), rpc.rstatd(8), rpc.rusersd(8), rpc.rwalld(8) and rpc.sprayd(8).
Mark nullfs memory as M_MISCFSMNT instead of M_UFSMNT.
Swing hppa to gcc3, and enable shared library support.
Unbreak xterm(1) jump-scrolling on big-endian 64-bit systems.
Remove a somewhat useless current-process privilege check in the IPv6 input path. Based on KAME.
Compatibility fixes for some sk(4) devices (PR#3061). Workaround from FreeBSD.
Initialise the carp(4) interface structure before use.
Don't advertise an absurd TCP receive window on 64-bit architectures. From NetBSD.
Some Single UNIX Specification updates in <limits.h>.
Better error handling for rm(1)'s -P option. From FreeBSD.
First cut at a home-grown NTP daemon. Not built by default yet.
Remove ugly string code in bpf(4), used when no unit number was given to BIOCSETIF.
Fix a long-standing KAME pasto that was breaking SIOC[DG]LIFADDR.
Remove a bunch of redundant errno declarations.
Use generic crc32 code instead of local efforts in many Ethernet devices.
Sync xl(4) with FreeBSD, bringing in a lot of bug fixes and improvements.
Check the NTP server clock status returned to rdate(8) and don't use the response if the server thinks its clock is unsynchronised.
In uvm_map_clean() (called by msync(2) and madvise(2)), only free writable pages, and don't free copy-on-write pages because the permissions aren't known.
[Applied to stable]
Only call getprotobynumber(3) from ppp(8) when the logging level is high enough to need the result. From FreeBSD.
Some Emacs compatibility tweaks to binutils. Use the classic executable start addresses if ld(1) option -Z (disable W^X) is active.
New privsep user and group _ntp.
New monitoring daemon hotplugd(8) to go with hotplug(4).
New hotplug(4) device to pass device attach and detach events up to userland. Available for alpha, amd64, i386, macppc and sparc64, only enabled on i386 for now.
Use generic CRC code, remove bogus LLADDR use and handle multicast ranges better in nge(4) and sf(4).
Fix bge(4) multicast reception.
Add a description field for network interfaces, accessible via ifconfig(8) command 'description' and ioctl(2)s SIOC[GS]IFDESCR.
Use library CRC32 routines instead of a local implementation in sk(4).
Fix a memory leak in ccdconfig(8).
Remove multicast addresses and disable promiscuous mode when destroying a carp(4) interface.
Make ifconfig(8) up and down commands work as expected for carp(4) devices.
Create a few more USB devices by default in MAKEDEV(8).
Clean up scsi(4) sense error logic and display. Based on NetBSD.
Allow machine-dependent filesystem options to be passed for the root filesystem in src/distrib/miniroot.
Remove the old package tools (src/usr.sbin/pkg_install) from the tree.
Have bgpd(8) detect the absence of ipsec(4) and tcpmd5 capabilities at runtime.
More helpful boot-time display for aac(4).
Fix a typo in umapfs' unmount(2) implementation.
Backwards compatibility fixes in the hash functions, unbreaking skey(1) with sha1.
Make bpf(4) devices clonable.
Make AFS flock(2)/fcntl(2) locks work on the local system.
Make accounting optional, with the new config(8) option (wait for it) ACCOUNTING.
Allow login names longer than eight characters in uucpd(8).
Fix a memory leak in a pfctl(8) error path.
When shutting the system down, finalise accounting before the VFS to avoid panics.
Fix TCP corruption on rl(4) cards.
Much better rulefile parsing for brconfig(8).
Pool efficiency improvements:
- Lower the default high watermark from UINT_MAX to 8 pages.
- Modify uvm_km_getpage() to take a waitok flag and use it instead of uvm_km_alloc_poolpage1() for both the default and nointr pool allocators.
- Use the default allocator for the mbuf and mbuf cluster pools.
Correct a missing freeaddrinfo(3) in ssh(1).
Fix a NetBSD merge error in the TCP syncache, allowing IPv6 to use it.
Fix fd leaks in a few isakmpd(8) error paths.
Call ld.so(1) contructors after setting up the debugger, similar to recent destructor changes.
In cu(1)/tip(1), if one process dies then kill the other ourselves.
In rdate(8) NTP mode, send a 64-bit random number as the 'current time' field, which the server copies back in its response. This avoids sending out the current system time, and makes it slightly harder for an attacker to send spoof replies on behalf of the real server.
Use _exit(2) instead of exit(3) in the sftp(1) child process.
Include the hostname in syslogd(8) memory-buffered entries.
Since the per-arch _dl_bcopy() in ld.so(1) is in all cases a simple for loop and not painstakingly optimised assembler, just use a single machine-independent version.
Allow ld.so(1) _dl_find_symbol() to return a pointer to the container object.
Handle interface removals gracefully in dhcpd(8), now that poll(2) wakes it up on interface detach.
Wake up any poll(2)ing process when a bpf(4) descriptor is closed.
If a bpf(4)-monitored interface is detached, send any buffered packets up to userland.
Scale the bge(4) timeout value correctly.
Since ULLONG_MAX+1 == 0 mod ULLONG_MAX+1, let the carp(4) sc_counter wrap around all by itself.
bktr(4) fixes from NetBSD and FreeBSD.
Move the addition of atexit destructors right to the end of ld.so(1) setup (after the gdb(1) helper code) so they can be debugged.
If ld.so(1) is running under ldd(1), exit earlier before a whole bunch of unnecessary setup gets done.
Check ifp is valid before using it in carp_setroute(), avoiding a panic.
Helpfully, use the right function names in isakmpd(8) error messages.
Fix multicast problems with sk(4).
Don't leak a socket in ndp(8).
Back out the recent fork1(9) change due to compatibility problems.
New MaxAuthTries option for sshd_config(5).
Allow the retval parameter to fork1(9) to be NULL (as the manpage says) without causing a panic.
strtonum(3)ify pflogd(8).
Add gscsio(4) and lmtemp(4) I2C drivers.
Add I2C framework (iic(4), iic(9)) based on that in NetBSD and enable on i386.
Fix a stat(2)-then-open(2) race in isakmpd(8) when checking the policy file for root-only permissions.
Let ipsecadm(8) delete tcpmd5 SAs.
Fix ipsecadm(8) so that ipcomp(4) can be used.
SECURITY FIX: With the introduction of IPv6 code in xdm(1), one test on the 'requestPort' resource was deleted by accident. This makes xdm create the chooser socket even if XDMCP is disabled in xdm-config, by setting requestPort to 0. See XFree86 bugzilla for details.
A source code patch is available.
[Applied to stable]
Fix a boot-time crasher in ahd(4).
Add (to i386 and amd64) ehci(4), a USB Enhanced Host Controller Interface driver, for USB 2.0 support.
Finally implement StackGhost buffer overflow exploit protection on sparc.
Correct a missing splx(9) in an igmp_joingroup() error path.
Fix VFS corruption (due to gcc(1)) on i386 by out-of-lining the spl(9) functions.
Fix size_t != off_t truncation in ahd(4).
Make vmstat(8)'s disk columns wide enough to show transfer numbers for modern disks without writing into the next column.
Change the pf(4) anchor path component separator from ':' to '/'. pfctl(8) now requires any anchor spec containing the separator to be in quotes.
Make /root/.klogin optional in /etc/mtree/special.
Import and merge gdb(1) version 6.1.
Support RFC2796 Route Reflection in bgpd(8), removing the need for an IBGP mesh.
Add support for dynamic network announcements in bgpd(8) and bgpctl(8).
Don't rely on ifp's validity when setting a floor on the TCP MSS in ip_input.c.
Allow an ssh(1) user to cancel a port forward (OpenSSH bugzilla #756).
Do a better job of copying pf(4) relative anchor paths out to userland.
Use the new DLT_PPP_ETHER datalink type to print pppoe(8) frames in tcpdump(8).
Use the right buffer size for strlcpy(3) in libreadline.
Zero the ifreq structure before use when fetching interface info in pfctl(8).
Fix a missing strdup(3) error check in bgpd(8).
Start work on adding the ahd(4) Adaptec PCI/PCI-X Ultra320 SCSI driver from FreeBSD.
Enable the fancy new i386 pagezero code by not resetting it to its old value after setting it up.
Allow anchors within anchors in pf(4). More work to come.
Don't recursively call nd6_output() when route allocation fails, just return a host unreachable error.
SECURITY FIX: A heap overflow in the cvs(1) server has been discovered that can be exploited by clients sending malformed requests. These clients can then run arbitrary code with the same privileges as the CVS server program.
A source code patch is available.
[Applied to stable]
Allow symbolic service- and protocol names in isakmpd(8), so e.g. "Protocol=tcp" now works.
SECURITY FIX: A flaw in the Kerberos V kdc(8) server could result in the administrator of a Kerberos realm having the ability to impersonate any principal in any other realm which has established a cross-realm trust with their realm. The flaw is due to inadequate checking of the "transited" field in a Kerberos request. For more details see Heimdal's announcement.
A source code patch is available.
[Applied to stable]
Add word boundary tests to the regexes that find @-commands in pkg_add(1) etc. packing lists.
Fix SIGINT handling in sftp(1).
Upgrade file(1) to version 4.09.
Updates to aic79xx code from FreeBSD in preparation for the upcoming ahd(4) driver.
Stop some fxp(4) devices creating PCI errors in 10Mbps mode by disabling 'dynamic standby mode' in the EEPROM. From NetBSD.
Handle CRC errors in fxp(4).
Fix a ssize_t != int overflow in rdate(8)'s NTP code.
Generate /etc/ttys(5) entries for all available pty(4) devices, now that more are available.
Fix a missing initialisation in ISA ie(4).
Remove trailer encapsulation support from ifconfig(8).
Fix a reference counting bug in pf(4) DIOCCHANGERULE.
Fix a buffer overrun in ip_output() (FreeBSD PR#66386).
Don't leak a mount structure when handling mount errors in nullfs.
ANSIfy src/libc/gen/*.
Merge new binutils, fix local differences, and enable on arm.
Import GNU binutils 2.14, minus testsuites, infodocs and I18N files.
Bump the default data size to 75MB from 64MB, so that XF4 can be built on amd64 with the imminent binutils upgrade without changing login.conf(5).
Teach file(1) about the b.out (i960) binary format. From NetBSD.
In pfsync(4), make sure the return code gets initialised (pfsync_request_update()).
Add basic COMMUNITIES attribute support in bgpd(8)'s filter language.
Update libiberty's floatformat.[ch] to those from gdb(1) 6.1.
Use arc4random(3) instead of rand(3) in httpd(8) mod_rewrite and mod_ssl, cleaning up surrounding code in the latter on the way.
[Applied to stable]
Remove the now-unused dhclient(8) pidfile stuff from /etc/rc(8).
Add a separate link type, DLT_PPP_ETHER, for pppoe(8) frames. From NetBSD.
Don't skip the graceful shutdown of carp(4) just because the system is being powered down.
When carp(4) backs off because of physical interface problems, advertise this fact immediately instead of waiting for the next scheduled announcement.
Add a workaround in ppp(8) for the recent multipath routing changes.
Fix a two-byte buffer overflow when printing sockaddr structs of unknown type in route(8).
Correct error output for bad limit modifiers in csh(1).
Fix a reference-counting bug in fifofs that could cause certain non-blocking FIFO users (e.g. qmail) to consume 100% CPU.
[Applied to stable]
Interpret ipsecadm(8) cpi and spi parameters as hex even if not preceded by '0x'.
Unbreak pppoe(8) server mode by not doing the chroot(8).
Use a nointr pool(9) instead of generic malloc(9) for pathname storage when doing name-to-inode lookups.
Have newfs(8) dump status information to stderr on receipt of SIGINFO if running in quiet (-q) mode.
Allow the authpf(8) shell to be overloaded by login.conf(5) like the manpage says.
Make the cron(8) socket close-on-exec.
Arrange for cron(8) to check both cron and at(1) databases for jobs if the newly-non-blocking cron socket returns EAGAIN.
Display the right fields in tcpdump(8)'s carp(4) parser.
Make carp(4) backoff work properly by heeding the raised advskew on received as well as sent packets.
Make dhclient(8)'s lease file handling work under the chroot.
Add some new configuration functionality to isakmpd(8)'s FIFO interface.
Allow carp(4) interfaces to be destroyed by ifconfig(8).
Fix systrace(1) examples in /etc/systrace (PR#3748).
Better scsi(4) sense display.
Replace the hand-crafted expr() parser in m4(1) with a standard lex(1)-and-yacc(1) combo. Easier to work on, and more standards compliant too.
Fix msdosfs on 64-bit systems.
Fix bgpd(8) and ppp(8) breakage caused by the new multipath routing code.
Make login_passwd(8) setuid root again, it's needed for 'secure' YP maps.
Call tzset(3) in dhcpd(8), dhcrelay(8) and mopd(8).
Don't print the sendmail(8) version if the helpfile is missing.
Build sendmail(8) with -D_FFR_QUEUERETURN_DSN, allowing faster expiration of spam bounces.
Unbreak checksum generation when using pf(4) scrub random-id.
Change pf(4) routing loop detection so that visiting a packet more than four times is an error, instead of more than once.
[Applied to stable]
Don't abort lint(1) because a child process fails, just move onto the next file.
When doing user mounts, inherit the MNT_NOEXEC flag from the mount point. This stops users bypassing noexec by null-mounting the filesystem on top of itself.
Filter and lock rbootd(8)'s bpf(4) descriptor before dropping privileges.
Unbreak chsh(1) after the recent pw_copy(3) changes.
Import and merge GNU readline 4.3p5.
Double ksh(1)'s command line buffer size to 2K.
Allow the banner page to be turned off by lpr(1).
Add /usr/local/sbin to root's .cshrc, and move /usr/X11R6/bin before /usr/local/{bin,sbin} for both csh(1) and ksh(1).
Remove a bunch of #ifdef ISO and #ifdef notyet crud from nfsd(8).
Make lint(1) understand the 'long long' type.
Make cron(8)'s accept socket non-blocking.
Clobber the 'clobber' command in mail(1).
When user(8) adds a new group, place it before the first '+' entry if one exists (part of a fix for PR#3727).
strtonum(3)-ify ipsecadm(8) and add some more integer value checks.
Properly initialise carp(4) advskew for values greater than 240.
[Applied to stable]
Remove unused variables in several programs on lint(1)'s say-so.
Use the freshly-generated MD5 digest for the SSH1 session ID instead of random stack garbage.
Fix a null deref panic in the pf(4) TCP normaliser.
Swap arc4random(3) for rand(3) in awk(1) unless the user sets the seed, in which case swap random(3) for rand(3).
Add a reference count for bpf(4) descriptors, and don't free resources until processes sleeping on a descriptor have been woken up.
Use a locked, filtered bpf(4) descriptor in mopd(8).
Replace rand(3) with arc4random(3) in ksh(1), unless the user sets the random seed manually in which case rand() is still used.
Allow manually-keyed ipsec(4) AH in bgpd(8).
Initialise ed(1)'s crypto using arc4random(3) instead of rand(3).
Fix a few memory leaks in regex(3).
Resolve hostnames in dhcpd.conf(5) at parse time (PR#3771).
Make carp(4) back off on other interfaces on IP output errors until reliable delivery is restored.
Use the right packet length in tcpdump(8)'s pfsync(4) parser.
Enable 802.1q long packets for vlan(4) support in fxp(4) on cardbus.
Don't allow command substitution characters in the environment variables passed through to dhclient-script(8) by dhclient(8).
Have afsd(8) drop privileges and chroot(2) to the cache directory.
Make the -w option work the same for grep(1)'s regex and fast paths.
Implement sysconf(3) values _SC_SEM_NSEMS_MAX and _SC_SEM_VALUE_MAX.
Fix sizeof(pointer) bugs in amd(8) and netstat(1).
Add a fast path for fgrep(1) and fix the -w option.
Replace the kernel's RSA-derived MD5 implementation with code derived from Colin Plumb's PD version.
Add a filter option to bgpd(8) to dump prefixes learned via UPDATEs into a pf(4) table.
Big FFS softdep merge with FreeBSD, fixing a number of bugs.
Some snprintf(3) and strlcpy(3) cleaning in the X server.
Stop grep(1) doing fseek(3) on stdin if it's a terminal.
Have grep(1) treat a '^H' character as non-binary.
Make dhclient-script(8) work with half-bridge ADSL routers that don't provide a real default gateway (PR#3747).
Apply The Process to pppoe(8): Create a filtered and locked bpf(4) descriptor, drop privileges and chroot(2) to /var/empty.
New _afs and _ppp users for privilege separation.
Fix bgpd(8) capability negotiation bugs and speed it up when working with picky peers.
Increase bgpd(8)'s socket buffer size to 64KB iff IPsec or md5sig is in use.
Fix a race condition in bgpd(8) when a session is closed but there are updates in the buffer.
Add strchr() and strrchr() to libkern.
SECURITY FIX: Check for integer overflow in procfs. Use of procfs is not recommended.
A source code patch is available.
[Applied to stable]
When a pf(4) scrub rule with the 'reassemble tcp' option is in effect, use RFC1913 PAWS as a means of extending the TCP sequence space by 10 to 18 bits. This makes blind insertion attacks much more difficult, because the timestamp needs to be guessed as well as the TCP sequence number.
Sprinkle strtonum(3) liberally all over ifconfig(8).
Match the sha2(3) functions up with the other hash types.
Add a bpf(4) write filter to dhclient(8) and lock the descriptor.
Use tzset(3) before chrooting dhclient(8).
Create the dhclient(8) privsep child before opening bpf(4), creating the routing socket and opening the lease file.
In make(1), keep statistics for suffix transformations.
Remove bootpd(8), bootpef(8) and bootpgw(8) from the tree, their functionality is present in dhcpd(8) and friends nowadays.
Teach nm(1) about ELF .plt*, .got*, .init and .fini sections.
The TCP-specific route metrics are rarely used, so use a trimmed down version in the kernel (struct rt_kmetrics) and fake up a full-fat struct rt_metrics on demand for userland compatility.
Apply bridge filter rules to frames destined for the local machine, so a single-interface bridge can do filtering and tagging.
Add privilege separation to dhclient(8).
Create /var/empty on the installer miniroot so some futuristic pie-in-the-sky privilege-separated dhclient(8) can work.
Convert ping(8) to use strtonum(3).
Add COMPAT_35 config(8) option for kernel binary compatibility with OpenBSD 3.5
Add *Pad (do padding like *Final without finishing) and *FileChunk (digest a portion of a file) functions for each of the hash types in libc.
Tweak ndbm(3), semop(2) and shmget(2) to match POSIX. Since this is an API change, crank libc's and libpthread's major version.
Define bsd_signal(3) as required by XPG. Of course, it's just an alias for signal(3) here.
New stdlib function strtonum(3), a safe replacement for atoi(3) and strtol(3) etc.
Clean up properly if wi(4) PCMCIA attachment fails.
Remove OpenBSD/pegasos. See the mailing list archives for some very good reasons why.
Make cron(8)'s crontab socket non-blocking.
When setting PROT_NONE with mprotect(2) on a wired entry, decrement the wired count and stop ntpd causing a panic (PR#3758).
[Applied to stable]
Some more fixes to strerror(3). Everything now goes via strerror_r(3).
Make cksum(1) a link (in /bin) to md5(1) and remove the old program.
Add support for cksum (three flavours), md4, sha256, sha384 and sha512 to md5(1).
Fix a call to disk_unbusy(9) that lacked the third argument.
Implement pthread_suspend_all_np(3) and pthread_resume_all_np(3), needed by the Java HotSpot compiler. From FreeBSD.
Fix the fixes to strerror(3).
Do privilege revocation in rbootd(8).
Fix a bug that could cause fxp(4) to lock up for 15 seconds under heavy load.
[Applied to stable]
Add _rbootd privilege separation/revocation user for rbootd(8).
Allow pfsync(4) to be built in a kernel without carp(4).
Start the 3.5-stable branch.
Fix non-reentrancy and other bad stuff in strerror(3).
Check isakmpd(8) payload lengths more carefully.
Speedups and cleanups in md4(3) and md5(3).
Fix alignment problems when copying sha2(3)'s data pointer around.
Have nm(1) report empty a.out objects as having "no name list" instead of accusing them of having "bad format".
Replace the old RSA Data Security Inc. implementations of md4(3) and md5(3) with code derived from Colin Plumb's public domain MD5 implementation.
Wire tcpdrop(8) into the build.
Fix a null-dereference crasher in bgpd(8).
Fix file descriptor leaks in pflogd(8), rpc.rusersd(8), spamd-setup(8), tcpdump(8) and tftpd(8).
Remove the old ISC DHCP code from the tree, much to Henning's delight.
In pkg_add(1), allow the PAGER environment variable to contain spaces.
Update libevent to 0.8 + local changes.
Add some Zebra bug compatibility into bgpd(8)'s capabilities announcements.
Put the IP addresses of users authenticated by authpf(8) into the <authpf-users> table.
Support AH as well as ESP flows for bgpd(8) IPsec.
Fix a bogus return statement in pf(4) tables code when dealing with non-IP packets.
Allow bgpd(8) peers to request route refreshes.
Keep track of SAs inserted by bgpd(8), making it easier to remove them later.
Make pf(4) return-rst work on pure bridges.
Remove the assumption, found in a number of places in pf(4), that af !=INET6 implies af==AF_INET.
Have tcpdump(8) print carp(4) packets as carp, and not VRRP.
Some fixes to carp(4) and pfsync(4) statistics counters.
Make carp(4) sensitive to its physical interface: If the physical interface drops, so does the carp interface; and have all other carp interfaces back off (i.e. don't preempt, and set high advskew) so this host is unlikely to stay as master.
Add IPv6 support to authpf(8).
Generate an isakmpd(8) host key in /etc/rc(8), just like the ssh(1) host keys.
Add IKE to bgpd(8)'s IPsec support.
Exit gracefully from pfctl(8) with the -vvsq option if no queues are in use.
Make spamd(8) pass a valid pointer as the fourth argument to getaddrinfo(3).
Add back a couple of missing break statements in bgpd(8), unbreaking tcpmd5.
Have pf(4)'s normaliser check that a TCP RST has exactly the right sequence number. The check only works when we're doing full fragment reassembly.
Stop ipsecadm(8) looping forever when displaying zero-sized extensions.
Allow only BGP traffic over the IPsec flows set up by bgpd(8).
A number of quad fixes in libc.
Allow ssh(1) to pass specified environment variables from client to server (OpenSSH bugzilla #815).
Support RFC2918 "Route Refresh Capability for BGP-4" in bgpd(8).
Fix incomplete removal of altq when loading a new rulebase that doesn't contain altq rules.
New program tcpdrop(8) that uses the sysctl interface to drop TCP connections. Not built by default yet.
Add a -n (no name lookup) flag to systat(1).
Fix select(2)'s readability detection for NFS filehandles (PR#3757). Broken in the change to poll(2) backends, fix from UFS code.
In spamd(8), clear the getaddrinfo(3) hints structure before use.
Break an infinite recursion between tcp_output() and tcp_mtudisc() when the TCP MSS gets to be larger then the interface MTU. Connections will still stall, however.
Allow TCP MSS below the failsafe 216 iff the interface MTU is less than 256.
Back out (for now) the em(4) buffer allocation increase (though not the deferred allocation) as it breaks older cards.
Allow cron(8) to send mail to logins containing an underscore character.
Add direct support in bgpd(8) for ipsec(4) between peers. Manual keying only for now.
Much stricter checking of bpf(4) code, preventing arbitrary reads and writes of kernel memory.
[Applied to stable]
Allocate more buffers for em(4) cards, but defer that allocation until ifconfig(8) up and remove it on interface shutdown.
Fix route(8)'s display of the gateway when set using an explicit -gateway modifier.
When IF_INPUT_ENQUEUE() queues an mbuf(9) with a cluster, check to see if the data in the cluster will fit into the mbuf and if so, copy the data and deallocate the cluster.
For fxp(4) and sis(4), permanently allocate only the minimum number of buffers. Allocate and deallocate receive buffers when ifconfig(8) brings the interface up and down respectively.
Bandwidth checking fixes in altq(9). Now a bandwidth of zero is allowed, producing a blackhole queue for CBQ and a realtime-only queue for HFSC.
Add some htonl(3) paranoia around arc4random(9) calls in pf(4), so that biases in the PRNG won't leak the firewall's byte order.
Fix corruption of pf(4)'s address pools when using more than 256 rules.
[Applied to stable]
In /etc/rc(8), check that carp(4) interfaces really exist before attempting to bring them down at shutdown time.
Start work on peer-to-peer IPsec support for bgpd(8).
Have bgpd(8) announce RFC2858 multiprotocol capabilities. Only IPv4 multicast is supported for now.
Make bgpd(8) prefer older (more stable) routes before resorting to comparison of BGP IDs and peer IP addresses.
Add a reference count for pf(4) anchor rules.
Since isprint(3) doesn't consider all whitespace printable, also use isspace(3) for the binary file test in less(1).
Fix float -> quad conversion in libc.
Prettier output from bgpctl(8).
Permit multiple default routes.
A few more unionfs fixes.
Respect access rights on a union filesystem (PR#745).
Add a few pieces missed in the merge of OpenSSL 0.9.7d.
Add input queue congestion flag support to a few interfaces that can't use the new IF_INPUT_ENQUEUE macro.
Prevent an endless loop in pf(4) with 'route-to lo0' rules (PR#3736).
[Applied to stable]
Have authpf(8) run pfctl(8) to change the rulebase instead of sucking in code from pfctl and doing it itself.
Set MINCLSIZE back to its smaller pre-KAME IPv6 value, so now clusters will be used more often.
In pfsync(4), purge only a specific expired state instead of doing an expensive purge all expired states while running at a high spl(9).
Make sure the local address and bgpd(8) neighbor address are of the same address family.
Use '|' instead of ':' as the field separator for spamd(8) database keys, in preparation for future IPv6 support.
Fix a potential null dereference in the ssl(3) application utility code.
Give routed(8) a local copy of the radix tree code, so it doesn't get (re)broken by net/radix.c changes.
Make ssl(3) S/MIME work again.
Add 'neighbor cloning' to bgpd(8), allowing a configuration to be specified for a network/prefixlength pair as well as the peer IP address. The configuration is cloned for each new peer in the given address range.
Add tcpdrop sysctl(3), allowing a userland program terminate a TCP connection.
Some string cleaning in ddb(4).
Fix a missing return statement in bgpd(8)'s control connection error path.
Add multipath support to the radix tree, allowing multiple routes to a single destination (though it won't actually get you anywhere just yet). From KAME.
Send pfsync(4) packets for IPv6 protocols other than TCP, UDP and ICMP.
Sync kernel radix tree code with 4.4BSD-Lite2 via NetBSD.
Don't add a PF_GENERATED tag to pf(4) synproxy generated packets for the second handshake, so they can match rules (and create state) on another interface.
Add a 'probability' modifier for pf(4) rules, setting the likelihood with which a rule will trigger.
Greatly simplify inetd(8)'s hostname/address lookup code.
Since OpenBSD has openpty(3), we may as well have telnetd(8) use it.
Initial support for IPv6 transport in bgpd(8).
Add spamd(8) config files to changelist(5) and /etc/mtree/special.
Some additional TCP option length paranoia in pf(4)'s normaliser.
Have netstat(1) display the new tcps.rcvacktooold statistic counter.
Sync <tree.h> with Niels Provos' version to get rid of a compiler warning for RB_NEXT(3).
Port the gcc2 bounds checking support to gcc3, enabled with -Wbounded (see gcc-local(1)).
Add some CMSG_ macros to get proper alignment in portalfs. From NetBSD.
In isakmpd(8), make sure the KEY_LENGTH attribute is present when checking AES proposals as this is required when acting as responder to SafeNet peers.
Silence getopt(3) errors in the privileged tcpdump(8) process.
Don't display rubbish on the first output line from vmstat(8), wait for the stats to stabilise.
Fix the calculation of a raw IPv6 UDP packet's checksum.
For dhcpd(8)'s ping probes, just use the pid for the ICMP id like ping(8) does, instead of some architecture-dependent wierdness.
Merge in new Omron LUNA port (luna88k), based on OpenBSD/mvme88k, NetBSD/luna68k and CMU Mach.
As with dhcrelay(8), set a write filter and lock the bpf(4) descriptor before privilege drop in dhcpd(8).
Change pw_copy(3) to take the old entry as an additional parameter, allowing both a change of username and a check that the file hasn't changed since it was last read (fixes PR#3698). Adapted from FreeBSD.
Set a write filter and lock dhcrelay(8)'s bpf(4) file descriptor before dropping privileges.
Drop the port-changing options in dhcrelay(8) too, always use standard ports.
New TCP stat counter tcps.rcvacktooold, counts the number of times we drop very old ACK packets when the sequence number isn't exactly right.
Set the km_page allocator's low watermark to a value that allows the system to boot.
Switch the build over to the new, improved dhcpd(8) and dhcrelay(8).
Remove the -p (listen port) option of new dhcpd(8).
Bump the default kern.maxclusters to a value high enough to deter all but the most determined tweakers.
Remove the GATEWAY config(8) option now that both IP forwarding and mbuf cluster allocation are configurable using sysctl(3).
Introduce a new sysctl(3) kern.maxclusters controlling (oddly enough) the maximum number of mbuf clusters. This deprecates the much-abused NMBCLUSTERS config(8) option.
Use the km_page allocator as the backend for the mbuf and mbuf cluster pools.
New km_page pool(9) allocator running in an interrupt-safe kernel thread (kmthread).
Resource starvation checks for sockets:
- Check the level of mbuf(9) cluster utilisation when doing an accepting a listen socket, and fail if usage is greater than 95% of the hard limit.
- New API sbcheckreserve() returns ENOBUFS if more than 50% of mbuf(9) clusters are in use
- Use sbcheckreserve() when accepting a connection, and on setsockopt(2) for SO_SNDBUF and SND_RCVBUF, and allocate minimal buffers in low-memory situations.
Stop propolice tripping an assert in gcc3.
Make spamd(8) display an error if it can't open the /var/db/spamd database for writing, and return a proper error code.
Cure the angst in user(8) caused by the non-existence of the /nonexistent directory.
Correct new dhcpd(8)'s handling of very long lease times (PR#2888).
Fix a propolice bug in gcc(1) and unbreak MySQL (mysql bug id 1442).
Have ssh(1) perform strict permission checks on ~/.ssh/config files and abort unless they're correct.
If kernel ipsec(4) and/or ipcomp(4) processing is disabled by sysctl(3), pass any packets through as raw IP to give userland a chance to handle them.
Sync the em(4) driver with FreeBSD.
Tidy up usb(4) kernel configs in line with recent i386 changes.
RELIABILITY FIX: Restore the ability to negotiate tags/wide/sync with some SCSI controllers (siop(4), trm(4) and iha(4)).
A source code patch is available.
[Applied to stable]
Since dhcpd(8) can now be invoked legitimately without an interface, don't abort when the user doesn't give any options.
New _tftpd user and group.
Make sure m_pullup2(9) copies the M_CLUSTER flag when it creates a new mbuf (PR#3740).
Have pf(4) block unconditionally when the input queue congestion flag is set, instead of doing CPU-intensive rule tests.
If an interface input queue becomes full, set a new congestion flag in the queue structure. Since a full queue usually indicates processing overload, this flag can be used to allow other subsystems to cooperate in easing the situation.
Make netstat(1) show the number of mbuf clusters in use rather than the number of pages.
Fix a ufs directory-related panic (PR#3672). Fix from FreeBSD.
[Applied to stable]
Have the cvs(1) server check for attempts by a client to walk up the directory tree illegally.
Undo a non-fix in shared memory sysctl(3) kern.shminfo.shmmni.
[Applied to stable] SECURITY FIX: Pathname validation problems have been found in cvs(1), allowing malicious clients to create files outside the repository, allowing malicious servers to overwrite files outside the local CVS tree on the client and allowing clients to check out files outside the CVS repository.
A source code patch is available.
[Applied to stable]
Some address family agnosticism in bgpd(8).
Let bgpctl(8) show IPv6 peer addresses in neighbour view.
Now that dhcpd(8) doesn't need to continuously reopen the leases file for writing, have it chroot(2) to /var/empty and drop privileges after starting up.
Only open the dhcpd(8) leases file once instead of every time it needs to be written.
Set up new dhcpd(8)'s bpf(4) listen filter for the right port.
Have mopd(8) do a chroot(2) to /var/empty and drop its privileges.
Massive style(9) application to isakmpd(8).
Stop another instance of syslogd(8) from unlinking a socket that's in use.
TCP packets are now allowed to have IPv4 options.
Begin work of separating binary emulation type from the executable file format.
New user and group _mopd, for some obscure reason related to mopd(8).
Enable all supported USB devices in the i386 GENERIC config.
Pass the jobname to lpd(8)'s input filter via the -j option, some filters need it.
When the syncache aborts a connection, don't set an ACK in the RST packet.
Add entries for all supported USB devices to the GENERIC config on sparc64.
In crypto(9), add cases for sha2 algorithms in swcr_authcompute().
Fix systat(1) screen updates after resuming from a ^Z.
Make pf(4) antispoof rules work with dynamic interfaces.
Match on all characters of the interface name in the pfctl(8) parser.
[Applied to stable]
Make sure privsep tcpdump(8) transitions into STATE_RUN even when writing to stdout with '-w -'.
Implement AI_NUMERICSERV (from RFC3493) in getaddrinfo(3).
Since the UDP checksum in mandatory in IPv6, drop any input packets where it's absent and make sure it's set even for error output.
dhcpd(8) cleanup:
- Use getopt(3).
- Remove pidfile code.
- Steal some already-sanitised code from dhclient(8).
- Remove code to handle network access methods we don't care about, only bpf(4) is necessary here.
Break out dhcpd(8) into usr.sbin/dhcpd and begin The Process.
Have lpd(8) treat 'o' format files (PostScript) from MacOS 10.1 the same as 'l', not 'f', since PostScript can contain binary data. From FreeBSD.
Parse and handle RFC 2858 Multiprotocol Extensions in bgpd(8).
Allow restore(8) to recover files larger than 4GB by using size_t instead of long.
Have dhclient(8) retry up to ten times after a second's delay for interfaces showing no link.
More careful IKE payload parsing in tcpdump(8).
New _PATH_DEVFD and _PATH_VAREMPTY constants in <paths.h>.
Fix a null deref in syslogd(8).
Have new dhcrelay(8) do a chroot(2) to /var/empty and drop privileges.
In libpthread, update curthread immediately after a thread switch.
[Applied to stable]
New _dhcp user and group for, funnily enough, the DHCP programs.
Refactor the installer's network initialisation code into IPv4-specific sections in preparation for IPv6.
Start surgery on dhcrelay(8):
- Move to /usr/src/usr.sbin/dhcrelay.
- Kill pidfile code.
- Use daemon(3) and getopt(3) instead of DIY.
Huge cleanup of mopd(8).
Drop very old TCP ACK packets.
[Applied to stable]
Implement a rate limit for TCP ACKs of 100pps, and use this more general mechanism for in-window SYN handling too.
Safely handle aborts in malloc(3) etc. without tripping the recursive call handler by mistake.
RELIABILITY FIX: Under load "recent model" gdt(4) controllers will lock up.
A source code patch is available.
[Applied to stable]
Fix an accidental busy-wait in sensorsd(8).
Increase the maximum number of pty(4) devices to 992. See the Upgrading Mini-FAQ item 3.5.1 for upgrade instructions.
Fix a typo in kern/tty_pty.c when generating pty(4) device filenames, soon to be exposed by changes to pty.
Compatiblity fixes to mpt(4).
Change snprintf(3)'s handling with size==0, in line with a vsnprintf(3) change (rev. 1.5) from years ago.
Fix a segmentation fault in Xlib when a .Xauthority file contains IPv6 XDM-AUTHORIZATION-1 data (NetBSD PR xsrc/25098).
Rearrange the GENERIC config file so clonable interfaces are together, and without the now-unnecessary device count.
When libpthread is poll(2)ing for read- or writability of an fd on behalf of a thread, check the ERR, HUP and NVAL flags as well as the read or write flags.
Sync uudecode(1) with FreeBSD, including base64 support.
Stop a number of network interfaces moaning about a failed mbuf(9) allocations, the complaint uses mbufs and just makes things worse.
Pass SIGINT and SIGQUIT through to syslogd(8)'s privsep child.
Move the pf(4) altq, OS fingerprint and table pool(9)s from the default (interrupt context) kmem allocator to the much-larger nointr allocator.
If newsyslog.conf(5) doesn't list a user or group, create new files with the uid or gid from the existing file.
Force cvs(1) to use the libc getopt(3) implementation instead of its own.
Have pfctl(8) check that the file it's trying to open isn't really a directory.
More gcc(1) optimiser fixes for mvme88k
Swap the last two parameters to TAILQ_FOREACH_REVERSE(3) in line with FreeBSD and NetBSD.
Use a more efficient realloc(3) size when displaying long lines in less(1). Speeds things up when, for example, your system crashes in the middle of a build leaving a pile of linefeedless binary crap in the typescript file.
After going to the trouble of saving errno before it gets overwritten, use the saved value in pflogd(8)'s error output.
Don't try to close invalid file descriptors in the tcpdump(8) privsep code.
Have isakmpd(8) set the timezone before privsep so the child has the right zone settings.
Within dhclient(8)'s new lease file naming scheme, allow for the -l filename override.
On sparc and sparc64, don't compare a RAMDISK kernel's root filesystem time with the system time, they're unlikely to have much in common.
Zero out the key data pointer for unknown isakmpd(8) key types.
Merge in Perl 5.8.3 and OpenSSL 0.9.7d. No lame new licenses for a change.
Now that dhclient(8) needs an instance per interface, having a single lease file won't do so use /var/db/dhclient.leases.<ifname>.
Make sure the list dereference when deleting all SAs in isakmpd(8) comes before the delete operation that free(3)s the list node.
Fix /etc/rc.local(8)'s handling of ntpd_flags.
Unbreak pxeboot(8/i386, 8/amd64) build under gcc3.
Allow dhclient(8) to work on more than the first physical interface found.
In several programs, fix getopt(3) calls containing option letters for which there's no corresponding case handler.
ISO C function declarations for make(1).
Fix a sizeof(pointer) bug in tcpdump(8)'s IPv6 options parser.
Fix some misplaced braces in route(8), making 'route add' a bit more -q.
Enable /dev/crypto(4) and hifn(4) on cats machines.
Make newsyslog(8)'s file renaming and copying operations set the same permissions in all cases.
Fix double call of the ktrace(2) signal trap handler.
Add missing prototypes (in <pwd.h>) for bcrypt(3) and md5crypt(3).
Fix some gcc(1) optimization bugs on mvme88k.
Fix a sizeof(wrongthing) bug in afsd(8) that was breaking 64-bit machines.
Have tcpdump(8) print IKE DELETE payload contents.
Remove the installer's special-case upgrade of the OpenSSL /usr/include symlinks.
Fix a double-free in libpthread (PR#3730).
Reenable libm compiler optimization on sparc64, since it works properly with gcc3.
sscanf(3) -> strtol(3) in newsyslog(8).
Don't initialise ncurses(3) until after options processing in backgammon(6).
Plug the new-and-improved dhclient(8) into the standard build.
Fix a sizeof(pointer) bugs in afsd(8), sup(1) and visudo(8).
Make pf(4)'s cache of m_tag_get() results actually work.
Check for fdopen(3) failure in vacation(1).
3.5 -> 3.5-current.
Change wskbd(4)'s AltGr key handling so shift-altgr-other has the same effect as altgr-shift-other.
Never allow pf(4) states propogated via pfsync(4) to overwrite newer states held locally. If an overwrite is attempted, broadcast the newer version to the network to speed resynchronisation.
Under Linux emulation, pass madvise(2) straight through to the native syscall.
RELIABILITY FIX: Reply to in-window SYN with a rate-limited ACK.
A source code patch is available.
[Applied to stable]
Don't try to recreate the xfs(1) logfile after dropping privileges.
Don't abort xfs(1) gracelessly when handling an unimplemented protocol request.
Many manual page fixes.
In a number of programs, don't close files that are known to be not open.
Fix a missing initialisation in tcpdump(8)'s privsep code.
Make spamd(8)'s -v logging option do something useful.
Fix line breaks in spamd(8)'s log output.
Allow non-GNU ANSI compilers (e.g. TenDRA) to build again by changing 'static inline' to 'static __inline'.
Don't close descriptors we know aren't open in syslogd(8).
Drop arc4random_8() api from the kernel.
Change rfork(2) so the RFMEM flag gives complete vmspace sharing including the stack, in line with other implementations.
Add --line-buffered option to grep(1) etc.
Remove some unbounded recursions in the libc regex engine, found with certain expressions containing backreferences.
Fix ls(1)' column alignment when using the -h option.
New axe(4) USB Ethernet driver.
Fix an off-by-one in procmap(1).
Better bounds checking in the ramdisk's strategy() routine.
Limit the trust between local and remote instances of the rcp(1) and scp(1) programs.
Change netstat(1)'s -p option so that, when used without -s, it shows a list of sockets for the given protocol.
Let rcmdsh(3) work on hosts without an IPv4 address.
Initialise the kqueue(2) subsystem in kernel main() instead of on first use.
Add IPv6 support to openssl(1)'s s_client command, complete with the usual '-4' and '-6' switches.
Reorder checks in ssh(1) so that the IP options check isn't skipped just because UseDNS=no.
Make /usr/src/Makefile's cross-tools target work again.
Have inetd(8) properly use the exec'd program's basename as argv[0] if no arguments are specified.
Fix includes search order in GNU ld(1) to help cross-ld builds.
Don't byte-swap a variable we'll need later in its original order in GNU ld(1).
On an msdos filesystem with long filenames support enabled, fix some false-positive name matches when an integer multiple of 13 characters match. From NetBSD.
Some portability fixups in isakmpd(8).
tcpmd5 changes for bgpd(8):
- Allow either the source or destination to be a wildcard in SA lookups (netinet/ip_ipsp.c:gettdbbysrcdst()).
- Add support for the wildcard to pfkeyv2.
- Use the new pfkeyv2 wildcard support in bgpd(8) and remove the local address requirement for md5sig.
Unbreak libc's regex engine compilation with -DREDEBUG.
Change /etc/rc(8) so that a spamd(8) banner (configured via $spamd_flags) may contain spaces (PR#3720).
Teach pax(1) how to expand GNU tar long links. From NetBSD.
Change systrace(1)'s handling of filename-too-long errors so it just fails the syscall instead of stopping the process. Fixes PR#3140.
Some ELF name translation fixes in nm(1).
Add /etc/rc.conf.local to /etc/mtree/special.
Lots more activity on the SMP branch.
Wrap pkg_add(1) installation operations in perl(1) eval{} blocks so it's possible to at least register what did work.
Unknown entry types in a packing list now result in an error.