OpenBSD 3.5 released (May 1, 2004)

This is a partial list of the major machine-independent changes (i.e., these are the changes people ask about most often). Port specific changes have also been made, and are sometimes mentioned in the pages for the specific platforms.

Changes to the ports collection are documented here.

Note: Problems for which patches exist are marked in red.

For changes in other releases, click below:
2.0, 2.1, 2.2, 2.3, 2.4, 2.5, 2.6, 2.7, 2.8, 2.9, 3.0, 3.1, 3.2, 3.3, 3.4, 3.6, 3.7, 3.8, 3.9, 4.0, 4.1, 4.2, 4.3, current.

Changes made between OpenBSD 3.4 and OpenBSD 3.5

• Don't use FD_ZERO(2) in isakmpd(8)'s privsep monitor.
• When binding UDP server sockets in isakmpd(8), check the sockaddr buffer is large enough before copying.
• Add some extra sanity checks for incoming pfsync(4) packets.
• Fix a kernel memory leak when deleting interface addresses (SIOCDIFADDR).
• Add a missing spl(9) around if_down() in vlan(4).
• In pf(4), properly m_copyback(9) the modified TCP sequence number after demodulation.
  [Applied to stable]
• Fix a use-after-free in carp(4).
• Raise carp(4) advskew to 240 while waiting for the pfsync(4) bulk update. This makes sure that other hosts can preempt a host that's booting up but hasn't got its network bearings yet.
• Fix a check-for-null-then-deref-anyway bug in icmp6.
• Fix a cut-and-pasto in pf(4)'s stateful ICMP code.
• Unbreak the ICMP checksum when pf(4) sequence number modulation is used.
  [Applied to stable]
• Disable carp error logging (sysctl(3) net.inet.carp.log) by default.
• Remove an unnecessary null termination in the isakmpd(8) privsep monitor.
• Teach file(1) about OpenBSD-amd64 binaries and coredumps.
• Add a small delay before the bulk update to stop pfsync(4) looping unnecessarily.
• Fix ssl(3) rmd160 breakage on sparc64.
• Teach tcpdump(8) how to display the new pfsync(4) bulk updates.
• Make pfsync(4) stop carp(4) preempting to become master until the bulk state table sync has completed.
• Support best-efforts bulk transfers of states when a pfsync(4) syncif is first configured. This allows pfsync+carp clusters to come up gracefully without killing active connections.
• Have rc(8) stop carp(4) interfaces on system shutdown.
• Add pass rules for the pfsync and carp protocols to the default pf(4) rulebase installed by /etc/rc(8).
• Make sure pfsync(4) interfaces are initialised before carp(4) interfaces in /etc/netstart(8).
• Unbreak routing change handling in carp(4).
• Bump OpenSSH to version 3.8.1.
• Make pfctl(8)'s '-s osfp' option work by spelling it less like OSPF.
• Update pf.os(5) to include OpenBSD 3.5, since that's where it's now at.
• Have tn3270(1) check errno instead of setting it.
• Fix yet another stray semicolon, this time in aac(4).
• Implement firmware downloading for mpt(4).
• Make bge(4) work on 64-bit machines even if they're not alphas.
• Have privsep named(8) pass SIGINT to the child process.
• Upgrade Puffy to 3.5 and lock XF4 for release.
• Add final pieces of privilege separation for isakmpd(8) and switch it on.
• Add pxeboot(8) for i386 and amd64, derived from NetBSD.
• Fix another stray semicolon, in tcpdump(8)'s ASN.1 printer this time.
• More mpt(4) fixes, more to come.
• When initialising the new state in pf(4) DIOCADDSTATE, point to the default rule instead of NULL.
• Merge parts of XFree86 4.4.0 Release not affected by the new license.
• Allow a carp(4) device's state to be set explicitly with ifconfig(8).
• Set permissions on the right files for the @owner, @group and @mode directives in pkg_add(1) when -B is in effect.
• For wi(4) devices with Prism firmware version 1.6.3 or later, support an enhanced security mode for a hostap where the SSID can be hidden from snoopers.
• Speed up bgpd(8) session reestablishment.
• Fix timeout issues with eap(4) audio devices.
• Stop the installer asking for the timezone when upgrading.
• Fix spamd(8)'s logging when the blacklist limit is hit.
• Allow users with write access to bgpd(8)'s control socket to send queries.
• Fix an out-of-bounds read in ssl(3) (CAN-2004-0112). This code isn't used in OpenBSD.
• Always read at least DEV_BSIZE (512) bytes of the disklabel, some disks have smaller block sizes.
• RELIABILITY FIX: A missing check for a NULL-pointer dereference has been found in ssl(3). A remote attacker can use the bug to cause an OpenSSL application to crash; this may lead to a denial of service.
  A source code patch is available.
  [Applied to stable]
• Fix a minor memory leak in isakmpd(8).
• Lots of pre-release documentation fixes and additions.
• If running at securelevel(7) 2, use the -x option to increase the chances of ntpd using slew mode, since stepping backwards is disabled at this level.
• Some mpt(4) stability fixes.
• Don't signal mountd(8) from mount(8) when all that's required is a listing of mounts (PR#3695).
• Create bgpd(8)'s control socket later in the startup.
• Remember to unlock USB wi(4) devices on errors.
• Since we've allocated a cache for pax(1), let's go right ahead and use it.
• Remove 'extern int errno' in favour of #include <errno.h> in a number of programs.
• Have diff(1) in directory mode skip over anything that's not a regular file or directory, for POSIX reasons.
• Yet another stray semicolon removed, pax(1) is the lucky program.
• Prevent blacklist connections we're tarpitting from maxing out spamd(8)'s available connections. Controllable with the new -B option.
• Have wi(4) hostap send an error response if a station sends a bogus challenge instead of just ignoring it.
• Make software WEP work on wi(4) devices. Only in BSS (station) and hostap modes for now.
• Fix another bug caused by a stray semicolon, this time in tcpdump(8).
• daemon(3)ise ifstated(8) earlier.
• Some logic fixes and additional error checks in USB wi(4).
• Have sensorsd(8) deal gracefully with attempts to initialise unsupported sensor types.
• Fix memory leak caused by a stray semicolon in arla.
• panic(9) if an attempt is made to use the kernel arc4random generator too early.
• Fix occasional locate.updatedb(8) failures due to a bug in sort(1).
• Check chdir(2) return code after chroot(2) in bgpd(8) and isakmpd(8).
• Fix a memory leak and a missing break in pf(4) ioctl processing error paths.
• Clear struct sockaddr_un before use in syslogc(8).
• In spamd(8), only shrink the window once we're in the DATA mode. This way, greylisted connections don't get held up by the tiny window but spam bodies are still sent. Very. Slowly.
• Restore scsi(4) bus scans to full speed by not checking LUNs that will be skipped anyway.
• Fix fd and another memory leak in routed(8).
• Make the sane_install() tests in the installer match more useful reality.
• Check the return code of chdir(2) after the privsep chroot(2) in pflogd(8), syslogd(8) and tcpdump(8).
• Disable crypto(9) MAC functions for now, no current hardware can use them.
• Some oosiop(4) cleanup based on osiop(4).
• In wskbd(4), make the caps lock key do caps lock instead of shift lock (PR#2555).
• Make it easier to kill spamd(8) greylisted processes.
• Do pfsync(4) interface setup last in /etc/netstart(8), so that hopefully the syncif gets set up beforehand.
• Make bgpctl(8)'s empty-as keyword work.
• Extra free-then-NULL paranoia in spamd(8).
• Fix wi(4) software WEP on big-endian machines.
• Unbreak tail(1) -f mode for filesystems not blessed with kqueue(2) support.
• Implement privilege separation for named(8). And there was much rejoicing.
• Plug a rtentry leak when TCP gives up on a cached route (in_pcb.c:in_losing()).
• Fix (guess what?) a memory leak in the yacc(1) skeleton code.
• Check the payload size more carefully when printing IKE messages in tcpdump(8).
• Plug a memory leak in the error path of execve(2).
  [Applied to stable]
• Preliminary port of the NetBSD oosiop(4) driver, supporting really old NCR SCSI chips on hppa machines.
• Unbreak pkg_add(1)'s handling of packages from stdin.
• Fix a bug in spamd(8) that stopped custom 450 messages being displayed.
• Some apm(4) fixes on i386.
• Sync the spamd(8) greylist database after each db operation, to minimise the likelihood of corruption.
• Add basic community support to bgpd(8).
• Correct a missing malloc(3) error check in bgpctl(8).
• Fix byte-ordering problems in routed(8) (PR#3704). Based on NetBSD.
• RELIABILITY FIX: Defects in the payload validation and processing functions of isakmpd(8) have been discovered. An attacker could send malformed ISAKMP messages and cause isakmpd to crash or to loop endlessly.
  A source code patch is available.
  [Applied to stable]
• Obey the user's 'boot reboot' command at the ddb(4) prompt, even if the system is starting up.
• Some signedness paranoia when handling carp(4) sysctls.
• Fix missing checks for NULL returned from getpass(3) in login_*(8).
• Make bgpd(8) work harder to clean up after itself on exit.
• More work on capability announcements in bgpd(8).
• Fix an isakmpd(8) crash when deleting an ESP SA with no authentication (PR#2429).
• Symlink-handling improvements in pkg_add(1) etc.'s virtual filesystem code.
• Simplify the new scsi(4) LUN scanning logic, and print better diagnostics.
• New -b option to spamd(8), used to set the local bind address.
• Allow the wsdisplay(4) screen blanker to be turned off again (PR#3123).
• 3.5-beta -> 3.5.
• Increase the ssh(1) X11 cookie lifetime from two to twenty minutes.
• Plug some memory leaks in error paths of isakmpd(8).
• Fix multicast for recent sk(4) chipsets. From FreeBSD lists.
• Be more thorough when URL-encoding usernames and passwords in the installer.
• Prevent the user specifying an interface name longer than IFNAMSIZ in ifconfig(8).
• Many, many more memory leak fixes in pfctl(8)'s parser.
• Fix a few missing initialisations in ssh-keyscan(1).
• Have pkg_add(1)'s dependency lookup check against local directory listings.
• New -A (pretend to be another architecture) and -P (limit distribution type) options to pkg_add(1).
• More memory leak fixes to ifstated(8)'s parser.
• Fix a null deref in ifstated(8).
• Have nc(1) print an error message if connect(2) fails.
• Plug well-hidden memory leaks in bgpd(8), ifstated(8) and pfctl(8)'s parsers.
• Signal-handling tweaks to syslogd(8).
• Add mpt(4), a driver for LSI Fusion-MPT SCSI and Fibre Channel devices.
• Plumb bgpd(8) into /etc/rc(8) and /etc/rc.conf(8).
• More memory leak fixes in bgpd(8).
• Just chdir("/") in mg(1) instead of panicking if the initial getcwd(3) fails.
• Start work on capabilities announcement support in bgpd(8).
• Since not rejecting optional attributes in BGP implies acceptance/support, make bgpd(8) reject attributes it doesn't support.
• Send outstanding notifications to a bgpd(8) peer returning to the IDLE state.
• Stop carp(4) sending duplicate route add/delete messages.
• New IdentitiesOnly option for ssh_config(5), useful when an agent has many keys.
• Don't leak memory in scandir(3) (FreeBSD PR#7923, from 1998!)
• Fix a big greylist-related memory leak in spamd(8).
• In kdump(1), fix an off-by-one and describe ptrace(2) calls better.
• Allow -stable kernels to build without TCP_ECN.
• Fix a few small key handling bugs in svnd(4).
• Actually use the alternate RADIUS server in login_radius(8).
• Make sure that svnd(4) mounts can read their disklablel as svnd, not vnd.
• Extend md5(1)'s -c option so it can parse the output of GNU md5sum.
• Remove dynamic bufq support from wd(4) due to problems.
• Plug some memory leaks in bgpd(8).
• Stop libreadline segfaulting when writing an empty history list to a file (PR#3690).
• Fixes to sftp(1)'s progress meter.
• Change sshd(8) child processes' proctitle to '[accepted]' after the, uh, accept(2) completes.
• Repair procfs status output (PR#2102).
• Fix unintentional ordering dependency in kernel module loading and unloading (PR#2910).
• Allow forced unmount(2)s of nullfs, procfs (both from PR#2394,) and umapfs.
• Fix an off-by-one in procfs so that it can be successfully unmounted (PR#2327).
• Clean up badsect(8)'s error reporting (PR#3679).
• Start spamd(8) later in /etc/rc(8).
• Fix an mbuf(9) leak in tun(4) under failure conditions. From NetBSD.
• Count mixerctl(1) devices starting at zero instead of stack garbage.
• Fix wi(4) reset problems with newer Prism firmware.
• Make hostap mode work for Prism wi(4) cards with newer firmware, and disable hostap mode for old firmware.
• Socket types and error checks cleanup in talk(1).
• 64-bit fixes to brconfig(8).
• More features for bgpctl(8)'s 'show rib' command.
• Fix a memory leak in dhcpd(8)'s parser.
• Use daemon(3) instead of DIY in new dhclient(8).
• Start sshd(8) earlier in /etc/rc(8).
• Generate new dhclient(8)'s transaction id (xid) using arc4random(3) instead of random(3).
• Have dhclient(8) (old and new) exit cleanly if its interface goes away (PR#3648).
• New sysctl(3) net.inet.tcp.reasslimit, to control the size of the memory pool for TCP out-of-order segment reassembly that was introduced in the last erratum.
• RELIABILITY FIX: OpenBSD's TCP/IP stack did not impose limits on how many out-of-order TCP segments are queued in the system. An attacker could send out-of-order TCP segments and trick the system into using all available memory buffers.
  A source code patch is available.
  [Applied to stable]
• Strip out all the multiple-interfaces code from new dhclient(8), it's not used any more.
• Be sure to call fifofs' reclaim function from its host filesystems (ext2fs, ffs, nfs).
  [Applied to stable]
• Give fifofs a real reclaim function to prevent memory leaks on rovocation, and fix a potential null deref.
  [Applied to stable]
• Disable the COMPAT_25 compatibility option in GENERIC kernels.
• Catch illegally large AS numbers in bgpd(8).
• Rewrite of mount_portal(8), complete with IPv6 support.
• Cleanup and paranoia in spamdb(8).
• Support 'tagged <name>' specifiers on pf(4) anchor rules.
• Better IPv4 address validation in spamd(8).
• Process NOTE_TRUNCATE messages in tail(1) and unbreak file truncation handling in -f mode (PR#3689).
• Allow bgpd(8) to run in route-collector mode, i.e. disable the decision process.
• Build libf2c for GCC3 architectures.
• New -d option for nc(1), which disables reading from stdin (PR#3694).
• Fix a memory leak when the control socket detaches from bgpd(8).
• Make bgpctl(8)'s control socket nonblocking.
• Import libf2c from GCC 3.3.2.
• Show the number of TCP connections drained (by new tcp_drain()) in netstat(1) output.
• Don't stat(2) the compress(1) outfile when running in test mode.
• Re-enable propolice if the X server is built without module support.
• Check the sign of values given to the hw.setperf sysctl(8).
• strtol(3) and signedness cleanup in ping(8).
• Sync the installer with the ftp(1) fetch-mode fix.
• Open a new connection for each file pulled down by ftp(1) in fetch mode. Fixes problems where 'CWD /' does unexpected things.
• Fix the test that disallows interface unit numbers greater than INT_MAX (to avoid signedness confusion).
• Don't allow leading zeros in cloner interface names.
• Upgrade 3.4-stable to OpenSSH 3.8.
• spamd(8) greylist cleanup and fixes.
• In ssh(1), make the read buffer for moduli(5) large enough for 8Kbit primes.
• Stop sshd(8) sending DH groups with a primitive generator of zero or one.
• Fix a race condition in wi(4) by disabling interrupts before sending an ACK. From NetBSD.
• Fix some over-zealous assert()ing in afsd(8).
• Add DH group 14 (modp2048) to isakmpd(8)'s list of predefined quick mode suites.
• 3.4-current -> 3.5-beta.
• Remove a null deref and unbreak WSDISPLAY_USEFONT for vga(4).
• Fix an nfsv3-related panic that could occur when linking from a local fs into an NFS mount.
  [Applied to stable]
• Add an implementation for the tcp_drain() function, similar to ip_drain().
  [Applied to stable]
• Stop pfctl(8) '-s all' printing the entire OS fingerprint database and all the interfaces.
• Interoperability fixes for isakmpd(8), particularly when talking to a Cisco PIX.
• Don't use a regex when deleting a user from a group with userdel(8), since the username may contain regex special characters. Also, chmod(2) the new group file before moving it into place instead of after.
• Fix IP data length calculation in mrinfo(8) and mtrace(8).
• Fix ifconfig(8)'s matching of multi-digit interface names, e.g. stop vlan10 matching as vlan1.
• Add __va_copy() in <stdarg.h>, following old ISO C89 behaviour. Used by GNU software.
• Support dumping of the bgpd(8) RIB via bgpctl(8).
• Have bgpd(8) check that the nexthop is a valid range (i.e. not a class D, class E or a loopback).
• Better logging for ifstated(8), taken from bgpd.
• More enhancements to bgpd(8)'s filter language.
• Include tcps_rcvmemdrop in netstat(1)'s TCP statistics output.
• Add 'greylisting' support to spamd(8). Oh yes.
• Remove a sizeof(long)==4 assumption in ld.so(1) that could errnoeously zero four bytes of the next page.
• Add -B (destdir) support to pkg_delete(1).
• New Loglevel and Logverbose options for isakmpd.conf(5).
• Stop pfctl(8) clearing too much when -Fa is used and an anchor is given.
• Reorder code in dhcrelay(8) so that the server list is zero-filled before we add servers to it, not after.
• Allow tuning of bpf(4) buffer sizes via sysctl(8) variables net.bpf.*.
• Add /usr/local/share/fonts to /etc/fonts/fonts.conf, good for ports.
• Fix send_packet() return value checks in dhcrelay(8).
• Don't allow 'max-src-nodes' in a pf(4) rule if 'source-track global' is in effect.
• Enhancements to bgpd(8)'s filter language.
• Stop new dhclient(8) generating a pidfile.
• Use getopt(3) instead of DIY in new dhclient(8).
• Remove the interface discovery scan from new dhclient(8), and so require an explicit interface name.
• Don't allow 'max-src-nodes' option anywhere other than in a 'source-track' pf(4) rule.
• A number of fifofs fixes from FreeBSD.
• 64 bit-specific binutils fixups. From binutils CVS.
• New slinear16-to-alaw audio format converters. From NetBSD.
• Better pread(2) and pwrite(2) error checks in libkvm.
• Fix a potential null deref when looking for a free pty(4) device.
• A little bounds-check paranoia in procmap(1).
• Make malloc(3) options work properly for programs that need ld.so(1).
• Build and install procmap(1) by default.
• Better heap discovery heuristic for procmap(1),
• Explicitly disallow backward jumps in bpf(4) filter programs.
• More cleanup and dead code removal in the new dhclient(8).
• Remove raw socket fallback code from new dhclient(8), since OpenBSD always uses bpf(4).
• Bump OpenSSH version to 3.8.
• Bignum fixes in ssh(1).
• Set sshd(8)'s listen socket to non-blocking mode again, reverting the change from 26 Sept 2003.
• Fix an objdump(1) segfault on sparc64. From binutils CVS.
• Fix an out-of-bounds read when comparing IPv6 prefixes if the prefix length is 128.
• Add pthread_attr_[gs]etstack(3) and bump libpthread minor version. From FreeBSD libc_r.
• String cleaning in fvwm(1) and wm2(1).
• Some cleanup of <pthread.h>. From FreeBSD's libc_r.
• Fix a locking-related crash when using a portal filesystem.
• Have pkg_add(1) make a distinction between an unreadable or non-package, and an inaccessible package file.
• Fix pciide(4) timeouts at the end of each cdrecord burn.
• Build sparc64 with gcc3. Gulp.
• Many USB device fixes from NetBSD.
• Fix a race in scsi(4), now cdrecord can safely write at high speeds.
• Re-fix 'VT black text on black background' and other XFree86 bugs for ATI cards, lost in the recent merge.
• Teach passwd(1) about the master.passwd.byname map so it can work in a secure (makedbm -s) environment.
• Uncomment and fix code for old tip(1) variables cdelay and ldelay.
• Have tcpdump(8)'s pfsync output show the interface being cleared if available.
• Update pfsync(4) to cope with interface-specific state clearing with e.g. pfctl -i fxp0 -Fs'.
• Add PKG_DESTDIR (-B option) support to pkg_add(1).
• Improvements to the new auto-generated MAKEDEV(8) manual pages.
• Allow pkg_add(1) etc. flavor names to contain dots and other special characters.
• Set files that ypbind(8) creates to mode 0644 with fchmod(2), just in case they're created with a more restrictive umask(2).
• New .Ex, .In and .Rv mdoc(7) macros.
• Fix some double-free(3)s in isakmpd(8).
• Resurrect old-style fontconfig-config program, still needed by some ports.
• Make sure that the guard page is also marked as MALLOC_FREE by free(3), to cut down on bleating #ifdef MALLOC_EXTRA_SANITY.
• Basic filtering support for bgpd(8).
• Add pfctl(8) -i support to -Fs, -ss, -sq and -w options.
• New smartreadlog command for atactl(8) to, well, read SMART logs.
• Fix SMART log-related panics in wdc(4).
• Have mount(8) report the actual xfs device mounted, and not just 'arla.'
• In isakmpd(8), handle SIGINT the same as SIGTERM when running with -d, and dump logs to syslog at LOG_INFO without -d.
• Fix a memory leak in tftp(1).
• Bring pf(4) queue id semantics into line with tag assignment, and remove last vestiges of userland qid code.
• Stop bc(1) modifying argv and optind while inside the getopt(3) loop.
• In gcc3, add a few missing open(2) third options when used with O_CREAT.
• Revoke procmap(1)'s privileges immediately after kvm_openfiles(3).
• Make sure doesn't call strtoul(3) on non-numbers.
• In procmap(1), print the names of missing symbols instead of '(null)'.
• Extra bzero(3) paranoia for data coming out of the scsi(4) xfer pool.
• Memory and string cleanup in procmap(1).
• Implement kevent(2) and kqueue(2) under FreeBSD emulation, using the native calls.
• Fix mishandling of numeric options in sed(1) (PR#3677).
• Add -i option to pfctl(8), restricting operations to the given interface. Only -sI implemented for now.
• sparc64 alignment fixes in gcc3 propolice.
• const'ify some more pthreads(3) prototypes for POSIX reasons. From FreeBSD libc_r.
• In chmod(1), check that 'foo.bar' isn't an existing username before assuming it's old-style user.group and treating it like user:group.
• Don't allocate a cluster in tcp_output() when the whole header fits into an mbuf(9).
• Add -4 and -6 IP transport selectors to rdate(8). Oh yes.
• Add an extra check for a null transport in isakmpd(8) exchanges.
• Use off_t instead of long so that tail(1) can handle large offsets.
• Remove more unnecessary checks for 8-bit values > 255, this time from libc/ethers.c.
• Add a missing realloc(3) failure check in asn1_compile.
• Generate the MAKEDEV(8) manpages automagically based on the same information as the MAKEDEV scripts themselves.
• gcc(1) propolice fixes on i386.
• First cut at procmap(1) from NetBSD (where it's called pmap). Not yet built by default.
• New 'split' option in iostat(8) for the newly-separated disk read/write stats.
• Check for TDB entries marked as invalid when looking up tcpmd5 connections.
• Record separate disk statistics for read and write operations. Adapted from NetBSD.
• In ifstated(8), don't bcopy(3) around a structure containing TAILQ pointers.
• Better SIGHUP handling in ifstated(8).
• Refactor processor speed settings sysctl code (hw.cpuspeed, hw.setperf) for clarity.
• Fix broken tcpdump(8) IKE output for certain vendors' phase 1 proposals.
• New driver, bce(4), for Broadcom 4401 10/100Mbps Ethernet devices.
• Drop the osigaltstack() compatibility system call.
• Import and merge XFree86-current of 2004/02/13, minus files with the new XFree86 License which contains text developed by The XFree86 Project, Inc (http://www.xfree86.org/) and its contributors.
• Make sure all pf(4) anchors get updated after an anchor is removed.
• Better signal handling and other cleanup in pflogd(8).
• Print textual service and protocol names properly in tcpdump(8) even when -n is specified.
• Some cleanup and an additional mode for acss(3).
• Disallow em(4) PHY resets when IP is enabled on an interface to prevent lockups when using GigE copper.
• Use a hash table instead of a linked list to speed up 802.1q tag -> vlan(4) interface lookup.
• New -p flag for pfctl(8), allowing the device to be something other than /dev/pf.
• Logging cleanup in ifstated(8).
• Revert some propolice breakage in gcc3.
• 64-bit alignment fixes in ifstated(8).
• RELIABILITY FIX: Several buffer overflows exist in the code parsing font.aliases files in XFree86. Thanks to ProPolice, these cannot be exploited to gain privileges, but they can cause the X server to abort.
  A source code patch is available.
  [Applied to stable]
• Add missing volatile to a signal handler flag in dc(1).
• in tcp_input(), stop an unsigned integer underflow from making the TCP MSS calculation return ridiculously large values when ifp==NULL.
• Reduce makewhatis(8)'s newly-increased pickiness a little.
• Fix another bug that allows a pf(4) antispoof rule on an interface with no IP addresses to result in all other interfaces blocking all IP packets.
• Install bgpd.conf(5) root:wheel, mode 0600 and make bgpd(8) insist it be so.
• Reduce the default number of pty(4) devices from 64 to 16, now that additional ptys will be created on demand.
• Fix an off-by-one when generating pty(4) device names (ptydevname()).
• Make tcpdump(8)'s pfsync(4) output more consistent with other tcpdump output.
• Plug an mbuf(9) leak by making ip_fragment() free the mbuf on errors instead of expecting the caller to do it.
  [Applied to stable]
• Add a flag so that hardware sensors can be marked as invalid if, for example, they're disconnected.
• Make picky mode in makewhatis(8) even pickier.
• Fix an off-by-one in pf(4)'s interface management code.
• Have ndp(8) flush stdout before sleeping in -A mode (KAME pr#584).
• In the new dhclient(8), don't send pointless DHCPDISCOVER messages on interfaces that are known to have an inactive link status.
• Allow for the presence of tcpmd5 signatures in the TCP MSS calculation.
• Have pfctl(8) display a filter uptime now that we keep track of when it was last enabled.
• Make pfsync(4) work on 64-bit alignment-sensitive architectures when IP options are present.
• Unbreak ypset(8)'s -h option. From FreeBSD.
• Have sysctl(8) politely inform users that pstat(8) with -t is the tool of choice for viewing terminal information.
• Support -$ option (disallow '$' in identifiers) and -notraditional in cpp(1) for gcc2.
• New ptm device (see pty(4)) that allows non-privileged processes to allocate a properly-permissioned pty. No more setuid(root) xterm(1)!
• Stop assuming that tty sysctl(3) variables are quads. Some are now ints.
• Dynamically allocate kernel memory for ttys, controlled via sysctl(3)s kern.tty.{maxptys,nptys}. Adapted from NetBSD.
• Teach boot(8) how to load read-only data segments for ELF architecture kernels.
• If the i386 bootloader fails, enable interrupts before halting so ctrl-alt-del will work.
• Install the edit USD doc, reworked to be an ex(1) tutorial, under /usr/share/docs/usd/11.edit.
• In the XF4 Makefile, fix -o operator precedence for the find(1) command when checking for incorrect file permissions.
• Add missing MLINKS and do some .Nm macro cleanup to help makewhatis(8).
• Don't flush pf(4) stats when using the -e or -d options to pfctl(8). Store the time at which the filter was last enabled.
• Unbreak the pf.conf(5) 'set loginterface' command.
• Have lex(1) declare errno for c++ users too.
• Allow libstdc++ to build on architectures with no shared libraries.
• Fix a panic when cleaning up after an interface (e.g a PC Card wi(4)) has gone away (PR#3649).
• Unstick the -a option from ps(1) (PR#3676).
• Sync the installer network startup with changes in netstart(8).
• Fix a memory allocation-related panic in pfsync(4) that can occur under very high loads.
• Fix a buffer overflow in XFree font aliasing. From XFree86 CVS.
  [Applied to stable]
• Don't fully unroll kernel rijndael code to save some space.
• Some fixes to ahc(4), mostly from FreeBSD.
• Additional sanity checks when probing scsi(4) luns.
• Disable interrupts on a scsi(4) controller for polled commands, fixing a long-standing hang at attach time on i386.
• Stop dhclient(8) burping interface information to stderr.
• Have libpcap(3) use the kernel default buffer size instead of setting its own size.
• Bump the bpf(4) maximum buffer size to 2MB, and the default size to 32KB, to allow for faster networks and larger frame sizes.
• Turn on ddb(4) logging (sysctl(3) ddb.log) by default.
• Allow bind(2) to work in an IPv6-only (no IPv4) configuration.
• First cut of a filtering language for bgpd(8).
• Another pass at making dhclient(8)'s code readable.
• Fix a curiously familiar reference-counting bug in uvm(9).
• SECURITY FIX: A reference-counting bug exists in the shmat(2) system call that could be used by an attacker to write to kernel memory under certain circumstances. Adapted from FreeBSD.
  A source code patch is available.
  [Applied to stable]
• Fix a CVS merge error in xterm(1)'s app-defaults file.
• Make pfctl(8) -vvsq loop again (PR#3675).
• Unbreak the ssh(1) progress meter ETA for files larger than 4GB (OpenSSH bugzilla #791).
• Fix a memory leak in dhclient(8) (PR#3668).
• If ssh(1) is in privsep mode, pass the SIGALRM from LoginGraceTime expiry through to the child process.
• Apply the same strict RFC 2460 interpretation used for the IPv6 MTU to the TCP MSS calculation.
• New parser for ifstated(8), and more features. Still more to come.
• Fix grep(1)'s ^ and $ anchors that were broken by the recent -w fixes.
• For programs that don't support long options, stop getopt(3) treating '--foo' the same way it treats '--', as per POSIX (PR#3666).
  [Applied to stable]
• Let pfctl(8) deal gracefully with 'modulate state' on rules with protos to which it might not apply in the same way as 'keep state', e.g. 'pass proto {tcp udp} modulate state' is now acceptable.
• Don't use a valid user id as a flag value in ps(1).
• Remove the earlier fix for the IPv6 MTU crash bug now that the full fix is in place.
• SECURITY FIX: An IPv6 MTU handling problem exists that could be used by an attacker to cause a denial of service attack against hosts with reachable IPv6 TCP ports. Fix this fully by applying a strict interpretation of RFC 2460 section 5, last paragraph.
  A source code patch is available.
  [Applied to stable]
• Memory alignment fixes in tcpdump(8).
• Huge amount of style(9), ANSI and other cleanup in dhclient(8). More to come.
• Some std:: namespace and other C++ mode fixes for flex(1). From NetBSD.
• Fix pfctl(8) macro expansion in tags (PR#3664).
• Unbreak and reapply the don't-use-inet_net_pton(3)-without-a-slash fix (PR#3638).
• Teach libcrypto(3) how to use the VIA C3 crypto functions for (seriously) accelerated aes-{128,192,256}-cbc.
• Do temp file cleanup for signals as well as exits in spell(1).
• Sanity check memory allocation when attaching wd(4) devices.
• Have mg(1) create a buffer list window when started with more than two files, just like emacs.
• Fix compile breakage in bridge(4) and netinet6 when pf(4) isn't present.
• In ipsecadm(8) monitor mode, reorder memset(3) arguments so it works less like a nop.
• For safety, only do pf(4) interface lookups (pfi_index2kif()) if the filter is enabled.
• Remove the special-case LBL_ALIGN code in tcpdump(8) and act as if we're always on a platform that requires aligned memory access.
• In leave(1), don't allow alarms to be set in the past as this is unlikely to be useful. Also some cleanup based on NetBSD.
• On i386, allow userland apps to use the VIA C3 crypto instructions if they're present.
• Temporarily work around an MTU-related crash in IPv6 by simply enforcing a minimum link MTU of 296. Real fix to come.
• Add as(1) support for the VIA C3 xmove-rng and xcrypt-{ecb,cbc,cfb,ofb} instructions.
• Allow '-' as a valid character in as(1) mnemonics, as required by a few VIA C3 instructions.
• Add a 'paper.txt' make(1) target to generate ASCII output for the documents under /usr/share/doc.
• Sync i386 option USER_LDT code with NetBSD, fixing some ports panics.
• In libpthread, add a simple work-around for deadlocking on recursive readlocks on a rwlock while there are writers waiting (from FreeBSD PR#24641).
• Add ARM support and a new port for cats boards.
• Rename TCP socket option from TCP_SIGNATURE_ENABLE to TCP_MD5SIG.
• Build protoize(1) for gcc3.
• Reverse the enable logic for TCP selective acks, so TCP_SACK_DISABLE becomes TCP_SACK_ENABLE.
• Really commit -L (localbase) support for pkg_create(1), as well as the related -S and -B options.
• Some types cleanup and better SIGCHLD handling in privsep tcpdump(8).
• Fix an old logic bug in nlist(3) that caused lookups for names with a leading underscore to fail on ELF systems.
• Install ex(1) documentation in doc/usd/13.ex.
• Back out the scsi(4) attach freeze fix for now.
• Sync named(8)'s root.hint file after the IP address change of B.ROOT-SERVERS.NET.
• Stop systrace(1) trying to normalize an empty filename.
• Enable tcpmd5 on bgpd(8)'s listen socket. For peers configured with md5sig, require accept(2)ed sockets to have signatures enabled.
• New TCP_SIGNATURE_ENABLE option to getsockopt(2), allowing a process to check the tcpmd5 status of an accept(2)ed socket.
• Support ssh(1) version 2 password change. password-dead must be set to non-zero in login.conf(5) for this to work.
• New update-moduli target in /usr/src/etc/Makefile, for regenerating /etc/moduli(5).
• Format string fixes and other cleanup for fvwm(1) in the wake of -ansi removal.
• Remove -ansi from the list of gcc(1) build options for XFree86.
• On i386 systems with SSE2, halve the time taken to zero a page of memory. Based on FreeBSD.
• Switch the new sigaltstack(2) code back on again on alpha and sparc64.
• Make ddb(4)'s ps /n command show the correct state for a process.
• Reset the TCP keepalive timer to tcp.keepidle (normally four hours) after the three-way handshake completes. (syncache sets it to tcp.keepinittime, normally 150 seconds).
• Allow a single listen socket to be used for connections with and without tcpmd5.
• Avoid a long scsi(4) freeze when attaching live scsibus* devices.
• Support RFC 3390 'Increasing TCP's initial window' extension, enabled using sysctl(8) net.inet.tcp.rfc3390.
• When TCP is in the SYN_SENT state, don't increase cwnd by 1*MSS on receipt of the SYN/ACK.
• Note that 'pegasos' is not quite the same as 'pegosos'.
• Clean up the output from pfctl(8) with '-s all'.
• Allow the arch-specific bootloaders to change the program name to something other than 'BOOT'.
• Use a more reliable reference count when deciding whether or not to free a FIFO vnode(9). Adapted from FreeBSD.
• Allow Cisco/Juniper compatible (and keyspace-limiting) ASCII md5sig keys in bgpd(8).
• Track the number of ftp or http connections to a host in pkg_add(1). Limit to one connection for now.
• New -L option to set (pkg_create(1)) or use (pkg_add(1)) the package LOCALBASE. See bsd.port.mk(5) for details.
• Use _exit(2) instead of abort(3) when xfs(1) dies due to an error.
• Fix a potential double-free in m_split(9) (PR#3651).
• Add privilege separation for tcpdump(8).
• Move gcc2-specific files into the architecure-specific distribution setlists. Gulp.
• Don't dump core in patch(1) when the file can't be found but user says to patch anyway.
• Let <cdefs.h> compile on old gcc(1) and even on non-gcc.
• Make bgpd(8) ignore extra (maskless) rtsock change messages sent by pppd(8).
• Start work on the amd64 port. Based on work by NetBSD.
• New mail-set-margin option for mg(1) mail mode.
• Fix ipsecadm(8)'s use of getaddrinfo(3).
• In pkg_add(1), exit instead of carrying on regardless when the pre-addition stage fails.
• Better pfkeyv2 interface when setting up tcpmd5 in bgpd(8). More to do.
• Add support for -f (force) option to pkg_add(1) and pkg_delete(1).
• Allow skey(1)-format usernames (user:skey) in sftp(1) (OpenSSH bugzilla #777).
• In pf_test and pf_test6, immediately drop packets on any interface that doesn't have an associated pfi_kif structure.
• Hash tcpmd5 TDB lookups by source address instead of the spi
• Add missing case for TCP MD5 sigs in SADB_GETPROTO().
• Let ipsecadm(8) pass the spi for TCP signatures.
• Handle tftpd(8) tsize and timeout options. From FreeBSD, as was the RFC 2347 support.
• Add RFC 2347 "TFTP Option Extension" support to tftpd(8). Try to ignore trailing garbage that Apple OpenFirmware can leave where an option should be.
• Make the package tools show strerror(3) output when die()ing on filesystem errors.
• Allow pkg_delete(1) to handle removal of packages with bogus dependencies, as could be created by earlier versions of the new package tools.
• Major changes to biosboot(8) and installboot(8), supporting EDD (LBA) mode boots and a shift key-triggered CHS fallback mode. For an encore, remove the previous version's 64KB limit on the size of boot(8).
• Make pfctl(8) print even an all-zeros netmask, unless the address is all-zeros too.
• Take an extra parameter to pthread_stackseg_np(3) to return stack info for any thread instead of just the current thread.
• Only call destructors once on ELF architectures. Stops KDE apps moaning on shutdown.
• Since dhclient(8), dhcpd(8) and dhcrelay(8) are now using getifaddrs(3), don't create the socket that used to be needed by SIOCGIFCONF.
• Have cardbus(4) dump some useful information for non PnP devices.
• Enable TCP signatures in the GENERIC kernel.
• Initial TCP signature support for bgpd(8).
• Add 802.11 datalink type support to the pcap(3) library.
• Stop sd(4) blurting a bunch of Medium Not Present errors for 6-in-1 card readers.
• Fix case where grep(1) with the -w option could miss some lines.
• Separate ndp(8) from tcpdump(8) (gmt2local() was shared) before the latter begins mutation.
• Lock the vnode(9) earlier in ffs_vget() to avoid unbalanced vrele(9) calls.
• Have clri(8) use random generation numbers for the inodes it clears instead of just incrementing the old number.
• Back out the recent pfctl(8) addresses-without-slashes-are-hosts change for now.
• Add a few missing UNIX standards to the mdoc(7) St macro, and update some manpages to use them.
• In ssh(1), clear the non-blocking flag on the socket after connection when the ConnectTimeout option is in effect.
• Alignment fixes in ping6(8) and traceroute6(8).
• Cleanup in traceroute6(8). Make sure the probe packets give very little away about the sending host.
• Some *printf(3) type fixes in scsi(4), so very large disks don't appear to have <0 sectors.
• Allow scsi(4) debugging to be limited to individual buses as well as specific targets and LUNs.
• Don't enable loud debugging for every ahc(4) device by default.
• Install vi(1) tutorial docs.
• Add cradle mode support to xsystrace(1).
• Add an rc.conf(8) switch for rpc.yppasswdd(8) and switch it off by default, instead of always running it if there's a YP directory in place.
• New program, ifstated(8), which listens for interface state changes and runs commands when it sees them. Work in progress.
• Remove seteuid(2) and setuid(2) calls from timedc(8).
• New 'cradle mode' for systrace(1).
• Add NTFS to the list of partition types that disklabel(8) has names for.
• Now that our gcc3 has propolice, add USE_GCC3 switch (default is "No") to enable gcc3 build and install.
• Fix sftp(1)'s display of long path names.
• Enable acss(3) support in ssh(1).
• Add acss(3) support to libcrypto, and bump the library minor version.
• Liberally sprinkle closefrom(2) where needed.
• Speed up scsi(4) probing by not checking for impossible LUNs.
• Fix the @arch packing list command in pkg_add(1) and pkg_create(1).
• Match compress(1) exit codes to GNU gzip, unbreaking perl(1)'s CPAN module.
  [Applied to stable]
• Stop mixerctl(1) segfaulting on non-existent fields.
• Add a simple 802.3x printer to tcpdump(8).
• Allow ftp-proxy(8) to set the outgoing address with the new -a option (PR#3538).
• In pfctl(8), only use inet_net_pton(3) on addresses containing a '/', otherwise use inet_pton(3) (PR#3638).
• New -S option to nc(1), enabling the TCP MD5 signature option.
• Fix collapsing of multiple pfsync(4) update messages into one.
• Fix pfsync(4) state timeouts.
• As with sysctl(8), remove the need for -w in mixerctl(1).
• Propolice fixes for gcc(1).
• First propolice version of gcc3.
• Add dynamic bufq support to wd(4). Doesn't do very much for now.
• In kernel main(), initialise timeouts much earlier.
• New spamd(8) configuration method, based around OpenBSD mirrors of common spammer lists.
• Cleanup and fix tcpdump(8) pfsync protocol output.
• Initialise the sftp(1) input file in main() rather than statically.
• Some strncpy(3) -> strlcpy(3) in libpcap
• Use _exit(2) instead of exit(3) from abort(3) so stdio buffers don't get flushed twice.
• Support Intel 852/855/865 AGP chipsets on i386. From NetBSD.
• Don't set a fake baud rate for pfsync(4) interfaces.
• Only read in as many digits as can legally fit into a field in strptime(3). From NetBSD.
  [Applied to stable]
• Add some delay when reading the address off fxp(4) eeproms, otherwise the result may be garbage.
• Actually use the RPC program name cache in tcpdump(8) since we've gone and allocated space for it.
• Import some chunks of ffs2 support from FreeBSD.
• Have pfsync(4) ignore pfsync protocol packets if the interface is not running.
• Fix a few ssh(1) memory leaks.
• Fix grep(1)'s -b option.
• Fix a missing malloc(3) error check in syslogd(8).
• New user _tcpdump for upcoming privsep of, uh, tcpdump(8).
• Avoid half-open deadlock in ssh(1) (OpenSSH bugzilla #790).
• Some sane defaults for afsd.conf(5) and ThisCell(5).
• Update sendmail(8) to 8.12.11.
• Throw away #ifdef spaghetti from XFS filesystem code, and enable it in GENERIC.
• Remove a double htons() in pfsync(4).
• Unbreak '*grep -w -l'.
• Fix a missing initialisation in grep(1).
• Sync tcpdump(8) DNS display with tcpdump.org to avoid problems with bogus DNS packets.
• Allow pflogd(8) to create (safely) its log file if none exists.
• Have carp(4) send RTM_IFINFO routing messages on interface state changes.
• Prep dhclient(8) for surgery, under src/sbin/dhclient.
• Have rsh(1) run ssh(1) instead of rlogin(1) or telnet(1) when run without a remote command.
• Add a bunch of new DNS RR types to <arpa/nameser.h>.
• Remove Kerberos IV code from rsh(1).
• Major stability improvements to ahc(4).
• Fix a typo causing a null deref in pf(4) IPv6 tcp scrubbing.
• New -v option to isakmpd(8) to log successful completion of Phase 1 and 2 exchanges.
• Sync mrouted(8) with changes to the raw sockets API affecting packet length.
• Fix a string bug and a double free in the PEX font parser.
• Import libobjc from GCC 3.3.2.
• Move libobjc out of the GCC directory and into src/gnu/lib/libobjc.
• In tcpdump(8) check that an IKE header is long enough before trying to display it.
• Add a pthreads version of closefrom(2).
• Remove autoconf stuff from the in-tree sudo(8).
• Fix an early-free bug in mg(1) that was breaking compile-goto-error.
• Make pflogd(8) less likely to cause logfile corruption on unexpected shutdowns, and more able to detect and deal sensibly with corrupted files on startup.
• Synchronise pflogd(8) with the newly privilege-separated syslogd(8).
• Unbreak awk(1)'s maketab.c after recent yacc(1) header file generation changes.
• Temporarily work around alpha and sparc64 breakage caused by the recent sigaltstack(2) ABI change.
• Teach tcpdump(8) about TCP signatures.
• Some *printf(3) type cleanup in httpd(8).
• Support RTM_IFANNOUNCE messages in route(8)'s monitor command.
• Add TCP signature stats display to netstat(1).
• Add TCP MD5 signature support to ipsecadm(8).
• In syncache, defer updating the mss until the 3-way handshake is completed.
• Use a pool(9) instead of malloc(9) for file locking structures. From NetBSD.
• Add syncache and IPv6 support to the resurrected TCP signature code.
• In pf(4), remove the predefined 'special' altq IDs, so all qids look alike.
• Change the type of sigaltstack.ss_size from int to size_t. Rename old syscall to osigaltstack() for compatibility.
• Remove extra 'sleep 1' from netstart(8) when doing IPv6 DAD.
• Preliminary gcc(1) support for ARM.
• Have nm(1) fall back to using pread(2) if mmap(2) fails, as it does for /dev/ksyms.
• Don't issue Test Unit Ready to scsi(4) devices until we've checked that 'don't issue Test Unit Ready' quirk isn't needed.
• Revamp scsi(4) LUN quirks handling.
• Use the right type when checking the magic number in savecore(8).
• printf(3) integer type cleanup in netstat(1).
• Correct a use-after-free in cvs(1), fixing a coredump when the user hits ^C.
• Fix authpf(8) ruleset names that contain the username (PR#3627).
• '=' != '==' in fsck(8).
• Let <ctype.h> compile on non-gcc compilers.
• Reintroduce old TCP MD5 signature (RFC 2385) code from 4.5 years ago, hopefully with a reduced likelihood of kernel borkage.
• Improvements to sftp(1) batch mode: Allow batchfile input from stdin, and remove stderr junk (OpenSSH bugzilla #754).
• Add IPv6 loopback routes and allow connection to the carp(4) shared IPv6 address from the MASTER host, like for IPv4.
• Fix a signed buffer length variable in syslogd(8).
• Build local nm(1) and size(1) instead of those from binutils.
• Allow ifconfig(8) to show all interfaces of a given type by giving it a device without a unit number, e.g. 'ifconfig vlan'.
• Respect the quiet flag in newfs(8) and don't spew cpg warnings.
• Change /dev/utty[0-9a-f] entries ucom(4) to /dev/ttyU[0-9a-zA-Z]
• In syslogc(8), don't re-terminate a string after strlcat(3).
• Sync pf.os(5) with the current p0f development snapshot.
• A little string cleaning and extra error checking in swapctl(8).
• Make shared C++ binary linking consistent between GCC 2.95 and GCC 3.
• Stop g++(1) adding '-lm -lstdc++' when -shared is present, consistent with gcc(1).
• Use closefrom(2) instead of looping up to the fd rlimit in sudo(8). From sudo CVS.
• Fix up and install the vi(1) USD docs.
• New system call closefrom(2), which closes all descriptors greater than or equal to the given fd. Bump libc and libpthread minor version.
• Have tun(4) use klist_invalidate() so ifconfig destroy can work with kqueue(2) enabled.
• Add klist_invalidate() function in kqueue(2) to clean up when the event source goes away.
• Replace some hairy string code with a single asprintf(3) in sup(1).
• Remove some portable-only #ifdef code around openpty(3) in ssh(1).
• In sysctl(8), making an assignment by using '=' no longer requires a totally redundant -w option.
• Remove ugly spaces from sysctl(8) 'var=value' output.
• Sync the installer script with recent dhclient(8) changes.
• Add IPv4 loopback routes much later in netstart(8).
• Make dhclient(8) listen to the routing socket, and quit if anyone downs the interface or deletes an addresses.
• Have dhclient-script(8) preserve a preexisting resolv.conf(5) and restore it when exiting.
• Add a missing forward declaration of struct proc in <sys/rwlock.h>.
• Remove code in auth_clean(3) that cleared the options list, since login(1) depends on it leaving them alone.
• Print only valid sense info in scsi(4).
• Correctly a missing bonus points for completed rows bug in tetris(6).
• Stop tcpdump(8) screwing up the terminal by printing non-printable timed protocol hostnames.
• Add a missing initialisation in kvm_open(3).
• Reduce the TCP MSS lower bound to 256-(minimal TCP header size) = 216 bytes.
• Don't restrict RFC 2385 TCP signature keys to ASCII-only.
• Fix a memory leak when detaching an Ethernet interface.
• In netstart(8) create all routes with the new improved -q option.
• Make route(8)'s -q option really quiet.
• Back out the storing of parent vnodes, due to exploding ports.
• Have sysctl(8) politely tell the user that the tool of choice for viewing a list of processes is ps(1).
• Carefully work around time_t != long in gdb(1).
• Crucially, adjust worms(6)' delay based on the terminal speed.
• Types cleanup in jot(1). Mostly from FreeBSD.
• Convert fstat(1), ps(1), systat(1), top(1) and w(1) to use the new kvm_getproc2(3) interface.
• Make ELF architectures handle constructors and destructors the way the ELF spec says they should.
• Sync sensorsd(8)'s notion of zero Kelvin with that in the kernel.
• Fix a typo in ndp(8) affecting the -s (set entry) option.
• Fix a busted mkdtemp(3) return value check in binutils.
• Use proper uid_t and gid_t types in id(1).
• New -e option to systrace(1), which sends logs to stderr instead of syslog.
• Promote dirhash to the GENERIC big time.
• Increase the TCP MSS lower bound from 64 to 256 bytes.
• sysctl(3)ify dirhash, under vfs.ffs.dirhash_*.
• Plug an interface address memory leak in pf(4).
• Stop sysctl(3) returning EINVAL for KERN_PROC_KTHREAD.
• Logic fixes in diff3(1) where one file has changes but the other does not.
• Some scsi(4) probe cleanups and fixes, inspired by NetBSD.
• Implement the truly wonderful -p option for diff(1).
• Fix an i386 crash in the ahc(4) device probe (PR#3630).
• Add a field for the emulation type in the struct returned by the KERN_PROC2 sysctl(3).
• Switch pkill(1) and pgrep(1) to kvm_getproc2(3), and so enable the -s option to work.
• Add kvm_get{argv,envv,proc}2(3) using KERN_PROC2. Based on NetBSD.
• Implement the KERN_PROC2 sysctl(3), allowing ps(1) etc. to be independent of changes to process-related kernel structures. From NetBSD.
• On i386, sync fdisk(8)'s built-in MBR image with the recent changes.
• Import generic IEEE 802.11 interface framework from NetBSD.
• Have pf(4) do as non-pf udp_input() does, and drop UDP packets with destination port zero, or with zero or oversize payload.
• Import pkill(1) and pgrep(1) from NetBSD. Selecting by session ID (-s option) doesn't work yet.
• Fix signal handling in the case of an error in inetd(8)'s config file.
• Import SYN cache code to deflect SYN flood attacks, controlled with sysctl(3)s net.inet.tcp.syncachelimit and net.inet.tcp.synbucketlimit. From NetBSD, based on work by David Borman.
• Unbreak ifconfig destroy on vlan(4) interfaces when MROUTING is defined.
• In yacc(1), make sure extern YYSTYPE doesn't get #ifdef'd out when generating a .h file.
• Keep track of parent vnodes on ufs filesystems, this will be needed soon.
• Add some rwlocks around kernel file descriptor code, avoiding some rare race conditions.
• Don't allow a tun(4) cloner interface to be destroyed if there are any outstanding knote(9)s.
• Fix a few strlcpy(3) off-by-ones in pfctl(8).
• New -F flag for rtsold(8), which automagically sets the inet6 sysctl(3) values it needs. Useful for boot floppies.
• Support NOTE_EOF for kqueue(2) read events.
• Some string and memory leak cleanup in bgpd(8). Still work in progress.
• Merge in libstdc++ (gcc 3.3.2) for gcc3.
• Only prevent the removal of removable scsi(4) devices.
• Merge nm(1) with size(1) under src/usr.bin/nm.
• Teach nm(1) all about ELF.
• Really stop the compiler optimising away memset(3) calls used to zero sensitive data in sudo(8). From sudo CVS.
• Major changes to the i386 master boot record, which now uses EDD if available to support booting from a partition more than 8GB from the start of the disk. The 8GB size limit is still in place.
• Begin a cleanup of config(8).
• Don't ignore the '!' operator on the interface for pf(4) binat rules.
• Implement buffered logging in syslogd(8). Logs may be stored in a ring buffer and extracted using a client such as the new syslogc(8).
• Add option INET6, rtsol(8) and ping6(8) onto boot floppies/CD images where it will fit.
• Work continues on bgpd(8).
• Use fgets(3) instead of fgetln(3) in user(8), killing a sparc64 bus error along the way.
• SECURITY FIX: Several message handling flaws in isakmpd(8) have been reported by Thomas Walpuski. These allow an attacker to delete arbitrary SAs.
  A source code patch is available.
  [Applied to stable]
• In isakmpd(8) only allow an INITIAL-CONTACT when a main-mode SA is in place, and never delete SPIs based on it.
  
• gcc3 handles varargs differently, change the kernel sources to deal with it.
• Some poll(2)-related fixes to select(2) under pthreads. From FreeBSD.
• Fix objcopy(1)'s long options list, unbreaking strip(1)'s -s option and others (PR#3623).
  [Applied to stable]
• Don't create a pid file for rtsold(8).
• If the scsi(4) error code is unknown, at least show the code we didn't have a message for.
• Use a memory pool(9) instead of MALLOC(9) for inet and inet6 PCBs. From NetBSD five years ago.
• Recognise and handle a few more scsi(4) reset conditions.
• Bring the scsi(4) error description list up-to-date with SCSI-3.
• Add bgpd(8) control program bgpctl(8).
• For i386 only, incread SHMMAXPGS from 2048 to 8192.
• In the all-architectures kernel config, bump SHMMNI from 32 to 128, and SHMSEG from 8 to 128.
• If pkg_add(1) fails in the postinstall script, record the package as a borked install instead of dying with a bunch of unregistered files all over the place.
• In libpthread, make poll(2), readv(2) and writev(2) cancellation points too.
• Undefer and handle pending signals in all code paths of pthread_join(3).
• On i386, stop the FPU exception tests hanging amd64 and new Transmeta CPUs.
• Have xdm(1)'s Xsession script reap the SSH agent on session shutdown even if the user has a ~/.xsession file.
• Make 'vi -r foo' work the way the vi(1) manpage says it should instead of dying.
• Many improvements to network interface handling in pf(4). See the commit log for details.
• Add svc_getreq_poll(3) and switch libc RPC code to use its poll(2) interface instead of select(2).
• Have ssh(1) properly ignore an (unupported) SSH2 password change request and the suggested new password.
• Change wait4(2)'s prototype to take a pid_t instead of an int for the first argument, like the manpage says.
• Define _FFR_DEAL_WITH_ERROR_SSL to stop SSL errors sending sendmail(8) into an endless loop.
• Don't do TAILQ_REMOVE(3) while inside a TAILQ_FOREACH loop in pfctl(8).
• As system startup, run vi.recover after ldconfig(8) so that perl(1) and the MTA can find their shared libraries.
• Convert syslogd(8) to use poll(2) instead of select(2) in its main event loop.
• Once grep(1) and friends have identified a file as binary, seek back to the beginning before continuing.
• Unbreak zgrep(1) when the uncompressed file begins with a newline.
• In disklabel(8) add new size unit types '%' and '&' to specify, respectively, percentage of disk size and percentage of remaining disk space.
• Allow a precision (-p option) of zero in jot(1).
• On i386, properly recognise SiS CPUs.
• Hack around a reentrancy bug in the cvs(1) server's abnormal exit handler.
• Allocate what's required for an identifier in config(8) instead of an arbitrary 500-byte buffer (PR#3614).
• Stop libcurses++ fooling with libstdc++ internals so it compiles under gcc3.
• Add -4 and -6 options to telnet(1) for IPv4- and IPv6-only operation (PR#1974).
• Tag ahc(4) I/O operations requeued as a result of aborts, timeouts etc. so that they're not treated as successfully completed operations.
• Update security(8) after the recent join(1) change prompted by PR#2208.
• Make join(1) more POSIX for non-matching lines (PR#2208).
• Add dirhash feature from FreeBSD, which uses an in-memory hash table for lookups in large directories. Not enabled by default yet. See UFS_DIRHASH in options(4).
• Extend the pfsync(4) protocol to allow a peer to query for complete state information should it receive an update for a state it knows nothing about.
• Check for oversize allocations earlier in kernel malloc(9).
• Fix some peculiar macro token pasting in fvwm(1).
• Properly initialise the C++ constructor and destructor lists for ELF, killing a gcc3 warning in libstdc++.
• In huntd(6), stop doing va_end(3) on the varargs format string.
• Add a missing zero-fill before contructing pfsync(4) output in tcpdump(8).
• Fix a couple of bugs with negative values in fmt_scaled(3), and don't print fractions of bytes.
• Overhaul bgpd(8)'s error handling and logging.
• Allow an 'arch' annotation to be stored within packages by pkg_create(1).
• Have pkg_add(1) report on the amount of space used on each filesystem.
• In bgpd(8), treat localhost network 127/8 as if it were a connected network and don't allow it to be deleted.
• Halve the amount of space allocated for AES in ipsec(4) by making the contexts encryption- or decryption-specific.
• Enable nexthop verification in bgpd(8).
• On m68k, m88k, sparc, sparc64 and vax, fix a signed comparison bug in brk(2).
  [Applied to stable]
• Update libiberty to that from binutils-2.14.
• Add passive mode (no TCP connection to the peer) to bgpd(8).
• Huge sync of ahc(4) to NetBSD, which in turn is sync'd to FreeBSD. Many bugs fixed, several left to fix.
• Connect bgpd(8) to the build, along with an example bgpd.conf(5) file. Lots of work still needed.
• Let the pkg_* tools' new virtual filesystem to cope with mount points with no options, e.g. AFS.
• Enable hw.cpuspeed sysctl(3) on macppc.
• Add stubs for pthread_[gs]etconcurrency(3). From FreeBSD.
• Fix a descriptor leak in libpthread when doing close(2) on fds 0,1 or 2. Based on a fix in FreeBSD, but implemented differently.
• In libpthread, make accept(2), connect(2), recvfrom(2), recvmsg(2), sendmsg(2) and sendto(2) cancellation points as required by POSIX.1-2001. From FreeBSD.
• Deallocate xl(4) resources on attach failures.
• Enable bus mastering on fxp(4). Oh yes.
• New sshd(8) option KerberosGetAFSToken.
• Have ifconfig(8) automagically create network pseudo-interfaces.
• Mercifully, turn the non-monotonic time warning off #ifndef DEBUG.
• Initialise the url(4) MAC address properly (PR#3612).
• When sudo(8) is run with -k or -K only complain about missing usernames to stderr and don't log anything, since we may be running in a .logout script at shutdown and the YP etc. daemon may have gone away.
• Fix a remotely exploitable crasher in tcpdump(8)'s l2tp parser (PR#3610).
  [Applied to stable]
• Properly clean up 3DES cipher contexts in ssh(1).
• Make sure a signal handler-modified variable in sensorsd(8) is typed as volatile sig_atomic_t.
• In wsmoused(8) (and bgpd) don't set up a handler for SIGKILL since that signal isn't passed to the process at all ever.
• Fix a pasto (from the recent source-tracking additions) in the implementation of pf(4) DIOCSTART.
• Fix end-of-tape handling under pthreads. Fix from FreeBSD PR#56274, including the fix to the fix in FreeBSD PR#59291.
• Use a virtual filesystem in pkg_add(1) and pkg_delete(1) so they can test for available space and writeability before attempting to do the real operations.
• Much work on the new bgpd.
• Remove the recursive format string option '%:' from kernel printf(9).
• Change in*_pcbnotify() to return the number of matches.
• Check for multicasts earlier when processing TCP input, to reduce the amount of redundant processing.
• For semop(2) calls with a small number of operations, use the stack instead of malloc(9)'d memory to reduce overhead. Adapted from FreeBSD.
• Fix some unbounded sscanf(3)s in the usbhid(3) library.
• On i386, add a driver for the Pentium 4's thermal control circuit.
• Stop tcpdump(8) printing garbage pfsync(4) states when the snaplen is less than the sender's MTU.
• Have dc(1) handle SIGINT in a rational way, and have bc(1) pass SIGINT to dc to handle in a rational way.
• When updating process stats, check for non-monotonically-increasing time from microtime(9), deal with it by doing nothing instead of zeroing the counter, and complain #ifdef DIAGNOSTIC.
• Enhanced Intel SpeedStep support on i386.
• New sysctl(3) variables hw.cpuspeed and hw.setperf on i386, used to control LongRun.
• Only modulate the TCP timestamp (pf(4) scrub reassemble tcp) if there's a valid timestamp to be modulated.
• Allow ARP replies containing Ethernet multicast addresses, since some HA products want to do this.
• Show tcpdump(8) how to recognise IKE NAT-D and NAT-OA payloads.
• When isakmpd(8) gives up on a message, show the exchange name in the log.
• Change pfsync(4) multicast group to 224.0.0.240, and IP protocol (pfsync in protocols(5)) to 240.
• New pseudo-user _bgpd with matching group.
• Begin spanning tree operation when a bridge(4) interface comes up.
• New BGP daemon, bgpd. Not complete, and not built by default yet.
• Do a real inverse-colour cursor for rasops(9)-based consoles. Based on a similar change in NetBSD.
• New kqueue(2) filters NOTE_EOF and NOTE_TRUNCATE.
• Add ccd(4) and a newly-shrunken version of ccdconfig(8) to the i386 CD ramdisk kernel.
• Update the kernel zlib to 1.2.1.
• Shrink even more the special gzip used for boot floppies. It now does decompress only and is directly compiled in.
• Update userland zlib to 1.2.1, with local fixes. New major version, libz.so.3.0.
• Don't let cvs(1) pass null labels through to its diff command when stat(2) fails for an input file.
• When filtering on a bridge(4), compare the destination in the filter with the destination address of th