This is a partial list of the major machine independent changes
(i.e., these are the changes people ask about most often). Machine
specific changes have also been made, and are sometimes mentioned
in the pages for the specific platforms.
Note: Problems for which patches exist are marked in red.
For changes in other releases, click below:
2.0,
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.6,
4.7,
4.8,
4.9,
5.0,
5.1,
5.2,
5.3,
5.4,
5.5,
5.6,
5.7,
5.8,
5.9,
6.0,
6.1,
6.2,
6.3,
6.4,
6.5,
6.6,
6.7,
6.8,
6.9,
7.0,
7.1,
7.2,
7.3,
7.4,
current.
Changes made between OpenBSD 2.9 and 3.0
- In pf(4), block packets that have IP options set by default.
- Disable fd(4) sharing.
- Repair a umask(2) in pflogd(8).
- Fiddle with channel handling in ssh(8) and ssh(1).
- Add interface name to address translation to pfctl(8).
- Avoid /tmp races in cvs(1) by utilizing mktemp(1).
- Handle illegal whois(1) server output that lacks a trailing newline.
- Bring in FM radio(9) driver support; configuration through radioctl(1).
- Work around buggy HTTP servers that need the Host: field to only contain the port number.
- Use bpf_timeval instead of timeval in pcap(3), isakmpd(8), bpf(4), and tcpdump(8), improving portability.
- Fix a network/host order bug in pf(4) that broke state searching on icmp(4) packets with the DF flag set.
- New ssh(1) configuration option NoHostAuthenticationForLocalhost.
- Import a new rmd160(1) implementation.
- Upgrade to sendmail(8) 8.12.1, fixing a potential local security hole.
- New -t and -d flags for mktemp(1) to account for the TMPDIR environment variable.
- Add a -l flag to mtree(8) to do loose permissions checks.
- Report error when the -N and -R flags of pfctl(8) can't open the specified file.
- Have rcp(1) and scp(1) skip filenames containing newlines.
- Big install documentation overhaul.
- Support selectable preset FSM optimizations in pf(4).
- Lots of RAIDFrame work.
- Filter forwarded ip6(4) packets with pf(4).
- Upgrade cvs(1).
- New pidfile(3) call to write a daemon PID file.
- Read user configuration first in ssh(1).
- Allow macro names to contain underscores in pf.conf(5).
- Overhaul /tmp handling in gzip(1).
- Improve string handling in rwho(1).
- Fix handling of icmp(4) packets in pf(4).
- Plug memory leak in ssh(1)'s compression.
- Connect usb(4) keyboards to the display after attach.
- Correctly free mbuf when dropping a packet in the ip6(4) subsystem.
- Default to 9600 baud in cu(1).
- Many repairs to getcap(3), including an off-by-one malloc(3) error and a buffer overflow.
- Import a new grep(1).
- Update popa3d(8) to 0.4.9.4, adding support for selectable stand-alone or inetd use and tcpd(8).
- Start pflogd(8) differently so it doesn't block NFS in diskless situations.
- Avoid a memory leak in uvm(9).
- Remove signal race from rpc.rstatd(8).
- Re-order shlib_dirs in rc(8), prioritizing X11R6/lib over local/lib.
- Speedup m4(1) by using inlines for common operations.
- Cleanup the set of user(8) tools.
- Implement a buffer flushing daemon, solving problems related to the syncer and improving performance with large numbers of buffers.
- Remove buggy STATIC memory optimization from m4(1).
- Have vi(1) abort if it can't create a temporary file.
- Improve cross building support.
- Repair some buffer handling in mail(1).
- Add many more length checks when passing data from userland to kernel.
- In pf(4), don't ignore the inner protocol of ip(4) icmp(4) packets, thus unbreaking traceroute(8), etc.
- Support insecure1 and insecure2 options in resolv.conf(5).
- SECURITY FIX: be careful with long commandline options in uuxqt and run uucp as non-root in daily.
A source code patch is available.
[Applied to stable]
- Replace ru_SU with ru_RU in vi(1).
- Import sendmail(8) 8.12.0, requiring a new smmsp user and group.
- Mark buffers with dependencies as B_DEFERRED and skip them one time when doing sync(2).
- Banish uucp to the ports tree.
- Upgrade awk(1).
- Cleanup adduser(8); clean up variables, clear hashes correctly, unlock ptmp before closing, etc.
- Support 1:1 bi-directional Network Address Translation in pf(4).
- proxy user required for ftp-proxy(8).
- Add a stereo jitter suppressor to the maestro(4) audio driver.
- Fix erroneous select(2) FD_SETSIZE uses.
- Repair wall(1)'s -g flag.
- pckbd(4) supports Ukranian keyboard layouts.
- Better Russian calendar(1) support.
- Implement skip steps and parameter lists for interfaces in pf(4).
- Update username length limit in rmuser(8).
- New src compilation target: cross-env; prints all environment variables that need to be set for cross-building.
- Import usbhidctl(1), a userland program to manipulate USB HID devices.
- Import usb(3) library libusb for USB HID processing.
- Rename powerpc port to macppc, allowing for code sharing between different powerpc-based platforms.
- Inherit vlan(4) baudrate from parent.
- Various lpd(8) improvements and fixes.
- SECURITY FIX: fix buffer overflow reading queue file in lpd.
A source code patch is available.
[Applied to stable]
- Plug memory leak in scp(1) and rcp(1).
- Avoid segfault in dhclient(8) when the server specifies its name.
- Support the ! operator in host parameter lists in pfctl(8).
- Send a reset request for every packet received by ppp(8) when the encryption dictionaries are out of sync.
- Make pf(4) support ISN randomization (aka. phase modulation).
- Store argc as a long on the stack as opposed to an int.
- Switch rijndael code to the optimized AES reference release.
- Have isakmpd(8) send DELETE notifications for all active SAs when shutting down.
- In sudo(8), apply default login class if unable to look one up.
- Support macro expansion in pf.conf(5).
- Work some magic on the installation scripts for floppies, shrinking them.
- Correct the setup of the initial tcp(4) state window in pf(4).
- Import pflogd(8), logging daemon that writes pf(4) logs in tcpdump(8) binary format.
- SECURITY FIX: fix out of bounds handling in sendmail debug handling
A source code patch is available.
[Applied to stable]
- Repair ppp(8)'s iface-alias option.
- Fix rule flushing code in bridge(4) devices.
- Support ip6(4) in ppp(8); crude IPV6CP support; many other smaller changes.
- Enhance file-change detection in vipw(8) and crontab(1).
- Add per-rule statistics and byte counter to pf(4).
- Don't reset xl(1)'s Rx/Tx without first turning them back on after a suspend.
- Support parameter lists in pfctl(8).
- Be sure to pass the interface to ipip_input() in the net subsystem so it can be used in bpf(4).
- Import ftp-proxy(8), a transparent ftp proxy.
- Loosen tcp(4) state code in pf(4), allowing "stupid stacks to shotgun their SYNs and provide better handling for pre-existing connections".
- Initial import of sparc64 port; much subsequent development, too much to list.
- Add the possibility to add a random offset to the stack on exec(3).
- Make the siop(4) driver pay attention to quirks table, eliminating INQUIRY snooping and ifdef toggling.
- New -s switch for pwd_mkdb(8) to only update the secure .db file.
- -e switch for nm(1) to show extra symbol information.
- Delay locking the passwd file until we have gotten a new password from the user. Also play with the file locking routine.
- Attempt to recover from PCI aborts in the hifn(4) driver.
- Import keyconv, a small utility to convert between openssl(1) and DNSSEC key formats.
- Support trusted public RSA keys as files in isakmpd(8).
- Fix lengths for PFKEYv2 and KAME messages in IPv4-in-IPv6 and IPv6-in-IPv4 flows.
- Import popa3d(8), Solar Designer's POP3 daemon.
- The valiant vm_extern.h, vm_inherit.h, vm_map.h, and vm_pager.h files ride off into the sunset.
- pf(4) support for icmp(4) errors referring to icmp(4) queries/replies.
- Allow file flags in mtree(8).
- Don't compare the source address on packets to the one in SA when doing ipsec(4) processing.
- Repair rijndael block alignment.
- Unshare sigaction(2) signal handlers on exec(3).
- Merge altq(9) options into just "altq" for base + red + cbq, and enable it by default.
- Support the -h flag for ln(1) that prevents following a symlink to a directory.
- Many new timeouts for a wide variety of devices.
- Remove the IPCOMP option as it's now part of the IPSEC option.
- Rewrite signal(3) handlers in altqd(8) to be race-safe.
- Add support for RC4 operations in the hifn(4) driver.
- Don't free(3) unallocated memory in mailwrapper(8).
- Change tsleep(9) into an ltsleep wrapper. ltsleep takes one more argument than tsleep(9), a simplelock that it unlocks when safe.
- Let kerberosV compile entirely on platforms without shared libraries.
- Avoid /tmp race in rcs2log by using mktemp(1).
- Tweak timekeeping code in dd(1) to produce a sane bandwidth measure for a short runs.
- Enable the ESP and AH ipsec(4) protocols by default.
- Make kernel crash(8) dumps work under mvme68k.
- No longer drop packets when using an ACQUIRE policy and an error occurs when notifying key management.
- New getrrsetbyname(3) function to retrieve arbitrary DNS records.
- Support protocol version 2 in ssh-keyscan(1).
- Move xdm(1)'s PID file from xdm-pid to xdm.pid in /var/run, maintaining consistancy.
- Delay decision to make a new hash(3) table or not until after calling open(2), clearing up problems with file locking.
- vlan(4) changes: utilize IFCAP_VLAN_MTU and IFCAP_VLAN_HWTAGGING capabilities; LINK0 and MTU ambiguity are no more; MTU's can only be changed within the scope of the parent's MTU.
- Repair non-blocking mode issues in syslogd(8), avoiding grief with locked terminals.
- Make all cases of .Sh AUTHOR and .Sh EXAMPLE plural in manual pages.
- New sysctl(3) nkmempages that reports how many pages are in kmem_map.
- Support stateless tcp(4) normalization in pf(4).
- Import x99token(1), a software x99 token calculator.
- Add support for EDNS0 extended flag DNSSEC OK to the resolver(3) routines.
- Don't send a NUL on the end of CHAP SUCCESS packets in ppp(8) so that WindowsME and Windows98 won't mysteriously fail when encryption is enabled.
- Allocate uvm(9) page buckets from kernel_map, saving kmem_map space on machines with lots of physical memory.
- In ppp(8), compensate for a Windows 98 bug when sending a CHAP81 challenge response.
- Support the SmartcardDevice option in ssh(1) to specify which smartcard device to use.
- Step down only one Ultra DMA mode at a time when downgrading.
- On DMA timeouts, stop busmaster PCIIDE and reset channel.
- Don't malloc(3) too much and choke in ELF execution.
- Support rule skipping in pf(4).
- Allow negative lock length with lockf(3), making it compliant to specification.
- In top(1), abort if stdout(4) ever produces EOF; prevents spinning output if controlling tty disappears.
- Implement startup and shutdown hooks via dohooks(9) and family.
- SECURITY FIX: check filehandle size copied from userland
A source code patch is available.
[Applied to stable]
- Nuke edlabel.
- Add support for disabling swap devices via swapctl(8)'s -d option.
- Support sshd(8) configuration file and key testing via the -t option.
- Change vop_symlink and vop_mknod so that they return the created node in a way that the caller can actually utilize it.
- Use vfork(2) safely in sup(1).
- New flag PMAP_CANFAIL that tells pmap_enter that it can fail if there aren't enough resources instead of panicing.
- Make non-stateful and stateful pf(4) filtering work on bridge(4) devices.
- Initialize arpcom later; it could be incorrectly initialized if done before bridge_input().
- Enable challenge-response authentication by default in ssh(1).
- Fix/complete pf(4) binary operators.
- Repair signal race in m4(1).
- Ensure make(1) doesn't dump core when reporting open conditionals.
- Promote PMAP_NEW option to mandatory status.
- In the netinet subsystem, zero the TCP checksum field before calculating the new value; fixes problem with bad checksums on keepalives.
- Use 64-bit integers for some ipcomp byte counts, fixing strange results with netstat(1).
- Support Addonics FlexPort 8S via addcom(4).
- Ignore O_TRUNC on open(2) when not opening a regular file.
- On ext2fs, ffs, and ufs partitions, don't truncate anything except for symlinks, directories, and regular files.
- Repair kern_msgbuf under sparc.
- Support DEC EtherWorks cards via lc(4).
- Bring na.phone up to date.
- The iha(4) driver wasn't able to update the EEPROM, so don't even bother.
- Rework ata and wdc(4) probing code; deal better with floating buses and supress spurious interrupts.
- Plug memory leak in pw_copy() found in libutil.
- Put Kerberos 5 things in libkrb5, out of libkafs.
- Allow sshd(8) to be compatible in all 4 combinations of Kerberos 4 and Kerberos 5 settings.
- When ssh(1) is reading a password, don't panic if fork(2) or pipe(2) fail; just return an empty password.
- Sync rtsold(8) to latest KAME, fixing a memory leak and a timer value.
- Change quad types on alpha to "long long" as opposed to "long", allowing printf(3)'s "%lld" format to be used without a bogus cast.
- In the iha(4) driver, allow sync to be negotiated even if wide is not.
- Modify nv(4) XFree86(1) driver as to avoid the dimming text mode problem.
- Add a BSD authentication module for radius authentication.
- Make sure that ld(1) references all aliases to avoid them being only partially resolved.
- Ensure ppp(8) calculates the number of key changes correctly.
- Repair the NFS server's request tracking during write-gathering, thus avoiding client hangs.
- Use login.conf(5) for passwd(1) variables as opposed to passwd.conf(5).
- Yank PF_ENCAP support out of isakmpd(8).
- Fix-up multicast settings in netstart(8).
- Bump MSIZE up to 256.
- IP/TCP/UDP hardware checksumming for nge(4); limited by MTU.
- Avoid segmentation fault when mg(1) can't read an init file.
- Support for ipcomp(4); disabled by default.
- Show kern_fthread to the door.
- Userland iopctl(8) control utility for iop(4).
- In passwd(1), lock the passwd(5) file after having gotten a new password from the user; also change the actual locking procedure.
- Support for /etc/wsconsctl.conf.
- Handle descriptors 0, 1, or 2 being closed when ppp(8) is invoked.
- Reduce MTU by 2 after MPPE has been negotiated in ppp(8).
- Merge pdksh patch into ksh(1), fixing some problems with propagated return values in multi-command lines.
- Utilize the welcome variable from login.conf(5), in ftpd(8), instead of hard-coding /etc/motd.
- Discipline the audio(4) device so it gets along with revoke(2).
- Repair NFS-related problem with diskless clients by getting the root filehandle via nfs_root.
- Add support for screen switching to wsconsctl(8).
- Change wsconsctl(8)'s interface to be more sysctl(8)-like.
- Shuffle around maxlen setting inside the net subsystem to avoid potential problems.
- Make icmp(4) error checking saner.
- Initial ip6(9) support for isakmpd(8).
- Packet normalization support for pf(4).
- Userland sectok(1) control program.
- Repair kern_fork brain-damage.
- uvm(9) and MNN are no longer optional.
- Import altq(9): alternate queuing support.
- Poof! The old vm disappears.
- No more M_COPY_* macros; use M_MOVE_* or M_DUP_*.
- Add dmesg(8), wicontrol(8), and ancontrol(8) to powerpc's ramdisk.
- New mvmeppc port.
- Many mvme68k improvements including: switching to uvm(9), repairing system trace, cleanup of locore.s, KNF, etc.
- pciide(4) support for powerpc.
- Change icmp6(4) packet header length computation so it works with both 4.4BSD's M_COPY_PKTHDR and OpenBSD 2.9+'s M_COPY_PKTHDR.
- Implement getpeereid(2), allowing local-domain servers to determine client credentials.
- Support generic BSD authentication in xdm(1).
- Disable usb(4) on alpha by default.
- Kerberos v5 support for SSH1.
- Hardware RNG support in lofn(4).
- Smartcard support in ssh-agent(1) and ssh(1).
- Large -Wall/-Werror/-W... ongoing cleanup throughout tree.
- Nuke mips port.
- Initial import of iop(4) (I2O) framework.
- Rewrite nc(1), adding ip6(4) support.
- In su(1), offload root instances for Kerberos to the auth program.
- Disable SMB decoding in tcpdump(8).
- Enable audio on alpha by default.
- Endian fixes in the wi(4) driver.
- Adios NQNFS.
- Nuke the pmax port.
- Don't perform TCP/UDP hardware checksumming when doing IP fragmentation.
- Delayed checksum support in the netinet subsystem.
- Support setting the Ethernet address through ifconfig(8) for vr(4) cards.
- Bypass ipsec(4) for all dhcp(8) traffic, avoiding potential problems with newly booted clients.
- Modify timeouts for IP spd expirations.
- Internal fiddling of nfsd(8)'s handling of its root vnode.
- Import pf(4), an ipf-compatible packet filter.
- Avoid panics under i386 if bus/dev/func numbers for PCI are not valid.
- New sysctl(3) KERN_POOLS to retrieve pool information from the kernel.
- Cleanup and update dhcp(8) to 2.0pl5.
- Utilize readpassphrase(3) in ssh(1).
- Allow access to /dev/pci.
- Repair multiple key handling in wicontrol(8).
- New ether_input_mbuf to ease transition from ether_header in ether_input; drivers will migrate to this.
- Wave goodbye to kernfs.
- Replace existing telnetd(8) with the one from heimdal-0.3f.
- Assorted modifications to uvm(9).
- RELIABILITY FIX: link XF86Setup
against the right version of libXxf86vm.a.
Fix the
problem of corrupted XF86Config file produced by XF86Setup.
A source code patch is available.
[Applied to stable]
- Avoid a pidfile/sigterm race in sshd(8).
- Merge the system's crypto.h into crptodev.h, avoiding name conflicts with OpenSSL.
- Various pool(9) improvements including a new pool_cache() function and cleaner locking.
- Spelling audit throughout the manual pages.
- Try to have ssh-keygen(1) decode ssh-3.0.0 private RSA keys.
- New mg(1) feature: M-x theo.
- Support PCI bus configuration from userland.
- Add TCP, UDP, and IPv4 hardware checksum processing, excluding outbound TCP/UDP.
- Internal shuffling of vnode(9) operations in some filesystems.
- Disable interrupts in the wi(4) driver before mapping and establishing the interrupt, thereby avoiding a race condition.
- MI loadfile support; currently only used on powerpc.
- Obsolete *known_hosts2 in ssh(1).
- Some hifn(4) fixes, largely related to descriptor lengths.
- Don't let ssh(1) overwrite argv.
- Shrink dmesg(8).
- Merge authorized_keys2 into authorized_keys in ssh(1).
- Provide a sysctl(3) interface to msgbuf; handy for dmesg(8), allowing it to run without setgid.
- Upgrade to heimdal-0.3f.
- Use moduli(5) instead of the deprecated primes.
- Add RNG support in hifn(4) for the 7951.
- In isakmpd(8), fallback to stat(2) when readdir(3) doesn't return d_type.
- Apply KNF to many kernel sources.
- Don't forward ip6(4) packets back into point-to-point link if the packet's destination address matches said p2p link's interface.
- Lots of manual page cleanups.
- Upgrade to openssl-engine-0.9.6a.
- Many fixes in the kernel's lockf(3) code including avoiding livelocks on ptrace-related scenarios.
- Modify file locking routine in the skey(3) library, preventing a race condition, plus other modifications; integrate.
- Document physio(9).
- More variables in login.conf(5): login-timeout, login-tries, and login-backoff.
- Improve ppp(8): handle hardware-imposed MTU/MRU limitations; support stateful MPPE (Microsoft encryption).
- Repair vi(1) to avoid spinouts when creating temporary files.
- Make ftp(1) use binary for transfers as opposed to ascii.
- Merge passwd.conf(5) into login.conf(5) and add passwordtime and minpasswordlen variables.
- Move microcode includes around to avoid erroneously installing them, among other reasons.
- Overhaul some kern_exec internals, cleaning up the setuid/setgid-checking code.
- Adapt skeyinfo(1) to use BSD authentication and removal of the suid root bit.
- Improve powerpc's awacs driver; many interrupt fixes.
- Allow the use of ^T in passphrases read by readpassphrase(3).
- SECURITY FIX: avoid race in execve(2) when checking flags for ptrace(2).
A source code patch is available.
[Applied to stable]
- Update if_lastchange when IFF_UP is changed instead of on every packet transmission and receipt.
- VM renovations on mvme88k.
- Use va_start(3) and va_end(3) for every call to vfprintf(3) and associates.
- Replace commonly used static lists with persistent growable arrays in make(1).
- Have slstats(8) use an ioctl(2) so it doesn't need to be setgid.
- Ensure *chi doesn't receive interrupts before being initialized.
- Let pci_mapreg_map() take an extra argument to limit the size of the PCI region to map so we can still work with things publishing too much PCI memory.
- Use lpd_flags in rc(8), allowing flags to be passed to lpd(8).
- Support EDNS0 (RFC2671) buffer size notification for DNS queries.
- Upgrade to binutils 2.10.1.
- Protect include files in /usr/include/net against multiple inclusion.
- Fix unmapped interrupt problems on some VIA-based boards.
- New options, improvements, and fixes for wicontrol(8).
- Palm support in libsectok.
- Rewrite ldd(1).
- RELIABILITY FIX: use correct db(3) pointers in pwd_mkdb(8), and don't star out empty passwords
A source code patch is available.
[Applied to stable]
- Assorted ppp(8) alterations.
- Correct initialization of the policy_id field for SA structures in isakmpd(8).
- PCI shim for wi(4).
- Repair preservation option in cp(1).
- Allow the number of gre(4) devices to be changed in boot_config(8).
- rc(8) no longer starts netatalk -- if installed -- by default.
- RELIABILITY FIX: compute length correctly on certificates in isakmpd(8).
A source code patch is available.
[Applied to stable]
- Ensure kqueue(2) works on ext2fs(8).
- More pipe fiddling.
- Enforce Remote-ID specified in Phase 1 peer section in isakmpd(8).
- Ongoing license audit and copyright notice cleanup.
- Extend pfkeyv2's RFC2367 compliance and fix backward compatibility problems.
- Adjust routing socket message to the right size.
- Switch UID when sshd(8) cleans up temporary files and sockets.
- Speed up arc4random(3) in some net subsystems.
- Upgrade to XFree86 4.1.0.
- Use default hoplimit when icmp6_error doesn't know about the incoming interface.
- Create sysctl(3) parameters for ccpu, diskstats, fscale, nprocs, and physmem.
- New md5(1) implementation with a BSD copyright and other improvements; includes regression test.
- Improve swapctl(8).
- Don't allow packets that need IPsec(4) processing to be bridge-broadcast.
- Expand handling of X.509 and KeyNote certificates in isakmpd(8).
- Fix some tcp(4) behaviour with connections in the CLOSING state.
- Some ld.so(1) renovations.
- Repair kqueue(2) related panic.
- SECURITY FIX: verify location when using fts(3) to pop up directories.
A source code patch is available.
[Applied to stable]
- Update root device selection routines for sun3.
- Miscellaneous fxp(4) improvements.
- Remove ipf(4) from the tree.
- Remove pcvt(4) from the tree.
- Add BSD authentication support to userland programs; authorization defaults in login.conf(5).
- SECURITY FIX: Update to sendmail(8) 8.11.4 which addresses signal race conditions.
A source code patch is available.
[Applied to stable]
- Hardware clock support on powerpc.
- Fix directory state tracking in fsck(8).
- New BIOCGHDRCMPLT and BIOCSHDRCMPLT ioctls for bpf(4) to disable overwriting of the link-level source address.
- Support interface capabilities.
- Repair cluster_rbuild() in vfs_cluster.
- Twiddle with the atapiscsi(4) driver.
- fxp(4) bug fixes.
- Bring back the old (no ECONNABORTED) accept(2) behaviour for Unix domain sockets.
- Support Heimdal's Kerberos 5.
- Upgrade to Perl 5.6.1.
- Allow arbitrary atime/mtime setting on ext2fs(8) volumes.
- Fix lookup code in procfs(8).
- Many assorted mg(1) fixes and improvements.
- Clean up and shrink make(1).
- Various improvements to the ubsec(4) driver.
- Fix panics in the ep(4) driver by initializing packet tags.
- New PCMCIA products from NetBSD.
- Utilize packet tags in the net subsystems.
- Diversify time parameter parsing in sshd(8).
- Better keyboard-interactive support for ssh(1).
- Convert lseek(2) read(2)/write(2) to pread(2)/pwrite(2) in kvm(3).
- Import libsectok, used for ISO 7816 smart cards and iButtons.
- Tweak delays in the i82365 PCMCIA controller driver to avoid momentary freezes.
- Improve rate support in auich(4).
- Make vax use wscons(4) and enable the smg framebuffer.
- More select(2) fixes in ssh(1).
- Fix X11 client bug in ssh(1).
- PMAP_NEW support on the vax and hp300.
- Create COMPAT_23 and COMPAT_25 options.
- In vr(4), handle suspend mode better on the VT6102.
- Do not check return values for malloc(9) calls with M_WAIT or M_WAITOK.
- New option: SMALL_KERNEL, subtly changes some kernel semantics to change the kernel size significantly. Use *only* for boot floppies.
- Change ip_sum semantics in ip_output().
- Compress ac97(4) vendor tables.
- ac97(4) now knows about rev 2.2.
- Squish compatopts to a more sensible set, killing COMPAT_09, COMPAT_10, COMPAT_11.
- Shrink the alpha boot blocks a bit.
- We no longer support ECOFF kernel loading in the alpha boot block.
- Teach ac97(4) about more CODEC models.
- At boot time, swapon(8) before fsck(8) is run.
- Fix fts(3) to handle very long paths.
- Repair various signal handler bugs in pppd(8).
- Handle memory allocation failures in fsck_ffs(8) and fsck_ext2fs(8) better.
- Fix a recently introduced bug in supfilsrv(8).
- Correct acceptance of ARP packets coming in on non-IP bridge(4) interfaces.
[Applied to stable]
- txp(4) now works on the alpha.
- More fixes to make(1).
- Check a calloc(3) in fsck_ffs(8).
- Add a temporary DTYPE_CRYPTO until device cloning support shows up.
- Fixes to fdescfs.
- busdma changes to txp(4), preparing for the alpha.
- Split wi(4) into bus dependent and independent parts.
- On hp300, splhigh() in cpu_exit().
- Misc cleanup of the shared m68k codebase.
- More bus_dmamap_sync(9) in hifn(4).
- Initial non-working alpha ld.so(1) support.
- Support newer versions of the lmc(4) cards.
- Kill a debug message in ubsec(4).
- Add swiss german keyboard layout to wscons(4).
- Smoke out the OLD_PIPE code.
- krb4-1.0.8
- Bug fix to make(1).
- Speed up top-level tree Makefiles by doing exec for subshells in new directories.
- Artful fiddling of the kernel pipe stat code.
- No need for setgid kmem on iostat(8) anymore.
- Add more sysctl(3) support in the kernel.
- Make the alpha floppies fit again...
- Make hifn(4) use bus_dma(9). Now works on the alpha.
- Initial cut at userland hardware crypto(4) support.
- In ubsec(4), initial support for the Broadcom 5820.
- Honour ddb.console on sun3.
- On the pmax, fix a curproc misuse.
- In pcibios(4), deal with buggy BIOSs which incorrectly leave the router as 000:00:0.
- hp300 cleanup in progress...
- Solve a problem of Lilliputan proportions in powerpc isinf(3).
- Mickey goes mad and does a strlcpy(3) whack on src/bin.
- Unify rdsetroot and rd(4) support between almost all architectures.
- Man page cleanups galore.
- In hifn(4) attempt to support the Hifn 7951.
- Do stdout/stderr flushing in sshd(8) using non-blocking mode.
- Fix kerberosIV versioning link problem.
- Cleanup MAP_COPY flags in the tree.
- Use genassym.cf on alpha.
- Unify the rd(4) support.
- Update sysctl(8) and vmstat(8) to use the new interfaces.
- Make more data available via the sysctl(3) interface.
- Handle fastroute in the bridge(4).
- hp300 man page cleanup.
- Fix a resource leak in twe(4).
[Applied to stable]
- Use madvise(2) option with MADV_FREE for malloc(3) 'h' flag.
- Support MADV_DONTNEED and MADV_FREE in madvise(2).
- Switch sparc to UVM and PMAP_NEW.
- Support HP425e.
- Refill txp(4) receive ring only when empty -- performance enhancement.
- Fix SSH2
-R
support in ssh(1).
- More pmap/uvm interface changes.
- Correct signal handling in ping6(8).
- Implement screen blanker in wscons(4).
- Attempt to support hifn7951 in hifn(4).
- realloc(3) fixes to ipf(8).
- ipf 3.4.17
- Fix kernel extent code to be more careful about ranges.
- UVM support for mac68k.
- Change i386 in_cksum failure to a printf(9), instead of a panic(9).
[Applied to stable]
- In txp(4), add support for hardware vlan(4).
- Fix a bug in make(1) exposed by the recent jumbo patch.
- Fix ti(4) to handle vlan(4) properly.
- vsunlock fixes to UVM.
- Signal ignore bug fix to ssh(1).
- Kill i386 VM & pmap_old support.
- Fix process priority bug in atrun(8).
- Enable vlan(4) by default in GENERIC kernels.
- Fix pread(3), preadv(3), pwrite(3), and pwritev(3) on big endian architectures.
- In sendmail(8), use FAST_PID_RECYCLE.
- Remove excess (vaddr_t) casts.
- Get rid of CLSIZE and friends.
- Increase strlcpy(3) in parts of the tree.
- Some minor changes to isakmpd(8).
- Cleanup M_* malloc types in the kernel.
- UVM for the hp300.
- Numerous cleanups to sup(1).
- In systat(8), handle kvm_nlist(3) failing.
- Fix a channel race in sshd(8).
- Document that nc(1) no longer has a -e option.
- Fix localhost handling bug in httpd(8).
- Jumbo patch to make(1) that has been brewing for a while.
- Various improvements to mg(1).
- Big USB code update.
- Fix a signed vs unsigned error in the gm(4) Ethernet driver.
- In wump(6), improve our cave topology algorithm. Don't ask.
- Force -h to override the BLOCKSIZE environment in du(1).
- Substantial updates to sup(1).
- Fix a register save/restore bug in clcs(4) so that suspend/resume works better.
- Allow the right CTRL+ALT keys to work as the left ones do in wskbd(4).
- Continue to hack our new txp(4) driver into shape.
- In ifconfig(8), implement support for removing tunnel outer IP address pair.
- Revert a buggy optimization in tsort(1).
- Use pread(2) in nlist(3) instead of abusing lseek(2) with read(2).
- Remove cruft leftover from the old PCVT console driver.
- Fix filename tab-completion in mg(1).
- Convert some more drivers to the new timeout(9) interface.
- Whack dtom() in the kernel. Fo'get about it.
- Avoid a NULL pointer dereference in faithd(8).
- Various reset and delay fixes in wdc(4) to help certain ATAPI devices.
- Deal with suspend/resume more cleanly in pccbb(4).
- Better hints handling and memory allocation in tsort(1).
- Correct an error condition in /etc/ksh.kshrc.
- Add a koi8-r keyboard layout for wskbd(4).
- Allow interoperability between OpenSSH and older ssh-2.0.x variants with weaker key generation.
- Instrument improved locking and rework SCSI a bit in ami(4).
- Cleanups to ancontrol(8).
- Add a -b option to ssh(1), similar to telnet(1)'s equivalent.
- Fix a memory handling bug in telnet(1).
- Use pool(9) interface for the VFS cache.
- Improve OpenSSH interoperability with ssh.com-2.0.x clients.
- In the mvme88k port, replace resource maps with extents.
- Numerous fixes and updates to sup(1).