OpenBSD 3.6 released (November 1, 2004)

This is a partial list of the major machine-independent changes (i.e., these are the changes people ask about most often). Port specific changes have also been made, and are sometimes mentioned in the pages for the specific platforms.

Changes to the ports collection are documented here.

Note: Problems for which patches exist are marked in red.

For changes in other releases, click below:
2.0, 2.1, 2.2, 2.3, 2.4, 2.5, 2.6, 2.7, 2.8, 2.9, 3.0, 3.1, 3.2, 3.3, 3.4, 3.5, 3.7,
3.8, 3.9, 4.0, 4.1, 4.2, 4.3, 4.4, current.

Changes made between OpenBSD 3.5 and OpenBSD 3.6

• Fix tcpdump(8)'s bpf(4) attachment on atw(4) devices.
• SECURITY FIX: Eilko Bos reported that radius authentication, as implemented by login_radius(8), was not checking the shared secret used for replies sent by the radius server. This could allow an attacker to spoof a reply granting access to the attacker. Note that OpenBSD does not ship with radius authentication enabled.
  A source code patch is available.
  [Applied to stable]
• Bail out of newfs(8) on errors when making very small filesystems.
• Move MIPS to 64-bit.
• Fix copyout(9) of pf(4) anchors with relative paths and wildcards.
• Track the peer count correctly in bgpd(8) and ntpd(8), fixing memory corruption in both.
• Fix a null dereference in dhcpd(8).
• Just print the raw IP protocol number in netstat(1) instead of fetching the protocol name.
• Stop routed(8) fiddling with routes controlled by bgpd(8).
• SECURITY FIX: httpd(8)'s mod_rewrite module can be made to write one zero byte in an arbitrary memory position outside of a char array, causing a DoS or possibly buffer overflows. This would require enabling dbm for mod_rewrite and making use of a malicious dbm file.
  A source code patch is available.
  [Applied to stable]
• Stop telnetd(8) closing the slave fd from openpty(3) and then reopening it.
• Set a cleanup handler for HUP as well as INT, TERM and WINCH on the ssh(1) multiplex control socket.
• Stop ntpd(8) dying on sendmsg(2) failures.
• Unbreak route(8)'s -netmask option.
• Fix a bad cast from mode_t to short in ar(1).
• Check for interrupted waits in inetd(8), fixing late reaping of zombie processes and other ignored signals.
• Don't busy-wait on ENOBUFS in pppoe(8).
• Stop the mixer resetting emu(4)'s volume to very very loud.
• Make sure kernfs_xread() isn't called with a negative offset.
• SECURITY FIX: Chris Evans reported several flaws (stack and integer overflows) in the Xpm library code that parses image files (CAN-2004-0687, CAN-2004-0688). Some of these would be exploitable when parsing malicious image files in an application that handles XPM images, if they could escape ProPolice.
  A source code patch is available.
  [Applied to stable]
• Stop non-MASTER carp(4) hosts replying to ARP requests, as this upsets some layer 3 switches.
• Stop login(1) treating the 'bar' in username foo.bar as a Kerberos instance, that's a krb4 syntax we no longer use.
• Fix fd passing problems with S/Key on sparc*.
• Don't do DNS lookups when reading ntpd(8)'s config, save them for later.
• In ntpd(8), don't log transient network errors from sendto(2).
• Fix pfsync(4)'s handling of adaptive timeouts.
• Enforce minimum lease time of 60 seconds in dhclient(8), to stop bogus 0s leases from the server causing the client to spin.
• Fix oversized copies that were causing memory faults in usb(4).
• Don't close stdin in sshd(8) unless we're reexec'ing.
• Make sure pkg_create(1) keeps track of the current working directory.
• RELIABILITY FIX: Due to incorrect error handling in zlib an attacker could potentially cause a denial of service attack (CAN-2004-0797).
  A source code patch is available.
  [Applied to stable]
• Have /etc/security(8) store a copy of the disklabel and report any changes.
• Only allow SIOCGET{VIF,SG}CNT from the multicast router socket (PR#3825).
• Document the fact that collisions have been found for MD4, MD5 and ripemd.
• Don't make ntpd(8) explode when getaddrinfo(3) returns EAI_NONAME.
• Base the value of uvm_km_pages_lowat on the amount of physical memory.
• Back out the IPv6 prefix len 'fix', the old code was right.
• Make xargs(1)' behaviour match the manpage when the utility can't be executed.
• Fix fgetln(3) and realloc(3) handling in libedit.
• Do the '%s' replacement for less(1)'s LESSOPEN and LESSCLOSE environment variables ourselves instead of using snprintf(3).
• Don't send a SIGINT or SIGTERM to the entire process group when received by the shell unless the shell is the process group leader (PR#3820).
• In isakmpd(8), fix the test for whether a newly-created SA replaces an old one.
• Enable Dead Peer Detection in isakmpd(8) by default.
• Don't overwrite the raw IPv6 checksum field in a shared mbuf.
• Fix high interrupt load in ste(4).
• Remove the need for isakmpd.policy(5) file when starting isakmpd(8) from rc(8).
• Fix the IPv6 prefix length sanity checks in in6_are_prefix_equal().
• 3.6-beta -> 3.6.
• Add a new control message to bgpd(8) that allows a session to be downed and restarted, accessible with the bgpctl(8) command 'clear'.
• Unbreak parsing of multiple -o options to mount_nfs(8).
• Stop bge(4), sk(4) and ti(4) complaining about a lack of jumbo frame buffers for inbound frames, unless debugging is on.
• On nexthop reachability status changes always notify the bgpd(8) RDE, not just when the nexthop was previously unavailable.
• Don't send bad IP packets via bpf(4) when monitoring a gre(4) interface (PR#3852).
• Fix descriptor passing in bgpd(8).
• Stop networks disappearing on bgpd(8) reload by always updating the prefix timestamp.
• Remove a null deref in isakmpd(8).
• Implement the SMTP 'QUIT' command in spamd(8).
• Fix an out-of-bounds read in makeinfo(1).
• Remove ip6.int from the named(8) example config files.
• Bump OpenSSH to version 3.9.
• Put in a temporary fix for wi(4) cards with station firmware < 1.8. Real fix after the 3.6 release.
• Remove spamd(8) greylist entries the second they expire.
• Back out the recent pf(4)-skips-downed-interfaces change, it breaks IPv6.
• Add an example sendmail(8) /etc/mail/genericstable.
• When isakmpd(8)'s -K switch is active, check the peer's proposal against isakmpd.conf(5).
• Map the whole ld.so hints file for a.out in one mmap(2), as was done for ELF.
• Fix auto request sense handling in ahc(4) and ahd(4).
• Stop a coredump in libregex(3).
• Fix a busy-wait on transmit failure in ntpd(8).
• Add an extra check for a NULL message in the privsep code for isakmpd(8), named(8), pflogd(8), sshd(8), syslogd(8), tcpdump(8) and the X server.
• Finally fix ntpd(8) problems with DNS non-availability at startup.
• Fix a bad dereference in gcc(1).
• In bgpd(8), ignore RFC2545 and don't allow IPv6 link-local addresses to be a next hop.
• Stop a core dump in newfs(8) by checking the block size against MAXBSIZE.
• Validate the superblock size recorded in the superblock, to prevent a panic.
• Use atomicio instead of a few pieces of homegrown code in ssh(1).
• Some signedness cleanups in ssh(1).
• Add dladdr(3) support to the dynamic loader, and extend dlsym(3) to match 'standards'.
• Plug a memory leak in kvm_close(3).
• Fix bgpd(8) MRT dumps from cloned sessions.
• With -q in effect, stop grep(1) searching as soon as a match is found.
• Skip over non-UP interfaces in pf(4), fixing some problems with pppd(8).
• Fix a missing lseek(2) error check in sshd(8).
• Only close a pipe if it's open in sshd(8).
• Fix a minor memory leak in sshd(8).
• Surround pkg_delete(1)'s main loop with an eval{} block, so that ldconfig(8), directory removal, manpage and font directory processing always occur.
• Back out the mmap(2)-based malloc(3) for now, some architectures aren't working right yet.
• A stack of ohci(4) fixes from NetBSD.
• RELIABILITY FIX: Improved verification of ICMP errors in order to minimize the impact of ICMP attacks against TCP.
  A source code patch is available.
  [Applied to stable]
• Show the difference between the expected and received IP checksum in tcpdump(8).
• Now that tcpdump(8) decodes the IP fragment returned in an ICMP error message, allow the TCP parser to print the source and destination ports from incomplete TCP headers.
• When tcpdump(8) receives an ICMP error and -vv is in effect, also dump the IP packet embedded in the error message. Based on tcpdump.org.
• Fix a bad sizeof in ntpd(8).
• Implement better RFC 3706 Dead Peer Detection in isakmpd(8).
• Fix the MED setting in outgoing bgpd(8) updates.
• In ntpd(8), handle DNS lookup failures properly in the case of server pools.
• Have pkg_add(1)'s @mandir and @fontdir keywords do the right thing on package delete, and have @fontdir do the necessary font processing.
• Fix a dynamic group-related panic in pf(4).
• Support the setenv capability in login.conf(5) like in NetBSD, including '~' and '$' macro expansion for the homedir and username respectively.
• Import and merge Perl 5.8.5 from CPAN. Crank libperl's major number.
• 3.5-current -> 3.6-beta.
• Stability and performance fixes to ste(4) from FreeBSD.
• Fix an out-of-bounds write in libafs, caught by the mmap(2)-based malloc(3).
• Fix a missing initialisation of the route info structure in the kernel and stop a panic.
• Stop doing unnecessary PHY resets on hme(4).
• Remove the need for -w when setting values in radioctl(1).
• Fix iostat(8)'s average KB per transfer calculation.
• Do a chroot(2) before running ldconfig(8) when DESTDIR is set in pkg_add(1).
• Add IPv6 router solicitation and router advertisement ICMP messages to the default pf(4) filter loaded in rc(8).
• Initial work on SGI MIPS64 support.
• Only close the stream passed to pclose(3) if it was opened by popen(3).
• In pkg_add(1), invoke the OpenBSD::Makewhatis module directly insteading of forking makewhatis(8).
• Reorganise makewhatis(8) to avoid using unnecessary code, and allow invocation as a perl(1) module.
• Big update to bgpd(8), moving towards IPv6 support.
• New @lib marker in pkg_add(1) packing lists, that lets the tools know when to run ldconfig(8).
• Many more pkg_add(1) fixes and improvements.
• Refactor pkg_add(1) etc. packing list code.
• Now that malloc(3) uses mmap(2) instead of sbrk(2), remove the rlimit check from the userland code and let the kernel do it.
• Use the new fd-passing functionality in BSD_AUTH(3) to implement record locking for S/Key logins.
• Stop trying to change the cwd of processes after a forced unmount.
• Don't send signals from hardclock to prevent SMP problems in the near future.
• Add interrupt coalescing support to fxp(4)
• Fix jumbo frames support in sk(4).
• In ssh(1), return DH group 14 when /etc/moduli is empty, fixing a hang.
• Allow a file descriptor to be passed on the BSD_AUTH(3) back channel, to be used for stateful login scripts.
• Do a check for minval>maxval in strtonum(3)
• Change the minval and maxval parameters to strtonum(3) from unsigned to signed long long, simplifying the code.
• Allow an autonegotiation to be forced at mii(4) attach time.
• Don't crash the kernel in autoconf when matching an indirect device with verbose mode switched on.
• Allow NFS commits to be coalesced instead of always sending a commit for each block.
• MRT dump compatibility fixes for bgpd(8).
• Add route label support to route(8) via the -label keyword.
• Introduce 'route labels', allowing up to 32 bytes of information to be attached to a route.
• Fix reference counting bugs in isakmpd(8), avoiding leaks.
• Make disk geometry parameters in fdisk(8/i386) unsigned values to avoid some signedness problems.
• Don't trim device major and minor numbers to 8 bits when accessing device nodes over NFS.
• Allow pfsync(4) to use a unicast sync peer, via the new 'syncpeer' keyword to ifconfig(8). This lets pfsync operate over IPsec.
• Show if locking is present in pstat(8) -f output.
• Add fxp(4) microcode for interrupt coalescing. From Intel via FreeBSD.
• Have lint(1) allow more integer types in bitfields.
• Set initial latency and cacheline size for cardbus(4) devices.
• Out-of-line some functions in isp(4) to shrink the kernel a bit.
• In isakmpd(8) don't expire phase 2 SAs that are not yet established on receipt of a SIGHUP.
• Fix pcmcia(4) crashes (PR#3732, PR#3881). More work required.
• New @man element for packing lists.
• If LK_NOWAIT is passed to vget(9), return EBUSY if the vnode is lock(9)ed.
• Rewind the tape less often when repositioning an st(4) device.
• New malloc(3) implementation using mmap(2) instead of sbrk(2). This means that malloc now gets all the benefits of mmap's randomisation feature.
• Deal with upward-growing stacks when checking for the end of the stackgap in sys/compat/common.
• Major updates to ahc(4). From FreeBSD.
• Kill GATEWAY and IPFORWARDING config(8) options, since their functionality has long been available from sysctl(8).
• Have httpd(8) correctly use port information supplied by the client (if available) when UseCanonicalName is off.
• New bgpd.conf(5) announce type "default-route", which will only announce the default route to a specified neighbour.
• Drain hotplug(4)'s event queue on close, fixing a hang on shutdown (PR#3874).
• Fix siop(4) probe problems on hppa.
• Call /bin/ksh instead of /bin/sh in the installer scripts, since the ksh(1) mannerisms will be disabled when invoked as sh(1) soon.
• Fix a missing initialisation when processing an RDE update in bgpd(8).
• Helpfully, don't truncate the lease file to zero length on dhcpd(8) startup.
• Keep a unique ID for each server ntpd(8) talks to.
• Display IKE Dead Peer Detection notifications in tcpdump(8).
• Fix the conditions under which pool_put(9) frees a page.
• Fix NAT-T Aggressive Mode by putting NAT-D checks in the right place.
• Don't set the output filename in compress(1) when in -t mode, avoiding an error which the input filename doesn't end in '.gz'.
• Drop ip6.int query support for IPv6 reverse lookups with gethostbyaddr(3).
• Use SHA1Pad(3) in libskey, instead of relying on undocumented behaviour from SHA1Final(3).
• Add new timekeeping code, MI-only for now and not yet enabled anywhere.
• In bgpd(8), prefer the path with the lowest MED value, not the highest.
• Have bgpd(8) retry failed DNS lookups from the config file every sixty seconds.
• Set the default localpreference in bgpd(8) to 100 instead of 0.
• Fix a leak when passing a file descriptor between processes.
• Support lists-within-lists for the AS and prefix in bgpd.conf(5).
• Support list expansion for the AS in bgpd.conf(5).
• In tcpdump(8), only print TCP sequence numbers for SYN, FIN or RST packets if -vv is in effect.
• Use pool(9)s instead of R_Malloc() for rtentry and rttimer structs. Adapted from NetBSD.
• Have inetd(8) set the user and group on UNIX domain sockets.
• Add -ttttt option (timestamp difference since the first packet) to tcpdump(8).
• In ssh(1), call setsid(2) before doing re-exec.
• Support pf-style macro expansion for the peer spec and prefix in bgpd.conf(5).
• Backport from Apache 2.0 a fix for a mod_usertrack coredump in httpd(8).
• Some atw(4) fixes from NetBSD.
• Fix IP header alignment in an(4).
• Fix a use-after-free(3) in gprof(1).
• Add in a missing NULL check in DIOCCHANGERULE, preventing a rare crash.
  [Applied to stable]
• Use 'directory/' instead of '@dir directory' in packing lists.
• Ignore utime(3) failure in cron(8) poke_daemon(), it doesn't matter any more since tickling the socket is enough.
• Use mutex instead of SIMPLELOCK around the kernel's deadproc list.
• Don't allow m_dup1() to return an mbuf chain when it should return a single mbuf.
• Start work on removing the size limit from the mg(1) minibuffer.
• Fix a problem with X on 64-bit architectures that was causing some wsmouse(4) input events to be lost.
• Don't clobber an existing /etc/fonts/local.conf in XF4 make install.
• kqueue(2) support for NFS, adapted from NetBSD.
• Use fseek(3) instead of fseeko(3) in hexdump(1), since the argument being used is an off_t.
• Don't mess up the internal state of a pipe(2) when pipelock() fails, just return with an error.
• Fix an unnecessary fatal() in sshd(8) when the remote dies quickly.
• Don't display invalid usernames using setproctitle(3) in ssh(1) (OpenSSH bugzilla #899).
• Fix a multiple-free in ntpd(8).
• More umass(4) fixes from NetBSD.
• Fix CPU speed-related sound slowdown in auich(4) (PR#3814).
• More pointless inline removal in the kernel.
• Implement outgoing interrupt pipes (part of the USB 1.1 spec) in usb(4). From FreeBSD.
• Disable the XFree86 module loader on powerpc, ahead of upcoming malloc() changes.
• Strip the strcpy() and strcat() builtins from GCC 3 (as was done for GCC 2) to make them easier to spot and eradicate.
• New cdce(4) driver supporting USB CDC Ethernet devices.
• Use mutexes in a few places where SIMPLELOCK was used before.
• Add i386 and AMD machine-dependent mutex implementations.
• Introduce mutex support to the kernel. Not optimally efficient, and not MP-safe.
• New @info keywork to pkg_add(1) etc., supporting GNU info documents.
• Reintroduce standalone popa3d(8) after fixes and more testing.
• Stop wicontrol(8) displaying garbage when run against a nonexistent interface.
• Make gprof(1) work properly on 64-bit architectures where the text is above 4GB.
• Display correct labels in the output from pfctl(8) -st.
• Fix an atw(4) panic on detach.
• Correct mg(1)'s error checks for strtonum(3).
• Start work on a tutorial for the make(1) we have, not PMake.
• strtonum(3)ify id(1).
• Fix a signal race in make(1).
• Fix a leak in getrrsetbyname(3).
• Don't let xterm(1) crash when selecting text.
• React more rationally in ntpd(8) to (possibly) transient network errors from recvfrom(2).
• More improvements to ntpd(8)'s query interval scaling.
• Return EINVAL if a negative offset is passed to ftruncate(2).
• Don't check for the non-existent md5 of an '@link' in pkg_delete(1).
• Add bsd.rd to the list of filesets installed by default.
• For NFS and URL installs, assume the network is already set up the way the user wants it.
• Back out standalone support from popa3d(8).
• Remove K&R support from libc/sys/makelintstub.sh.
• Fix a use-after-free(3) in amd(8)'s AFS code.
• Fix missing ssh(1) lastlog messages under certain circumstances (OpenSSH bugzilla #463).
• Add an stty command to the boot.conf(8/i386) to set the serial console speed.
• Deal gracefully with a null sub-timezone in the installer.
• Unbreak the pf(4) normaliser's use of the timestamp as an extension to the sequence number.
• Add a ruleset optimiser to pfctl(8) (new -o and -oo options).
• In strtonum(3), add a test of the lower bound when the upper bound is greater than LLONG_MAX.
• Updates to the san(4) driver.
• Kill ksh(1) history functions on non-interactive shells. Based on NetBSD.
• Back out a TCP change that left the ends of a newly-ESTABLISHED connection with asymmetric congestion windows.
• Unbreak antenna diversity setting in ancontrol(8).
• Stop pkill(1) whining when a process that it expects to be running has died, e.g. a privsep child that got reaped right away by the parent.
• Fix core dumps from wicontrol(8) when fetching values a card doesn't support.
• New -D option to nc(1) switching on SO_DEBUG.
• In pkill(1), skip the pkill process itself and any processes marked P_SYSTEM every time.
• The netiso code was removed from the tree. Noone cared.
• Many fixes and improvements to atw(4) from NetBSD and the reference driver via NetBSD.
• Add compat versions of msgctl(2), semctl(2) and shmctl(2) with 16-bit mode_t.
• Add new versions of the msgctl(2), semctl(2) and shmctl(2) functions to deal with the changes to mode_t (included in struct ipc_perm).
• Refactor SysV shared memory functions, allowing them to automagically handle conversions between new and old structures in compatibility mode.
• Back out last vestiges of IPv6 fragment reassembly using pf(4) scrub.
• Drop the stratum calculation from ntpd(8).
• Ignore clock synchronisation status returned to rdate(8) -n clients.
• Zero out the NFS generation number in struct stat in OpenBSD 3.5 and 4.3BSD compatibility modes.
• Only retransmit relevant NFS requests on nfs_reconnect().
• Rework pkg_add(1)/pkg_create(1)'s @dirrm directive, and add @dir.
• Fix a double-free and some backwards logic in passwd(1).
• Finally remove the deprecated passwd.conf functionality and files.
• Change mode_t and nlink_t from u_int16_t to u_int32_t.
• Add weak-aliased __errno(3) function to libc and bump all library major versions.
• Have ntpd(8) return decent server statistics to the client, including the stratum, reference time and synchronisation status.
• Ignore obviously malformed queries in ntpd(8).
• Use socketpair(2) instead of pipe(2) in ntpd(8).
• In pkg_create(1), mark links as what they are instead of computing a size and checksum for them.
• When pkg_add(1) detects a file conflict, helpfully list the clashing file's originating package.
• strtoul(3) -> strtonum(3) in mg(1).
• Deal with count==0 correctly in newsyslog(8).
• Save process context in namei(9) avoiding a crash (PR#3842).
• Back out IPv6 fragment reassembly under the pf(4) scrub directive, it's not ready yet.
• Have pf(4) create a group when adding a dynamic interface that's not yet plumbed in.
• More usb(4) fixes from NetBSD.
• An endianness fix in nm(1).
• Fix lockup when unmounting a union filesystem.
• Fix TCP NFS mount hangs after a server reset.
• Scale ntpd(8)'s query interval based on the local clock offset. More work to come.
• Endianness fixes to ehci(4) from NetBSD.
• Remove descriptions of partition types from fdisk(8/i386), shrinking the executable.
• HP-UX compatibility stuff for hppa.
• Fix sed(1) failure when the last character of the line buffer was a backslash. From FreeBSD and NetBSD.
• strtonum(3)ify procmap(1).
• Fix cd9660 buffer writing code.
• Improve patch(1)'s detection of whether or not a patch has already been applied.
• Miscellaneous cleanup in reboot(8).
• Don't use strlcpy(3) on a string that's not null-terminated in ftp(1).
• Some ANSI prototypes in games, sbin and usr.sbin.
• Don't update the clock in ntpd(8) without data.
• When saving a file, have mg(1) check if it's null terminated and prompt the user to add it if desired.
• Rework ntpd(8)'s DNS handling to better deal with responses containing multiple addresses. Two keywords, 'server' and 'servers', with different semantics.
• Set the correct poll(2) timeout in ntpd(8).
• A couple of network mask issues with pf(4) tables.
• Fix a few missing close(2) and free(3) calls in an isakmpd(8) error path.
• Fix overwriting of virtual MAC address by carp(4) on FDDI interfaces.
• Don't mistakenly skip a file in rcp(1) and scp(1) by mistake when fchmod(2) fails twice.
• Sync gdb(1)'s kvm interface with FSF, adding 'kvm proc' and 'kvm pcb' commands.
• Check for stat(2) failure in pkg_add(1)'s virtual filesystem.
• Fix a couple of MRT bugs in ntpd(8).
• Open the dhclient(8) script execution window from 1 to 3 seconds.
• Return -1 from ftw(3) and nftw(3) if fts_close(3) fails without returning an error.
• Fix a memory leak in isakmpd(8).
• Better client responses from ntpd(8).
• Better time handling code for ntpd(8).
• Fix a systrace(1) problem where argv[0] would be normalised and so break scripts that depend on the original path.
• Stop logging ntpd(8) responses with bad cookies, so attackers can't spam the log files. Back off logging in general.
• Don't listen by default in ntpd(8). New 'listen on' directive must be used instead.
• Allow for multiple IP addresses associated with hostnames listed in ntpd.conf(5).
• Add a 'trustlevel' for ntpd(8) peers, using the peer's timely network responses to judge its worthiness to affect the clock offset, and to set how often queries are sent.
• Implement filtering on peer replies in ntpd(8).
• Fix a couple of sizeof(wrongthing) in ntpd(8).
• New -R option fro ftp-proxy(8) allowing pf(4) to safely accept client PASV-mode connections to a protected FTP server.
• Have ntpd(8) log the IP address NTP replies and incorrect cookies are received from.
• Allow and resolve hostnames in ntpd.conf(5).
• Add a couple of missing initialisations in ntpd(8).
• Set FTS_LOGICAL in ftw(3) and nftw(3) (unless FTS_PHYSICAL is explicitly passed in to the latter) as required by fts(3).
• Some string cleaning and other fixes to ul(1).
• Back out the bogus fix for the TCP simultaneous close bug from TCP/IP Illustrated vol. 2, exercise 29.5.
• Some ehci(4) fixes from NetBSD. Multiple devices can now be simultaneously active.
• Don't require -w for writes with audioctl(1).
• Keep track of historical offset and delay values in ntpd(8), for later use in filtering.
• RELIABILITY FIX: Under certain network load the kernel can run out of stack space. This was encountered in an environment using CARP on a VLAN interface. this issue initially manifested itself as an FPU-related crash on bootup.
  A source code patch is available.
  [Applied to stable]
• Fix a segfault in routed(8) with rtquery(8) messages from a non-local host (PR#3841).
• Fix ntpd(8)'s conversion from seconds to microseconds.
• Don't queue hotplug(4) events if there's no hotplugd(8) running. When the last listening daemon exits, flush pending events.
• strtonum(3)ify chpass(1).
• Allow the argument to fstab(5) options groupquota and userquota to be optional
• Implement 'set nexthop blackhole' and 'set nexthop reject' in bgpd(8).
• Give a helpful error message when pkg_create(1) fails due to a missing @name.
• Remote the single-server limitation in ntpd(8).
• Use adjtime(2) to sync the local clock in ntpd(8), based on the median offset from the configured servers for now.
• Some ehci(4) updates from NetBSD.
• Keep track of the device and inode of objects loaded by ld.so(1), so that it's no longer possible to have the same object loaded from two different locations.
• Die nicely if dhclient(8) can't read its config file.
• Fix a few missing freeaddrinfo(3)s in spamd(8)
• Drop the requirement in the installer for a 'b' partition. If one exists use it as swap, and don't allow a mount point to be created there.
• SCHED_LOCK() before proc_stop() in issignal(), avoiding a panic from splassert(9) #ifdef MULTIPROCESSOR.
• In ntpd(8) compute the local clock offset as per RFC 2030 section 5.
• Make the backspace and delete keys do the right thing by default in xterm(1).
• calloc(3) the right structure in ntpd(8) client_peer_init().
• Some cleanup in lam(1).
• Fix a vnode leak in mount(2).
• Change bgpd(8)'s MRT dump code to use fd passing.
• Put skey(1) code inside #ifdef SKEY in ssh(1). From FreeBSD.
• Bypass the pf(4) normaliser for now when forwarding ip6 packets.
• Support '@host:port' syntax in syslog.conf(5), allowing specification of the remote port.
• Respect TMPDIR when creating a temporary mountpoint for the new mount_mfs(8) -P option.
• Use strtoul(3) instead of strtol(3) in setmode(3), and return ERANGE consistently for invalid octal modes.
• Update savecore(8) to new-style kernel time handling.
• Allow (but ignore) the -E and -X options in src/distrib/special/more.
• Fix a few division-by-zeros in vmstat(8).
• Fix rare cases of bogus permissions from mtree(8), caused by a missing initialisation.
• Add a few md use-before-init sanity checks in kvm(3).
• Check for a nonexistent name in kvm(3) and print a useful error message.
• Use the evcount API for interrupts counting on hppa.
• Test for a tty break in the right place in ssh(1).
• Fix inetd(8)'s handling of UNIX domain sockets.
• In mpt(4) use SCSI_POLL during the probe since MP kernels don't enable interrupts until after the probe has completed.
• strlcpy(9) -> copyoutstr(9) when copying from kernel to userland in vnd(4).
• Allow shared library revision numbers to be overridden for libOSMesa, libXRes, libxkbfile and libkbui.
• Remove interface name verification code from pfctl(8), so that once again a rule referring to a non-existent interface simply never fires. This has the handy side-effect of allowing pfctl to be run as non-root again.
• Unbreak MSCHAP in pppd(8) due to local MD4Update(3) differences.
• Don't allow bogus routes with a nexthop inside 127/8 in bgpd(8).
• If no listener address is given to ntpd(8), listen on every IP address.
• Change a few memcpy(3) into strlcpy(3) in pfctl(8) when copying the interface name.
• Install sendmail(8)'s libmilter by default.
• In net80211, allow WEP keys to have lengths other than 40 or 108 bits.
• Don't try to strlcpy(9) from userland into the kernel in vnd(4).
• Update zoneinfo files and ctime(3) to tzdata2004a. Respect Georgia's wish to have the right timezone again.
• Remove '#if 0' around the real code for net80211 ioctl WI_RID_PRISM2. This allows atw(4) to do AP scanning via wicontrol(8).
• New -z option for vmstat(8) to show devices even if they haven't generated an interrupt.
• Use the new event counter API for interrupt counting on alpha, amd64, i386, macppc and sparc64.
• Add generic interrupt counter retrieval via sysctl(3), removing the need for i386-specific code in vmstat(8) and systat(1).
• Add generic 'evcount' event counter API to the kernel.
• Hack around a panic in 802.11 crypto startup due to the rnd device not being initialised.
• Add missing 802.11g and 802.11 'turbo' media types for the 802.11 framework to <net/if_media.h>.
• Use congestion-sensitive IF_INPUT_ENQUEUE() in gre(4).
• Alignment fixes in ppp(8) lcp and ipcp handling.
• Allow the default console to be changed to a serial device from the installer. Only i386 uses this for now.
• In fvwm(1), use two va_list and va_copy(3) instead of reusing a single va_list.
• New -P option to mount_mfs(8), used to populate the mfs volume immediately after creation.
• Make the root of an mfs partition inherit modes, owner and group from the mountpoint.
• Only add the ipcomp(4) header if compression is actually used, i.e. if the packet got smaller after compression.
• New timeslot keyword for ifconfig(8), used by telco cards.
• Add SIOC[GS]IFTIMESLOT ioctls for telco cards (currently just san(4)).
• New san(4) driver for Sangoma T1/E1 cards.
• More narrowing down of isakmpd(8)'s privsep interface.
• After switching most of the device drivers to use generic ether_crc32_be(), add a table-driven implementation of this function. From FreeBSD PR#49957.
• Don't allow nanosleep(2) called with a zero timeout to sleep indefinitely, sleep for at least 1/hz seconds.
• Enable ipsec(4) UDP encapsulation by default.
• Allow keynote(1) policy checking to be disabled in isakmpd(8).
• Remove netiso code from netstat(1).
• Use the extended protocol in syslogc(8) to detect overflows (-o option).
• Extend the syslogd(8) memory buffer protocol to include flags, starting with one to indicate that the buffers have overflowed.
• Fix sshd(8) re-exec file descriptor handling.
• Introduce interface groups, accessible via new ifconfig(8) keyword 'group'.
• String cleaning in twm(1).
• More work on IPv6 normalisation in pf(4).
• Add SMP support for amd64.
• Fix re(4) MAC address setup on big-endian machines.
• When renaming files in the sftp(1) server, fall back to stat(2)-then-rename(2) if the underlying filesystem doesn't support link(2).
• Some more string cleaning in the X server.
• Fix a misplaced closing brace that was breaking xtrans unix socket creation (freedesktop.org bugzill #363).
• Add layer 2 tunnelling (tap) support to tun(4).
• Don't allow IPsec udpencap (4500/udp) to be a dynamic bind(2) port.
• Enable propolice on XFree86 modules.
• In sshd(8), only do TCP wrappers checks when the incoming connection is on a socket.
• Narrow down isakmpd(8)'s privsep interface a bit.
• Ditch autoconf stuff in libkeynote, it's not used here.
• Set stricter modes on shared memory segments used by the X server.
• Do IPv6 fragment reassembly with the pf(4) scrub directive. Work in progress.
• String cleaning in the X server, fvwm(1) and xtrans.
• Convert libXt to ANSI C. From XFree86 HEAD.
• Some work on bgpd(8) multiprotocol support.
• Reprint the boot(8) identity string after changing the console line.
• Disable the boot(8) timeout once the user hits a key.
• Big tidyup of sys/net/rtsock.c.
• Some alignment fixups in bgpd(8).
• In systrace(4), quit early if detached after an exec*(3), and avoid a double-free.
• Remove the 8-page size limit on the sysctl(3)-returned argv array.
• Strip netiso code from ifconfig(8) and route(8).
• Make all kernel time access via functions so that locking is possible.
• Re-exec(3) sshd(8) after accept(2). Can be turned off with the -r command line option.
• Add C++ inclusion guards into <pcap.h> and <keynote.h>.
• Add genericstable to the list of sendmail(8) databases that /etc/mail/Makefile can create automatically.
• Don't realloc(3) so often when fetching process args in libkvm. Will be needed soon.
• If one of pkill(1)'s targets can't be killed, carry on and kill the rest instead of stopping.
• Fix SIGCHLD handling in isakmpd(8) so SIGSTOP and SIGCONT now work as expected.
• Gracefully handle line buffer overruns when reading boot.conf.
• Do ehci(4) on macppc as well.
• Crank libc and libpthread majors again after hsearch(3) addition.
• Allow isakmpd(8) to handle keys from X.509 certs embededed in keynote credentials.
• Implement hsearch(3) and friends, for XPG4.2 reasons. From NetBSD.
• Update sendmail(8) to 8.13.0.
• Correct a missing dereference and unbreak logging of IPV4_ADDR_SUBNET IDs in isakmpd(8).
• Fix the for loop that counts passed environment variables in multiplex ssh(1).
• As with sysctl(8), make the -w option for writes with wsconsctl(8) optional.
• Have tcpdump(8) show the time between packets when prodded with -tttt.
• Some setuid(2)/setgid(2) fixes for systrace(1).
• Shrink the dhclient(8) die-on-RTM_DELADDR window to one second.
• Remove another stat(2)-then-open(2) from isakmpd(8).
• Enable ahd(4) by default for i386.
• Unbreak phase 1 IPV[46]_ADDR_SUBNET IDs in isakmpd.conf(5)
• New config option 'Acquire-Only' (-a on the command line) for isakmpd(8), to stop the daemon playing with existing flows.
• Add cdboot(8), a CD-specific second-stage bootstrap for i386.
• In bgpd(8), support the NOPEER community from RFC 3706.
• Import atw(4) ADMtek ADM8211 wireless driver from NetBSD.
• Some strncpy(3) -> strlcpy(3) in sys/compat/*.
• Add a no-emulation CD boot sector, based on a FreeBSD implementation.
• Only ignore dhclient(8)-generated RTM_DELADDR messages for a five-second window after process startup, so that new instances of dhclient (started outside this window) cause the older instance to die like before.
• Teach mkhybrid(8) how to create an El Torito no-emulation boot CD (for i386), with a 2048-byte boot sector.
• Import the generic IEEE 802.11 framework from FreeBSD and NetBSD.
• Fix probe hangs on some ahd(4) cards.
• In the X server, fix malloc corruption when sending multiple glyphs to RenderAddGlyphs() (XFree86 bugzilla #1276, freedesktop.org bugzilla #349).
• Rewrite mount(8)'s mount options parser, making it more robust and removing the need for duplicate code in mount_nfs(8) (PR#3642).
• Fix some logic errors introduced in recent string changes to cron(8).
• Don't exit wicontrol(8) if SIOCGWAVELAN fails, just print a warning and get whatever information is available without it.
• Change bgpd(8)'s internal prefix lookup from a hash table to a per-address family red-black tree(3).
• Don't assume in make(1) that '.' and '..' are the first two entries in a directory.
• Handle division-by-zero in m4(1) with an error message instead of a core dump.
• Fix a segfault in xdm(1) if a LISTEN keyword without hosts is found in the Xaccess file.
• When decoding fragmented IPv6 packets in tcpdump(8), only try to interpret the contents of the first fragment.
• Back out source-based routing code while some problems are fixed.
• Start work on support for IPv6 routes (not just IPv6 sockets) in bgpd(8).
• Wire ntpd(8) into the build.
• Fix libXi XSelectExtensionEvent(3) on 64-bit machines (freedesktop.org bugzilla #285).
• Remove pointless 5-second sleep(3)s in xtrans (freedesktop.org bugzilla #297).
• Sync lynx(1) to 2.8.5.rel2.
• Fix some endianness problems in X-Resource (freedesktop.org bugzilla #267).
• Add a new 'filter drop' flag to bpf(4), so that an interface may be notified that a packet matches a filter and should be dropped.
• Update to lynx 2.8.5rel1.
• Have isakmpd(8) drop IKE messages arriving on port 500 after the NAT-T exchange has switched to port 4500.
• Allow a bgpd(8) template peer with unknown AS to be an IBGP peer, instead of always being an EBGP peer.
• Allow the IKE parser in tcpdump(8) to recognise a NAT-T payload.
• Teach tcpdump(8)'s IKE parser about NAT-T keepalive packets.
• In bgpd(8), don't reallocate the pollfd array every time the size changes because there's a risk that realloc(3) can fail. Reallocate only when there's a large potential saving.
• String cleaning in cron(8).
• time -> arc4random(9) in sppp(4).
• Fix bogus 'panic: cylinder group too big' message from newfs(8).
• Don't exit dhclient(8) on receipt of an RTM_DELADDR routing message, as this sometimes be generated by the dhclient itself. Instead, exit on RTM_NEWADDR iff an IP address is set that doesn't correspond to our lease. Not a perfect solution.
• More sftp(1) ls(1) emulation: Don't show .dotfiles unless -a is specified.
• Handle interface resets gracefully in dhclient(8).
• Do more retries on st(4) devices to allow the tape drive to recover after a reset.
• New xetc installation fileset, for all X configuration files installed under /etc.
• Keep separate, 1-second resolution counters for walltime and uptime, and have code that only needs 1-second resolution use those instead of the microsecond counters.
• Clean up properly on in_ifinit() failure.
• Turn isakmpd(8) NAT-T support on. The crowd goes wild.
• Implement NAT-T keepalive messages in isakmpd(8).
• Check that UDP encapsulation is enabled (sysctl(8) net.inet.esp.udpencap) before allowing encapsulated SAs to be created in the kernel.
• Add bounds-check gcc(1) attributes to libkern strl*() functions, and to strncpy().
• Implement ls(1)-compatible sorting for sftp(1)'s ls command.
• Allow ipsec(4) on IPv6 link-local addresses.
• Have isakmpd(8) save the destination port if it is NATed, as one might reasonably expect it to be when using NAT-Traversal.
• Don't leak a cloned PMTU route in netinet/ip_output.c.
• arc4random(9)ise a previously time-based ID in atalk(4).
• Fix an fd leak in ssh(1) when multiple subsystems are present.
• Use arc4random(9) instead of the time for the ARCnet sequence ID.
• Use getaddrinfo(3) and getnameinfo(3) instead of old-style conversion functions in spamd(8), but restrict resolution to AF_INET for now.
• Allow - with a warning - the old package keyword @src, in pkg_add(1) etc.
• Import and merge fontconfig 2.2.2.
• Set the ESP marker on isakmpd(8) captured packets for NAT-T SAs.
• If the pkg_add(1) 'don't run scripts' (-I) option is present, don't run scripts.
• Have isakmpd(8) turn on kernel ESP-in-UDP encapsulation for NAT-T SAs.
• Switch to port 4500 when required for isakmpd(8) NAT-T exchanges.
• Use a red-black tree(3) instead of a hash table to track multiply-linked inodes in du(1).
• Time is as dumb a 'random' value for IPX and ISO CLNP as it is for IP, so use arc4random(9) instead.
• Add IPv6 support for standalone popa3d(8) as well as when run from inetd(8).
• In crypto(9), always store the value returned by splimp(9) so we have something meaningful to give to splx(9).
• Fix broken process runtimes in i386 MP.
• Use the RTF_MPATH routing flag to skip over multipath routes in bgpd(8), since mpath make no sense for BGP.
• For sftp(1)'s 'ls' command, make -l show user and group names, and -n show uid and gid just like real ls(1).
• New -I option for diff(1), which ignores changes matching the supplied regex.
• Have vnconfig(8) (with the -l option) use the new VNDIOCGET ioctl to fetch vnd(4) device status.
• New VNDIOCGET ioctl for vnd(4) devices.
• Fix a bad format string in tcpdump(8)'s IKE parser.
• In bgpd(8), use descriptor passing to allow the creation of new listen sockets on privileged ports.
• For multiplexed ssh(1) connections, filter passed environment variables in the slave.
• Add bounds-check compiler attributes for memcpy(3) etc.
• Remove support for TUBA (TCP/UDP over CLNP-Addresses Networks, as if you didn't know).
• Change isakmpd(8) payload handling to deal with pre-RFC NAT-T messages.
• Don't try to carry on in pax(1) if the chdir(2) needed by the -C option fails.
• Start work on both RFC 3706 Dead Peer Detection, and full-on NAT-Traversal support for isakmpd(8).
• Have isakmpd(8) accept an unencrypted final IKE message (Aggressive Mode only) for compatibility reasons.
• New -dd switch for isakmpd(8) to make debugging the privsep child easier.
• Let popa3d(8) work with IPv6 sockets, no daemon mode support yet.
• Fix a rather serious SMP merge error affecting scheduler timeouts.
• Correct some logic errors in kernel malloc_debug().
• Fix congestion-sensitive IF_INPUT_ENQUEUE() so that freed mbuf(9)s no longer show up on interface input queues under certain circumstances.
• Require the setting of new route flag RTF_MPATH (corresponding switch -mpath for route(8)) to add a multipath route.
• Add defines in <net/if_media.h> for various telecoms carrier circuit types, i.e. E1, T1 etc.
• Save curproc in svnd(4) so that lockmgr(9) doesn't get passed a null process. Stops svnd(4) blocking indefinitely (PR#3214).
• Fix a null deref in make(1) if the .DEFAULT target has no commands.
• Fix sending of jumbo frames on em(4) and ti(4).
• Unbreak patch(1) when using standard diffs (i.e. no context).
• Allow the user to interrupt the setup of a multiplexed ssh(1) connection (if, for example, the master gets wedged) by deferring signal setup until the connection is established.
• Merge adjacent hunks in diff(1), making the output more like that from GNU diff.
• Use execvp(3) instead of execv(3) in sftp(1) so -S ssh will work.
• Use dynamically allocated pollfd struct for ntpd(8), just like bgpd.
• Fix a bunch more memory leaks in isakmpd(8).
• Be more careful in isakmpd(8) when evaluating the return code from X509_verify_cert(3).
• Add much of the NTP client functionality to ntpd(8).
• Abort rdate(8) on calloc(3) failure, warnx(3)ing and carrying on is just postponing the inevitable.
• Add an option (ControlMaster=ask) to require confimation via ssh-askpass(1) before allowing a multiplexed ssh(1) connection.
• Support environment variable passing over multiplexed ssh(1) connections.
• Back out the recent IPv6 multicast change so that mandatory groups get joined, but achieve the same result by testing for a new host address before adding the multicast entries.
• Add '-n' option to last(1) to do the same job as -number in a less ugly way.
• Make <netinet/if_ether.h> safe for inclusion in C++ code.
• Fix a bad dereference leading to a memory leak in isakmpd(8).
• Fix a pasto in isakmpd(8)'s message decoder when printing IPv6 address/mask pairs.
• Unbreak the IN6_LOOKUP_MULTI() macro definition.
• Add support for new crypto functions on upcoming VIA C3 processors.
• Build X on cats systems.
• Fix a null deref crash in route(8)'s show command.
• Don't add multiple multicast filter entries for a single IPv6 multicast address.
• Remove the old pf(4) BEGIN*, COMMIT* and ROLLBACK* ioctls.
• Use the newer pf(4) BEGIN and COMMIT ioctls in authpf(8).
• Set the relay session id properly for outgoing pppoe(8) packets.
• Teach patch(1) to detect already-applied diffs when the diff creates a file, or adds to an empty file.
• In du(1), use a hash table instead of a linear list to keep track of multiply-linked files.
• Use fmt_scaled(3) instead of do-it-yourself in du(1).
• In ld.so(1), allow _dl_malloc() to allocate more than 4KB.
• Fix a few stat(2)-then-open(2) races in isakmpd(8).
• After going to the trouble of pulling the tcp6 options into a contiguous region with IP6_EXTHDR_GET, use the returned pointer instead of doing mtod() again.
• Unbreak vmstat(8) on older kernels.
• Build an SMP kernel (bsd.mp) in make release(8) for i386, and allow the user to install it.
• Merge the SMP branch onto the trunk. Let the party begin.
• Just quit rather than panic in cy(4) if interrupts can't be established for PCI.
• Fix an off-by-one buffer size in sed(1).
• Implement client-side session multiplexing (see ssh_config(5) options ControlMaster and ControlPath) for ssh(1), scp(1) and sftp(1). The server has supported this for some time.
• Add diffie-hellman-group14-sha1 KEX method support to ssh(1).
• Fix pf(4) table add/replace commands at securelevel 2.
• Have mg(1)'s M-x gid command use the current word to try and guess which symbol to look up.
• Make route(8) 'show' command output more like netstat -r.
• Support the IPV6_USE_MIN_MTU option, mainly because BIND 9 wants it.
• Disable apm(4) on i386 MP machines.
• Show systat(1) and vmstat(8) where to find interrupt stats on MP i386 machines.
• Only print 'status/cpu#' in top(1) if there's more than one CPU.
• Fix a dereference-after-free (actually after pool_put(9)) in pf(4) tables.
• In pax(1), fix backreference substitution in -s mode and unbreak bad regex detection.
• Add a cpuid field to struct kproc2, and teach ps(1) and top(1) how to make use of it.
• Only install the Intel F00F bug workaround once on MP machines, avoiding a panic.
• Zero the restart counter before use, to fix a problem with uhub(4) port restarts giving up before starting. From FreeBSD.
• Fix a sizeof(pointer) bug in carp(4).
• Don't leak a softc when detaching a carp(4) cloned interface.
• SECURITY FIX: Multiple vulnerabilities have been found in httpd(8) / mod_ssl. This is the second of two sets of fixes.
  
  • CAN-2004-0488: Stack-based buffer overflow ... in mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow attackers to execute arbitrary code via a client certificate with a long subject DN.
  • CAN-2004-0492: [mod_proxy] Reject responses from a remote server if sent an invalid (negative) Content-Length: header.
  A source code patch is available.
  [Applied to stable]
• SECURITY FIX: As disclosed by Thomas Walpuski, isakmpd(8) is still vulnerable to unauthorized SA deletion. An attacker can delete IPsec tunnels at will.
  A source code patch is available.
  [Applied to stable]
• Add src/lib/libintl and libc i18n directories to the repository.
• First merge of SMP code into the trunk, mainly structures to allow gradual introduction of the new APIs.
• Fix IPv4 name-to-address translation, so invalid octet values won't be accepted and CIDR address/mask pairs finally work the way one expects.
• In tcpdump(8)'s privsep localtime(3) replacement, deal better with timezones with granularity of less than one hour.
• SECURITY FIX: Multiple remote vulnerabilities have been found in the cvs(1) server that will allow an attacker to crash the server or possibly execute arbitrary code with the same privileges as the CVS server program.
  A source code patch is available.
• On i386 (ppro and above), use the calibrated value for the CPU speed over the value returned by the CPU itself, fixing PR#3814.
• Use a dynamically allocated array of pollfds in bgpd(8).
• Try to prevent isakmpd(8) deleting SAs on receipt of malicious IKE messages.
• rdate(8) improvements:
  • RFC 2030 compliance for NTP mode.
  • Much more robust error handling, with better messages.
  • Better detection of stale or spoofed NTP responses.
  • Support for multiple addresses if returned by the DNS, trying each listed server until one works.
• Remove NMBCLUSTERS settings from config(8).
• Factor out TCP md5sig code into tcp_subr.c:tcp_signature().
• Fix buffer usage in umass(4) CBI transfers (NetBSD PR#25676).
• Allow arc4random(3) code in ksh(1) to actually work.
• Break the dependency of libc on <pthread.h>. Bump the major version of libc and libpthread.
• Teach kdump(1) about gpio(4) ioctls.
• Allow an authtype (-a option) in skeyinit(1) even when secure mode (-s) is in effect.
• Add an alternative algorithm to make pf(4) table deletions faster for a small number of deleted items.
• SECURITY FIX: Multiple vulnerabilities have been found in httpd(8) / mod_ssl. This is the first of two sets of fixes.
  
  • CAN-2003-0020: Apache does not filter terminal escape sequences from its error logs.
  • CAN-2003-0987: Apache mod_digest does not properly verify the nonce of a client response by using an AuthNonce secret.
  A source code patch is available.
  [Applied to stable]
• Out-of-line spl(9) functions in SMP on i386, mirroring the UP change to fix VFS corruption.
• Add SMP-related devices for i386 on the SMP branch.
• Many fixups on the SMP branch for non-MP kernels.
• Rework bgpd(8)'s listen socket handling to better support multiple listen addresses.
• New -src and -srcmask options for route(8) supporting the new source-address routing functionality.
• New -S flag for netstat(1) and route(8), to show the new source selector part of a route entry.
• Extend the routing table to allow routing based on source as well as destination. IPv4 only for now, more to come.
• Set the skey(1) first sequence number to 100 as promised by the manpage.
• spl(9) and alignment fixes in portalfs.
• Much merging and fixup as SMP is readied for prime-time.
• Resurrect the 'fork1(9)-can-take-null-retval' change, this time leaving the setup of struct proc setup well alone.
• Fix a bug with X and wsmouse(4) where an event of unknown type could cause a whole batch of other events to be discarded.
• Set the length field in the TCP packet header earlier in tcp_output().
• New re(4) driver supporting RealTek Gigabit Ethernet devices.
• Clean up multicast addresses when unconfiguring carp(4) interfaces.
• Clarify user(8) docs and error messages (PR#3792).
• Add startup code for hotplugd(8) to rc(8) and rc.conf(8).
• New usbhid(3) API hid_start(3), a non-noisy version of hid_init(3).
• Don't send mail at all from cron(8) if MAILTO is set but empty.
• Cleanup in at(1)/cron(8):
  • Check argc before using argv[0] in at(1).
  • Print the right filename for a job in the email.
  • Reset the sockaddr length value every time before accept(2).
• New gpioctl(8) program to go with new gpio(4).
• Have dhclient(8) fall back to user nobody if user _dhcp doesn't exist. Helps with upgrades.
• In getopt(3)/getopt_long(3), don't allow an optional argument if it begins with a '-'.
• Allow cron(8) to accept crontabs with more strict permissions than is the default.
• New General Purpose I/O device gpio(4). Only enabled on i386 for now.
• New '!!<prog>' syntax for syslogd(8), used to force messages from the named program to only go to certain files regardless of the rest of syslog.conf.
• Update file(1)'s magic to that from file version 4.09, with a few local changes and additions.
• Use the old _nointr pool(9) allocator for pf(4) tables.
• Rearrange the pool(9) allocator code so the old allocation method can be used again.
• Use the quirks mechanism to fix wdc(4) hangs on Geode SC1100 devices (PR#3729).
• Implement SCSI-style quirks for wdc(4).
• Use errx(3) instead of err(3) in find(1) when errno isn't set by the error.
• When calling err(3) after a malloc(3) failure, don't specify a message.
• Cleanup in rm(1).
• Support multicast on kue(4).
• Add IPv6 support to uucpd(8).
• Trivial changes (sockaddr_in -> sockaddr_storage) to add IPv6 support to rpc.rquotad(8), rpc.rstatd(8), rpc.rusersd(8), rpc.rwalld(8) and rpc.sprayd(8).
• Mark nullfs memory as M_MISCFSMNT instead of M_UFSMNT.
• Swing hppa to gcc3, and enable shared library support.
• Unbreak xterm(1) jump-scrolling on big-endian 64-bit systems.
• Remove a somewhat useless current-process privilege check in the IPv6 input path. Based on KAME.
• Compatibility fixes for some sk(4) devices (PR#3061). Workaround from FreeBSD.
• Initialise the carp(4) interface structure before use.
• Don't advertise an absurd TCP receive window on 64-bit architectures. From NetBSD.
• Some Single UNIX Specification updates in <limits.h>.
• Better error handling for rm(1)'s -P option. From FreeBSD.
• First cut at a home-grown NTP daemon. Not built by default yet.
• Remove ugly string code in bpf(4), used when no unit number was given to BIOCSETIF.
• Fix a long-standing KAME pasto that was breaking SIOC[DG]LIFADDR.
• Remove a bunch of redundant errno declarations.
• Use generic crc32 code instead of local efforts in many Ethernet devices.
• Sync xl(4) with FreeBSD, bringing in a lot of bug fixes and improvements.
• Check the NTP server clock status returned to rdate(8) and don't use the response if the server thinks its clock is unsynchronised.
• In uvm_map_clean() (called by msync(2) and madvise(2)), only free writable pages, and don't free copy-on-write pages because the permissions aren't known.
  [Applied to stable]
• Only call getprotobynumber(3) from ppp(8) when the logging level is high enough to need the result. From FreeBSD.
• Some Emacs compatibility tweaks to binutils. Use the classic executable start addresses if ld(1) option -Z (disable W^X) is active.
• New privsep user and group _ntp.
• New monitoring daemon hotplugd(8) to go with hotplug(4).
• New hotplug(4) device to pass device attach and detach events up to userland. Available for alpha, amd64, i386, macppc and sparc64, only enabled on i386 for now.
• Use generic CRC code, remove bogus LLADDR use and handle multicast ranges better in nge(4) and sf(4).
• Fix bge(4) multicast reception.
• Add a description field for network interfaces, accessible via ifconfig(8) command 'description' and ioctl(2)s SIOC[GS]IFDESCR.
• Use library CRC32 routines instead of a local implementation in sk(4).
• Fix a memory leak in ccdconfig(8).
• Remove multicast addresses and disable promiscuous mode when destroying a carp(4) interface.
• Make ifconfig(8) up and down commands work as expected for carp(4) devices.
• Create a few more USB devices by default in MAKEDEV(8).
• Clean up scsi(4) sense error logic and display. Based on NetBSD.
• Allow machine-dependent filesystem options to be passed for the root filesystem in src/distrib/miniroot.
• Remove the old package tools (src/usr.sbin/pkg_install) from the tree.
• Have bgpd(8) detect the absence of ipsec(4) and tcpmd5 capabilities at runtime.
• More helpful boot-time display for aac(4).
• Fix a typo in umapfs' unmount(2) implementation.
• Backwards compatibility fixes in the hash functions, unbreaking skey(1) with sha1.
• Make bpf(4) devices clonable.
• Make AFS flock(2)/fcntl(2) locks work on the local system.
• Make accounting optional, with the new config(8) option (wait for it) ACCOUNTING.
• Allow login names longer than eight characters in uucpd(8).
• Fix a memory leak in a pfctl(8) error path.
• When shutting the system down, finalise accounting before the VFS to avoid panics.
• Fix TCP corruption on rl(4) cards.
• Much better rulefile parsing for brconfig(8).
• Pool efficiency improvements:
  • Lower the default high watermark from UINT_MAX to 8 pages.
  • Modify uvm_km_getpage() to take a waitok flag and use it instead of uvm_km_alloc_poolpage1() for both the default and nointr pool allocators.
  • Use the default allocator for the mbuf and mbuf cluster pools.
• Correct a missing freeaddrinfo(3) in ssh(1).
• Fix a NetBSD merge error in the TCP syncache, allowing IPv6 to use it.
• Fix fd leaks in a few isakmpd(8) error paths.
• Call ld.so(1) contructors after setting up the debugger, similar to recent destructor changes.
• In cu(1)/tip(1), if one process dies then kill the other ourselves.
• In rdate(8) NTP mode, send a 64-bit random number as the 'current time' field, which the server copies back in its response. This avoids sending out the current system time, and makes it slightly harder for an attacker to send spoof replies on behalf of the real server.
• Use _exit(2) instead of exit(3) in the sftp(1) child process.
• Include the hostname in syslogd(8) memory-buffered entries.
• Since the per-arch _dl_bcopy() in ld.so(1) is in all cases a simple for loop and not painstakingly optimised assembler, just use a single machine-independent version.
• Allow ld.so(1) _dl_find_symbol() to return a pointer to the container object.
• Handle interface removals gracefully in dhcpd(8), now that poll(2) wakes it up on interface detach.
• Wake up any poll(2)ing process when a bpf(4) descriptor is closed.
• If a bpf(4)-monitored interface is detached, send any buffered packets up to userland.
• Scale the bge(4) timeout value correctly.
• Since ULLONG_MAX+1 == 0 mod ULLONG_MAX+1, let the carp(4) sc_counter wrap around all by itself.
• bktr(4) fixes from NetBSD and FreeBSD.
• Move the addition of atexit destructors right to the end of ld.so(1) setup (after the gdb(1) helper code) so they can be debugged.
• If ld.so(1) is running under ldd(1), exit earlier before a whole bunch of unnecessary setup gets done.
• Check ifp is valid before using it in carp_setroute(), avoiding a panic.
• Helpfully, use the right function names in isakmpd(8) error messages.
• Fix multicast problems with sk(4).
• Don't leak a socket in ndp(8).
• Back out the recent fork1(9) change due to compatibility problems.
• New MaxAuthTries option for sshd_config(5).
• Allow the retval parameter to fork1(9) to be NULL (as the manpage says) without causing a panic.
• strtonum(3)ify pflogd(8).
• Add gscsio(4) and lmtemp(4) I2C drivers.
• Add I2C framework (iic(4), iic(9)) based on that in NetBSD and enable on i386.
• Fix a stat(2)-then-open(2) race in isakmpd(8) when checking the policy file for root-only permissions.
• Let ipsecadm(8) delete tcpmd5 SAs.
• Fix ipsecadm(8) so that ipcomp(4) can be used.
• SECURITY FIX: With the introduction of IPv6 code in xdm(1), one test on the 'requestPort' resource was deleted by accident. This makes xdm create the chooser socket even if XDMCP is disabled in xdm-config, by setting requestPort to 0. See XFree86 bugzilla for details.
  A source code patch is available.
  [Applied to stable]
• Fix a boot-time crasher in ahd(4).
• Add (to i386 and amd64) ehci(4), a USB Enhanced Host Controller Interface driver, for USB 2.0 support.
• Finally implement StackGhost buffer overflow exploit protection on sparc.
• Correct a missing splx(9) in an igmp_joingroup() error path.
• Fix VFS corruption (due to gcc(1)) on i386 by out-of-lining the spl(9) functions.
• Fix size_t != off_t truncation in ahd(4).
• Make vmstat(8)'s disk columns wide enough to show transfer numbers for modern disks without writing into the next column.
• Change the pf(4) anchor path component separator from ':' to '/'. pfctl(8) now requires any anchor spec containing the separator to be in quotes.
• Make /root/.klogin optional in /etc/mtree/special.
• Import and merge gdb(1) version 6.1.
• Support RFC2796 Route Reflection in bgpd(8), removing the need for an IBGP mesh.
• Add support for dynamic network announcements in bgpd(8) and bgpctl(8).
• Don't rely on ifp's validity when setting a floor on the TCP MSS in ip_input.c.
• Allow an ssh(1) user to cancel a port forward (OpenSSH bugzilla #756).
• Do a better job of copying pf(4) relative anchor paths out to userland.
• Use the new DLT_PPP_ETHER datalink type to print pppoe(8) frames in tcpdump(8).
• Use the right buffer size for strlcpy(3) in libreadline.
• Zero the ifreq structure before use when fetching interface info in pfctl(8).
• Fix a missing strdup(3) error check in bgpd(8).
• Start work on adding the ahd(4) Adaptec PCI/PCI-X Ultra320 SCSI driver from FreeBSD.
• Enable the fancy new i386 pagezero code by not resetting it to its old value after setting it up.
• Allow anchors within anchors in pf(4). More work to come.
• Don't recursively call nd6_output() when route allocation fails, just return a host unreachable error.
• SECURITY FIX: A heap overflow in the cvs(1) server has been discovered that can be exploited by clients sending malformed requests. These clients can then run arbitrary code with the same privileges as the CVS server program.
  A source code patch is available.
  [Applied to stable]
• Allow symbolic service- and protocol names in isakmpd(8), so e.g. "Protocol=tcp" now works.
• SECURITY FIX: A flaw in the Kerberos V kdc(8) server could result in the administrator of a Kerberos realm having the ability to impersonate any principal in any other realm which has established a cross-realm trust with their realm. The flaw is due to inadequate checking of the "transited" field in a Kerberos request. For more details see Heimdal's announcement.
  A source code patch is available.
  [Applied to stable]
• Add word boundary tests to the regexes that find @-commands in pkg_add(1) etc. packing lists.
• Fix SIGINT handling in sftp(1).
• Upgrade file(1) to version 4.09.
• Updates to aic79xx code from FreeBSD in preparation for the upcoming ahd(4) driver.
• Stop some fxp(4) devices creating PCI errors in 10Mbps mode by disabling 'dynamic standby mode' in the EEPROM. From NetBSD.
• Handle CRC errors in fxp(4).
• Fix a ssize_t != int overflow in rdate(8)'s NTP code.
• Generate /etc/ttys(5) entries for all available pty(4) devices, now that more are available.
• Fix a missing initialisation in ISA ie(4).
• Remove trailer encapsulation support from ifconfig(8).
• Fix a reference counting bug in pf(4) DIOCCHANGERULE.
• Fix a buffer overrun in ip_output() (FreeBSD PR#66386).
• Don't leak a mount structure when handling mount errors in nullfs.
• ANSIfy src/libc/gen/*.
• Merge new binutils, fix local differences, and enable on arm.
• Import GNU binutils 2.14, minus testsuites, infodocs and I18N files.
• Bump the default data size to 75MB from 64MB, so that XF4 can be built on amd64 with the imminent binutils upgrade without changing login.conf(5).
• Teach file(1) about the b.out (i960) binary format. From NetBSD.
• In pfsync(4), make sure the return code gets initialised (pfsync_request_update()).
• Add basic COMMUNITIES attribute support in bgpd(8)'s filter language.
• Update libiberty's floatformat.[ch] to those from gdb(1) 6.1.
• Use arc