www/plus36.html

<!doctype html>
<html lang=en id=plus>
<meta charset=utf-8>
<title>OpenBSD 3.6 Changelog</title>
<meta name="description" content="OpenBSD 3.6 changes">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="openbsd.css">
<link rel="canonical" href="https://www.openbsd.org/plus36.html">
<style>
a[href="stable.html"] {
	color: var(--green);
}

strong {
	color: var(--red);
}

h3 {
	color: var(--blue);
}

p strong {
	font-weight: normal;
}
</style>

<h2 id=OpenBSD>
<a href="index.html">
<i>Open</i><b>BSD</b></a>
3.6 Changelog
</h2>
<hr>

<p>
This is a partial list of the major machine-independent changes
(i.e., these are the changes people ask about most often).  Machine
specific changes have also been made, and are sometimes mentioned
in the pages for the specific <a href="plat.html">platforms</a>.

<p>
Note: <strong>Problems for which patches exist are marked in red</strong>.

<p>
For changes in other releases, click below:<br>
<a href="plus20.html">2.0</a>,
<a href="plus21.html">2.1</a>,
<a href="plus22.html">2.2</a>,
<a href="plus23.html">2.3</a>,
<a href="plus24.html">2.4</a>,
<a href="plus25.html">2.5</a>,
<a href="plus26.html">2.6</a>,
<a href="plus27.html">2.7</a>,
<a href="plus28.html">2.8</a>,
<a href="plus29.html">2.9</a>,
<a href="plus30.html">3.0</a>,
<a href="plus31.html">3.1</a>,
<a href="plus32.html">3.2</a>,
<a href="plus33.html">3.3</a>,
<a href="plus34.html">3.4</a>,
<a href="plus35.html">3.5</a>,
<a href="plus37.html">3.7</a>,
<br>
<a href="plus38.html">3.8</a>,
<a href="plus39.html">3.9</a>,
<a href="plus40.html">4.0</a>,
<a href="plus41.html">4.1</a>,
<a href="plus42.html">4.2</a>,
<a href="plus43.html">4.3</a>,
<a href="plus44.html">4.4</a>,
<a href="plus45.html">4.5</a>,
<a href="plus46.html">4.6</a>,
<a href="plus47.html">4.7</a>,
<a href="plus48.html">4.8</a>,
<a href="plus49.html">4.9</a>,
<a href="plus50.html">5.0</a>,
<a href="plus51.html">5.1</a>,
<a href="plus52.html">5.2</a>,
<a href="plus53.html">5.3</a>,
<a href="plus54.html">5.4</a>,
<br>
<a href="plus55.html">5.5</a>,
<a href="plus56.html">5.6</a>,
<a href="plus57.html">5.7</a>,
<a href="plus58.html">5.8</a>,
<a href="plus59.html">5.9</a>,
<a href="plus60.html">6.0</a>,
<a href="plus61.html">6.1</a>,
<a href="plus62.html">6.2</a>,
<a href="plus63.html">6.3</a>,
<a href="plus64.html">6.4</a>,
<a href="plus65.html">6.5</a>,
<a href="plus66.html">6.6</a>,
<a href="plus67.html">6.7</a>,
<a href="plus68.html">6.8</a>,
<a href="plus69.html">6.9</a>,
<a href="plus70.html">7.0</a>,
<a href="plus71.html">7.1</a>,
<br>
<a href="plus72.html">7.2</a>,
<a href="plus73.html">7.3</a>,
<a href="plus.html">current</a>.
<br>

<p>
<h3>Changes made between OpenBSD 3.5 and 3.6</h3>
<p>

<ul>
<li>Fix <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a>'s <a href="https://man.openbsd.org/bpf.4">bpf(4)</a> attachment on <a href="https://man.openbsd.org/atw.4">atw(4)</a> devices.
<!-- ^ 20040912 -->
<li><strong>SECURITY FIX: Eilko Bos reported that radius authentication, as implemented by login_radius(8), was not checking the shared secret used for replies sent by the radius server.</strong> This could allow an attacker to spoof a reply granting access to the attacker. Note that OpenBSD does not ship with radius authentication enabled.<br>
    <a href="errata36.html#radius">A source code patch is available</a>.<br>
    <a href="stable.html">[Applied to stable]</a>
<!-- ^ 20040911 -->
<li>Bail out of <a href="https://man.openbsd.org/newfs.8">newfs(8)</a> on errors when making very small filesystems.
<!-- ^ 20040910 -->
<li>Move MIPS to 64-bit.
<li>Fix <a href="https://man.openbsd.org/copyout.9">copyout(9)</a> of <a href="https://man.openbsd.org/pf.4">pf(4)</a> anchors with relative paths and wildcards.
<li>Track the peer count correctly in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> and <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a>, fixing memory corruption in both.
<li>Fix a null dereference in <a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a>.
<li>Just print the raw IP protocol number in <a href="https://man.openbsd.org/netstat.1">netstat(1)</a> instead of fetching the protocol name.
<!-- ^ 20040909 -->
<li>Stop <a href="https://man.openbsd.org/routed.8">routed(8)</a> fiddling with routes controlled by <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>.
<li><strong>SECURITY FIX: <a href="https://man.openbsd.org/httpd.8">httpd(8)</a>'s mod_rewrite module can be made to write one zero byte in an arbitrary memory position outside of a char array,</strong> causing a DoS or possibly buffer overflows. This would require enabling dbm for mod_rewrite and making use of a malicious dbm file.<br>
    <a href="errata36.html#httpd2">A source code patch is available</a>.<br>
    <a href="stable.html">[Applied to stable]</a>
<li>Stop <a href="https://man.openbsd.org/telnetd.8">telnetd(8)</a> closing the slave fd from <a href="https://man.openbsd.org/openpty.3">openpty(3)</a> and then reopening it.
<!-- ^ 20040908 -->
<li>Set a cleanup handler for HUP as well as INT, TERM and WINCH on the <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> multiplex control socket.
<li>Stop <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a> dying on <a href="https://man.openbsd.org/sendmsg.2">sendmsg(2)</a> failures.
<li>Unbreak <a href="https://man.openbsd.org/route.8">route(8)</a>'s -netmask option.
<li>Fix a bad cast from mode_t to short in <a href="https://man.openbsd.org/ar.1">ar(1)</a>.
<!-- ^ 20040907 -->
<li>Check for interrupted waits in <a href="https://man.openbsd.org/inetd.8">inetd(8)</a>, fixing late reaping of zombie processes and other ignored signals.
<!-- ^ 20040906 -->
<!-- ^ 20040905 -->
<!-- ^ 20040904 -->
<li>Don't busy-wait on ENOBUFS in <a href="https://man.openbsd.org/pppoe.8">pppoe(8)</a>.
<!-- ^ 20040903 -->
<li>Stop the mixer resetting <a href="https://man.openbsd.org/emu.4">emu(4)</a>'s volume to very very loud.
<!-- ^ 20040902 -->
<li>Make sure kernfs_xread() isn't called with a negative offset.
<li><strong>SECURITY FIX: Chris Evans reported several flaws (stack and integer overflows) in the Xpm library code that parses image files (CAN-2004-0687, CAN-2004-0688).</strong> Some of these would be exploitable when parsing malicious image files in an application that handles XPM images, if they could escape ProPolice.<br>
    <a href="errata36.html#xpm">A source code patch is available</a>.<br>
    <a href="stable.html">[Applied to stable]</a>
<!-- ^ 20040901 -->
<li>Stop non-MASTER <a href="https://man.openbsd.org/carp.4">carp(4)</a> hosts replying to ARP requests, as this upsets some layer 3 switches.
<!-- ^ 20040831 -->
<li>Stop <a href="https://man.openbsd.org/login.1">login(1)</a> treating the 'bar' in username foo.bar as a Kerberos instance, that's a krb4 syntax we no longer use.
<li>Fix fd passing problems with S/Key on sparc*.
<li>Don't do DNS lookups when reading <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a>'s config, save them for later.
<li>In <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a>, don't log transient network errors from <a href="https://man.openbsd.org/sendto.2">sendto(2)</a>.
<li>Fix <a href="https://man.openbsd.org/pfsync.4">pfsync(4)</a>'s handling of adaptive timeouts.
<li>Enforce minimum lease time of 60 seconds in <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>, to stop bogus 0s leases from the server causing the client to spin.
<li>Fix oversized copies that were causing memory faults in <a href="https://man.openbsd.org/usb.4">usb(4)</a>.
<!-- ^ 20040830 -->
<!-- ^ 20040829 -->
<li>Don't close stdin in <a href="https://man.openbsd.org/sshd.8">sshd(8)</a> unless we're reexec'ing.
<!-- ^ 20040828 -->
<li>Make sure <a href="https://man.openbsd.org/pkg_create.1">pkg_create(1)</a> keeps track of the current working directory.
<!-- ^ 20040827 -->
<li><strong>RELIABILITY FIX: Due to incorrect error handling in zlib an attacker could potentially cause a denial of service attack (CAN-2004-0797).</strong><br>
    <a href="errata36.html#libz">A source code patch is available</a>.<br>
    <a href="stable.html">[Applied to stable]</a>
<!-- ^ 20040826 -->
<li>Have /etc/<a href="https://man.openbsd.org/security.8">security(8)</a> store a copy of the disklabel and report any changes.
<!-- ^ 20040825 -->
<li>Only allow SIOCGET{VIF,SG}CNT from the multicast router socket (PR#3825).
<li>Document the fact that collisions have been found for MD4, MD5 and ripemd.
<li>Don't make <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a> explode when <a href="https://man.openbsd.org/getaddrinfo.3">getaddrinfo(3)</a> returns EAI_NONAME.
<li>Base the value of uvm_km_pages_lowat on the amount of physical memory.
<li>Back out the IPv6 prefix len 'fix', the old code was right.
<!-- ^ 20040824 -->
<li>Make <a href="https://man.openbsd.org/xargs.1">xargs(1)</a>' behaviour match the manpage when the utility can't be executed.
<li>Fix <a href="https://man.openbsd.org/fgetln.3">fgetln(3)</a> and <a href="https://man.openbsd.org/realloc.3">realloc(3)</a> handling in libedit.
<li>Do the '%s' replacement for <a href="https://man.openbsd.org/less.1">less(1)</a>'s LESSOPEN and LESSCLOSE environment variables ourselves instead of using <a href="https://man.openbsd.org/snprintf.3">snprintf(3)</a>.
<li>Don't send a SIGINT or SIGTERM to the entire process group when received by the shell unless the shell is the process group leader (PR#3820).
<li>In <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a>, fix the test for whether a newly-created SA replaces an old one.
<li>Enable Dead Peer Detection in <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a> by default.
<li>Don't overwrite the raw IPv6 checksum field in a shared mbuf.
<!-- ^ 20040823 -->
<li>Fix high interrupt load in <a href="https://man.openbsd.org/ste.4">ste(4)</a>.
<!-- ^ 20040822 -->
<li>Remove the need for <a href="https://man.openbsd.org/isakmpd.policy.5">isakmpd.policy(5)</a> file when starting <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a> from <a href="https://man.openbsd.org/rc.8">rc(8)</a>.
<li>Fix the IPv6 prefix length sanity checks in in6_are_prefix_equal().
<!-- ^ 20040821 -->
<li>3.6-beta -&gt; 3.6.
<li>Add a new control message to <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> that allows a session to be downed and restarted, accessible with the <a href="https://man.openbsd.org/bgpctl.8">bgpctl(8)</a> command 'clear'.
<li>Unbreak parsing of multiple -o options to <a href="https://man.openbsd.org/mount_nfs.8">mount_nfs(8)</a>.
<!-- ^ 20040820 -->
<li>Stop <a href="https://man.openbsd.org/bge.4">bge(4)</a>, <a href="https://man.openbsd.org/sk.4">sk(4)</a> and <a href="https://man.openbsd.org/ti.4">ti(4)</a> complaining about a lack of jumbo frame buffers for inbound frames, unless debugging is on.
<li>On nexthop reachability status changes always notify the <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> RDE, not just when the nexthop was previously unavailable.
<!-- ^ 20040819 -->
<li>Don't send bad IP packets via <a href="https://man.openbsd.org/bpf.4">bpf(4)</a> when monitoring a <a href="https://man.openbsd.org/gre.4">gre(4)</a> interface (PR#3852).
<!-- ^ 20040818 -->
<li>Fix descriptor passing in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>.
<li>Stop networks disappearing on <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> reload by always updating the prefix timestamp.
<li>Remove a null deref in <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a>.
<li>Implement the SMTP 'QUIT' command in <a href="https://man.openbsd.org/spamd.8">spamd(8)</a>.
<li>Fix an out-of-bounds read in <a href="https://man.openbsd.org/makeinfo.1">makeinfo(1)</a>.
<!-- ^ 20040817 -->
<li>Remove ip6.int from the <a href="https://man.openbsd.org/named.8">named(8)</a> example config files.
<li>Bump OpenSSH to version 3.9.
<li>Put in a temporary fix for <a href="https://man.openbsd.org/wi.4">wi(4)</a> cards with station firmware &lt; 1.8. Real fix after the 3.6 release.
<!-- ^ 20040816 -->
<li>Remove <a href="https://man.openbsd.org/spamd.8">spamd(8)</a> greylist entries the second they expire.
<li>Back out the recent <a href="https://man.openbsd.org/pf.4">pf(4)</a>-skips-downed-interfaces change, it breaks IPv6.
<!-- ^ 20040815 -->
<li>Add an example <a href="https://man.openbsd.org/sendmail.8">sendmail(8)</a> /etc/mail/genericstable.
<li>When <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a>'s -K switch is active, check the peer's proposal against <a href="https://man.openbsd.org/isakmpd.conf.5">isakmpd.conf(5)</a>.
<li>Map the whole ld.so hints file for a.out in one <a href="https://man.openbsd.org/mmap.2">mmap(2)</a>, as was done for ELF.
<!-- ^ 20040814 -->
<li>Fix auto request sense handling in <a href="https://man.openbsd.org/ahc.4">ahc(4)</a> and <a href="https://man.openbsd.org/ahd.4">ahd(4)</a>.
<li>Stop a coredump in lib<a href="https://man.openbsd.org/regex.3">regex(3)</a>.
<li>Fix a busy-wait on transmit failure in <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a>.
<li>Add an extra check for a NULL message in the privsep code for <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a>, <a href="https://man.openbsd.org/named.8">named(8)</a>, <a href="https://man.openbsd.org/pflogd.8">pflogd(8)</a>, <a href="https://man.openbsd.org/sshd.8">sshd(8)</a>, <a href="https://man.openbsd.org/syslogd.8">syslogd(8)</a>, <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> and the X server.
<!-- ^ 20040813 -->
<li>Finally fix <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a> problems with DNS non-availability at startup.
<li>Fix a bad dereference in <a href="https://man.openbsd.org/gcc.1">gcc(1)</a>.
<li>In <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>, ignore RFC2545 and don't allow IPv6 link-local addresses to be a next hop.
<li>Stop a core dump in <a href="https://man.openbsd.org/newfs.8">newfs(8)</a> by checking the block size against MAXBSIZE.
<li>Validate the superblock size recorded in the superblock, to prevent a panic.
<!-- ^ 20040812 -->
<li>Use atomicio instead of a few pieces of homegrown code in <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>.
<li>Some signedness cleanups in <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>.
<li>Add <a href="https://man.openbsd.org/dladdr.3">dladdr(3)</a> support to the dynamic loader, and extend <a href="https://man.openbsd.org/dlsym.3">dlsym(3)</a> to match 'standards'.
<li>Plug a memory leak in <a href="https://man.openbsd.org/kvm_close.3">kvm_close(3)</a>.
<li>Fix <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> MRT dumps from cloned sessions.
<li>With -q in effect, stop <a href="https://man.openbsd.org/grep.1">grep(1)</a> searching as soon as a match is found.
<li>Skip over non-UP interfaces in <a href="https://man.openbsd.org/pf.4">pf(4)</a>, fixing some problems with <a href="https://man.openbsd.org/pppd.8">pppd(8)</a>.
<li>Fix a missing <a href="https://man.openbsd.org/lseek.2">lseek(2)</a> error check in <a href="https://man.openbsd.org/sshd.8">sshd(8)</a>.
<li>Only close a pipe if it's open in <a href="https://man.openbsd.org/sshd.8">sshd(8)</a>.
<li>Fix a minor memory leak in <a href="https://man.openbsd.org/sshd.8">sshd(8)</a>.
<li>Surround <a href="https://man.openbsd.org/pkg_delete.1">pkg_delete(1)</a>'s main loop with an eval{} block, so that <a href="https://man.openbsd.org/ldconfig.8">ldconfig(8)</a>, directory removal, manpage and font directory processing always occur.
<li>Back out the <a href="https://man.openbsd.org/mmap.2">mmap(2)</a>-based <a href="https://man.openbsd.org/malloc.3">malloc(3)</a> for now, some architectures aren't working right yet.
<li>A stack of <a href="https://man.openbsd.org/ohci.4">ohci(4)</a> fixes from NetBSD.
<!-- ^ 20040811 -->
<li><strong>RELIABILITY FIX: Improved verification of ICMP errors in order to minimize the impact of ICMP attacks against TCP.</strong><br>
    <a href="errata36.html#icmp">A source code patch is available</a>.<br>
    <a href="stable.html">[Applied to stable]</a>
<li>Show the difference between the expected and received IP checksum in <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a>.
<li>Now that <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> decodes the IP fragment returned in an ICMP error message, allow the TCP parser to print the source and destination ports from incomplete TCP headers.
<li>When <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> receives an ICMP error and -vv is in effect, also dump the IP packet embedded in the error message. Based on tcpdump.org.
<li>Fix a bad sizeof in <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a>.
<li>Implement better RFC 3706 Dead Peer Detection in <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a>.
<li>Fix the MED setting in outgoing <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> updates.
<li>In <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a>, handle DNS lookup failures properly in the case of server pools.
<li>Have <a href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a>'s @mandir and @fontdir keywords do the right thing on package delete, and have @fontdir do the necessary font processing.
<li>Fix a dynamic group-related panic in <a href="https://man.openbsd.org/pf.4">pf(4)</a>.
<!-- ^ 20040810 -->
<li>Support the setenv capability in <a href="https://man.openbsd.org/login.conf.5">login.conf(5)</a> like in NetBSD, including '~' and '$' macro expansion for the homedir and username respectively.
<li>Import and merge Perl 5.8.5 from CPAN. Crank libperl's major number.
<li>3.5-current -&gt; 3.6-beta.
<li>Stability and performance fixes to <a href="https://man.openbsd.org/ste.4">ste(4)</a> from FreeBSD.
<li>Fix an out-of-bounds write in libafs, caught by the <a href="https://man.openbsd.org/mmap.2">mmap(2)</a>-based <a href="https://man.openbsd.org/malloc.3">malloc(3)</a>.
<!-- ^ 20040809 -->
<li>Fix a missing initialisation of the route info structure in the kernel and stop a panic.
<li>Stop doing unnecessary PHY resets on <a href="https://man.openbsd.org/hme.4">hme(4)</a>.
<li>Remove the need for -w when setting values in <a href="https://man.openbsd.org/radioctl.1">radioctl(1)</a>.
<li>Fix <a href="https://man.openbsd.org/iostat.8">iostat(8)</a>'s average KB per transfer calculation.
<!-- ^ 20040808 -->
<li>Do a <a href="https://man.openbsd.org/chroot.2">chroot(2)</a> before running <a href="https://man.openbsd.org/ldconfig.8">ldconfig(8)</a> when DESTDIR is set in <a href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a>.
<li>Add IPv6 router solicitation and router advertisement ICMP messages to the default <a href="https://man.openbsd.org/pf.4">pf(4)</a> filter loaded in <a href="https://man.openbsd.org/rc.8">rc(8)</a>.
<!-- ^ 20040807 -->
<li>Initial work on SGI MIPS64 support.
<li>Only close the stream passed to <a href="https://man.openbsd.org/pclose.3">pclose(3)</a> if it was opened by <a href="https://man.openbsd.org/popen.3">popen(3)</a>.
<li>In <a href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a>, invoke the OpenBSD::Makewhatis module directly insteading of forking <a href="https://man.openbsd.org/makewhatis.8">makewhatis(8)</a>.
<li>Reorganise <a href="https://man.openbsd.org/makewhatis.8">makewhatis(8)</a> to avoid using unnecessary code, and allow invocation as a <a href="https://man.openbsd.org/perl.1">perl(1)</a> module.
<li>Big update to <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>, moving towards IPv6 support.
<li>New @lib marker in <a href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a> packing lists, that lets the tools know when to run <a href="https://man.openbsd.org/ldconfig.8">ldconfig(8)</a>.
<li>Many more <a href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a> fixes and improvements.
<!-- ^ 20040806 -->
<li>Refactor <a href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a> etc. packing list code.
<li>Now that <a href="https://man.openbsd.org/malloc.3">malloc(3)</a> uses <a href="https://man.openbsd.org/mmap.2">mmap(2)</a> instead of <a href="https://man.openbsd.org/sbrk.2">sbrk(2)</a>, remove the rlimit check from the userland code and let the kernel do it.
<li>Use the new fd-passing functionality in <a href="https://man.openbsd.org/auth_subr.3">BSD_AUTH(3)</a> to implement record locking for S/Key logins.
<li>Stop trying to change the cwd of processes after a forced unmount.
<!-- ^ 20050805 -->
<li>Don't send signals from hardclock to prevent SMP problems in the near future.
<li>Add interrupt coalescing support to <a href="https://man.openbsd.org/fxp.4">fxp(4)</a>
<li>Fix jumbo frames support in <a href="https://man.openbsd.org/sk.4">sk(4)</a>.
<li>In <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>, return DH group 14 when /etc/moduli is empty, fixing a hang.
<!-- ^ 20040804 -->
<li>Allow a file descriptor to be passed on the <a href="https://man.openbsd.org/auth_subr.3">BSD_AUTH(3)</a> back channel, to be used for stateful login scripts.
<li>Do a check for minval&gt;maxval in <a href="https://man.openbsd.org/strtonum.3">strtonum(3)</a>
<li>Change the minval and maxval parameters to <a href="https://man.openbsd.org/strtonum.3">strtonum(3)</a> from unsigned to signed long long, simplifying the code.
<li>Allow an autonegotiation to be forced at <a href="https://man.openbsd.org/mii.4">mii(4)</a> attach time.
<li>Don't crash the kernel in autoconf when matching an indirect device with verbose mode switched on.
<li>Allow NFS commits to be coalesced instead of always sending a commit for each block.
<li>MRT dump compatibility fixes for <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>.
<li>Add route label support to <a href="https://man.openbsd.org/route.8">route(8)</a> via the -label keyword.
<li>Introduce 'route labels', allowing up to 32 bytes of information to be attached to a route.
<li>Fix reference counting bugs in <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a>, avoiding leaks.
<li>Make disk geometry parameters in <a href="https://man.openbsd.org/i386/fdisk.8">fdisk(8/i386)</a> unsigned values to avoid some signedness problems.
<li>Don't trim device major and minor numbers to 8 bits when accessing device nodes over NFS.
<li>Allow <a href="https://man.openbsd.org/pfsync.4">pfsync(4)</a> to use a unicast sync peer, via the new 'syncpeer' keyword to <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>. This lets pfsync operate over IPsec.
<li>Show if locking is present in <a href="https://man.openbsd.org/pstat.8">pstat(8)</a> -f output.
<li>Add <a href="https://man.openbsd.org/fxp.4">fxp(4)</a> microcode for interrupt coalescing. From Intel via FreeBSD.
<li>Have <a href="https://man.openbsd.org/lint.1">lint(1)</a> allow more integer types in bitfields.
<!-- ^ 20040803 -->
<li>Set initial latency and cacheline size for <a href="https://man.openbsd.org/cardbus.4">cardbus(4)</a> devices.
<li>Out-of-line some functions in <a href="https://man.openbsd.org/isp.4">isp(4)</a> to shrink the kernel a bit.
<li>In <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a> don't expire phase 2 SAs that are not yet established on receipt of a SIGHUP.
<li>Fix <a href="https://man.openbsd.org/pcmcia.4">pcmcia(4)</a> crashes (PR#3732, PR#3881). More work required.
<li>New @man element for packing lists.
<li>If LK_NOWAIT is passed to <a href="https://man.openbsd.org/vget.9">vget(9)</a>, return EBUSY if the vnode is <a href="https://man.openbsd.org/lock.9">lock(9)</a>ed.
<!-- ^ 20040802 -->
<li>Rewind the tape less often when repositioning an <a href="https://man.openbsd.org/st.4">st(4)</a> device.
<li>New <a href="https://man.openbsd.org/malloc.3">malloc(3)</a> implementation using <a href="https://man.openbsd.org/mmap.2">mmap(2)</a> instead of <a href="https://man.openbsd.org/sbrk.2">sbrk(2)</a>. This means that malloc now gets all the benefits of mmap's randomisation feature.
<li>Deal with upward-growing stacks when checking for the end of the stackgap in sys/compat/common.
<li>Major updates to <a href="https://man.openbsd.org/ahc.4">ahc(4)</a>. From FreeBSD.
<!-- ^ 20040801 -->
<li>Kill GATEWAY and IPFORWARDING <a href="https://man.openbsd.org/config.8">config(8)</a> options, since their functionality has long been available from <a href="https://man.openbsd.org/sysctl.8">sysctl(8)</a>.
<li>Have <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> correctly use port information supplied by the client (if available) when UseCanonicalName is off.
<!-- ^ 20040731 -->
<li>New <a href="https://man.openbsd.org/bgpd.conf.5">bgpd.conf(5)</a> announce type "default-route", which will only announce the default route to a specified neighbour.
<li>Drain <a href="https://man.openbsd.org/hotplug.4">hotplug(4)</a>'s event queue on close, fixing a hang on shutdown (PR#3874).
<li>Fix <a href="https://man.openbsd.org/siop.4">siop(4)</a> probe problems on hppa.
<li>Call /bin/ksh instead of /bin/sh in the installer scripts, since the <a href="https://man.openbsd.org/ksh.1">ksh(1)</a> mannerisms will be disabled when invoked as <a href="https://man.openbsd.org/sh.1">sh(1)</a> soon.
<!-- ^ 20040730 -->
<li>Fix a missing initialisation when processing an RDE update in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>.
<li>Helpfully, don't truncate the lease file to zero length on <a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a> startup.
<li>Keep a unique ID for each server <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a> talks to.
<li>Display IKE Dead Peer Detection notifications in <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a>.
<li>Fix the conditions under which <a href="https://man.openbsd.org/pool_put.9">pool_put(9)</a> frees a page.
<li>Fix NAT-T Aggressive Mode by putting NAT-D checks in the right place.
<li>Don't set the output filename in <a href="https://man.openbsd.org/compress.1">compress(1)</a> when in -t mode, avoiding an error which the input filename doesn't end in '.gz'.
<li>Drop ip6.int query support for IPv6 reverse lookups with <a href="https://man.openbsd.org/gethostbyaddr.3">gethostbyaddr(3)</a>.
<!-- ^ 20040729 -->
<li>Use <a href="https://man.openbsd.org/SHA1Pad.3">SHA1Pad(3)</a> in libskey, instead of relying on undocumented behaviour from <a href="https://man.openbsd.org/SHA1Final.3">SHA1Final(3)</a>.
<li>Add new timekeeping code, MI-only for now and not yet enabled anywhere.
<li>In <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>, prefer the path with the lowest MED value, not the highest.
<li>Have <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> retry failed DNS lookups from the config file every sixty seconds.
<li>Set the default localpreference in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> to 100 instead of 0.
<li>Fix a leak when passing a file descriptor between processes.
<li>Support lists-within-lists for the AS and prefix in <a href="https://man.openbsd.org/bgpd.conf.5">bgpd.conf(5)</a>.
<li>Support list expansion for the AS in <a href="https://man.openbsd.org/bgpd.conf.5">bgpd.conf(5)</a>.
<li>In <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a>, only print TCP sequence numbers for SYN, FIN or RST packets if -vv is in effect.
<li>Use <a href="https://man.openbsd.org/pool.9">pool(9)</a>s instead of R_Malloc() for rtentry and rttimer structs. Adapted from NetBSD.
<li>Have <a href="https://man.openbsd.org/inetd.8">inetd(8)</a> set the user and group on UNIX domain sockets.
<li>Add -ttttt option (timestamp difference since the first packet) to <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a>.
<li>In <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>, call <a href="https://man.openbsd.org/setsid.2">setsid(2)</a> before doing re-exec.
<!-- ^ 20040728 -->
<li>Support pf-style macro expansion for the peer spec and prefix in <a href="https://man.openbsd.org/bgpd.conf.5">bgpd.conf(5)</a>.
<!-- ^ 20040727 -->
<li>Backport from Apache 2.0 a fix for a mod_usertrack coredump in <a href="https://man.openbsd.org/httpd.8">httpd(8)</a>.
<!-- ^ 20040726 -->
<li>Some <a href="https://man.openbsd.org/atw.4">atw(4)</a> fixes from NetBSD.
<!-- ^ 20040725 -->
<li>Fix IP header alignment in <a href="https://man.openbsd.org/an.4">an(4)</a>.
<!-- ^ 20040724 -->
<li>Fix a use-after-<a href="https://man.openbsd.org/free.3">free(3)</a> in <a href="https://man.openbsd.org/gprof.1">gprof(1)</a>.
<!-- ^ 20040723 -->
<li>Add in a missing NULL check in DIOCCHANGERULE, preventing a rare crash.<br>
    <a href="stable.html">[Applied to stable]</a>
<li>Use 'directory/' instead of '@dir directory' in packing lists.
<li>Ignore <a href="https://man.openbsd.org/utime.3">utime(3)</a> failure in <a href="https://man.openbsd.org/cron.8">cron(8)</a> poke_daemon(), it doesn't matter any more since tickling the socket is enough.
<li>Use mutex instead of SIMPLELOCK around the kernel's deadproc list.
<li>Don't allow m_dup1() to return an mbuf chain when it should return a single mbuf.
<li>Start work on removing the size limit from the <a href="https://man.openbsd.org/mg.1">mg(1)</a> minibuffer.
<!-- ^ 20040722 -->
<li>Fix a problem with X on 64-bit architectures that was causing some <a href="https://man.openbsd.org/wsmouse.4">wsmouse(4)</a> input events to be lost.
<li>Don't clobber an existing /etc/fonts/local.conf in XF4 make install.
<li><a href="https://man.openbsd.org/kqueue.2">kqueue(2)</a> support for NFS, adapted from NetBSD.
<li>Use <a href="https://man.openbsd.org/fseek.3">fseek(3)</a> instead of <a href="https://man.openbsd.org/fseeko.3">fseeko(3)</a> in <a href="https://man.openbsd.org/hexdump.1">hexdump(1)</a>, since the argument being used is an off_t.
<li>Don't mess up the internal state of a <a href="https://man.openbsd.org/pipe.2">pipe(2)</a> when pipelock() fails, just return with an error.
<li>Fix an unnecessary fatal() in <a href="https://man.openbsd.org/sshd.8">sshd(8)</a> when the remote dies quickly.
<li>Don't display invalid usernames using <a href="https://man.openbsd.org/setproctitle.3">setproctitle(3)</a> in <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> (OpenSSH bugzilla #899).
<li>Fix a multiple-free in <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a>.
<li>More <a href="https://man.openbsd.org/umass.4">umass(4)</a> fixes from NetBSD.
<li>Fix CPU speed-related sound slowdown in <a href="https://man.openbsd.org/auich.4">auich(4)</a> (PR#3814).
<li>More pointless inline removal in the kernel.
<li>Implement outgoing interrupt pipes (part of the USB 1.1 spec) in <a href="https://man.openbsd.org/usb.4">usb(4)</a>. From FreeBSD.
<!-- ^ 20040721 -->
<li>Disable the XFree86 module loader on powerpc, ahead of upcoming malloc() changes.
<li>Strip the strcpy() and strcat() builtins from GCC 3 (as was done for GCC 2) to make them easier to spot and eradicate.
<li>New <a href="https://man.openbsd.org/cdce.4">cdce(4)</a> driver supporting USB CDC Ethernet devices.
<li>Use mutexes in a few places where SIMPLELOCK was used before.
<li>Add i386 and AMD machine-dependent mutex implementations.
<li>Introduce mutex support to the kernel. Not optimally efficient, and not MP-safe.
<li>New @info keywork to <a href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a> etc., supporting GNU info documents.
<li>Reintroduce standalone <a href="https://man.openbsd.org/popa3d.8">popa3d(8)</a> after fixes and more testing.
<li>Stop <a href="https://man.openbsd.org/wicontrol.8">wicontrol(8)</a> displaying garbage when run against a nonexistent interface.
<li>Make <a href="https://man.openbsd.org/gprof.1">gprof(1)</a> work properly on 64-bit architectures where the text is above 4GB.
<!-- ^ 20040720 -->
<li>Display correct labels in the output from <a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a> -st.
<li>Fix an <a href="https://man.openbsd.org/atw.4">atw(4)</a> panic on detach.
<li>Correct <a href="https://man.openbsd.org/mg.1">mg(1)</a>'s error checks for <a href="https://man.openbsd.org/strtonum.3">strtonum(3)</a>.
<li>Start work on a tutorial for the <a href="https://man.openbsd.org/make.1">make(1)</a> we have, not PMake.
<li><a href="https://man.openbsd.org/strtonum.3">strtonum(3)</a>ify <a href="https://man.openbsd.org/id.1">id(1)</a>.
<li>Fix a signal race in <a href="https://man.openbsd.org/make.1">make(1)</a>.
<!-- ^ 20040719 -->
<li>Fix a leak in <a href="https://man.openbsd.org/getrrsetbyname.3">getrrsetbyname(3)</a>.
<li>Don't let <a href="https://man.openbsd.org/xterm.1">xterm(1)</a> crash when selecting text.
<li>React more rationally in <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a> to (possibly) transient network errors from <a href="https://man.openbsd.org/recvfrom.2">recvfrom(2)</a>.
<li>More improvements to <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a>'s query interval scaling.
<li>Return EINVAL if a negative offset is passed to <a href="https://man.openbsd.org/ftruncate.2">ftruncate(2)</a>.
<li>Don't check for the non-existent md5 of an '@link' in <a href="https://man.openbsd.org/pkg_delete.1">pkg_delete(1)</a>.
<li>Add bsd.rd to the list of filesets installed by default.
<li>For NFS and URL installs, assume the network is already set up the way the user wants it.
<!-- ^ 20040718 -->
<li>Back out standalone support from <a href="https://man.openbsd.org/popa3d.8">popa3d(8)</a>.
<li>Remove K&amp;R support from libc/sys/makelintstub.sh.
<li>Fix a use-after-<a href="https://man.openbsd.org/free.3">free(3)</a> in <a href="https://man.openbsd.org/amd.8">amd(8)</a>'s AFS code.
<li>Fix missing <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> lastlog messages under certain circumstances (OpenSSH bugzilla #463).
<li>Add an stty command to the <a href="https://man.openbsd.org/i386/boot.conf.8">boot.conf(8/i386)</a> to set the serial console speed.
<li>Deal gracefully with a null sub-timezone in the installer.
<li>Unbreak the <a href="https://man.openbsd.org/pf.4">pf(4)</a> normaliser's use of the timestamp as an extension to the sequence number.
<!-- ^ 20040717 -->
<li>Add a ruleset optimiser to <a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a> (new -o and -oo options).
<li>In <a href="https://man.openbsd.org/strtonum.3">strtonum(3)</a>, add a test of the lower bound when the upper bound is greater than LLONG_MAX.
<li>Updates to the <a href="https://man.openbsd.org/san.4">san(4)</a> driver.
<li>Kill <a href="https://man.openbsd.org/ksh.1">ksh(1)</a> history functions on non-interactive shells. Based on NetBSD.
<li>Back out a TCP change that left the ends of a newly-ESTABLISHED connection with asymmetric congestion windows.
<!-- ^ 20040716 -->
<li>Unbreak antenna diversity setting in <a href="https://man.openbsd.org/ancontrol.8">ancontrol(8)</a>.
<li>Stop <a href="https://man.openbsd.org/pkill.1">pkill(1)</a> whining when a process that it expects to be running has died, e.g. a privsep child that got reaped right away by the parent.
<li>Fix core dumps from <a href="https://man.openbsd.org/wicontrol.8">wicontrol(8)</a> when fetching values a card doesn't support.
<li>New -D option to <a href="https://man.openbsd.org/nc.1">nc(1)</a> switching on SO_DEBUG.
<li>In <a href="https://man.openbsd.org/pkill.1">pkill(1)</a>, skip the pkill process itself and any processes marked P_SYSTEM every time.
<li>The netiso code was removed from the tree. Noone cared.
<li>Many fixes and improvements to <a href="https://man.openbsd.org/atw.4">atw(4)</a> from NetBSD and the reference driver via NetBSD.
<!-- ^ 20040715 -->
<li>Add compat versions of <a href="https://man.openbsd.org/msgctl.2">msgctl(2)</a>, <a href="https://man.openbsd.org/semctl.2">semctl(2)</a> and <a href="https://man.openbsd.org/shmctl.2">shmctl(2)</a> with 16-bit mode_t.
<li>Add new versions of the <a href="https://man.openbsd.org/msgctl.2">msgctl(2)</a>, <a href="https://man.openbsd.org/semctl.2">semctl(2)</a> and <a href="https://man.openbsd.org/shmctl.2">shmctl(2)</a> functions to deal with the changes to mode_t (included in struct ipc_perm).
<li>Refactor SysV shared memory functions, allowing them to automagically handle conversions between new and old structures in compatibility mode.
<li>Back out last vestiges of IPv6 fragment reassembly using <a href="https://man.openbsd.org/pf.4">pf(4)</a> scrub.
<li>Drop the stratum calculation from <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a>.
<li>Ignore clock synchronisation status returned to <a href="https://man.openbsd.org/rdate.8">rdate(8)</a> -n clients.
<li>Zero out the NFS generation number in struct stat in OpenBSD 3.5 and 4.3BSD compatibility modes.
<li>Only retransmit relevant NFS requests on nfs_reconnect().
<li>Rework <a href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a>/<a href="https://man.openbsd.org/pkg_create.1">pkg_create(1)</a>'s @dirrm directive, and add @dir.
<!-- ^ 20040714 -->
<li>Fix a double-free and some backwards logic in <a href="https://man.openbsd.org/passwd.1">passwd(1)</a>.
<li>Finally remove the deprecated passwd.conf functionality and files.
<li>Change mode_t and nlink_t from u_int16_t to u_int32_t.
<li>Add weak-aliased __errno(3) function to libc and bump all library major versions.
<li>Have <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a> return decent server statistics to the client, including the stratum, reference time and synchronisation status.
<li>Ignore obviously malformed queries in <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a>.
<li>Use <a href="https://man.openbsd.org/socketpair.2">socketpair(2)</a> instead of <a href="https://man.openbsd.org/pipe.2">pipe(2)</a> in <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a>.
<li>In <a href="https://man.openbsd.org/pkg_create.1">pkg_create(1)</a>, mark links as what they are instead of computing a size and checksum for them.
<!-- ^ 20040713 -->
<!-- ^ 20040712 -->
<li>When <a href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a> detects a file conflict, helpfully list the clashing file's originating package.
<li><a href="https://man.openbsd.org/strtoul.3">strtoul(3)</a> -&gt; <a href="https://man.openbsd.org/strtonum.3">strtonum(3)</a> in <a href="https://man.openbsd.org/mg.1">mg(1)</a>.
<li>Deal with count==0 correctly in <a href="https://man.openbsd.org/newsyslog.8">newsyslog(8)</a>.
<li>Save process context in <a href="https://man.openbsd.org/namei.9">namei(9)</a> avoiding a crash (PR#3842).
<li>Back out IPv6 fragment reassembly under the <a href="https://man.openbsd.org/pf.4">pf(4)</a> scrub directive, it's not ready yet.
<li>Have <a href="https://man.openbsd.org/pf.4">pf(4)</a> create a group when adding a dynamic interface that's not yet plumbed in.
<li>More <a href="https://man.openbsd.org/usb.4">usb(4)</a> fixes from NetBSD.
<li>An endianness fix in <a href="https://man.openbsd.org/nm.1">nm(1)</a>.
<li>Fix lockup when unmounting a union filesystem.
<!-- ^ 20040711 -->
<li>Fix TCP NFS mount hangs after a server reset.
<li>Scale <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a>'s query interval based on the local clock offset. More work to come.
<li>Endianness fixes to <a href="https://man.openbsd.org/ehci.4">ehci(4)</a> from NetBSD.
<li>Remove descriptions of partition types from <a href="https://man.openbsd.org/i386/fdisk.8">fdisk(8/i386)</a>, shrinking the executable.
<!-- ^ 20040710 -->
<li>HP-UX compatibility stuff for hppa.
<li>Fix <a href="https://man.openbsd.org/sed.1">sed(1)</a> failure when the last character of the line buffer was a backslash. From FreeBSD and NetBSD.
<li><a href="https://man.openbsd.org/strtonum.3">strtonum(3)</a>ify <a href="https://man.openbsd.org/procmap.1">procmap(1)</a>.
<li>Fix cd9660 buffer writing code.
<li>Improve <a href="https://man.openbsd.org/patch.1">patch(1)</a>'s detection of whether or not a patch has already been applied.
<li>Miscellaneous cleanup in <a href="https://man.openbsd.org/reboot.8">reboot(8)</a>.
<li>Don't use <a href="https://man.openbsd.org/strlcpy.3">strlcpy(3)</a> on a string that's not null-terminated in <a href="https://man.openbsd.org/ftp.1">ftp(1)</a>.
<li>Some ANSI prototypes in games, sbin and usr.sbin.
<li>Don't update the clock in <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a> without data.
<li>When saving a file, have <a href="https://man.openbsd.org/mg.1">mg(1)</a> check if it's null terminated and prompt the user to add it if desired.
<li>Rework <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a>'s DNS handling to better deal with responses containing multiple addresses. Two keywords, 'server' and 'servers', with different semantics.
<li>Set the correct <a href="https://man.openbsd.org/poll.2">poll(2)</a> timeout in <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a>.
<!-- ^ 20040709 -->
<li>A couple of network mask issues with <a href="https://man.openbsd.org/pf.4">pf(4)</a> tables.
<li>Fix a few missing <a href="https://man.openbsd.org/close.2">close(2)</a> and <a href="https://man.openbsd.org/free.3">free(3)</a> calls in an <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a> error path.
<li>Fix overwriting of virtual MAC address by <a href="https://man.openbsd.org/carp.4">carp(4)</a> on FDDI interfaces.
<li>Don't mistakenly skip a file in <a href="https://man.openbsd.org/rcp.1">rcp(1)</a> and <a href="https://man.openbsd.org/scp.1">scp(1)</a> by mistake when <a href="https://man.openbsd.org/fchmod.2">fchmod(2)</a> fails twice.
<li>Sync <a href="https://man.openbsd.org/gdb.1">gdb(1)</a>'s kvm interface with FSF, adding 'kvm proc' and 'kvm pcb' commands.
<!-- ^ 20040708 -->
<li>Check for <a href="https://man.openbsd.org/stat.2">stat(2)</a> failure in <a href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a>'s virtual filesystem.
<li>Fix a couple of MRT bugs in <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a>.
<li>Open the <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> script execution window from 1 to 3 seconds.
<li>Return -1 from <a href="https://man.openbsd.org/ftw.3">ftw(3)</a> and <a href="https://man.openbsd.org/nftw.3">nftw(3)</a> if <a href="https://man.openbsd.org/fts_close.3">fts_close(3)</a> fails without returning an error.
<li>Fix a memory leak in <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a>.
<li>Better client responses from <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a>.
<li>Better time handling code for <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a>.
<li>Fix a <a href="https://man.openbsd.org/systrace.1">systrace(1)</a> problem where argv[0] would be normalised and so break scripts that depend on the original path.
<li>Stop logging <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a> responses with bad cookies, so attackers can't spam the log files. Back off logging in general.
<li>Don't listen by default in <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a>. New 'listen on' directive must be used instead.
<li>Allow for multiple IP addresses associated with hostnames listed in <a href="https://man.openbsd.org/ntpd.conf.5">ntpd.conf(5)</a>.
<li>Add a 'trustlevel' for <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a> peers, using the peer's timely network responses to judge its worthiness to affect the clock offset, and to set how often queries are sent.
<!-- ^ 20040707 -->
<li>Implement filtering on peer replies in <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a>.
<li>Fix a couple of sizeof(wrongthing) in <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a>.
<li>New -R option fro <a href="https://man.openbsd.org/ftp-proxy.8">ftp-proxy(8)</a> allowing <a href="https://man.openbsd.org/pf.4">pf(4)</a> to safely accept client PASV-mode connections to a protected FTP server.
<li>Have <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a> log the IP address NTP replies and incorrect cookies are received from.
<li>Allow and resolve hostnames in <a href="https://man.openbsd.org/ntpd.conf.5">ntpd.conf(5)</a>.
<li>Add a couple of missing initialisations in <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a>.
<li>Set FTS_LOGICAL in <a href="https://man.openbsd.org/ftw.3">ftw(3)</a> and <a href="https://man.openbsd.org/nftw.3">nftw(3)</a> (unless FTS_PHYSICAL is explicitly passed in to the latter) as required by <a href="https://man.openbsd.org/fts.3">fts(3)</a>.
<li>Some string cleaning and other fixes to <a href="https://man.openbsd.org/ul.1">ul(1)</a>.
<li>Back out the bogus fix for the TCP simultaneous close bug from TCP/IP Illustrated vol. 2, exercise 29.5.
<li>Some <a href="https://man.openbsd.org/ehci.4">ehci(4)</a> fixes from NetBSD. Multiple devices can now be simultaneously active.
<li>Don't require -w for writes with <a href="https://man.openbsd.org/audioctl.1">audioctl(1)</a>.
<!-- ^ 20040706 -->
<li>Keep track of historical offset and delay values in <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a>, for later use in filtering.
<li><strong>RELIABILITY FIX: Under certain network load the kernel can run out of stack space.</strong> This was encountered in an environment using CARP on a VLAN interface. this issue initially manifested itself as an FPU-related crash on bootup.<br>
    <a href="errata36.html#rnd">A source code patch is available</a>.<br>
    <a href="stable.html">[Applied to stable]</a>
<li>Fix a segfault in <a href="https://man.openbsd.org/routed.8">routed(8)</a> with <a href="https://man.openbsd.org/rtquery.8">rtquery(8)</a> messages from a non-local host (PR#3841).
<li>Fix <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a>'s conversion from seconds to microseconds.
<li>Don't queue <a href="https://man.openbsd.org/hotplug.4">hotplug(4)</a> events if there's no <a href="https://man.openbsd.org/hotplugd.8">hotplugd(8)</a> running. When the last listening daemon exits, flush pending events.
<li><a href="https://man.openbsd.org/strtonum.3">strtonum(3)</a>ify <a href="https://man.openbsd.org/chpass.1">chpass(1)</a>.
<li>Allow the argument to <a href="https://man.openbsd.org/fstab.5">fstab(5)</a> options groupquota and userquota to be optional
<li>Implement 'set nexthop blackhole' and 'set nexthop reject' in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>.
<li>Give a helpful error message when <a href="https://man.openbsd.org/pkg_create.1">pkg_create(1)</a> fails due to a missing @name.
<li>Remote the single-server limitation in <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a>.
<li>Use <a href="https://man.openbsd.org/adjtime.2">adjtime(2)</a> to sync the local clock in <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a>, based on the median offset from the configured servers for now.
<li>Some <a href="https://man.openbsd.org/ehci.4">ehci(4)</a> updates from NetBSD.
<li>Keep track of the device and inode of objects loaded by <a href="https://man.openbsd.org/ld.so.1">ld.so(1)</a>, so that it's no longer possible to have the same object loaded from two different locations.
<!-- ^ 20040705 -->
<li>Die nicely if <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> can't read its config file.
<li>Fix a few missing <a href="https://man.openbsd.org/freeaddrinfo.3">freeaddrinfo(3)</a>s in <a href="https://man.openbsd.org/spamd.8">spamd(8)</a>
<li>Drop the requirement in the installer for a 'b' partition. If one exists use it as swap, and don't allow a mount point to be created there.
<li>SCHED_LOCK() before proc_stop() in issignal(), avoiding a panic from <a href="https://man.openbsd.org/splassert.9">splassert(9)</a> #ifdef MULTIPROCESSOR.
<li>In <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a> compute the local clock offset as per RFC 2030 section 5.
<li>Make the backspace and delete keys do the right thing by default in <a href="https://man.openbsd.org/xterm.1">xterm(1)</a>.
<!-- ^ 20040704 -->
<li><a href="https://man.openbsd.org/calloc.3">calloc(3)</a> the right structure in <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a> client_peer_init().
<li>Some cleanup in <a href="https://man.openbsd.org/lam.1">lam(1)</a>.
<li>Fix a vnode leak in <a href="https://man.openbsd.org/mount.2">mount(2)</a>.
<li>Change <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>'s MRT dump code to use fd passing.
<li>Put <a href="https://man.openbsd.org/skey.1">skey(1)</a> code inside #ifdef SKEY in <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>. From FreeBSD.
<li>Bypass the <a href="https://man.openbsd.org/pf.4">pf(4)</a> normaliser for now when forwarding ip6 packets.
<li>Support '@host:port' syntax in <a href="https://man.openbsd.org/syslog.conf.5">syslog.conf(5)</a>, allowing specification of the remote port.
<!-- ^ 20040703 -->
<li>Respect TMPDIR when creating a temporary mountpoint for the new <a href="https://man.openbsd.org/mount_mfs.8">mount_mfs(8)</a> -P option.
<li>Use <a href="https://man.openbsd.org/strtoul.3">strtoul(3)</a> instead of <a href="https://man.openbsd.org/strtol.3">strtol(3)</a> in <a href="https://man.openbsd.org/setmode.3">setmode(3)</a>, and return ERANGE consistently for invalid octal modes.
<li>Update <a href="https://man.openbsd.org/savecore.8">savecore(8)</a> to new-style kernel time handling.
<li>Allow (but ignore) the -E and -X options in src/distrib/special/more.
<li>Fix a few division-by-zeros in <a href="https://man.openbsd.org/vmstat.8">vmstat(8)</a>.
<!-- ^ 20040702 -->
<li>Fix rare cases of bogus permissions from <a href="https://man.openbsd.org/mtree.8">mtree(8)</a>, caused by a missing initialisation.
<li>Add a few md use-before-init sanity checks in <a href="https://man.openbsd.org/kvm.3">kvm(3)</a>.
<li>Check for a nonexistent name in <a href="https://man.openbsd.org/kvm.3">kvm(3)</a> and print a useful error message.
<!-- ^ 20040701 -->
<li>Use the evcount API for interrupts counting on hppa.
<li>Test for a tty break in the right place in <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>.
<li>Fix <a href="https://man.openbsd.org/inetd.8">inetd(8)</a>'s handling of UNIX domain sockets.
<li>In <a href="https://man.openbsd.org/mpt.4">mpt(4)</a> use SCSI_POLL during the probe since MP kernels don't enable interrupts until after the probe has completed.
<li><a href="https://man.openbsd.org/strlcpy.9">strlcpy(9)</a> -&gt; <a href="https://man.openbsd.org/copyoutstr.9">copyoutstr(9)</a> when copying from kernel to userland in <a href="https://man.openbsd.org/vnd.4">vnd(4)</a>.
<!-- ^ 20040630 -->
<li>Allow shared library revision numbers to be overridden for libOSMesa, libXRes, libxkbfile and libkbui.
<li>Remove interface name verification code from <a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a>, so that once again a rule referring to a non-existent interface simply never fires. This has the handy side-effect of allowing pfctl to be run as non-root again.
<li>Unbreak MSCHAP in <a href="https://man.openbsd.org/pppd.8">pppd(8)</a> due to local <a href="https://man.openbsd.org/MD4Update.3">MD4Update(3)</a> differences.
<li>Don't allow bogus routes with a nexthop inside 127/8 in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>.
<li>If no listener address is given to <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a>, listen on every IP address.
<li>Change a few <a href="https://man.openbsd.org/memcpy.3">memcpy(3)</a> into <a href="https://man.openbsd.org/strlcpy.3">strlcpy(3)</a> in <a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a> when copying the interface name.
<li>Install <a href="https://man.openbsd.org/sendmail.8">sendmail(8)</a>'s libmilter by default.
<!-- ^ 20040629 -->
<li>In net80211, allow WEP keys to have lengths other than 40 or 108 bits.
<li>Don't try to <a href="https://man.openbsd.org/strlcpy.9">strlcpy(9)</a> from userland into the kernel in <a href="https://man.openbsd.org/vnd.4">vnd(4)</a>.
<li>Update zoneinfo files and <a href="https://man.openbsd.org/ctime.3">ctime(3)</a> to tzdata2004a. Respect Georgia's wish to have the right timezone again.
<li>Remove '#if 0' around the real code for net80211 ioctl WI_RID_PRISM2. This allows <a href="https://man.openbsd.org/atw.4">atw(4)</a> to do AP scanning via <a href="https://man.openbsd.org/wicontrol.8">wicontrol(8)</a>.
<li>New -z option for <a href="https://man.openbsd.org/vmstat.8">vmstat(8)</a> to show devices even if they haven't generated an interrupt.
<li>Use the new event counter API for interrupt counting on alpha, amd64, i386, macppc and sparc64.
<li>Add generic interrupt counter retrieval via <a href="https://man.openbsd.org/sysctl.3">sysctl(3)</a>, removing the need for i386-specific code in <a href="https://man.openbsd.org/vmstat.8">vmstat(8)</a> and <a href="https://man.openbsd.org/systat.1">systat(1)</a>.
<li>Add generic 'evcount' event counter API to the kernel.
<!-- ^ 20040628 -->
<li>Hack around a panic in 802.11 crypto startup due to the rnd device not being initialised.
<li>Add missing 802.11g and 802.11 'turbo' media types for the 802.11 framework to &lt;net/if_media.h&gt;.
<!-- ^ 20040627 -->
<li>Use congestion-sensitive IF_INPUT_ENQUEUE() in <a href="https://man.openbsd.org/gre.4">gre(4)</a>.
<li>Alignment fixes in <a href="https://man.openbsd.org/ppp.8">ppp(8)</a> lcp and ipcp handling.
<li>Allow the default console to be changed to a serial device from the installer. Only i386 uses this for now.
<li>In <a href="https://man.openbsd.org/fvwm.1">fvwm(1)</a>, use two va_list and <a href="https://man.openbsd.org/va_copy.3">va_copy(3)</a> instead of reusing a single va_list.
<li>New -P option to <a href="https://man.openbsd.org/mount_mfs.8">mount_mfs(8)</a>, used to populate the mfs volume immediately after creation.
<li>Make the root of an mfs partition inherit modes, owner and group from the mountpoint.
<li>Only add the <a href="https://man.openbsd.org/ipcomp.4">ipcomp(4)</a> header if compression is actually used, i.e. if the packet got smaller after compression.
<li>New timeslot keyword for <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>, used by telco cards.
<li>Add SIOC[GS]IFTIMESLOT ioctls for telco cards (currently just <a href="https://man.openbsd.org/san.4">san(4)</a>).
<li>New <a href="https://man.openbsd.org/san.4">san(4)</a> driver for Sangoma T1/E1 cards.
<li>More narrowing down of <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a>'s privsep interface.
<li>After switching most of the device drivers to use generic ether_crc32_be(), add a table-driven implementation of this function. From FreeBSD PR#49957.
<li>Don't allow <a href="https://man.openbsd.org/nanosleep.2">nanosleep(2)</a> called with a zero timeout to sleep indefinitely, sleep for at least 1/<a href="https://man.openbsd.org/hz.9">hz</a> seconds.
<li>Enable <a href="https://man.openbsd.org/ipsec.4">ipsec(4)</a> UDP encapsulation by default.
<!-- ^ 20040626 -->
<li>Allow <a href="https://man.openbsd.org/keynote.1">keynote(1)</a> policy checking to be disabled in <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a>.
<li>Remove netiso code from <a href="https://man.openbsd.org/netstat.1">netstat(1)</a>.
<li>Use the extended protocol in <a href="https://man.openbsd.org/syslogc.8">syslogc(8)</a> to detect overflows (-o option).
<li>Extend the <a href="https://man.openbsd.org/syslogd.8">syslogd(8)</a> memory buffer protocol to include flags, starting with one to indicate that the buffers have overflowed.
<li>Fix <a href="https://man.openbsd.org/sshd.8">sshd(8)</a> re-exec file descriptor handling.
<li>Introduce interface groups, accessible via new <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> keyword 'group'.
<li>String cleaning in <a href="https://man.openbsd.org/twm.1">twm(1)</a>.
<li>More work on IPv6 normalisation in <a href="https://man.openbsd.org/pf.4">pf(4)</a>.
<li>Add SMP support for amd64.
<li>Fix <a href="https://man.openbsd.org/re.4">re(4)</a> MAC address setup on big-endian machines.
<li>When renaming files in the <a href="https://man.openbsd.org/sftp.1">sftp(1)</a> server, fall back to <a href="https://man.openbsd.org/stat.2">stat(2)</a>-then-<a href="https://man.openbsd.org/rename.2">rename(2)</a> if the underlying filesystem doesn't support <a href="https://man.openbsd.org/link.2">link(2)</a>.
<li>Some more string cleaning in the X server.
<li>Fix a misplaced closing brace that was breaking xtrans unix socket creation (freedesktop.org bugzill #363).
<li>Add layer 2 tunnelling (tap) support to <a href="https://man.openbsd.org/tun.4">tun(4)</a>.
<li>Don't allow IPsec udpencap (4500/udp) to be a dynamic <a href="https://man.openbsd.org/bind.2">bind(2)</a> port.
<li>Enable propolice on XFree86 modules.
<li>In <a href="https://man.openbsd.org/sshd.8">sshd(8)</a>, only do TCP wrappers checks when the incoming connection is on a socket.
<li>Narrow down <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a>'s privsep interface a bit.
<li>Ditch autoconf stuff in libkeynote, it's not used here.
<li>Set stricter modes on shared memory segments used by the X server.
<li>Do IPv6 fragment reassembly with the <a href="https://man.openbsd.org/pf.4">pf(4)</a> scrub directive. Work in progress.
<li>String cleaning in the X server, <a href="https://man.openbsd.org/fvwm.1">fvwm(1)</a> and xtrans.
<li>Convert libXt to ANSI C. From XFree86 HEAD.
<!-- ^ 20040625 -->
<li>Some work on <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> multiprotocol support.
<li>Reprint the <a href="https://man.openbsd.org/i386/boot.8">boot(8)</a> identity string after changing the console line.
<li>Disable the <a href="https://man.openbsd.org/i386/boot.8">boot(8)</a> timeout once the user hits a key.
<li>Big tidyup of sys/net/rtsock.c.
<li>Some alignment fixups in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>.
<li>In <a href="https://man.openbsd.org/systrace.4">systrace(4)</a>, quit early if detached after an <a href="https://man.openbsd.org/exec.3">exec*(3)</a>, and avoid a double-free.
<li>Remove the 8-page size limit on the <a href="https://man.openbsd.org/sysctl.3">sysctl(3)</a>-returned argv array.
<li>Strip netiso code from <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> and <!-- 20040625 --><a href="https://man.openbsd.org/route.8">route(8)</a>.
<li>Make all kernel time access via functions so that locking is possible.
<li>Re-<a href="https://man.openbsd.org/exec.3">exec(3)</a> <a href="https://man.openbsd.org/sshd.8">sshd(8)</a> after <a href="https://man.openbsd.org/accept.2">accept(2)</a>. Can be turned off with the -r command line option.
<li>Add C++ inclusion guards into &lt;pcap.h&gt; and &lt;keynote.h&gt;.
<li>Add genericstable to the list of <a href="https://man.openbsd.org/sendmail.8">sendmail(8)</a> databases that /etc/mail/Makefile can create automatically.
<li>Don't <a href="https://man.openbsd.org/realloc.3">realloc(3)</a> so often when fetching process args in libkvm. Will be needed soon.
<li>If one of <a href="https://man.openbsd.org/pkill.1">pkill(1)</a>'s targets can't be killed, carry on and kill the rest instead of stopping.
<li>Fix SIGCHLD handling in <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a> so SIGSTOP and SIGCONT now work as expected.
<li>Gracefully handle line buffer overruns when reading boot.conf.
<li>Do <a href="https://man.openbsd.org/ehci.4">ehci(4)</a> on macppc as well.
<li>Crank libc and libpthread majors again after <a href="https://man.openbsd.org/hsearch.3">hsearch(3)</a> addition.
<li>Allow <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a> to handle keys from X.509 certs embededed in keynote credentials.
<li>Implement <a href="https://man.openbsd.org/hsearch.3">hsearch(3)</a> and friends, for XPG4.2 reasons. From NetBSD.
<li>Update <a href="https://man.openbsd.org/sendmail.8">sendmail(8)</a> to 8.13.0.
<!-- ^ 20040624 -->
<li>Correct a missing dereference and unbreak logging of IPV4_ADDR_SUBNET IDs in <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a>.
<li>Fix the for loop that counts passed environment variables in multiplex <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>.
<li>As with <a href="https://man.openbsd.org/sysctl.8">sysctl(8)</a>, make the -w option for writes with <a href="https://man.openbsd.org/wsconsctl.8">wsconsctl(8)</a> optional.
<li>Have <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> show the time between packets when prodded with -tttt.
<li>Some <a href="https://man.openbsd.org/setuid.2">setuid(2)</a>/<a href="https://man.openbsd.org/setgid.2">setgid(2)</a> fixes for <a href="https://man.openbsd.org/systrace.1">systrace(1)</a>.
<li>Shrink the <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> die-on-RTM_DELADDR window to one second.
<!-- ^ SLIST_FOREACH()... -->
<li>Remove another <a href="https://man.openbsd.org/stat.2">stat(2)</a>-then-<a href="https://man.openbsd.org/open.2">open(2)</a> from <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a>.
<li>Enable <a href="https://man.openbsd.org/ahd.4">ahd(4)</a> by default for i386.
<li>Unbreak phase 1 IPV[46]_ADDR_SUBNET IDs in <a href="https://man.openbsd.org/isakmpd.conf.5">isakmpd.conf(5)</a>
<li>New config option 'Acquire-Only' (-a on the command line) for <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a>, to stop the daemon playing with existing flows.
<li>Add <a href="https://man.openbsd.org/i386/cdboot.8">cdboot(8)</a>, a CD-specific second-stage bootstrap for i386.
<li>In <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>, support the NOPEER community from RFC 3706.
<!-- ^ 20040623 -->
<li>Import <a href="https://man.openbsd.org/atw.4">atw(4)</a> ADMtek ADM8211 wireless driver from NetBSD.
<li>Some <a href="https://man.openbsd.org/strncpy.3">strncpy(3)</a> -&gt; <a href="https://man.openbsd.org/strlcpy.3">strlcpy(3)</a> in sys/compat/*.
<li>Add a no-emulation CD boot sector, based on a FreeBSD implementation.
<li>Only ignore <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>-generated RTM_DELADDR messages for a five-second window after process startup, so that new instances of dhclient (started outside this window) cause the older instance to die like before.
<li>Teach <a href="https://man.openbsd.org/mkhybrid.8">mkhybrid(8)</a> how to create an El Torito no-emulation boot CD (for i386), with a 2048-byte boot sector. <!-- When the commit logs are good I /do/ just quote them Tom :-) -->
<li>Import the generic IEEE 802.11 framework from FreeBSD and NetBSD.
<li>Fix probe hangs on some <a href="https://man.openbsd.org/ahd.4">ahd(4)</a> cards.
<li>In the X server, fix malloc corruption when sending multiple glyphs to RenderAddGlyphs() (XFree86 bugzilla #1276, freedesktop.org bugzilla #349).
<li>Rewrite <a href="https://man.openbsd.org/mount.8">mount(8)</a>'s mount options parser, making it more robust and removing the need for duplicate code in <a href="https://man.openbsd.org/mount_nfs.8">mount_nfs(8)</a> (PR#3642).
<li>Fix some logic errors introduced in recent string changes to <a href="https://man.openbsd.org/cron.8">cron(8)</a>.
<li>Don't exit <a href="https://man.openbsd.org/wicontrol.8">wicontrol(8)</a> if SIOCGWAVELAN fails, just print a warning and get whatever information is available without it.
<li>Change <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>'s internal prefix lookup from a hash table to a per-address family red-black <a href="https://man.openbsd.org/tree.3">tree(3)</a>.
<li>Don't assume in <a href="https://man.openbsd.org/make.1">make(1)</a> that '.' and '..' are the first two entries in a directory.
<li>Handle division-by-zero in <a href="https://man.openbsd.org/m4.1">m4(1)</a> with an error message instead of a core dump.
<li>Fix a segfault in <a href="https://man.openbsd.org/xdm.1">xdm(1)</a> if a LISTEN keyword without hosts is found in the Xaccess file.
<li>When decoding fragmented IPv6 packets in <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a>, only try to interpret the contents of the first fragment.
<li>Back out source-based routing code while some problems are fixed.
<li>Start work on support for IPv6 routes (not just IPv6 sockets) in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>.
<li>Wire <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a> into the build.
<li>Fix libXi <a href="https://man.openbsd.org/XSelectExtensionEvent.3">XSelectExtensionEvent(3)</a> on 64-bit machines (freedesktop.org bugzilla #285).
<li>Remove pointless 5-second <a href="https://man.openbsd.org/sleep.3">sleep(3)</a>s in xtrans (freedesktop.org bugzilla #297).
<li>Sync <a href="https://man.openbsd.org/lynx.1">lynx(1)</a> to 2.8.5.rel2.
<li>Fix some endianness problems in X-Resource (freedesktop.org bugzilla #267).
<li>Add a new 'filter drop' flag to <a href="https://man.openbsd.org/bpf.4">bpf(4)</a>, so that an interface may be notified that a packet matches a filter and should be dropped.
<li>Update to <a href="https://man.openbsd.org/lynx.1">lynx</a> 2.8.5rel1.
<li>Have <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a> drop IKE messages arriving on port 500 after the NAT-T exchange has switched to port 4500.
<li>Allow a <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> template peer with unknown AS to be an IBGP peer, instead of always being an EBGP peer.
<li>Allow the IKE parser in <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> to recognise a NAT-T payload.
<li>Teach <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a>'s IKE parser about NAT-T keepalive packets.
<li>In <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>, don't reallocate the pollfd array every time the size changes because there's a risk that <a href="https://man.openbsd.org/realloc.3">realloc(3)</a> can fail. Reallocate only when there's a large potential saving.
<li>String cleaning in <a href="https://man.openbsd.org/cron.8">cron(8)</a>.
<li>time -&gt; arc4random(9) in <a href="https://man.openbsd.org/sppp.4">sppp(4)</a>.
<li>Fix bogus 'panic: cylinder group too big' message from <a href="https://man.openbsd.org/newfs.8">newfs(8)</a>.
<li>Don't exit <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> on receipt of an RTM_DELADDR routing message, as this sometimes be generated by the dhclient itself. Instead, exit on RTM_NEWADDR iff an IP address is set that doesn't correspond to our lease. Not a perfect solution.
<li>More <a href="https://man.openbsd.org/sftp.1">sftp(1)</a> <a href="https://man.openbsd.org/ls.1">ls(1)</a> emulation: Don't show .dotfiles unless -a is specified.
<li>Handle interface resets gracefully in <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>.
<li>Do more retries on <a href="https://man.openbsd.org/st.4">st(4)</a> devices to allow the tape drive to recover after a reset.
<li>New xetc installation fileset, for all X configuration files installed under /etc.
<!-- ^ 20040622 -->
<li>Keep separate, 1-second resolution counters for walltime and uptime, and have code that only needs 1-second resolution use those instead of the microsecond counters.
<li>Clean up properly on in_ifinit() failure.
<li>Turn <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a> NAT-T support on. The crowd goes wild.
<li>Implement NAT-T keepalive messages in <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a>.
<li>Check that UDP encapsulation is enabled (<a href="https://man.openbsd.org/sysctl.8">sysctl(8)</a> net.inet.esp.udpencap) before allowing encapsulated SAs to be created in the kernel.
<li>Add bounds-check <a href="https://man.openbsd.org/gcc.1">gcc(1)</a> attributes to libkern strl*() functions, and to strncpy().
<li>Implement <a href="https://man.openbsd.org/ls.1">ls(1)</a>-compatible sorting for <a href="https://man.openbsd.org/sftp.1">sftp(1)</a>'s ls command.
<li>Allow <a href="https://man.openbsd.org/ipsec.4">ipsec(4)</a> on IPv6 link-local addresses.
<li>Have <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a> save the destination port if it is NATed, as one might reasonably expect it to be when using NAT-Traversal.
<li>Don't leak a cloned PMTU route in netinet/ip_output.c.
<li>arc4random(9)ise a previously time-based ID in <a href="https://man.openbsd.org/atalk.4">atalk(4)</a>.
<li>Fix an fd leak in <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> when multiple subsystems are present.
<li>Use arc4random(9) instead of the time for the ARCnet sequence ID.
<li>Use <a href="https://man.openbsd.org/getaddrinfo.3">getaddrinfo(3)</a> and <a href="https://man.openbsd.org/getnameinfo.3">getnameinfo(3)</a> instead of old-style conversion functions in <a href="https://man.openbsd.org/spamd.8">spamd(8)</a>, but restrict resolution to AF_INET for now.
<li>Allow - with a warning - the old package keyword @src, in <a href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a> etc.
<li>Import and merge <a href="https://man.openbsd.org/fontconfig.3">fontconfig</a> 2.2.2.
<li>Set the ESP marker on <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a> captured packets for NAT-T SAs.
<li>If the <a href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a> 'don't run scripts' (-I) option is present, don't run scripts.
<li>Have <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a> turn on kernel ESP-in-UDP encapsulation for NAT-T SAs.
<li>Switch to port 4500 when required for <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a> NAT-T exchanges.
<li>Use a red-black <a href="https://man.openbsd.org/tree.3">tree(3)</a> instead of a hash table to track multiply-linked inodes in <a href="https://man.openbsd.org/du.1">du(1)</a>.
<!-- ^ 20040621 -->
<li>Time is as dumb a 'random' value for IPX and ISO CLNP as it is for IP, so use arc4random(9) instead.
<li>Add IPv6 support for standalone <a href="https://man.openbsd.org/popa3d.8">popa3d(8)</a> as well as when run from <a href="https://man.openbsd.org/inetd.8">inetd(8)</a>.
<li>In <a href="https://man.openbsd.org/crypto.9">crypto(9)</a>, always store the value returned by <a href="https://man.openbsd.org/splimp.9">splimp(9)</a> so we have something meaningful to give to <a href="https://man.openbsd.org/splx.9">splx(9)</a>.
<li>Fix broken process runtimes in i386 MP.
<li>Use the RTF_MPATH routing flag to skip over multipath routes in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>, since mpath make no sense for BGP.
<li>For <a href="https://man.openbsd.org/sftp.1">sftp(1)</a>'s 'ls' command, make -l show user and group names, and -n show uid and gid just like real <a href="https://man.openbsd.org/ls.1">ls(1)</a>.
<li>New -I option for <a href="https://man.openbsd.org/diff.1">diff(1)</a>, which ignores changes matching the supplied regex.
<li>Have <a href="https://man.openbsd.org/vnconfig.8">vnconfig(8)</a> (with the -l option) use the new VNDIOCGET ioctl to fetch <a href="https://man.openbsd.org/vnd.4">vnd(4)</a> device status.
<li>New VNDIOCGET ioctl for <a href="https://man.openbsd.org/vnd.4">vnd(4)</a> devices.
<li>Fix a bad format string in <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a>'s IKE parser.
<li>In <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>, use descriptor passing to allow the creation of new listen sockets on privileged ports.
<li>For multiplexed <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> connections, filter passed environment variables in the slave.
<li>Add bounds-check compiler attributes for <a href="https://man.openbsd.org/memcpy.3">memcpy(3)</a> etc.
<li>Remove support for TUBA (TCP/UDP over CLNP-Addresses Networks, as if you didn't know).
<li>Change <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a> payload handling to deal with pre-RFC NAT-T messages.
<li>Don't try to carry on in <a href="https://man.openbsd.org/pax.1">pax(1)</a> if the <a href="https://man.openbsd.org/chdir.2">chdir(2)</a> needed by the <!-- undocumented --> -C option fails.
<li>Start work on both RFC 3706 Dead Peer Detection, and full-on NAT-Traversal support for <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a>.
<li>Have <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a> accept an unencrypted final IKE message (Aggressive Mode only) for compatibility reasons.
<li>New -dd switch for <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a> to make debugging the privsep child easier.
<li>Let <a href="https://man.openbsd.org/popa3d.8">popa3d(8)</a> work with IPv6 sockets, no daemon mode support yet.
<li>Fix a rather serious SMP merge error affecting scheduler timeouts.
<li>Correct some logic errors in kernel malloc_debug().
<li>Fix congestion-sensitive IF_INPUT_ENQUEUE() so that freed <a href="https://man.openbsd.org/mbuf.9">mbuf(9)</a>s no longer show up on interface input queues under certain circumstances.
<!-- ^ 20040620 -->
<li>Require the setting of new route flag RTF_MPATH (corresponding switch -mpath for <a href="https://man.openbsd.org/route.8">route(8)</a>) to add a multipath route.
<li>Add defines in &lt;net/if_media.h&gt; for various telecoms carrier circuit types, i.e. E1, T1 etc.
<li>Save curproc in <a href="https://man.openbsd.org/svnd.4">svnd(4)</a> so that <a href="https://man.openbsd.org/lockmgr.9">lockmgr(9)</a> doesn't get passed a null process. Stops <a href="https://man.openbsd.org/svnd.4">svnd(4)</a> blocking indefinitely (PR#3214).
<li>Fix a null deref in <a href="https://man.openbsd.org/make.1">make(1)</a> if the .DEFAULT target has no commands.
<!-- ^ 20040619 -->
<li>Fix sending of jumbo frames on <a href="https://man.openbsd.org/em.4">em(4)</a> and <a href="https://man.openbsd.org/ti.4">ti(4)</a>.
<li>Unbreak <a href="https://man.openbsd.org/patch.1">patch(1)</a> when using standard diffs (i.e. no context).
<li>Allow the user to interrupt the setup of a multiplexed <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> connection (if, for example, the master gets wedged) by deferring signal setup until the connection is established.
<li>Merge adjacent hunks in <a href="https://man.openbsd.org/diff.1">diff(1)</a>, making the output more like that from GNU diff.
<li>Use <a href="https://man.openbsd.org/execvp.3">execvp(3)</a> instead of <a href="https://man.openbsd.org/execv.3">execv(3)</a> in <a href="https://man.openbsd.org/sftp.1">sftp(1)</a> so -S ssh will work.
<li>Use dynamically allocated pollfd struct for ntpd(8), just like bgpd.
<!-- ^ 20040618 -->
<li>Fix a bunch more memory leaks in <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a>.
<li>Be more careful in <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a> when evaluating the return code from X509_verify_cert(3).
<li>Add much of the NTP client functionality to ntpd(8).
<li>Abort <a href="https://man.openbsd.org/rdate.8">rdate(8)</a> on <a href="https://man.openbsd.org/calloc.3">calloc(3)</a> failure, <a href="https://man.openbsd.org/warnx.3">warnx(3)</a>ing and carrying on is just postponing the inevitable.
<li>Add an option (ControlMaster=ask) to require confimation via <a href="https://man.openbsd.org/ssh-askpass.1">ssh-askpass(1)</a> before allowing a multiplexed <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> connection.
<li>Support environment variable passing over multiplexed <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> connections.
<li>Back out the recent IPv6 multicast change so that mandatory groups get joined, but achieve the same result by testing for a new host address before adding the multicast entries.
<!-- ^ 20040617 -->
<li>Add '-n' option to <a href="https://man.openbsd.org/last.1">last(1)</a> to do the same job as -<em>number</em> in a less ugly way.
<li>Make &lt;netinet/if_ether.h&gt; safe for inclusion in C++ code.
<li>Fix a bad dereference leading to a memory leak in <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a>.
<li>Fix a pasto in <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a>'s message decoder when printing IPv6 address/mask pairs.
<li>Unbreak the IN6_LOOKUP_MULTI() macro definition.
<!-- ^ 20040616 -->
<li>Add support for new crypto functions on upcoming VIA C3 processors.
<li>Build X on cats systems.
<li>Fix a null deref crash in <a href="https://man.openbsd.org/route.8">route(8)</a>'s show command.
<li>Don't add multiple multicast filter entries for a single IPv6 multicast address.
<!-- ^ 20040615 -->
<li>Remove the old <a href="https://man.openbsd.org/pf.4">pf(4)</a> BEGIN*, COMMIT* and ROLLBACK* ioctls.
<li>Use the newer <a href="https://man.openbsd.org/pf.4">pf(4)</a> BEGIN and COMMIT ioctls in <a href="https://man.openbsd.org/authpf.8">authpf(8)</a>.
<li>Set the relay session id properly for outgoing <a href="https://man.openbsd.org/pppoe.8">pppoe(8)</a> packets.
<li>Teach <a href="https://man.openbsd.org/patch.1">patch(1)</a> to detect already-applied diffs when the diff creates a file, or adds to an empty file.
<li>In <a href="https://man.openbsd.org/du.1">du(1)</a>, use a hash table instead of a linear list to keep track of multiply-linked files.
<li>Use <a href="https://man.openbsd.org/fmt_scaled.3">fmt_scaled(3)</a> instead of do-it-yourself in <a href="https://man.openbsd.org/du.1">du(1)</a>.
<li>In <a href="https://man.openbsd.org/ld.so.1">ld.so(1)</a>, allow _dl_malloc() to allocate more than 4KB.
<li>Fix a few <a href="https://man.openbsd.org/stat.2">stat(2)</a>-then-<a href="https://man.openbsd.org/open.2">open(2)</a> races in <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a>.
<li>After going to the trouble of pulling the tcp6 options into a contiguous region with IP6_EXTHDR_GET, use the returned pointer instead of doing mtod() again.
<li>Unbreak <a href="https://man.openbsd.org/vmstat.8">vmstat(8)</a> on older kernels.
<!-- ^ 20040614 -->
<li>Build an SMP kernel (bsd.mp) in make <a href="https://man.openbsd.org/release.8">release(8)</a> for i386, and allow the user to install it.
<li>Merge the SMP branch onto the trunk. Let the party begin.
<li>Just quit rather than panic in <a href="https://man.openbsd.org/cy.4">cy(4)</a> if interrupts can't be established for PCI.
<li>Fix an off-by-one buffer size in <a href="https://man.openbsd.org/sed.1">sed(1)</a>.
<li>Implement client-side session multiplexing (see <a href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a> options ControlMaster and ControlPath) for <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>, <a href="https://man.openbsd.org/scp.1">scp(1)</a> and <a href="https://man.openbsd.org/sftp.1">sftp(1)</a>. The server has supported this for some time.
<li>Add diffie-hellman-group14-sha1 KEX method support to <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>.
<!-- ^ 20040613 -->
<li>Fix <a href="https://man.openbsd.org/pf.4">pf(4)</a> table add/replace commands at <a href="https://man.openbsd.org/securelevel.7">securelevel</a> 2.
<li>Have <a href="https://man.openbsd.org/mg.1">mg(1)</a>'s M-x gid command use the current word to try and guess which symbol to look up.
<li>Make <a href="https://man.openbsd.org/route.8">route(8)</a> 'show' command output more like netstat -r.
<li>Support the IPV6_USE_MIN_MTU option, mainly because BIND 9 wants it.
<!-- ^ 20040612 -->
<li>Disable <a href="https://man.openbsd.org/apm.4">apm(4)</a> on i386 MP machines.
<li>Show <a href="https://man.openbsd.org/systat.1">systat(1)</a> and <a href="https://man.openbsd.org/vmstat.8">vmstat(8)</a> where to find interrupt stats on MP i386 machines.
<li>Only print 'status/cpu#' in <a href="https://man.openbsd.org/top.1">top(1)</a> if there's  more than one CPU.
<li>Fix a dereference-after-free (actually after <a href="https://man.openbsd.org/pool_put.9">pool_put(9)</a>) in <a href="https://man.openbsd.org/pf.4">pf(4)</a> tables.
<li>In <a href="https://man.openbsd.org/pax.1">pax(1)</a>, fix backreference substitution in -s mode and unbreak bad regex detection.
<li>Add a cpuid field to struct kproc2, and teach <a href="https://man.openbsd.org/ps.1">ps(1)</a> and <a href="https://man.openbsd.org/top.1">top(1)</a> how to make use of it.
<!-- ^ 20040611 -->
<li>Only install the Intel F00F bug workaround once on MP machines, avoiding a panic.
<li>Zero the restart counter before use, to fix a problem with <a href="https://man.openbsd.org/uhub.4">uhub(4)</a> port restarts giving up before starting. From FreeBSD.
<li>Fix a sizeof(pointer) bug in <a href="https://man.openbsd.org/carp.4">carp(4)</a>.
<li>Don't leak a softc when detaching a <a href="https://man.openbsd.org/carp.4">carp(4)</a> cloned interface.
<li><strong>SECURITY FIX: Multiple vulnerabilities have been found in <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> / mod_ssl.</strong> This is the second of two sets of fixes.<br>
<ul>
  <li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488">CAN-2004-0488</a>: Stack-based buffer overflow ... in mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow attackers to execute arbitrary code via a client certificate with a long subject DN.
  <li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0492">CAN-2004-0492</a>: [mod_proxy] Reject responses from a remote server if sent an invalid (negative) Content-Length: header.
</ul>
    <a href="errata36.html#httpd">A source code patch is available</a>.<br>
    <a href="stable.html">[Applied to stable]</a>
<li><strong>SECURITY FIX: As <a href="http://seclists.org/lists/fulldisclosure/2004/Jun/0191.html">disclosed</a> by Thomas Walpuski, <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a> is still vulnerable to unauthorized SA deletion.</strong> An attacker can delete IPsec tunnels at will.<br>
    <a href="errata36.html#isakmpd">A source code patch is available</a>.<br>
    <a href="stable.html">[Applied to stable]</a>
<li>Add src/lib/libintl and libc i18n directories to the repository.
<!-- ^ 20040610 -->
<li>First merge of SMP code into the trunk, mainly structures to allow gradual introduction of the new APIs.
<li>Fix IPv4 name-to-address translation, so invalid octet values won't be accepted and CIDR address/mask pairs finally work the way one expects.
<li>In <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a>'s privsep <a href="https://man.openbsd.org/localtime.3">localtime(3)</a> replacement, deal better with timezones with granularity of less than one hour.
<li><strong>SECURITY FIX: Multiple remote vulnerabilities have been found in the <a href="https://man.openbsd.org/cvs.1">cvs(1)</a> server</strong> that will allow an attacker to crash the server or possibly execute arbitrary code with the same privileges as the CVS server program.<br>
    <a href="errata36.html#cvs3">A source code patch is available</a>.
<li>On i386 (ppro and above), use the calibrated value for the CPU speed over the value returned by the CPU itself, fixing PR#3814.
<li>Use a dynamically allocated array of pollfds in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>.
<li>Try to prevent <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a> deleting SAs on receipt of malicious IKE messages.
<li><a href="https://man.openbsd.org/rdate.8">rdate(8)</a> improvements:
<ul>
  <li>RFC 2030 compliance for NTP mode.
  <li>Much more robust error handling, with better messages.
  <li>Better detection of stale or spoofed NTP responses.
  <li>Support for multiple addresses if returned by the DNS, trying each listed server until one works.
</ul>
<!-- ^ 20040609 -->
<li>Remove NMBCLUSTERS settings from <a href="https://man.openbsd.org/config.8">config(8)</a>.
<li>Factor out TCP md5sig code into tcp_subr.c:tcp_signature().
<li>Fix buffer usage in <a href="https://man.openbsd.org/umass.4">umass(4)</a> CBI transfers (NetBSD PR#25676).
<!-- ^ 20040608 -->
<li>Allow <a href="https://man.openbsd.org/arc4random.3">arc4random(3)</a> code in <a href="https://man.openbsd.org/ksh.1">ksh(1)</a> to actually work.
<li>Break the dependency of libc on &lt;pthread.h&gt;. Bump the major version of libc and libpthread.
<li>Teach <a href="https://man.openbsd.org/kdump.1">kdump(1)</a> about <a href="https://man.openbsd.org/gpio.4">gpio(4)</a> ioctls.
<li>Allow an authtype (-a option) in <a href="https://man.openbsd.org/skeyinit.1">skeyinit(1)</a> even when secure mode (-s) is in effect.
<li>Add an alternative algorithm to make <a href="https://man.openbsd.org/pf.4">pf(4)</a> table deletions faster for a small number of deleted items.
<li><strong>SECURITY FIX: Multiple vulnerabilities have been found in <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> / mod_ssl.</strong> This is the first of two sets of fixes.<br>
<ul>
  <li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020">CAN-2003-0020</a>: Apache does not filter terminal escape sequences from its error logs.
  <li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0987">CAN-2003-0987</a>: Apache mod_digest does not properly verify the nonce of a client response by using an AuthNonce secret.
</ul>
    <a href="errata36.html#httpd">A source code patch is available</a>.<br>
    <a href="stable.html">[Applied to stable]</a>
<!-- ^ 20040607 -->
<li>Out-of-line <a href="https://man.openbsd.org/spl.9">spl(9)</a> functions in SMP on i386, mirroring the UP change to fix VFS corruption.
<li>Add SMP-related devices for i386 on the SMP branch.
<li>Many fixups on the SMP branch for non-MP kernels.
<li>Rework <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>'s listen socket handling to better support multiple listen addresses.
<li>New -src and -srcmask options for <a href="https://man.openbsd.org/route.8">route(8)</a> supporting the new source-address routing functionality.
<li>New -S flag for <a href="https://man.openbsd.org/netstat.1">netstat(1)</a> and <a href="https://man.openbsd.org/route.8">route(8)</a>, to show the new source selector part of a route entry.
<li>Extend the routing table to allow routing based on source as well as destination. IPv4 only for now, more to come.
<li>Set the <a href="https://man.openbsd.org/skey.1">skey(1)</a> first sequence number to 100 as promised by the manpage.
<li><a href="https://man.openbsd.org/spl.9">spl(9)</a> and alignment fixes in portalfs.
<!-- ^ 20040606 -->
<li>Much merging and fixup as SMP is readied for prime-time.
<li>Resurrect the '<a href="https://man.openbsd.org/fork1.9">fork1(9)</a>-can-take-null-retval' change, this time leaving the setup of struct proc setup well alone.
<li>Fix a bug with X and <a href="https://man.openbsd.org/wsmouse.4">wsmouse(4)</a> where an event of unknown type could cause a whole batch of other events to be discarded.
<li>Set the length field in the TCP packet header earlier in tcp_output().
<li>New <a href="https://man.openbsd.org/re.4">re(4)</a> driver supporting RealTek Gigabit Ethernet devices.
<!-- ^ 20040605 -->
<li>Clean up multicast addresses when unconfiguring <a href="https://man.openbsd.org/carp.4">carp(4)</a> interfaces.
<li>Clarify <a href="https://man.openbsd.org/user.8">user(8)</a> docs and error messages (PR#3792).
<li>Add startup code for <a href="https://man.openbsd.org/i386/hotplugd.8">hotplugd(8)</a> to <a href="https://man.openbsd.org/rc.8">rc(8)</a> and <a href="https://man.openbsd.org/rc.conf.8">rc.conf(8)</a>.
<li>New <a href="https://man.openbsd.org/usbhid.3">usbhid(3)</a> API <a href="https://man.openbsd.org/hid_start.3">hid_start(3)</a>, a non-noisy version of <a href="https://man.openbsd.org/hid_init.3">hid_init(3)</a>.
<!-- ^ 20040604 -->
<li>Don't send mail at all from <a href="https://man.openbsd.org/cron.8">cron(8)</a> if MAILTO is set but empty.
<li>Cleanup in <a href="https://man.openbsd.org/at.1">at(1)</a>/<a href="https://man.openbsd.org/cron.8">cron(8)</a>:
<ul>
  <li>Check argc before using argv[0] in <a href="https://man.openbsd.org/at.1">at(1)</a>.
  <li>Print the right filename for a job in the email.
  <li>Reset the sockaddr length value every time before <a href="https://man.openbsd.org/accept.2">accept(2)</a>.
</ul>
<li>New <a href="https://man.openbsd.org/i386/gpioctl.8">gpioctl(8)</a> program to go with new <a href="https://man.openbsd.org/gpio.4">gpio(4)</a>.
<li>Have <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> fall back to user nobody if user _dhcp doesn't exist. Helps with upgrades.
<li>In <a href="https://man.openbsd.org/getopt.3">getopt(3)</a>/<a href="https://man.openbsd.org/getopt_long.3">getopt_long(3)</a>, don't allow an optional argument if it begins with a '-'.
<li>Allow <a href="https://man.openbsd.org/cron.8">cron(8)</a> to accept crontabs with more strict permissions than is the default.
<li>New General Purpose I/O device <a href="https://man.openbsd.org/gpio.4">gpio(4)</a>. Only enabled on i386 for now.
<li>New '!!&lt;prog&gt;' syntax for <a href="https://man.openbsd.org/syslogd.8">syslogd(8)</a>, used to force messages from the named program to only go to certain files regardless of the rest of syslog.conf.
<li>Update <a href="https://man.openbsd.org/file.1">file(1)</a>'s magic to that from file version 4.09, with a few local changes and additions.
<!-- ^ 20040603 -->
<li>Use the old _nointr <a href="https://man.openbsd.org/pool.9">pool(9)</a> allocator for <a href="https://man.openbsd.org/pf.4">pf(4)</a> tables.
<li>Rearrange the <a href="https://man.openbsd.org/pool.9">pool(9)</a> allocator code so the old allocation method can be used again.
<li>Use the quirks mechanism to fix <a href="https://man.openbsd.org/wdc.4">wdc(4)</a> hangs on Geode SC1100 devices (PR#3729).
<li>Implement SCSI-style quirks for <a href="https://man.openbsd.org/wdc.4">wdc(4)</a>.
<li>Use <a href="https://man.openbsd.org/errx.3">errx(3)</a> instead of <a href="https://man.openbsd.org/err.3">err(3)</a> in <a href="https://man.openbsd.org/find.1">find(1)</a> when errno isn't set by the error.
<li>When calling <a href="https://man.openbsd.org/err.3">err(3)</a> after a <a href="https://man.openbsd.org/malloc.3">malloc(3)</a> failure, don't specify a message.
<li>Cleanup in <a href="https://man.openbsd.org/rm.1">rm(1)</a>.
<li>Support multicast on <a href="https://man.openbsd.org/kue.4">kue(4)</a>.
<li>Add IPv6 support to <a href="https://man.openbsd.org/uucpd.8">uucpd(8)</a>.
<li>Trivial changes (sockaddr_in -&gt; sockaddr_storage) to add IPv6 support to <a href="https://man.openbsd.org/rpc.rquotad.8">rpc.rquotad(8)</a>, <a href="https://man.openbsd.org/rpc.rstatd.8">rpc.rstatd(8)</a>, <a href="https://man.openbsd.org/rpc.rusersd.8">rpc.rusersd(8)</a>, <a href="https://man.openbsd.org/rpc.rwalld.8">rpc.rwalld(8)</a> and <a href="https://man.openbsd.org/rpc.sprayd.8">rpc.sprayd(8)</a>.
<!-- ^ 20040602 -->
<li>Mark nullfs memory as M_MISCFSMNT instead of M_UFSMNT.
<li>Swing hppa to gcc3, and enable shared library support.
<li>Unbreak <a href="https://man.openbsd.org/xterm.1">xterm(1)</a> jump-scrolling on big-endian 64-bit systems.
<li>Remove a somewhat useless current-process privilege check in the IPv6 input path. Based on KAME.
<li>Compatibility fixes for some <a href="https://man.openbsd.org/sk.4">sk(4)</a> devices (PR#3061). Workaround from FreeBSD.
<!-- ^ 20040601 -->
<li>Initialise the <a href="https://man.openbsd.org/carp.4">carp(4)</a> interface structure before use.
<li>Don't advertise an absurd TCP receive window on 64-bit architectures. From NetBSD.
<li>Some Single UNIX Specification updates in &lt;limits.h&gt;.
<li>Better error handling for <a href="https://man.openbsd.org/rm.1">rm(1)</a>'s -P option. From FreeBSD.
<li>First cut at a home-grown NTP daemon. Not built by default yet.
<li>Remove ugly string code in <a href="https://man.openbsd.org/bpf.4">bpf(4)</a>, used when no unit number was given to BIOCSETIF.
<li>Fix a long-standing KAME pasto that was breaking SIOC[DG]LIFADDR.
<li>Remove a bunch of redundant errno declarations.
<li>Use generic crc32 code instead of local efforts in many Ethernet devices.
<!-- ^ 20040531 -->
<li>Sync <a href="https://man.openbsd.org/xl.4">xl(4)</a> with FreeBSD, bringing in a lot of bug fixes and improvements.
<li>Check the NTP server clock status returned to <a href="https://man.openbsd.org/rdate.8">rdate(8)</a> and don't use the response if the server thinks its clock is unsynchronised.
<li>In uvm_map_clean() (called by <a href="https://man.openbsd.org/msync.2">msync(2)</a> and <a href="https://man.openbsd.org/madvise.2">madvise(2)</a>), only free writable pages, and don't free copy-on-write pages because the permissions aren't known.<br>
    <a href="stable.html">[Applied to stable]</a>
<li>Only call <a href="https://man.openbsd.org/getprotobynumber.3">getprotobynumber(3)</a> from <a href="https://man.openbsd.org/ppp.8">ppp(8)</a> when the logging level is high enough to need the result. From FreeBSD.
<li>Some Emacs compatibility tweaks to binutils. Use the classic executable start addresses if <a href="https://man.openbsd.org/ld.1">ld(1)</a> option -Z (disable W^X) is active.
<li>New privsep user and group _ntp.
<li>New monitoring daemon <a href="https://man.openbsd.org/i386/hotplugd.8">hotplugd(8)</a> to go with <a href="https://man.openbsd.org/hotplug.4">hotplug(4)</a>.
<li>New <a href="https://man.openbsd.org/hotplug.4">hotplug(4)</a> device to pass device attach and detach events up to userland. Available for alpha, amd64, i386, macppc and sparc64, only enabled on i386 for now.
<li>Use generic CRC code, remove bogus LLADDR use and handle multicast ranges better in <a href="https://man.openbsd.org/nge.4">nge(4)</a> and <a href="https://man.openbsd.org/sf.4">sf(4)</a>.
<!-- ^ 20040530 -->
<li>Fix <a href="https://man.openbsd.org/bge.4">bge(4)</a> multicast reception.
<li>Add a description field for network interfaces, accessible via <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> command 'description' and <a href="https://man.openbsd.org/ioctl.2">ioctl(2)</a>s SIOC[GS]IFDESCR.
<li>Use library CRC32 routines instead of a local implementation in <a href="https://man.openbsd.org/sk.4">sk(4)</a>.
<li>Fix a memory leak in <a href="https://man.openbsd.org/ccdconfig.8">ccdconfig(8)</a>.
<li>Remove multicast addresses and disable promiscuous mode when destroying a <a href="https://man.openbsd.org/carp.4">carp(4)</a> interface.
<li>Make  <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> up and down commands work as expected for <a href="https://man.openbsd.org/carp.4">carp(4)</a> devices.
<li>Create a few more USB devices by default in MAKEDEV(8).
<!--- ^ 20040529 -->
<li>Clean up <a href="https://man.openbsd.org/scsi.4">scsi(4)</a> sense error logic and display. Based on NetBSD.
<li>Allow machine-dependent filesystem options to be passed for the root filesystem in src/distrib/miniroot.
<li>Remove the old package tools (src/usr.sbin/pkg_install) from the tree.
<li>Have <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> detect the absence of <a href="https://man.openbsd.org/ipsec.4">ipsec(4)</a> and tcpmd5 capabilities at runtime.
<li>More helpful boot-time display for <a href="https://man.openbsd.org/aac.4">aac(4)</a>.
<li>Fix a typo in umapfs' <a href="https://man.openbsd.org/unmount.2">unmount(2)</a> implementation.
<li>Backwards compatibility fixes in the hash functions, unbreaking <a href="https://man.openbsd.org/skey.1">skey(1)</a> with sha1.
<li>Make <a href="https://man.openbsd.org/bpf.4">bpf(4)</a> devices clonable.
<li>Make AFS <a href="https://man.openbsd.org/flock.2">flock(2)</a>/<a href="https://man.openbsd.org/fcntl.2">fcntl(2)</a> locks work on the local system.
<!-- ^ 20040528 -->
<li>Make accounting optional, with the new <a href="https://man.openbsd.org/config.8">config(8)</a> option (wait for it) ACCOUNTING.
<li>Allow login names longer than eight characters in <a href="https://man.openbsd.org/uucpd.8">uucpd(8)</a>.
<li>Fix a memory leak in a <a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a> error path.
<li>When shutting the system down, finalise accounting before the VFS to avoid panics.
<li>Fix TCP corruption on <a href="https://man.openbsd.org/rl.4">rl(4)</a> cards.
<li>Much better rulefile parsing for <a href="https://man.openbsd.org/brconfig.8">brconfig(8)</a>.
<li>Pool efficiency improvements:
<ul>
  <li>Lower the default high watermark from UINT_MAX to 8 pages.
  <li>Modify uvm_km_getpage() to take a waitok flag and use it instead of uvm_km_alloc_poolpage1() for both the default and nointr pool allocators.
  <li>Use the default allocator for the mbuf and mbuf cluster pools.
</ul>
<!-- ^ 20040527 -->
<li>Correct a missing <a href="https://man.openbsd.org/freeaddrinfo.3">freeaddrinfo(3)</a> in <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>.
<li>Fix a NetBSD merge error in the TCP syncache, allowing IPv6 to use it.
<li>Fix fd leaks in a few <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a> error paths.
<li>Call <a href="https://man.openbsd.org/ld.so.1">ld.so(1)</a> contructors after setting up the debugger, similar to recent destructor changes.
<li>In <a href="https://man.openbsd.org/cu.1">cu(1)</a>/<a href="https://man.openbsd.org/tip.1">tip(1)</a>, if one process dies then kill the other ourselves.
<li>In <a href="https://man.openbsd.org/rdate.8">rdate(8)</a> NTP mode, send a 64-bit random number as the 'current time' field, which the server copies back in its response. This avoids sending out the current system time, and makes it slightly harder for an attacker to send spoof replies on behalf of the real server.
<li>Use <a href="https://man.openbsd.org/_exit.2">_exit(2)</a> instead of <a href="https://man.openbsd.org/exit.3">exit(3)</a> in the <a href="https://man.openbsd.org/sftp.1">sftp(1)</a> child process.
<!-- ^ 20040526 -->
<li>Include the hostname in <a href="https://man.openbsd.org/syslogd.8">syslogd(8)</a> memory-buffered entries.
<li>Since the per-arch _dl_bcopy() in <a href="https://man.openbsd.org/ld.so.1">ld.so(1)</a> is in all cases a simple for loop and not painstakingly optimised assembler, just use a single machine-independent version.
<li>Allow <a href="https://man.openbsd.org/ld.so.1">ld.so(1)</a> _dl_find_symbol() to return a pointer to the container object.
<li>Handle interface removals gracefully in <a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a>, now that <a href="https://man.openbsd.org/poll.2">poll(2)</a> wakes it up on interface detach.
<li>Wake up any <a href="https://man.openbsd.org/poll.2">poll(2)</a>ing process when a <a href="https://man.openbsd.org/bpf.4">bpf(4)</a> descriptor is closed.
<li>If a <a href="https://man.openbsd.org/bpf.4">bpf(4)</a>-monitored interface is detached, send any buffered packets up to userland.
<li>Scale the <a href="https://man.openbsd.org/bge.4">bge(4)</a> timeout value correctly.
<li>Since ULLONG_MAX+1 == 0 mod ULLONG_MAX+1, let the <a href="https://man.openbsd.org/carp.4">carp(4)</a> sc_counter wrap around all by itself.
<!-- ^ 20040525 -->
<li><a href="https://man.openbsd.org/bktr.4">bktr(4)</a> fixes from NetBSD and FreeBSD.
<li>Move the addition of atexit destructors right to the end of <a href="https://man.openbsd.org/ld.so.1">ld.so(1)</a> setup (after the <a href="https://man.openbsd.org/gdb.1">gdb(1)</a> helper code) so they can be debugged.
<li>If <a href="https://man.openbsd.org/ld.so.1">ld.so(1)</a> is running under <a href="https://man.openbsd.org/ldd.1">ldd(1)</a>, exit earlier before a whole bunch of unnecessary setup gets done.
<li>Check ifp is valid before using it in carp_setroute(), avoiding a panic.
<li>Helpfully, use the right function names in <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a> error messages.
<li>Fix multicast problems with <a href="https://man.openbsd.org/sk.4">sk(4)</a>.
<li>Don't leak a socket in <a href="https://man.openbsd.org/ndp.8">ndp(8)</a>.
<li>Back out the recent <a href="https://man.openbsd.org/fork1.9">fork1(9)</a> change due to compatibility problems.
<!-- ^ 20040524 -->
<li>New MaxAuthTries option for <a href="https://man.openbsd.org/sshd_config.5">sshd_config(5)</a>.
<li>Allow the retval parameter to <a href="https://man.openbsd.org/fork1.9">fork1(9)</a> to be NULL (as the manpage says) without causing a panic.
<li><a href="https://man.openbsd.org/strtonum.3">strtonum(3)</a>ify <a href="https://man.openbsd.org/pflogd.8">pflogd(8)</a>.
<li>Add <a href="https://man.openbsd.org/gscsio.4">gscsio(4)</a> and <a href="https://man.openbsd.org/lmtemp.4">lmtemp(4)</a> I2C drivers.
<li>Add I2C framework (<a href="https://man.openbsd.org/iic.4">iic(4)</a>, <a href="https://man.openbsd.org/iic.9">iic(9)</a>) based on that in NetBSD and enable on i386.
<li>Fix a <a href="https://man.openbsd.org/stat.2">stat(2)</a>-then-<a href="https://man.openbsd.org/open.2">open(2)</a> race in <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a> when checking the policy file for root-only permissions.
<li>Let <a href="https://man.openbsd.org/ipsecadm.8">ipsecadm(8)</a> delete tcpmd5 SAs.
<li>Fix <a href="https://man.openbsd.org/ipsecadm.8">ipsecadm(8)</a> so that <a href="https://man.openbsd.org/ipcomp.4">ipcomp(4)</a> can be used.
<li><strong>SECURITY FIX: With the introduction of IPv6 code in <a href="https://man.openbsd.org/xdm.1">xdm(1)</a>, one test on the 'requestPort' resource was deleted by accident.</strong> This makes xdm create the chooser socket even if XDMCP is disabled in xdm-config, by setting requestPort to 0. See <a href="http://bugs.xfree86.org/show_bug.cgi?id=1376">XFree86 bugzilla</a> for details.<br>
    <a href="errata36.html#xdm">A source code patch is available</a>.<br>
    <a href="stable.html">[Applied to stable]</a>
<li>Fix a boot-time crasher in <a href="https://man.openbsd.org/ahd.4">ahd(4)</a>.
<li>Add (to i386 and amd64) <a href="https://man.openbsd.org/ehci.4">ehci(4)</a>, a USB Enhanced Host Controller Interface driver, for USB 2.0 support.
<li>Finally implement StackGhost buffer overflow exploit protection on sparc.
<li>Correct a missing <a href="https://man.openbsd.org/splx.9">splx(9)</a> in an igmp_joingroup() error path.
<li>Fix VFS corruption (due to <a href="https://man.openbsd.org/gcc.1">gcc(1)</a>) on i386 by out-of-lining the <a href="https://man.openbsd.org/spl.9">spl(9)</a> functions.
<!-- ^ 20040523 -->
<li>Fix size_t != off_t truncation in <a href="https://man.openbsd.org/ahd.4">ahd(4)</a>.
<li>Make <a href="https://man.openbsd.org/vmstat.8">vmstat(8)</a>'s disk columns wide enough to show transfer numbers for modern disks without writing into the next column.
<!-- ^ 20040522 -->
<li>Change the <a href="https://man.openbsd.org/pf.4">pf(4)</a> anchor path component separator from ':' to '/'. <a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a> now requires any anchor spec containing the separator to be in quotes.
<li>Make /root/.klogin optional in /etc/mtree/special.
<li>Import and merge <a href="https://man.openbsd.org/gdb.1">gdb(1)</a> version 6.1.
<li>Support RFC2796 Route Reflection in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>, removing the need for an IBGP mesh.
<li>Add support for dynamic network announcements in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> and <a href="https://man.openbsd.org/bgpctl.8">bgpctl(8)</a>.
<li>Don't rely on ifp's validity when setting a floor on the TCP MSS in ip_input.c.
<li>Allow an <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> user to cancel a port forward (OpenSSH bugzilla #756).
<li>Do a better job of copying <a href="https://man.openbsd.org/pf.4">pf(4)</a> relative anchor paths out to userland.
<li>Use the new DLT_PPP_ETHER datalink type to print <a href="https://man.openbsd.org/pppoe.8">pppoe(8)</a> frames in <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a>.
<!-- ^ 20040521 -->
<li>Use the right buffer size for <a href="https://man.openbsd.org/strlcpy.3">strlcpy(3)</a> in libreadline.
<li>Zero the ifreq structure before use when fetching interface info in <a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a>.
<li>Fix a missing <a href="https://man.openbsd.org/strdup.3">strdup(3)</a> error check in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>.
<li>Start work on adding the <a href="https://man.openbsd.org/ahd.4">ahd(4)</a> Adaptec PCI/PCI-X Ultra320 SCSI driver from FreeBSD.
<!-- ^ 20040520 -->
<li>Enable the fancy new i386 pagezero code by not resetting it to its old value after setting it up.
<li>Allow anchors within anchors in <a href="https://man.openbsd.org/pf.4">pf(4)</a>. More work to come.
<li>Don't recursively call nd6_output() when route allocation fails, just return a host unreachable error.
<li><strong>SECURITY FIX: A heap overflow in the <a href="https://man.openbsd.org/cvs.1">cvs(1)</a> server has been discovered that can be exploited by clients sending malformed requests.</strong> These clients can then run arbitrary code with the same privileges as the CVS server program.<br>
    <a href="errata36.html#cvs2">A source code patch is available</a>.<br>
    <a href="stable.html">[Applied to stable]</a>
<li>Allow symbolic service- and protocol names in <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a>, so e.g. "Protocol=tcp" now works.
<li><strong>SECURITY FIX: A flaw in the Kerberos V <a href="https://man.openbsd.org/kdc.8">kdc(8)</a> server could result in the administrator of a Kerberos realm having the ability to impersonate any principal in any other realm which has established a cross-realm trust with their realm.</strong> The flaw is due to inadequate checking of the "transited" field in a Kerberos request. For more details see <a href="http://www.pdc.kth.se/heimdal/advisory/2004-04-01/">Heimdal's announcement</a>.<br>
    <a href="errata36.html#kerberos">A source code patch is available</a>.<br>
    <a href="stable.html">[Applied to stable]</a>
<li>Add word boundary tests to the regexes that find @-commands in <a href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a> etc. packing lists.
<li>Fix SIGINT handling in <a href="https://man.openbsd.org/sftp.1">sftp(1)</a>.
<li>Upgrade <a href="https://man.openbsd.org/file.1">file(1)</a> to version 4.09.
<li>Updates to aic79xx code from FreeBSD in preparation for the upcoming <a href="https://man.openbsd.org/ahd.4">ahd(4)</a> driver.
<!-- ^ 20040519 -->
<li>Stop some <a href="https://man.openbsd.org/fxp.4">fxp(4)</a> devices creating PCI errors in 10Mbps mode by disabling 'dynamic standby mode' in the EEPROM. From NetBSD.
<li>Handle CRC errors in <a href="https://man.openbsd.org/fxp.4">fxp(4)</a>.
<li>Fix a ssize_t != int overflow in <a href="https://man.openbsd.org/rdate.8">rdate(8)</a>'s NTP code.
<li>Generate /etc/<a href="https://man.openbsd.org/ttys.5">ttys(5)</a> entries for all available <a href="https://man.openbsd.org/pty.4">pty(4)</a> devices, now that more are available.
<li>Fix a missing initialisation in ISA <a href="https://man.openbsd.org/i386/ie.4">ie(4)</a>.
<li>Remove trailer encapsulation support from  <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>.
<li>Fix a reference counting bug in <a href="https://man.openbsd.org/pf.4">pf(4)</a> DIOCCHANGERULE.
<li>Fix a buffer overrun in ip_output() (FreeBSD PR#66386).
<li>Don't leak a mount structure when handling mount errors in nullfs.
<li>ANSIfy src/libc/gen/*.
<!-- ^ 20040518 -->
<li>Merge new binutils, fix local differences, and enable on arm.
<li>Import GNU binutils 2.14, minus testsuites, infodocs and I18N files.
<li>Bump the default data size to 75MB from 64MB, so that XF4 can be built on amd64 with the imminent binutils upgrade without changing <a href="https://man.openbsd.org/login.conf.5">login.conf(5)</a>.
<li>Teach <a href="https://man.openbsd.org/file.1">file(1)</a> about the b.out (i960) binary format. From NetBSD.
<li>In <a href="https://man.openbsd.org/pfsync.4">pfsync(4)</a>, make sure the return code gets initialised (pfsync_request_update()).
<li>Add basic COMMUNITIES attribute support in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>'s filter language.
<li>Update libiberty's floatformat.[ch] to those from <a href="https://man.openbsd.org/gdb.1">gdb(1)</a> 6.1.
<!-- ^ 20040517 -->
<li>Use <a href="https://man.openbsd.org/arc4random.3">arc4random(3)</a> instead of <a href="https://man.openbsd.org/rand.3">rand(3)</a> in <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> mod_rewrite and mod_ssl, cleaning up surrounding code in the latter on the way.<br>
    <a href="stable.html">[Applied to stable]</a>
<li>Remove the now-unused <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> pidfile stuff from /etc/<a href="https://man.openbsd.org/rc.8">rc(8)</a>.
<li>Add a separate link type, DLT_PPP_ETHER, for <a href="https://man.openbsd.org/pppoe.8">pppoe(8)</a> frames. From NetBSD.
<li>Don't skip the graceful shutdown of <a href="https://man.openbsd.org/carp.4">carp(4)</a> just because the system is being powered down.
<li>When <a href="https://man.openbsd.org/carp.4">carp(4)</a> backs off because of physical interface problems, advertise this fact immediately instead of waiting for the next scheduled announcement.
<!-- ^ 20050416 -->
<li>Add a workaround in <a href="https://man.openbsd.org/ppp.8">ppp(8)</a> for the recent multipath routing changes.
<li>Fix a two-byte buffer overflow when printing sockaddr structs of unknown type in <a href="https://man.openbsd.org/route.8">route(8)</a>.
<li>Correct error output for bad limit modifiers in <a href="https://man.openbsd.org/csh.1">csh(1)</a>.
<!-- ^ 20050415 -->
<li>Fix a reference-counting bug in fifofs that could cause certain non-blocking FIFO users (e.g. qmail) to consume 100% CPU.<br>
    <a href="stable.html">[Applied to stable]</a>
<li>Interpret <a href="https://man.openbsd.org/ipsecadm.8">ipsecadm(8)</a> cpi and spi parameters as hex even if not preceded by '0x'.
<li>Unbreak <a href="https://man.openbsd.org/pppoe.8">pppoe(8)</a> server mode by not doing the <a href="https://man.openbsd.org/chroot.8">chroot(8)</a>.
<li>Use a nointr <a href="https://man.openbsd.org/pool.9">pool(9)</a> instead of generic <a href="https://man.openbsd.org/malloc.9">malloc(9)</a> for pathname storage when doing name-to-inode lookups.
<!-- ^ 20040514 -->
<li>Have <a href="https://man.openbsd.org/newfs.8">newfs(8)</a> dump status information to stderr on receipt of SIGINFO if running in quiet (-q) mode.
<li>Allow the <a href="https://man.openbsd.org/authpf.8">authpf(8)</a> shell to be overloaded by <a href="https://man.openbsd.org/login.conf.5">login.conf(5)</a> like the manpage says.
<li>Make the <a href="https://man.openbsd.org/cron.8">cron(8)</a> socket close-on-exec.
<li>Arrange for <a href="https://man.openbsd.org/cron.8">cron(8)</a> to check both cron and <a href="https://man.openbsd.org/at.1">at(1)</a> databases for jobs if the newly-non-blocking cron socket returns EAGAIN.
<li>Display the right fields in <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a>'s <a href="https://man.openbsd.org/carp.4">carp(4)</a> parser.
<li>Make <a href="https://man.openbsd.org/carp.4">carp(4)</a> backoff work properly by heeding the raised advskew on received as well as sent packets.
<li>Make <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>'s lease file handling work under the chroot.
<li>Add some new configuration functionality to <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a>'s FIFO interface.
<li>Allow <a href="https://man.openbsd.org/carp.4">carp(4)</a> interfaces to be destroyed by <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>.
<li>Fix <a href="https://man.openbsd.org/systrace.1">systrace(1)</a> examples in /etc/systrace (PR#3748).
<li>Better <a href="https://man.openbsd.org/scsi.4">scsi(4)</a> sense display.
<!-- ^ 20040513 -->
<li>Replace the hand-crafted expr() parser in <a href="https://man.openbsd.org/m4.1">m4(1)</a> with a standard <a href="https://man.openbsd.org/lex.1">lex(1)</a>-and-<a href="https://man.openbsd.org/yacc.1">yacc(1)</a> combo. Easier to work on, and more standards compliant too.
<li>Fix msdosfs on 64-bit systems.
<li>Fix <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> and <a href="https://man.openbsd.org/ppp.8">ppp(8)</a> breakage caused by the new multipath routing code.
<li>Make <a href="https://man.openbsd.org/login_passwd.8">login_passwd(8)</a> setuid root again, it's needed for 'secure' YP maps.
<li>Call <a href="https://man.openbsd.org/tzset.3">tzset(3)</a> in <a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a>, <a href="https://man.openbsd.org/dhcrelay.8">dhcrelay(8)</a> and <a href="https://man.openbsd.org/mopd.8">mopd(8)</a>.
<!-- ^ 20040512 -->
<li>Don't print the <a href="https://man.openbsd.org/sendmail.8">sendmail(8)</a> version if the helpfile is missing.
<li>Build <a href="https://man.openbsd.org/sendmail.8">sendmail(8)</a> with -D_FFR_QUEUERETURN_DSN, allowing faster expiration of spam bounces.
<li>Unbreak checksum generation when using <a href="https://man.openbsd.org/pf.4">pf(4)</a> scrub random-id.
<li>Change <a href="https://man.openbsd.org/pf.4">pf(4)</a> routing loop detection so that visiting a packet more than four times is an error, instead of more than once.<br>
    <a href="stable.html">[Applied to stable]</a>
<li>Don't abort <a href="https://man.openbsd.org/lint.1">lint(1)</a> because a child process fails, just move onto the next file.
<!-- ^ 20040511 -->
<li>When doing user mounts, inherit the MNT_NOEXEC flag from the mount point. This stops users bypassing noexec by null-mounting the filesystem on top of itself.
<li>Filter and lock <a href="https://man.openbsd.org/rbootd.8">rbootd(8)</a>'s <a href="https://man.openbsd.org/bpf.4">bpf(4)</a> descriptor before dropping privileges.
<li>Unbreak <a href="https://man.openbsd.org/chsh.1">chsh(1)</a> after the recent <a href="https://man.openbsd.org/pw_copy.3">pw_copy(3)</a> changes.
<li>Import and merge GNU readline 4.3p5.
<li>Double <a href="https://man.openbsd.org/ksh.1">ksh(1)</a>'s command line buffer size to 2K.
<li>Allow the banner page to be turned off by <a href="https://man.openbsd.org/lpr.1">lpr(1)</a>.
<li>Add /usr/local/sbin to root's .cshrc, and move /usr/X11R6/bin before /usr/local/{bin,sbin} for both <a href="https://man.openbsd.org/csh.1">csh(1)</a> and <a href="https://man.openbsd.org/ksh.1">ksh(1)</a>.
<li>Remove a bunch of #ifdef ISO and #ifdef notyet crud from <a href="https://man.openbsd.org/nfsd.8">nfsd(8)</a>.
<li>Make <a href="https://man.openbsd.org/lint.1">lint(1)</a> understand the 'long long' type.
<li>Make <a href="https://man.openbsd.org/cron.8">cron(8)</a>'s accept socket non-blocking.
<li>Clobber the 'clobber' command in <a href="https://man.openbsd.org/mail.1">mail(1)</a>.
<li>When <a href="https://man.openbsd.org/user.8">user(8)</a> adds a new group, place it before the first '+' entry if one exists (part of a fix for PR#3727).
<li><a href="https://man.openbsd.org/strtonum.3">strtonum(3)</a>-ify <a href="https://man.openbsd.org/ipsecadm.8">ipsecadm(8)</a> and add some more integer value checks.
<!-- ^ 20040510 -->
<li>Properly initialise <a href="https://man.openbsd.org/carp.4">carp(4)</a> advskew for values greater than 240.<br>
    <a href="stable.html">[Applied to stable]</a>
<li>Remove unused variables in several programs on <a href="https://man.openbsd.org/lint.1">lint(1)</a>'s say-so.
<li>Use the freshly-generated MD5 digest for the SSH1 session ID instead of random stack garbage.
<li>Fix a null deref panic in the <a href="https://man.openbsd.org/pf.4">pf(4)</a> TCP normaliser.
<!-- ^ 20040509 -->
<li>Swap <a href="https://man.openbsd.org/arc4random.3">arc4random(3)</a> for <a href="https://man.openbsd.org/rand.3">rand(3)</a> in <a href="https://man.openbsd.org/awk.1">awk(1)</a> unless the user sets the seed, in which case swap <a href="https://man.openbsd.org/random.3">random(3)</a> for <a href="https://man.openbsd.org/rand.3">rand(3)</a>.
<li>Add a reference count for <a href="https://man.openbsd.org/bpf.4">bpf(4)</a> descriptors, and don't free resources until processes sleeping on a descriptor have been woken up.
<li>Use a locked, filtered <a href="https://man.openbsd.org/bpf.4">bpf(4)</a> descriptor in <a href="https://man.openbsd.org/mopd.8">mopd(8)</a>.
<li>Replace <a href="https://man.openbsd.org/rand.3">rand(3)</a> with <a href="https://man.openbsd.org/arc4random.3">arc4random(3)</a> in <a href="https://man.openbsd.org/ksh.1">ksh(1)</a>, unless the user sets the random seed manually in which case rand() is still used.
<li>Allow manually-keyed <a href="https://man.openbsd.org/ipsec.4">ipsec(4)</a> AH in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>.
<li>Initialise <a href="https://man.openbsd.org/ed.1">ed(1)</a>'s crypto using <a href="https://man.openbsd.org/arc4random.3">arc4random(3)</a> instead of <a href="https://man.openbsd.org/rand.3">rand(3)</a>.
<li>Fix a few memory leaks in <a href="https://man.openbsd.org/regex.3">regex(3)</a>.
<li>Resolve hostnames in <a href="https://man.openbsd.org/dhcpd.conf.5">dhcpd.conf(5)</a> at parse time (PR#3771).
<li>Make <a href="https://man.openbsd.org/carp.4">carp(4)</a> back off on other interfaces on IP output errors until reliable delivery is restored.
<li>Use the right packet length in <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a>'s <a href="https://man.openbsd.org/pfsync.4">pfsync(4)</a> parser.
<!-- ^ 20040508 -->
<li>Enable 802.1q long packets for <a href="https://man.openbsd.org/vlan.4">vlan(4)</a> support in <a href="https://man.openbsd.org/fxp.4">fxp(4)</a> on cardbus.
<li>Don't allow command substitution characters in the environment variables passed through to <a href="https://man.openbsd.org/dhclient-script.8">dhclient-script(8)</a> by <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>.
<li>Have <a href="https://man.openbsd.org/afsd.8">afsd(8)</a> drop privileges and <a href="https://man.openbsd.org/chroot.2">chroot(2)</a> to the cache directory.
<li>Make the -w option work the same for <a href="https://man.openbsd.org/grep.1">grep(1)</a>'s regex and fast paths.
<li>Implement <a href="https://man.openbsd.org/sysconf.3">sysconf(3)</a> values _SC_SEM_NSEMS_MAX and _SC_SEM_VALUE_MAX.
<li>Fix sizeof(pointer) bugs in <a href="https://man.openbsd.org/amd.8">amd(8)</a> and <a href="https://man.openbsd.org/netstat.1">netstat(1)</a>.
<li>Add a fast path for <a href="https://man.openbsd.org/fgrep.1">fgrep(1)</a> and fix the -w option.
<li>Replace the kernel's RSA-derived MD5 implementation with code derived from Colin Plumb's PD version.
<li>Add a filter option to <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> to dump prefixes learned via UPDATEs into a <a href="https://man.openbsd.org/pf.4">pf(4)</a> table.
<li>Big FFS softdep merge with FreeBSD, fixing a number of bugs.
<!-- ^ 20040507 -->
<li>Some <a href="https://man.openbsd.org/snprintf.3">snprintf(3)</a> and <a href="https://man.openbsd.org/strlcpy.3">strlcpy(3)</a> cleaning in the X server.
<li>Stop <a href="https://man.openbsd.org/grep.1">grep(1)</a> doing <a href="https://man.openbsd.org/fseek.3">fseek(3)</a> on stdin if it's a terminal.
<li>Have <a href="https://man.openbsd.org/grep.1">grep(1)</a> treat a '^H' character as non-binary.
<li>Make  <a href="https://man.openbsd.org/dhclient-script.8">dhclient-script(8)</a> work with half-bridge ADSL routers that don't provide a real default gateway (PR#3747).
<li>Apply The Process to <a href="https://man.openbsd.org/pppoe.8">pppoe(8)</a>: Create a filtered and locked <a href="https://man.openbsd.org/bpf.4">bpf(4)</a> descriptor, drop privileges and <a href="https://man.openbsd.org/chroot.2">chroot(2)</a> to /var/empty.
<li>New _afs and _ppp users for privilege separation.
<li>Fix <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> capability negotiation bugs and speed it up when working with picky peers.
<li>Increase <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>'s socket buffer size to 64KB iff <!-- iff is not a typo --> IPsec or md5sig is in use.
<li>Fix a race condition in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> when a session is closed but there are updates in the buffer.
<li>Add strchr() and strrchr() to libkern.
<!-- ^ 20040506 -->
<li><strong>SECURITY FIX: Check for integer overflow in procfs.</strong> Use of procfs is not recommended.<br>
    <a href="errata36.html#procfs">A source code patch is available</a>.<br>
    <a href="stable.html">[Applied to stable]</a>
<li>When a <a href="https://man.openbsd.org/pf.4">pf(4)</a> scrub rule with the 'reassemble tcp' option is in effect, use RFC1913 PAWS as a means of extending the TCP sequence space by 10 to 18 bits. This makes blind insertion attacks much more difficult, because the timestamp needs to be guessed as well as the TCP sequence number.
<li>Sprinkle <a href="https://man.openbsd.org/strtonum.3">strtonum(3)</a> liberally all over <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>.
<li>Match the <a href="https://man.openbsd.org/sha2.3">sha2(3)</a> functions up with the other hash types.
<li>Add a <a href="https://man.openbsd.org/bpf.4">bpf(4)</a> write filter to <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> and lock the descriptor.
<li>Use <a href="https://man.openbsd.org/tzset.3">tzset(3)</a> before chrooting <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>.
<li>Create the <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> privsep child before opening <a href="https://man.openbsd.org/bpf.4">bpf(4)</a>, creating the routing socket and opening the lease file.
<li>In <a href="https://man.openbsd.org/make.1">make(1)</a>, keep statistics for suffix transformations.
<!-- ^ 20040505 -->
<li>Remove <a href="https://man.openbsd.org/bootpd.8">bootpd(8)</a>, <a href="https://man.openbsd.org/bootpef.8">bootpef(8)</a> and <a href="https://man.openbsd.org/bootpgw.8">bootpgw(8)</a> from the tree, their functionality is present in <a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a> and friends nowadays.
<li>Teach <a href="https://man.openbsd.org/nm.1">nm(1)</a> about ELF .plt*, .got*, .init and .fini sections.
<li>The TCP-specific route metrics are rarely used, so use a trimmed down version in the kernel (struct rt_kmetrics) and fake up a full-fat struct rt_metrics on demand for userland compatility.
<li>Apply bridge filter rules to frames destined for the local machine, so a single-interface bridge can do filtering and tagging.
<li>Add privilege separation to <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>.
<li>Create /var/empty on the installer miniroot so some futuristic pie-in-the-sky privilege-separated <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> can work.
<!-- ^ 20040504 -->
<li>Convert <a href="https://man.openbsd.org/ping.8">ping(8)</a> to use <a href="https://man.openbsd.org/strtonum.3">strtonum(3)</a>.
<li>Add COMPAT_35 <a href="https://man.openbsd.org/config.8">config(8)</a> option for kernel binary compatibility with OpenBSD 3.5
<li>Add *Pad (do padding like *Final without finishing) and *FileChunk (digest a portion of a file) functions for each of the hash types in libc.
<li>Tweak <a href="https://man.openbsd.org/ndbm.3">ndbm(3)</a>, <a href="https://man.openbsd.org/semop.2">semop(2)</a> and <a href="https://man.openbsd.org/shmget.2">shmget(2)</a> to match POSIX. Since this is an API change, crank libc's and libpthread's major version.
<li>Define bsd_signal(3) as required by XPG. Of course, it's just an alias for <a href="https://man.openbsd.org/signal.3">signal(3)</a> here.
<li>New stdlib function <a href="https://man.openbsd.org/strtonum.3">strtonum(3)</a>, a safe replacement for <a href="https://man.openbsd.org/atoi.3">atoi(3)</a> and <a href="https://man.openbsd.org/strtol.3">strtol(3)</a> etc.
<li>Clean up properly if <a href="https://man.openbsd.org/wi.4">wi(4)</a> PCMCIA attachment fails.
<li>Remove OpenBSD/pegasos. See the mailing list archives for some very good reasons why.
<li>Make <a href="https://man.openbsd.org/cron.8">cron(8)</a>'s crontab socket non-blocking.
<li>When setting PROT_NONE with <a href="https://man.openbsd.org/mprotect.2">mprotect(2)</a> on a wired entry, decrement the wired count and stop ntpd causing a panic (PR#3758).<br>
    <a href="stable.html">[Applied to stable]</a>
<li>Some more fixes to <a href="https://man.openbsd.org/strerror.3">strerror(3)</a>. Everything now goes via <a href="https://man.openbsd.org/strerror_r.3">strerror_r(3)</a>.
<li>Make <a href="https://man.openbsd.org/cksum.1">cksum(1)</a> a link (in /bin) to <a href="https://man.openbsd.org/md5.1">md5(1)</a> and remove the old program.
<li>Add support for cksum (three flavours), md4, sha256, sha384 and sha512 to <a href="https://man.openbsd.org/md5.1">md5(1)</a>.
<!-- ^ 20040502 -->
<li>Fix a call to <a href="https://man.openbsd.org/disk_unbusy.9">disk_unbusy(9)</a> that lacked the third argument.
<li>Implement <a href="https://man.openbsd.org/pthread_suspend_all_np.3">pthread_suspend_all_np(3)</a> and <a href="https://man.openbsd.org/pthread_resume_all_np.3">pthread_resume_all_np(3)</a>, needed by the Java HotSpot compiler. From FreeBSD.
<li>Fix the fixes to <a href="https://man.openbsd.org/strerror.3">strerror(3)</a>.
<li>Do privilege revocation in <a href="https://man.openbsd.org/rbootd.8">rbootd(8)</a>.
<li>Fix a bug that could cause <a href="https://man.openbsd.org/fxp.4">fxp(4)</a> to lock up for 15 seconds under heavy load.<br>
    <a href="stable.html">[Applied to stable]</a>
<!-- ^ 20040501 -->
<li>Add _rbootd privilege separation/revocation user for <a href="https://man.openbsd.org/rbootd.8">rbootd(8)</a>.
<li>Allow <a href="https://man.openbsd.org/pfsync.4">pfsync(4)</a> to be built in a kernel without <a href="https://man.openbsd.org/carp.4">carp(4)</a>.
<li>Start the 3.5-stable branch.
<li>Fix non-reentrancy and other bad stuff in <a href="https://man.openbsd.org/strerror.3">strerror(3)</a>.
<!-- ^ 20040530 -->
<li>Check <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a> payload lengths more carefully.
<li>Speedups and cleanups in <a href="https://man.openbsd.org/md4.3">md4(3)</a> and <a href="https://man.openbsd.org/md5.3">md5(3)</a>.
<li>Fix alignment problems when copying <a href="https://man.openbsd.org/sha2.3">sha2(3)</a>'s data pointer around.
<li>Have <a href="https://man.openbsd.org/nm.1">nm(1)</a> report empty a.out objects as having "no name list" instead of accusing them of having "bad format".
<!-- ^ 20040529 -->
<li>Replace the old RSA Data Security Inc. implementations of <a href="https://man.openbsd.org/md4.3">md4(3)</a> and <a href="https://man.openbsd.org/md5.3">md5(3)</a> with code derived from Colin Plumb's public domain MD5 implementation.
<li>Wire <a href="https://man.openbsd.org/tcpdrop.8">tcpdrop(8)</a> into the build.
<li>Fix a null-dereference crasher in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>.
<li>Fix file descriptor leaks in <a href="https://man.openbsd.org/pflogd.8">pflogd(8)</a>, <a href="https://man.openbsd.org/rpc.rusersd.8">rpc.rusersd(8)</a>, <a href="https://man.openbsd.org/spamd-setup.8">spamd-setup(8)</a>, <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> and <a href="https://man.openbsd.org/tftpd.8">tftpd(8)</a>.
<li>Remove the old ISC DHCP code from the tree, much to Henning's delight.
<li>In <a href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a>, allow the PAGER environment variable to contain spaces.
<li>Update libevent to 0.8 + local changes.
<!-- XXX wtf Wed Apr 28 06:50:21 UTC 2004 usr.sbin/pkg_add/OpenBSD PackingList.pm -->
<li>Add some Zebra bug compatibility into <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>'s capabilities announcements.
<li>Put the IP addresses of users authenticated by <a href="https://man.openbsd.org/authpf.8">authpf(8)</a> into the &lt;authpf-users&gt; table.
<li>Support AH as well as ESP flows for <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> IPsec.
<li>Fix a bogus return statement in <a href="https://man.openbsd.org/pf.4">pf(4)</a> tables code when dealing with non-IP packets.
<li>Allow <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> peers to request route refreshes.
<li>Keep track of SAs inserted by <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>, making it easier to remove them later.
<li>Make <a href="https://man.openbsd.org/pf.4">pf(4)</a> return-rst work on pure bridges.
<li>Remove the assumption, found in a number of places in <a href="https://man.openbsd.org/pf.4">pf(4)</a>, that af !=INET6 implies af==AF_INET.
<li>Have <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> print <a href="https://man.openbsd.org/carp.4">carp(4)</a> packets as carp, and not VRRP.
<li>Some fixes to <a href="https://man.openbsd.org/carp.4">carp(4)</a> and <a href="https://man.openbsd.org/pfsync.4">pfsync(4)</a> statistics counters.
<li>Make <a href="https://man.openbsd.org/carp.4">carp(4)</a> sensitive to its physical interface: If the physical interface drops, so does the carp interface; and have all other carp interfaces back off (i.e. don't preempt, and set high advskew) so this host is unlikely to stay as master.
<li>Add IPv6 support to <a href="https://man.openbsd.org/authpf.8">authpf(8)</a>.
<!-- ^ 20040428 -->
<li>Generate an <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a> host key in /etc/<a href="https://man.openbsd.org/rc.8">rc(8)</a>, just like the <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> host keys.
<li>Add IKE to <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>'s IPsec support.
<li>Exit gracefully from <a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a> with the -vvsq option if no queues are in use.
<li>Make <a href="https://man.openbsd.org/spamd.8">spamd(8)</a> pass a valid pointer as the fourth argument to <a href="https://man.openbsd.org/getaddrinfo.3">getaddrinfo(3)</a>.
<li>Add back a couple of missing break statements in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>, unbreaking tcpmd5.
<li>Have <a href="https://man.openbsd.org/pf.4">pf(4)</a>'s normaliser check that a TCP RST has exactly the right sequence number. The check only works when we're doing full fragment reassembly.
<li>Stop <a href="https://man.openbsd.org/ipsecadm.8">ipsecadm(8)</a> looping forever when displaying zero-sized extensions.
<li>Allow only BGP traffic over the IPsec flows set up by <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>.
<li>A number of quad fixes in libc.
<li>Allow <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> to pass specified environment variables from client to server (OpenSSH bugzilla #815).
<li>Support RFC2918 "Route Refresh Capability for BGP-4" in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>.
<li>Fix incomplete removal of altq when loading a new rulebase that doesn't contain altq rules.
<!-- ^ 20040427 -->
<li>New program <a href="https://man.openbsd.org/tcpdrop.8">tcpdrop(8)</a> that uses the sysctl interface to drop TCP connections. Not built by default yet.
<li>Add a -n (no name lookup) flag to <a href="https://man.openbsd.org/systat.1">systat(1)</a>.
<li>Fix <a href="https://man.openbsd.org/select.2">select(2)</a>'s readability detection for NFS filehandles (PR#3757). Broken in the change to <a href="https://man.openbsd.org/poll.2">poll(2)</a> backends, fix from UFS code.
<li>In <a href="https://man.openbsd.org/spamd.8">spamd(8)</a>, clear the <a href="https://man.openbsd.org/getaddrinfo.3">getaddrinfo(3)</a> hints structure before use.
<li>Break an infinite recursion between tcp_output() and tcp_mtudisc() when the TCP MSS gets to be larger then the interface MTU. Connections will still stall, however.
<li>Allow TCP MSS below the failsafe 216 iff <!-- 'iff' is not a typo --> the interface MTU is less than 256.
<li>Back out (for now) the <a href="https://man.openbsd.org/em.4">em(4)</a> buffer allocation increase (though not the deferred allocation) as it breaks older cards.
<li>Allow <a href="https://man.openbsd.org/cron.8">cron(8)</a> to send mail to logins containing an underscore character.
<li>Add direct support in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> for <a href="https://man.openbsd.org/ipsec.4">ipsec(4)</a> between peers. Manual keying only for now.
<li>Much stricter checking of <a href="https://man.openbsd.org/bpf.4">bpf(4)</a> code, preventing arbitrary reads and writes of kernel memory.<br>
    <a href="stable.html">[Applied to stable]</a>
<li>Allocate more buffers for <a href="https://man.openbsd.org/em.4">em(4)</a> cards, but defer that allocation until <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> up and remove it on interface shutdown.
<li>Fix <a href="https://man.openbsd.org/route.8">route(8)</a>'s display of the gateway when set using an explicit -gateway modifier.
<li>When IF_INPUT_ENQUEUE() queues an <a href="https://man.openbsd.org/mbuf.9">mbuf(9)</a> with a cluster, check to see if the data in the cluster will fit into the mbuf and if so, copy the data and deallocate the cluster.
<li>For <a href="https://man.openbsd.org/fxp.4">fxp(4)</a> and <a href="https://man.openbsd.org/sis.4">sis(4)</a>, permanently allocate only the minimum number of buffers. Allocate and deallocate receive buffers when <a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a> brings the interface up and down respectively.
<li>Bandwidth checking fixes in <a href="https://man.openbsd.org/altq.9">altq(9)</a>. Now a bandwidth of zero is allowed, producing a blackhole queue for CBQ and a realtime-only queue for HFSC.
<li>Add some <a href="https://man.openbsd.org/htonl.3">htonl(3)</a> paranoia around  <a href="https://man.openbsd.org/arc4random.9">arc4random(9)</a> calls in <a href="https://man.openbsd.org/pf.4">pf(4)</a>, so that biases in the PRNG won't leak the firewall's byte order.
<li>Fix corruption of <a href="https://man.openbsd.org/pf.4">pf(4)</a>'s address pools when using more than 256 rules.<br>
    <a href="stable.html">[Applied to stable]</a>
<li>In /etc/<a href="https://man.openbsd.org/rc.8">rc(8)</a>, check that <a href="https://man.openbsd.org/carp.4">carp(4)</a> interfaces really exist before attempting to bring them down at shutdown time.
<li>Start work on peer-to-peer IPsec support for <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>.
<li>Have <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> announce RFC2858 multiprotocol capabilities. Only IPv4 multicast is supported for now.
<li>Make <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> prefer older (more stable) routes before resorting to comparison of BGP IDs and peer IP addresses.
<li>Add a reference count for <a href="https://man.openbsd.org/pf.4">pf(4)</a> anchor rules.
<!-- ^ 20040426 -->
<li>Since <a href="https://man.openbsd.org/isprint.3">isprint(3)</a> doesn't consider all whitespace printable, also use <a href="https://man.openbsd.org/isspace.3">isspace(3)</a> for the binary file test in <a href="https://man.openbsd.org/less.1">less(1)</a>.
<li>Fix float -&gt; quad conversion in libc.
<li>Prettier output from <a href="https://man.openbsd.org/bgpctl.8">bgpctl(8)</a>.
<li>Permit multiple default routes.
<li>A few more unionfs fixes.
<li>Respect access rights on a union filesystem (PR#745).
<li>Add a few pieces missed in the merge of OpenSSL 0.9.7d.
<li>Add input queue congestion flag support to a few interfaces that can't use the new IF_INPUT_ENQUEUE macro.
<li>Prevent an endless loop in <a href="https://man.openbsd.org/pf.4">pf(4)</a> with 'route-to lo0' rules (PR#3736).<br>
    <a href="stable.html">[Applied to stable]</a>
<li>Have <a href="https://man.openbsd.org/authpf.8">authpf(8)</a> run <a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a> to change the rulebase instead of sucking in code from pfctl and doing it itself.
<li>Set MINCLSIZE back to its smaller pre-KAME IPv6 value, so now clusters will be used more often.
<li>In <a href="https://man.openbsd.org/pfsync.4">pfsync(4)</a>, purge only a specific expired state instead of doing an expensive purge all expired states while running at a high <a href="https://man.openbsd.org/spl.9">spl(9)</a>.
<li>Make sure the local address and <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> neighbor address are of the same address family.
<li>Use '|' instead of ':' as the field separator for <a href="https://man.openbsd.org/spamd.8">spamd(8)</a> database keys, in preparation for future IPv6 support.
<li>Fix a potential null dereference in the <a href="https://man.openbsd.org/ssl.3">ssl(3)</a> application utility code.
<!-- sbreserve() sb_mbmax -->
<li>Give <a href="https://man.openbsd.org/routed.8">routed(8)</a> a local copy of the radix tree code, so it doesn't get (re)broken by net/radix.c changes.
<li>Make <a href="https://man.openbsd.org/ssl.3">ssl(3)</a> S/MIME work again.
<li>Add 'neighbor cloning' to <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>, allowing a configuration to be specified for a network/prefixlength pair as well as the peer IP address. The configuration is cloned for each new peer in the given address range.
<li>Add tcpdrop <a href="https://man.openbsd.org/sysctl.3">sysctl(3)</a>, allowing a userland program terminate a TCP connection.
<li>Some string cleaning in <a href="https://man.openbsd.org/ddb.4">ddb(4)</a>.
<li>Fix a missing return statement in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>'s control connection error path.
<li>Add multipath support to the radix tree, allowing multiple routes to a single destination (though it won't actually get you anywhere just yet). From KAME.
<li>Send <a href="https://man.openbsd.org/pfsync.4">pfsync(4)</a> packets for IPv6 protocols other than TCP, UDP and ICMP.
<li>Sync kernel radix tree code with 4.4BSD-Lite2 via NetBSD.
<li>Don't add a PF_GENERATED tag to <a href="https://man.openbsd.org/pf.4">pf(4)</a> synproxy generated packets for the second handshake, so they can match rules (and create state) on another interface.
<!-- ^ 20040425 -->
<li>Add a 'probability' modifier for <a href="https://man.openbsd.org/pf.4">pf(4)</a> rules, setting the likelihood with which a rule will trigger.
<li>Greatly simplify <a href="https://man.openbsd.org/inetd.8">inetd(8)</a>'s hostname/address lookup code.
<li>Since OpenBSD has <a href="https://man.openbsd.org/openpty.3">openpty(3)</a>, we may as well have <a href="https://man.openbsd.org/telnetd.8">telnetd(8)</a> use it.
<li>Initial support for IPv6 transport in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>.
<li>Add <a href="https://man.openbsd.org/spamd.8">spamd(8)</a> config files to <a href="https://man.openbsd.org/changelist.5">changelist(5)</a> and /etc/mtree/special.
<li>Some additional TCP option length paranoia in <a href="https://man.openbsd.org/pf.4">pf(4)</a>'s normaliser.
<li>Have <a href="https://man.openbsd.org/netstat.1">netstat(1)</a> display the new tcps.rcvacktooold statistic counter.
<li>Sync &lt;tree.h&gt; with Niels Provos' version to get rid of a compiler warning for <a href="https://man.openbsd.org/RB_NEXT.3">RB_NEXT(3)</a>.
<!-- ^ 20040424 -->
<li>Port the gcc2 bounds checking support to gcc3, enabled with -Wbounded (see <a href="https://man.openbsd.org/gcc-local.1">gcc-local(1)</a>).
<li>Add some CMSG_ macros to get proper alignment in portalfs. From NetBSD.
<li>In <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a>, make sure the KEY_LENGTH attribute is present when checking AES proposals as this is required when acting as responder to SafeNet peers.
<li>Silence <a href="https://man.openbsd.org/getopt.3">getopt(3)</a> errors in the privileged <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> process.
<li>Don't display rubbish on the first output line from <a href="https://man.openbsd.org/vmstat.8">vmstat(8)</a>, wait for the stats to stabilise.
<!-- ^ 20040423 -->
<li>Fix the calculation of a raw IPv6 UDP packet's checksum.
<li>For <a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a>'s ping probes, just use the pid for the ICMP id like <a href="https://man.openbsd.org/ping.8">ping(8)</a> does, instead of some architecture-dependent wierdness.
<!-- ^ 20040422 -->
<li>Merge in new Omron LUNA port (luna88k), based on OpenBSD/mvme88k, NetBSD/luna68k and CMU Mach.
<li>As with <a href="https://man.openbsd.org/dhcrelay.8">dhcrelay(8)</a>, set a write filter and lock the <a href="https://man.openbsd.org/bpf.4">bpf(4)</a> descriptor before privilege drop in <a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a>.
<!-- ^ 20040421 -->
<li>Change <a href="https://man.openbsd.org/pw_copy.3">pw_copy(3)</a> to take the old entry as an additional parameter, allowing both a change of username and a check that the file hasn't changed since it was last read (fixes PR#3698). Adapted from FreeBSD.
<li>Set a write filter and lock <a href="https://man.openbsd.org/dhcrelay.8">dhcrelay(8)</a>'s <a href="https://man.openbsd.org/bpf.4">bpf(4)</a> file descriptor before dropping privileges.
<li>Drop the port-changing options in <a href="https://man.openbsd.org/dhcrelay.8">dhcrelay(8)</a> too, always use standard ports.
<li>New TCP stat counter tcps.rcvacktooold, counts the number of times we drop very old ACK packets when the sequence number isn't exactly right.
<li>Set the km_page allocator's low watermark to a value that allows the system to boot.
<li>Switch the build over to the new, improved <a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a> and <a href="https://man.openbsd.org/dhcrelay.8">dhcrelay(8)</a>.
<li>Remove the -p (listen port) option of new <a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a>.
<!-- ^ 20040420 -->
<li>Bump the default kern.maxclusters to a value high enough to deter all but the most determined tweakers.
<li>Remove the GATEWAY <a href="https://man.openbsd.org/config.8">config(8)</a> option now that both IP forwarding and mbuf cluster allocation are configurable using <a href="https://man.openbsd.org/sysctl.3">sysctl(3)</a>.
<li>Introduce a new <a href="https://man.openbsd.org/sysctl.3">sysctl(3)</a> kern.maxclusters controlling (oddly enough) the maximum number of mbuf clusters. This deprecates the much-abused NMBCLUSTERS <a href="https://man.openbsd.org/config.8">config(8)</a> option.
<li>Use the km_page allocator as the backend for the mbuf and mbuf cluster pools.
<li>New km_page <a href="https://man.openbsd.org/pool.9">pool(9)</a> allocator running in an interrupt-safe kernel thread (kmthread).
<li>Resource starvation checks for sockets:
<ul>
  <li>Check the level of <a href="https://man.openbsd.org/mbuf.9">mbuf(9)</a> cluster utilisation when doing an accepting a listen socket, and fail if usage is greater than 95% of the hard limit.
  <li>New API sbcheckreserve() returns ENOBUFS if more than 50% of <a href="https://man.openbsd.org/mbuf.9">mbuf(9)</a> clusters are in use
  <li>Use sbcheckreserve() when accepting a connection, and on <a href="https://man.openbsd.org/setsockopt.2">setsockopt(2)</a> for SO_SNDBUF and SND_RCVBUF, and allocate minimal buffers in low-memory situations.
</ul>
<li>Stop propolice tripping an assert in gcc3.
<li>Make <a href="https://man.openbsd.org/spamd.8">spamd(8)</a> display an error if it can't open the /var/db/spamd database for writing, and return a proper error code.
<li>Cure the angst in <a href="https://man.openbsd.org/user.8">user(8)</a> caused by the non-existence of the /nonexistent directory.
<li>Correct new <a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a>'s handling of very long lease times (PR#2888).
<li>Fix a propolice bug in <a href="https://man.openbsd.org/gcc.1">gcc(1)</a> and unbreak MySQL (mysql bug id 1442).
<!-- ^ 20040419 -->
<li>Have <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> perform strict permission checks on ~/.ssh/config files and abort unless they're correct.
<li>If kernel <a href="https://man.openbsd.org/ipsec.4">ipsec(4)</a> and/or <a href="https://man.openbsd.org/ipcomp.4">ipcomp(4)</a> processing is disabled by <a href="https://man.openbsd.org/sysctl.3">sysctl(3)</a>, pass any packets through as raw IP to give userland a chance to handle them.
<li>Sync the <a href="https://man.openbsd.org/em.4">em(4)</a> driver with FreeBSD.
<li>Tidy up <a href="https://man.openbsd.org/usb.4">usb(4)</a> kernel configs in line with recent i386 changes.
<li><strong>RELIABILITY FIX: Restore the ability to negotiate tags/wide/sync with some SCSI controllers</strong> (<a href="https://man.openbsd.org/siop.4">siop(4)</a>, <a href="https://man.openbsd.org/trm.4">trm(4)</a> and <a href="https://man.openbsd.org/iha.4">iha(4)</a>).<br>
    <a href="errata36.html#scsi">A source code patch is available</a>.<br>
    <a href="stable.html">[Applied to stable]</a>
<li>Since <a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a> can now be invoked legitimately without an interface, don't abort when the user doesn't give any options.
<!-- ^ 20040418 -->
<li>New _tftpd user and group.
<li>Make sure <a href="https://man.openbsd.org/m_pullup2.9">m_pullup2(9)</a> copies the M_CLUSTER flag when it creates a new mbuf (PR#3740).
<li>Have <a href="https://man.openbsd.org/pf.4">pf(4)</a> block unconditionally when the input queue congestion flag is set, instead of doing CPU-intensive rule tests.
<li>If an interface input queue becomes full, set a new congestion flag in the queue structure. Since a full queue usually indicates processing overload, this flag can be used to allow other subsystems to cooperate in easing the situation.
<!-- ^ 20040417 -->
<li>Make <a href="https://man.openbsd.org/netstat.1">netstat(1)</a> show the number of mbuf clusters in use rather than the number of pages.
<li>Fix a ufs directory-related panic (PR#3672). Fix from FreeBSD.<br>
    <a href="stable.html">[Applied to stable]</a>
<li>Have the <a href="https://man.openbsd.org/cvs.1">cvs(1)</a> server check for attempts by a client to walk up the directory tree illegally.
<li>Undo a non-fix in shared memory <a href="https://man.openbsd.org/sysctl.3">sysctl(3)</a> kern.shminfo.shmmni.<br>
    <a href="stable.html">[Applied to stable]</a>
<strong>SECURITY FIX: Pathname validation problems have been found in <a href="https://man.openbsd.org/cvs.1">cvs(1)</a></strong>, allowing malicious clients to create files outside the repository, allowing malicious servers to overwrite files outside the local CVS tree on the client and allowing clients to check out files outside the CVS repository.<br>
    <a href="errata36.html#cvs">A source code patch is available</a>.<br>
    <a href="stable.html">[Applied to stable]</a>
<li>Some address family agnosticism in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>.
<li>Let <a href="https://man.openbsd.org/bgpctl.8">bgpctl(8)</a> show IPv6 peer addresses in neighbour view.
<!-- ^ 20040416 -->
<li>Now that <a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a> doesn't need to continuously reopen the leases file for writing, have it <a href="https://man.openbsd.org/chroot.2">chroot(2)</a> to /var/empty and drop privileges after starting up.
<li>Only open the <a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a> leases file once instead of every time it needs to be written.
<li>Set up new <a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a>'s <a href="https://man.openbsd.org/bpf.4">bpf(4)</a> listen filter for the right port.
<li>Have <a href="https://man.openbsd.org/mopd.8">mopd(8)</a> do a <a href="https://man.openbsd.org/chroot.2">chroot(2)</a> to /var/empty and drop its privileges.
<li>Massive <a href="https://man.openbsd.org/style.9">style(9)</a> application to <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a>.
<li>Stop another instance of <a href="https://man.openbsd.org/syslogd.8">syslogd(8)</a> from unlinking a socket that's in use.
<li>TCP packets are now allowed to have IPv4 options.
<li>Begin work of separating binary emulation type from the executable file format.
<!-- ^ 20040415 -->
<li>New user and group _mopd, for some obscure reason related to <a href="https://man.openbsd.org/mopd.8">mopd(8)</a>.
<li>Enable all supported USB devices in the i386 GENERIC config.
<li>Pass the jobname to <a href="https://man.openbsd.org/lpd.8">lpd(8)</a>'s input filter via the -j option, some filters need it.
<li>When the syncache aborts a connection, don't set an ACK in the RST packet.
<li>Add entries for all supported USB devices to the GENERIC config on sparc64.
<li>In <a href="https://man.openbsd.org/crypto.9">crypto(9)</a>, add cases for sha2 algorithms in swcr_authcompute().
<li>Fix <a href="https://man.openbsd.org/systat.1">systat(1)</a> screen updates after resuming from a ^Z.
<li>Make <a href="https://man.openbsd.org/pf.4">pf(4)</a> antispoof rules work with dynamic interfaces.
<li>Match on all characters of the interface name in the <a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a> parser.<br>
    <a href="stable.html">[Applied to stable]</a>
<li>Make sure privsep <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> transitions into STATE_RUN even when writing to stdout with '-w -'.
<li>Implement AI_NUMERICSERV (from RFC3493) in <a href="https://man.openbsd.org/getaddrinfo.3">getaddrinfo(3)</a>.
<li>Since the UDP checksum in mandatory in IPv6, drop any input packets where it's absent and make sure it's set even for error output.
<li><a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a> cleanup:
<ul>
  <li>Use <a href="https://man.openbsd.org/getopt.3">getopt(3)</a>.
  <li>Remove pidfile code.
  <li>Steal some already-sanitised code from <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>.
  <li>Remove code to handle network access methods we don't care about, only <a href="https://man.openbsd.org/bpf.4">bpf(4)</a> is necessary here.
</ul>
<!-- ^ 20040414 -->
<li>Break out <a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a> into usr.sbin/dhcpd and begin The Process.
<li>Have <a href="https://man.openbsd.org/lpd.8">lpd(8)</a> treat 'o' format files (PostScript) from MacOS 10.1 the same as 'l', not 'f', since PostScript can contain binary data. From FreeBSD.
<li>Parse and handle RFC 2858 Multiprotocol Extensions in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>.
<li>Allow <a href="https://man.openbsd.org/restore.8">restore(8)</a> to recover files larger than 4GB by using size_t instead of long.
<li>Have <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> retry up to ten times after a second's delay for interfaces showing no link.
<li>More careful IKE payload parsing in <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a>.
<li>New _PATH_DEVFD and _PATH_VAREMPTY constants in &lt;paths.h&gt;.
<li>Fix a null deref in <a href="https://man.openbsd.org/syslogd.8">syslogd(8)</a>.
<li>Have new <a href="https://man.openbsd.org/dhcrelay.8">dhcrelay(8)</a> do a <a href="https://man.openbsd.org/chroot.2">chroot(2)</a> to /var/empty and drop privileges.
<li>In libpthread, update curthread immediately after a thread switch.<br>
    <a href="stable.html">[Applied to stable]</a>
<li>New _dhcp user and group for, funnily enough, the DHCP programs.
<!-- ^ 20040413 -->
<li>Refactor the installer's network initialisation code into IPv4-specific sections in preparation for IPv6.
<li>Start surgery on <a href="https://man.openbsd.org/dhcrelay.8">dhcrelay(8)</a>:
<ul>
  <li>Move to /usr/src/usr.sbin/dhcrelay.
  <li>Kill pidfile code.
  <li>Use <a href="https://man.openbsd.org/daemon.3">daemon(3)</a> and <a href="https://man.openbsd.org/getopt.3">getopt(3)</a> instead of DIY.
</ul>
<li>Huge cleanup of <a href="https://man.openbsd.org/mopd.8">mopd(8)</a>.
<li>Drop very old TCP ACK packets.<br>
    <a href="stable.html">[Applied to stable]</a>
<li>Implement a rate limit for TCP ACKs of 100pps, and use this more general mechanism for in-window SYN handling too.
<li>Safely handle aborts in <a href="https://man.openbsd.org/malloc.3">malloc(3)</a> etc. without tripping the recursive call handler by mistake.
<li><strong>RELIABILITY FIX: Under load "recent model" gdt(4) controllers will lock up.</strong><br>
    <a href="errata36.html#gdt">A source code patch is available</a>.<br>
    <a href="stable.html">[Applied to stable]</a>
<!-- ^ 20040412 -->
<li>Fix an accidental busy-wait in <a href="https://man.openbsd.org/sensorsd.8">sensorsd(8)</a>.
<li>Increase the maximum number of <a href="https://man.openbsd.org/pty.4">pty(4)</a> devices to 992. See the <a href="faq/upgrade-old.html">Upgrading Mini-FAQ</a> item 3.5.1 for upgrade instructions.
<li>Fix a typo in kern/tty_pty.c when generating <a href="https://man.openbsd.org/pty.4">pty(4)</a> device filenames, soon to be exposed by changes to pty.
<li>Compatiblity fixes to <a href="https://man.openbsd.org/mpt.4">mpt(4)</a>.
<!-- ^ 20040411 -->
<li>Change <a href="https://man.openbsd.org/snprintf.3">snprintf(3)</a>'s handling with size==0, in line with a <a href="https://man.openbsd.org/vsnprintf.3">vsnprintf(3)</a> change (rev. 1.5) from years ago.
<li>Fix a segmentation fault in Xlib when a .Xauthority file contains IPv6 XDM-AUTHORIZATION-1 data (NetBSD PR xsrc/25098).
<li>Rearrange the GENERIC config file so clonable interfaces are together, and without the now-unnecessary device count.
<!-- ^ 20040410 -->
<li>When libpthread is <a href="https://man.openbsd.org/poll.2">poll(2)</a>ing for read- or writability of an fd on behalf of a thread, check the ERR, HUP and NVAL flags as well as the read or write flags.
<li>Sync <a href="https://man.openbsd.org/uudecode.1">uudecode(1)</a> with FreeBSD, including base64 support.
<li>Stop a number of network interfaces moaning about a failed <a href="https://man.openbsd.org/mbuf.9">mbuf(9)</a> allocations, the complaint uses mbufs and just makes things worse.
<li>Pass SIGINT and SIGQUIT through to <a href="https://man.openbsd.org/syslogd.8">syslogd(8)</a>'s privsep child.
<li>Move the <a href="https://man.openbsd.org/pf.4">pf(4)</a> altq, OS fingerprint and table <a href="https://man.openbsd.org/pool.9">pool(9)</a>s from the default (interrupt context) kmem allocator to the much-larger nointr allocator.
<li>If <a href="https://man.openbsd.org/newsyslog.conf.5">newsyslog.conf(5)</a> doesn't list a user or group, create new files with the uid or gid from the existing file.
<li>Force <a href="https://man.openbsd.org/cvs.1">cvs(1)</a> to use the libc <a href="https://man.openbsd.org/getopt.3">getopt(3)</a> implementation instead of its own.
<li>Have <a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a> check that the file it's trying to open isn't really a directory.
<!-- ^ 20040409 -->
<li>More <a href="https://man.openbsd.org/gcc.1">gcc(1)</a> optimiser fixes for mvme88k
<li>Swap the last two parameters to <a href="https://man.openbsd.org/TAILQ_FOREACH_REVERSE.3">TAILQ_FOREACH_REVERSE(3)</a> in line with FreeBSD and NetBSD.
<li>Use a more efficient <a href="https://man.openbsd.org/realloc.3">realloc(3)</a> size when displaying long lines in <a href="https://man.openbsd.org/less.1">less(1)</a>. Speeds things up when, for example, your system crashes in the middle of a build leaving a pile of linefeedless binary crap in the typescript file.
<li>After going to the trouble of saving errno before it gets overwritten, use the saved value in <a href="https://man.openbsd.org/pflogd.8">pflogd(8)</a>'s error output.
<li>Don't try to close invalid file descriptors in the <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> privsep code.
<li>Have <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a> set the timezone before privsep so the child has the right zone settings.
<li>Within <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>'s new lease file naming scheme, allow for the -l filename override.
<li>On sparc and sparc64, don't compare a RAMDISK kernel's root filesystem time with the system time, they're unlikely to have much in common.
<!-- ^ 20040408 -->
<li>Zero out the key data pointer for unknown <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a> key types.
<li>Merge in Perl 5.8.3 and <!-- 20040408 --> OpenSSL 0.9.7d. No lame new licenses for a change.
<li>Now that <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> needs an instance per interface, having a single lease file won't do so use /var/db/dhclient.leases.&lt;ifname&gt;.
<li>Make sure the list dereference when deleting all SAs in <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a> comes before the delete operation that <a href="https://man.openbsd.org/free.3">free(3)</a>s the list node.
<li>Fix /etc/<a href="https://man.openbsd.org/rc.local.8">rc.local(8)</a>'s handling of ntpd_flags.
<li>Unbreak pxeboot(<a href="https://man.openbsd.org/i386/pxeboot.8">8/i386</a>, <a href="https://man.openbsd.org/amd64/pxeboot.8">8/amd64</a>) build under gcc3.
<li>Allow <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> to work on more than the first physical interface found.
<li>In several programs, fix <a href="https://man.openbsd.org/getopt.3">getopt(3)</a> calls containing option letters for which there's no corresponding case handler.
<li>ISO C function declarations for <a href="https://man.openbsd.org/make.1">make(1)</a>.
<li>Fix a sizeof(pointer) bug in <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a>'s IPv6 options parser.
<li>Fix some misplaced braces in <a href="https://man.openbsd.org/route.8">route(8)</a>, making 'route add' a bit more -q.
<li>Enable /dev/<a href="https://man.openbsd.org/crypto.4">crypto(4)</a> and <a href="https://man.openbsd.org/hifn.4">hifn(4)</a> on cats machines.
<!-- ^ 20040407 -->
<li>Make <a href="https://man.openbsd.org/newsyslog.8">newsyslog(8)</a>'s file renaming and copying operations set the same permissions in all cases.
<li>Fix double call of the <a href="https://man.openbsd.org/ktrace.2">ktrace(2)</a> signal trap handler. <!-- XXX -->
<li>Add missing prototypes (in &lt;pwd.h&gt;) for <a href="https://man.openbsd.org/bcrypt.3">bcrypt(3)</a> and <a href="https://man.openbsd.org/md5crypt.3">md5crypt(3)</a>.
<li>Fix some <a href="https://man.openbsd.org/gcc.1">gcc(1)</a> optimization bugs on mvme88k.
<li>Fix a sizeof(wrongthing) bug in <a href="https://man.openbsd.org/afsd.8">afsd(8)</a> that was breaking 64-bit machines.
<li>Have <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> print IKE DELETE payload contents.
<li>Remove the installer's special-case upgrade of the OpenSSL /usr/include symlinks.
<li>Fix a double-free in libpthread (PR#3730).
<li>Reenable libm compiler optimization on sparc64, since it works properly with gcc3.
<!-- ^ 20040406 -->
<li><a href="https://man.openbsd.org/sscanf.3">sscanf(3)</a> -&gt; <a href="https://man.openbsd.org/strtol.3">strtol(3)</a> in <a href="https://man.openbsd.org/newsyslog.8">newsyslog(8)</a>.
<li>Don't initialise <a href="https://man.openbsd.org/ncurses.3">ncurses(3)</a> until after options processing in <a href="https://man.openbsd.org/backgammon.6">backgammon(6)</a>.
<li>Plug the new-and-improved <a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a> into the standard build.
<li>Fix a sizeof(pointer) bugs in <a href="https://man.openbsd.org/afsd.8">afsd(8)</a>, <a href="https://man.openbsd.org/sup.1">sup(1)</a> and <a href="https://man.openbsd.org/visudo.8">visudo(8)</a>.
<li>Make <a href="https://man.openbsd.org/pf.4">pf(4)</a>'s cache of m_tag_get() <!-- NOMAN --> results actually work.
<li>Check for <a href="https://man.openbsd.org/fdopen.3">fdopen(3)</a> failure in <a href="https://man.openbsd.org/vacation.1">vacation(1)</a>.
<li>3.5 -&gt; 3.5-current.
<li>Change <a href="https://man.openbsd.org/wskbd.4">wskbd(4)</a>'s AltGr key handling so shift-altgr-other has the same effect as altgr-shift-other.
<li>Never allow <a href="https://man.openbsd.org/pf.4">pf(4)</a> states propogated via <a href="https://man.openbsd.org/pfsync.4">pfsync(4)</a> to overwrite newer states held locally. If an overwrite is attempted, broadcast the newer version to the network to speed resynchronisation.
<li>Under Linux emulation, pass <a href="https://man.openbsd.org/madvise.2">madvise(2)</a> straight through to the native syscall.
<!-- ^ 20040405 -->
<li><strong>RELIABILITY FIX: Reply to in-window SYN with a rate-limited ACK.</strong><br>
    <a href="errata36.html#tcp">A source code patch is available</a>.<br>
    <a href="stable.html">[Applied to stable]</a>
<li>Don't try to recreate the <a href="https://man.openbsd.org/xfs.1">xfs(1)</a> logfile after dropping privileges.
<li>Don't abort <a href="https://man.openbsd.org/xfs.1">xfs(1)</a> gracelessly when handling an unimplemented protocol request.
<!-- ^ 20040404 -->
<li>Many manual page fixes.
<li>In a number of programs, don't close files that are known to be not open.
<li>Fix a missing initialisation in <a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a>'s privsep code.
<li>Make <a href="https://man.openbsd.org/spamd.8">spamd(8)</a>'s -v logging option do something useful.
<!-- ^ 20040403 -->
<li>Fix line breaks in <a href="https://man.openbsd.org/spamd.8">spamd(8)</a>'s log output.
<li>Allow non-GNU ANSI compilers (e.g. TenDRA) to build again by changing 'static inline' to 'static __inline'.
<li>Don't close descriptors we know aren't open in <a href="https://man.openbsd.org/syslogd.8">syslogd(8)</a>.
<li>Drop arc4random_8() api from the kernel.
<li>Change <a href="https://man.openbsd.org/rfork.2">rfork(2)</a> so the RFMEM flag gives complete vmspace sharing including the stack, in line with other implementations.
<li>Add --line-buffered option to <a href="https://man.openbsd.org/grep.1">grep(1)</a> etc.
<li>Remove some unbounded recursions in the libc regex engine, found with certain expressions containing backreferences.
<li>Fix <a href="https://man.openbsd.org/ls.1">ls(1)</a>' column alignment when using the -h option.
<li>New <a href="https://man.openbsd.org/axe.4">axe(4)</a> USB Ethernet driver.
<!-- ^ 20040402 -->
<li>Fix an off-by-one in <a href="https://man.openbsd.org/procmap.1">procmap(1)</a>.
<li>Better bounds checking in the ramdisk's strategy() routine.
<li>Limit the trust between local and remote instances of the <a href="https://man.openbsd.org/rcp.1">rcp(1)</a> and <a href="https://man.openbsd.org/scp.1">scp(1)</a> programs.
<li>Change <a href="https://man.openbsd.org/netstat.1">netstat(1)</a>'s -p option so that, when used without -s, it shows a list of sockets for the given protocol.
<li>Let <a href="https://man.openbsd.org/rcmdsh.3">rcmdsh(3)</a> work on hosts without an IPv4 address.
<li>Initialise the <a href="https://man.openbsd.org/kqueue.2">kqueue(2)</a> subsystem in kernel main() instead of on first use.
<!-- ^ 20040401 -->
<li>Add IPv6 support to <a href="https://man.openbsd.org/openssl.1">openssl(1)</a>'s s_client command, complete with the usual '-4' and '-6' switches.
<li>Reorder checks in <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> so that the IP options check isn't skipped just because UseDNS=no.
<li>Make /usr/src/Makefile's cross-tools target work again.
<li>Have <a href="https://man.openbsd.org/inetd.8">inetd(8)</a> properly use the exec'd program's basename as argv[0] if no arguments are specified.
<li>Fix includes search order in GNU <a href="https://man.openbsd.org/ld.1">ld(1)</a> to help cross-ld builds.
<li>Don't byte-swap a variable we'll need later in its original order in GNU <a href="https://man.openbsd.org/ld.1">ld(1)</a>.
<li>On an msdos filesystem with long filenames support enabled, fix some false-positive name matches when an integer multiple of 13 characters match. From NetBSD.
<li>Some portability fixups in <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a>.
<li>tcpmd5 changes for <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>:
<ul>
  <li>Allow either the source or destination to be a wildcard in SA lookups (netinet/ip_ipsp.c:gettdbbysrcdst()).
  <li>Add support for the wildcard to pfkeyv2.
  <li>Use the new pfkeyv2 wildcard support in <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a> and remove the local address requirement for md5sig.
</ul>
<!-- ^ 20040331 -->
<li>Unbreak libc's regex engine compilation with -DREDEBUG.
<li>Change /etc/<a href="https://man.openbsd.org/rc.8">rc(8)</a> so that a <a href="https://man.openbsd.org/spamd.8">spamd(8)</a> banner (configured via $spamd_flags) may contain spaces (PR#3720).
<li>Teach <a href="https://man.openbsd.org/pax.1">pax(1)</a> how to expand GNU tar long links. From NetBSD.
<li>Change <a href="https://man.openbsd.org/systrace.1">systrace(1)</a>'s handling of filename-too-long errors so it just fails the syscall instead of stopping the process. Fixes PR#3140.
<li>Some ELF name translation fixes in <a href="https://man.openbsd.org/nm.1">nm(1)</a>.
<li>Add /etc/rc.conf.local to /etc/mtree/special.
<li>Lots more activity on the SMP branch.
<li>Wrap <a href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a> installation operations in <a href="https://man.openbsd.org/perl.1">perl(1)</a> eval{} blocks so it's possible to at least register what did work.
<li>Unknown entry types in a packing list now result in an error.
<!-- ^ 20040330 -->
</ul>