OpenBSD 5.0 released!

There have been quite a few changes made between OpenBSD 4.9 and 5.0

  • Added dfs(4/MACPPC) driver to support the Dynamic Frequency Switching feature found on some laptops.
  • Update to sendmail(8) 8.14.5.
  • Support additional L2C variants and L1D (AR813x/AR815x chips) in alc(4).
  • Fixed reload support in relayd(8).
  • Change ‘set skip on <…>’ to work with interface groups.
  • Various drivers have been adjusted to use PCI Message Signaled Interrupts on amd64, i386, macppc and sparc64.
  • In addition to relative resizing, allow absolute resizing of partitions in auto-allocated labels with disklabel(8).
  • New AMD K10/K11 pstate driver allows setperf and apm to change CPU frequences on newer AMD CPUs.
  • Allow specifying k/m/g/… suffixes in newfs(8) -S and -s options.
  • Fixed client and group cycle defines in cwm(1).
  • Disable pipex for L2TP on disconnect.
  • Unified various macppc gpio(4) access methods that take an offset relative to the mac-io bus base address. Needed for upcoming dfs(4/MACPPC) support.
  • Make ssh(1) use FD_CLOEXEC consistently.
  • Fixed arguments to arm pmap(9) pool_init: alignment of alignment of L2_TABLE_SIZE_REAL is at offset 0 and not at offset L2_TABLE_SIZE_REAL.
  • Make pci(4) pass flags down the PCI bus hierarchy.
  • Fixed type warnings reported by clang in smtpd(8).
  • Added pci(4) register definitions for PCI MSI capability.
  • Fixed wrong id for UDP_ENCAP_TRANSPORT_DRAFT in isakmpd(8).
  • Make ssh(1) warn on unexpected key type in key_parse_private_type().
  • Make calls to malloc(3) malloc_dump() safer by avoiding file pointer computation for stats.
  • Fixed some warnings in adduser(8).
  • Introduced leak detection code for MALLOC_STATS in malloc(3).
  • Fixed bug in glob(3).
  • Make dhclient(8) more friendly to sequential option processing by always starting DHCP packet options with DHO_DHCP_MESSAGE_TYPE. Improved working with Nortel NetIP DHCP server.
  • Cleaned up adduser(8) handling of email messages.
  • Pre-allocate memory in ipsec(4) package to avoid sleeping after performing a lookup, which may lead to a race.
  • Removed support for authorized_keys2, a relic from the early days of protocol V2, in ssh(1).
  • Stop leaking swapslots in uvm(9) when doing a uvm_km_pgremove and a page is in swap only.
  • Removed uvm(9) vm_page_lookup_freelist().
  • Prevent security(8) from complaining about a group(5) line with a single “+” as “wrong number of fields”, that abbreviated syntax for NIS map of groups is explicitly allowed by group(5). Warn if this isn’t the last line of group(5) though.
  • Fixed an off-by-one that made smtpd(8) skip an “invalid” bucket that was actually valid.
  • Implemented correct prologue and epilogue for hppa64 machine-dependent init.
  • Make mips common kernel code set octeon’s internal counter clock speed to its processor clock.
  • Fixed aucat(1) option handling and enable TCP in midicat(1).
  • Make more silent ssh(1) debug() logs by detecting that it’s trying to load a private key in key_try_load_public() and returning early.
  • Make pfsync(4) use timeout(9) timeout_del return value to check if the timeout is actually removed when undeferring a packet.
  • Make timeout(9) timeout_del able to tell the caller if it actually did remove a timeout or not.
  • Refactored queue allocation and initialization into wdc(4) wdc_alloc_queue() function, and let attachment code call this rather than malloc(9). This prevents re-initialization of the queue in shared queue chipsets.
  • Initialize the wdc(4) ata_drive_datas structures earlier in wdcattach() so that chip-specific drv_probe routines can assume they’ve already been initialized.
  • Added a wprintf(3) man pages.
  • Always free the multibyte->wchar conversion buffer allocated in vfwprintf(3) __mbsconv().
  • Make sndio(7) sio_psleep() use an array of SIO_MAXNFDS pollfd structures rather than a single one.
  • Initialize the ‘pstate’ field of the aucat(1) wav structure.
  • Make gdb(1) handle lazy relocation stubs as Linux does.
  • Started a work in ospfd(8) to support opaque LSA.
  • Make relayd(8) use the proc.c privsep API/commodity functions based on work for iked(8) and smtpd(8).
  • Fixed segfault in smtpd(8) newaliases after global env move.
  • Fixed a few minor issues in i386 hibernate support code relating to improper swap device determination and memory range calculation.
  • Make tmux(1) reset last pane on break-pane. Fixes a problem reported in Debian bug #622677.
  • Make tmux(1) reset last pane on swap-pane across windows. Fixes a crash.
  • Fix memory handling in octeon machine-dependent code.
  • Prevent tmux(1) from dragging on click, only select.
  • Fixed memory leaks in tmux(1) command capture pane.
  • Fixed a memory leak in tmux(1) commands if cmd_pane_session succeed.
  • Added a new option to tmux(1), mouse-resize-pane which, when on, allows panes to be resized by dragging their borders.
  • Make tmux(1) use the tsl and fsl terminfo(5) capabilities to update terminal title and automatically fill them in on terminals with the XT capability.
  • Eliminated a few unused wdc(4) capability flags (WDC_CAPABILITY_HWLOCK, WDC_CAPABILITY_ATA_NOSTREAM, and WDC_CAPABILITY_ATAPI_NOSTREAM).
  • Added a small memory optimization in fsck_ffs(8).
  • Improved tmux(1) behaviour when TTY allocation fails: if RequestTTY is set to ‘auto’ make it not treat a TTY allocation error as fatal and just restore the local TTY.
  • Fixed xf86-input-ws on xserver 1.9 and earlier.
  • Make sure sysmerge(8) handle first /etc/group and /etp/master.passwd in case it need to install files or directories with newly added user/group ownerships.
  • Enabled xf86-input-synaptics on i386 and amd64.
  • Simplified physio(9) thanks to the fact that buffers now come out of a pool rather than a global list of statically allocated structures and aren’t shared.
  • Added support to new wscons(4) ioctl WSMOUSEIO_SETMODE in xf86-input-synaptics.
  • Introduced a ‘freeze’ flag in tmux(1) which make it ignore any move or resize requests made on the windows it’s applied.
  • Removed uvm_pglist.h from the tree.
  • Updated xf86-input-acecad to version 1.5.0, xf86-video-chips to 1.2.4, xf86-video-vmware to 11.0.3, xf86-video-siliconmotion to 1.7.5, xlsclients to 1.1.2.
  • Added a RequestTTY ssh_config(5) option to allow configuration-based control over tty(4) allocation, like ssh [-tT].
  • Make ssh_config(5) support negated host matching.
  • Added a %L expansion (short-form of the local host name) for ssh(1) ControlPath.
  • Set ssh(1) traffic class for IPv6 traffic as it’s done for IPv4 TOS. Fixes bz#1855.
  • On cwm(1) map, prevent it from warping the windows that are marked as ignored.
  • Make ubsec(4) interrupt routine acknowledge only the interrupts it can process.
  • Make sure amd64 AES session id checks look at the lower 32 bits of crp_sid.
  • Make sysmerge(8) create the directory holding the link it’s about to create if it does not exist.
  • Force loopback interfaces to IF_STA_LOOPBACK in ospf6d(8).
  • Fixed memory leak in ssh(1). Fixes bz#1849.
  • Make hppa64 gateway page accessible to all userland processes.
  • Put back cwm(1) window resize back to 60 Hz.
  • Reverted atapiscsi(4) to only attempting on IDENTIFY command against directly attached devices as in the pre-port-multiplier code.
  • Make the “mute” key work on macppc keyboards.
  • Make urndis(4) attach to Samsung Galaxy S.
  • Added disklabel(8) support in tunefs(8).
  • Make cwm(1) menu window aware of xinerama(3) info.
  • Keep synaptics touchpad to the current wscons(4) behaviour until WSMOUSEIO_SETMODE ioctl is issued to switch to synaptics mode.
  • Make sure hppa64 restore sr4 at the very end of locore.S to avoid further loads from the trapframe to be done at the wrong address space.
  • Make tftp-proxy(8) use ‘divert-to’.
  • Make malloc(3) start scanning the bits of the chunk at a random position to take the first available free slots instead of starting from position zero and skipping a random number of free slots. Make things faster.
  • Updated relayd(8) logging and debug functions to use the C99 __func__ macro instead of static function names.
  • Allow a user to specify relayd(8) root priority.
  • Fixed check of errors in bgpd(8) sessions.
  • Make ssh(1) gracefully fall back when ControlPath is too large for a sockaddr_un.
  • Make atactl(8) capable of reading disklabel(8) UIDs.
  • Allow ssh-add(1) to read key from standard input with ssh-add - .
  • Make iscsid(8) handle logins more correctly.
  • Make scsi(4) skip leading blanks and collapse multiple white spaces into when when printing scsi device ids.
  • Prevent smtpd(8) from fork-bombing on startup when there are lots of mails in the offline queue by using a wait list to keep the number of forked processes below a reasonable limit when enqueueing.
  • Make tmux(1) change window with mouse wheel over status line if mouse-select-window is on.
  • Prevent use of strnvis(3) in tmux(1) title as it breaks UTF-8.
  • Make tmux(1) check if mouse-select-pane is on, not off when setting mouse flags.
  • Collapse mbuf(9) m_pullup and m_pullup2 into a single function.
  • Fixed macppc volume keyboard keys.
  • Cleaned up gotos in TCP input listening sockets to make it obvious when packets are dropped and when normal program flow occurs. Changed error return value of syn_cache_add() from 0 to -1 in order to clearly communicate intent.
  • Added a zlib.pc pkg-config(1) file.
  • Gave more room to hppa64 kernel stack.
  • Make hppa64 properly save and restore the space registers to/from the trap frame.
  • Make aucat(1) determine the default device in backend code instead of common code.
  • Moved softraid(4) SLIST initializations earlier so that failure handling paths can safely use them.
  • Make aucat(1) in server mode listen on all addresses when given ‘-‘ for address.
  • Fixed problems when there is an endian differences between aucat(1) server and client.
  • Make aucat(1) set the TCP_NODELAY option for TCP connections.
  • Fixed bad return value check in OpenCVS.
  • Fixed string containing state names used for debug printf() in aucat(1).
  • Fixed potential NULL dereference in ioprbs(4)ray(4), IPv6 fragmentation code and output routines.
  • Prevented myx(4) from checking malloc(3) return values against NULL as M_WAITOK is used.
  • Added libdrm_radeon to the system libraries.
  • Make radeon(4) use the r600 driver for r600+ chipsets, not r300. Should stop annoying errors for GL on r{6,7}00 chipsets.
  • Added PCI-Cardbus bridges and the most popular PCMCIA and CardBUS drivers to sgi GENERIC and RAMDISK kernels.
  • Make hppa handle userland pmap(9) mapping on unmanaged pages better.
  • Fixed em(4) 82578DC from only being able to negotiate at 10baseT.
  • Make the network stack recognize SO_RTABLE socket option (getsockopt(2)setsockopt(2)) at the SOL_SOCKET level.
  • Make iked(8) active SA lookup via policy work for NAT traversal.
  • Added a workaround for an em(4) 82579 hardware bug that can result in lost rx packets between the mac and phy.
  • Reworked iscsid(8) logout code.
  • Reworked and improved iscsid(8) logout.
  • Fixed counting of interrupts for devices that attach to elroy(4/HPPA).
  • Updated inteldrm(4) to the one contained in libdrm 2.4.23 for the ddx update and to stop mesa 7.9.2 crashing.
  • Copied glxinfo(1) and glxgears(1) sources from Mesa Demos.
  • Fixed NULL dereference if inteldrm(4) fails to attach.
  • Splitted sudo(8) ALL, ROLE and TYPE into their own actions.
  • Fixed reload issue with changing network statements.
  • Make bgpd(8) free cname and rcname on exit.
  • Make sure to cast mips64 physmem to a 64-bit type before passing it to ptoa().
  • Make pppoe use gid_t for setgroups().
  • Make asa(1) return > 0 when file is not found.
  • Make sh internal serial driver use cons_decl() instead of its own cn* prototypes.
  • Plugged holes in sparc and vax cdevsw[] to make vscsi(4)diskmap(4) and pppx entries match numbers in comments and the MAKEDEV majors.
  • Improved malloc(3) scanning for free chunks without losing any randomization.
  • Make gcc -02 raise an underflow exception on m88k to prevent incorrect optimizations in floating-point environments.
  • Improved sudo(8) netmask regexp.
  • Fixed gre(4) strange problems seen on directly connected tunnels.
  • Make softraid(4) only handle vanilla scsi inquiry requests and reject VPD requests since they are not handled.
  • Fixed carp(4) IPv6 only setups.
  • Make tmux(1) redraw only the status line on command update and not the entire client.
  • Explicitly pass the rdomain to tcp_respond() to prevent a RST from being sent on rdomain 0 in certain failure cases.
  • Prevent SCSI devices from inheriting the adapters addresses on fc fabrics.
  • Make iscsid(8) try to schedule a new task for the connection in conn_task_cleanup().
  • Make sure vscsi DATA OUT operations are piggibacked on the same connection as the initial SCSI REQUEST.
  • Enabled floating-point environment in all archs.
  • Bring back fwprintf() in libc and in gcc4 libstdc++.
  • Improved and cleaned floating-point environment.
  • Make mpath(4) retry commands in iscsid(8) when it comes back.
  • Make IPv4 in_broadcast() rdomain aware.
  • Fixed boot hangs due to usb(4) abuse of kthread_create_deferred(9).
  • Allow SOCK_DGRAM sockets sockets to be bound to the local network broadcast addr in TCP/IP PCB and raw IP functions.
  • Implemented a new authentication method allowing aucat and midicat to work over TCP.
  • Switched ftp-proxy(8) over to divert-to instead of rdr-to.
  • Fixed some off-by-one errors in atapiscsi(4).
  • Make acpithinkpad(4) attach to newer Lenovo models like the x120e.
  • Default gcc(1) on alpha to -mfp-rounding-mode=d, for code which assumes the rounding mode is always controlled by fpsetround(3).
  • Added toggable verbosity to iscsid(8).
  • Simplified ioprbs(4) scsi_xfer handling.
  • Make aucat(1) use more volatile sig_atomic_t in signal handler.
  • Added hds(4) a driver for Hitachi Modular Storage SCSI devices.
  • Prevent i386 from explicitly enabling an interrupt before returning from an interrupt.
  • Added support for rooting off multipath disks in sparc64.
  • Added support for Intel 6 series SATA in non RAID, non AHCI mode.
  • Fixed du(1) output for directories larger than 1 TB.
  • Added preliminary FSM support in iscsid(8).
  • Make mpath(4) use DMA safe memory when talking to devices.
  • Fixed envy(4) interrupt handler if it’s shared with other pci devices.
  • Prevent mpi(4) from trying to issue SCSI commands against a target where it failed to get the RAID headers.
  • Make mpi(4) configure fc controllers to fail io as fast as possible when cables are yanked.
  • Make mpath(4) retry the IO down another path when a path returns XS_SELTIMEOUT.
  • Make mpi(4) nicer with mpath(4) when unplugging it from paths.
  • Make mpi(4) scanning of fibre channel ports match the way Linux does it.
  • Set UVM_FLAG_FIXED in sparc, sparc64 and vax.
  • Make dpt(4) use iopools.
  • Make ipsec(4) ipsec_input() pass IPv4 or IPv6 packets to the correct raw ip input function if ipsec(4) is disabled.
  • Added floating-point environment for mips64.
  • Make gcc default to -mpf-rounding-mode=d on alpha.
  • Make dpt(4) compile on 64-bits arches.
  • Allow the root device to be identified by its disklabel(8) UID on amd64 and i386.
  • Make trm(4) use iopools.
  • Added FPU emulation option to octeon.
  • Added floating-point environment for powerpc and sparc.
  • Teach sysconf(_SC_GETGR_R_SIZE_MAX) the correct size of a buffer for the reentrant getgrent(3) functions (getgrgid_r, getgrnam_r).
  • Removed svnd backward compatibility from vnd(4).
  • Updated xf86-input-vmmouse to version 12.7.0.
  • Make xf86-input-usbtablet handle obsolete X{alloc,free,realloc) functions.
  • Adapted xf86-input-usbtablet to revision 12.
  • Prevent dump(8) from using stdio in the SIGSEGV handler.
  • Fixed worms(6) “-d delay” option.
  • Update timezone to tzdata2011g from
  • Fixed bug in ioprbs(4).
  • Allow commands like “route add $SOMEHOST” to work correctly, previously they operated on the default route.
  • Prevent pkg_add(1) from erasing first man page in case two man pages have the same name.
  • Provided #h for short hostname (no domain) in tmux(1).
  • Make tmux(1) copy behaviour in vi mode slightly more like vi(1).
  • Make azalia(4) detachable and prevent constant interrupts when the device isn’t used.
  • Merged GNU binutils 2.17.
  • Make a double link between pf(4) states and sockets.
  • Prevent mandoc(1) from breaking lines right before numbers, as Groff does.
  • Updated xf86-input-ws to revision 1.3.0.
  • Merged mandoc(1) version 1.11.1. Mostly cleanup and maintenance.
  • Added C99 floating-point environment in sh.
  • Make ahci(4) get the error ccbs state right for a put when a port is empty. Fixes noise during boot.
  • Enforced correct types in relayd(8).
  • Updated xorg-docs to version 1.6.
  • Removed support for very old ffson-disk formats from fsck_ffs(8).
  • Make radeondrm(4) match HD5450.
  • Make umsm(4) match Sierra USB305.
  • Prevent chio(1) and mt(1) from opening the ‘c’ partition on on devices that don’t have one.
  • Implemented C99 floating-point environment for alpha, arm, i386 and sparc64.
  • Make hppa stop calling shared interrupt handlers as soon as one of them return 1 (positive interrupt was for me), like it’s done on other architectures.
  • Prevent i386 kernel code or read only data to be writable by ddb(4). Only enable write for ddb(4) in the page table entry temporally.
  • Enabled the SIGWINCH handler in ncurses.
  • Added FE_DENORMAL to amd64 C99 floating-point environment.
  • Fixed sticky flags in hppa64 fpsr.
  • Make sysarch(2) available for userland in alpha.
  • Improved security(8) report of devices or setuid files owned by a nonexistent user or group.
  • Prevent vnd(4) from being opened for write in both simple and non-simple mode.
  • Fixed bug with autovivification in security(8).
  • Make traceroute(8) only print changed TOS in returned packets when -t is set.
  • Updated xf86-input-keyboard to version 1.6.0, xf86-input-mouse to 1.7.0.
  • Make beagle start at high ipl.
  • Make isakmpd(8) indicate which side of the connection responded during phase 1 while using -v.
  • Fixed uninitialized variables and formatting strings in acpi(4).
  • Prevent amd64 and i386 from printing irrelevant PCI interrupt line programmed by the BIOS for APIC interrupts.
  • Fixed sticky flags in hppa fpsr.
  • Added support for PCH2 (Sandy Bridge) MAC with em(4) 82579 PHY.
  • Moved the rc.d(8) bits from rc.{local,shutdown} directly into /etc/rc. By default, rc.{local,shutdown} don’t output anything anymore.
  • Merged version 1.10.10 of mandoc(1): mainly cleanups and maintenance version.
  • Added C99 floating-point environment to adm64 and hppa.
  • Speed up softraid(4) XORP and XORQ operations in RAID6.
  • Fixed sgi dma_constraint upper limit computation.
  • Make sgi print memory sizes as longs.
  • Make sgi use 64 bit integer to compute IP35 memory ranges.
  • Make nsd-zonec(8) less verbose in nsdc(8) runs.
  • Improved sysmerge(8) detection of obsolete files.
  • Added a filter-routes option to snmpd.conf(5).
  • Added many improvements to hppa64 machine-dependent code.
  • Prevent apmd(8) daemon from hiding to the user it failed.
  • Fixed some long versus 64 bit type mismatches.
  • Make ahci(4) reserve its own ccb.
  • Make find(1) return exit code 1 if any path could not be traversed, as told by POSIX.
  • Fixed multibyte characters length mesuration in citrus.
  • Updated xf86-input-ws to version 1.3.0: API compatibility with Xserver 1.10, sync build system with other Xorg input modules.
  • Updated x11proto to version 7.0.21, xf86-input-keyboard to 1.6.0, xf86-input-mouse to 1.7.0, xorg-docs to 1.6.
  • Make awk(1) store the old seed when srand() is called and use it as the return value, as told by POSIX.
  • Fixed bugs in rint(3).
  • Fixed potential NULL dereference in compat_linux(8).
  • Make OpenCVS diff use -u when its context is 3.
  • Implemented correct prologue and epilogue for hpp64 machine-dependent initialization.
  • Added perl security fix for CVE-2011-1487.
  • Enhanced sysmerge(8) output.
  • Fixed return value in arc(4) interrupt handler.
  • Removed Potential NULL dereference in amd64 AES, amd64 and i386 VIA machine-dependent code.
  • Added support for Intel GM45 SOL in puc(4).
  • Prevent vr(4) from disabling interrupts in the isr before enabling them again when leaving.
  • Make gdt(4) use iopools.
  • Simplified umass(4) devid generation.
  • Make midi keyboards work with macppc.
  • Fixed potential null dereference in pf(4) ioctl, ahd(4).
  • Fixed dead assignments in spdmem(4).
  • Fixed dead store in wscons(4).
  • Removed UUCP special directory permission.
  • Automatically enter copy-mode in tmux(1) when mode-mouse is on and the mouse is dragged or its wheel is used.
  • Disabled mvme88k 88110 branch prediction logic on all revisions.
  • Fixed uname(3) return value check in tmux(1).
  • Added missing call to pmap_update() in uvm(9) km_alloc().
  • Make uvm(9) kernel memory free the correct pages when virtual addresses failed to be allocated.
  • Fixed type error in an amd64 vector.S comparison.
  • Make the IPv4 stack use an RB tree for local address lookups.
  • Include USB vendor and product ids in umass(4) when manufacturing a unique disk id from a USB serial number, as recommended by the umass spec.
  • Changed pool(9) constraints to use kmem_pa_mode instead of uvm_constraint_range. Use km_alloc(9) for all backend allocations in pool(9) and for the emergency kentry allocations in uvm(9) uvm_mapent_alloc. Garbage collect uvm_km_getpage, uvm_km_getpage_pla and uvm_km_putpage.
  • Fixed type bug in rdist(1).
  • Added Perl security fix for CVE-2011-1487: ucfirst(), uc() and lc() forget to set the tainted flag if input was marked as tainted.
  • Make sure the mouse should only work in copy mode for tmux(1) if mode-mouse is set, not just mouse-select-pane.
  • Added an option to tmux(1): mouse-select-window. It allows the mouse to be used by clicking on the status line.
  • Changed kernel pool constraints to us kmem_pa_mode instead of uvm_constraint_range; use km_alloc(9) for all backend allocations in pools; use km_alloc(9) for the emergency kentry allocations in uvm_mapent_alloc; garbage collect uvm_km_getpage, uvm_getpage_pla and uvm_km_putpage.
  • Prevent rc.local from printing ‘starting local daemons’ if rc_scripts is empty.
  • Updated Test::Simple(3p) to version 0.98.
  • Deprecated vnds in favour of svnds.
  • Removed the old style by-pass-the-buffer-cache vnd(4) code. This will treat vndX the same as svndX.
  • Make rdist(1) print size_t with %zu and ssize_t with %zd in error/debug output.
  • Improved the iked(8) acquire mode peer, policy matching.
  • Added support for “acquire mode” from iked(8) static flows.
  • Updated List::Util(3p) to version 1.23.
  • Fixed a sysmerge(8) bug where OBSOLETE_FILES would contain only the last appended occurrence. Display OBSOLETE_FILES on stdout.
  • Modify bnx(4) interrupt handler so it only processes the rings once rather than looping over them until it runs out of work to do.
  • Run the ppb(4) interrupt handler at IPL_BIO.
  • Make pciide(4)wdc(4) and wd(4) watch for wdc(4) registers returning 0xff which probably means the controller is dead.
  • Packed ssh-keygen(1) certificate options in lexical order of option name.
  • Prevent scsi(4) devices from attaching if mpath(4) is disabled in config or ukc.
  • Allow graceful shutdown of ssh(1) multiplexing: request that a mux server removes its listener socket and refuse future multiplexing requests.
  • Switched from the old shell script /etc/security to the new Perl script security(8).
  • Enabled disklabel(8) UID version of fstab(5) by default on install media.
  • Added Wake on LAN support to xl(4).
  • Fixed an assertwaitok panic in sppp(4).
  • Prevent ath(4) from increasing if_oerrors for every multicast frame leaving the interface.
  • Prevent dhclient(8) from warning on unknown DHCP server options unless asked to reject leases with unknown options.
  • Fixed a possible division by zero if a server sends dhclient(8) a broken option.
  • Added -t to tmux(1) list-clients.
  • Fixed tmux(1) character position check.
  • Make uvm(9) construct a better path to the swapdevice.
  • Fixed lround(3) bugs similar to lrint(3).
  • Allow the user to interrupt hppa boot procedure before booting the default kernel as on most architectures.
  • Added swap partition entries to disklabel(8) -F and -f output.
  • Moved the hppa64 FPU state out of hppa64 ‘struct pcb’ like on hppa.
  • Initialize hppa %cr30 for proc0 with the address of proc0 fpstate.
  • Make nextafter(x, y) return y if x equals y.
  • Improved fsck_ffs(8) speed.
  • Use “aucatN” for aucat(1) socket path and “midicatN” for midicat(1).
  • Added ‘-F’ to disklabel(8). It is the same as ‘-f’ but uses DUIDs when writing the mount point information to the specified file. After every label write, read the label to get current UID info.
  • Removed the AMSG_GETCAP message from the aucat(1) protocol.
  • Make aucat(1) audio and midi(4) backends share the same code to communicate with the server.
  • Allow isakmpd -v (verbose logging) to work if any -D option is supplied.
  • Make rc(8) output ‘starting standard daemons:’ to be consistent with the rest.
  • Prevent all archs kernel machine-dependent disk(9) subroutines from copying, pasting errors by using ‘R(->b_flags, B_READ | B_WRITE | B_DONE)’ regardless of what the previous IO was.
  • Initialize bha(4) variables before use.
  • Improved uvm(9) pager.
  • Removed a wrong test in hppa longjmp.
  • Improved uvm(9) uvm_pageinsert().
  • Make wdc(4) skip waiting until active channels see their busy bit cleared.
  • Hunt drivers returning incorrect interrupt handlers.
  • Make smtpd(8) reprocess the ramqueue when an envelope is reinserted into the ramqueue after a trip to MDA or MTA.
  • Implemented smtpd(8) disk-queue layout in walk_queue().
  • Removed message_id and message_uid from smtpd(8). It now has an evpid associated to each delivery message, the evpid is an u_int64_t where the upper 32 bits are the msgid, and the 32 bits are the envelope unique identifier for that message.
  • Make sure iswctype(3) wcwidth() return -1 if the character is not printable. Adapt file(1) to this behaviour.
  • Removed dead assignments from ix(4) IPv6 Multicast Listener Discovery.
  • Prevent all kernels disk(9) subroutines from modifying flags used by the buffer cache.
  • Silence daily(8) errors in the temporary directory cleanup process.
  • Converted the kernel Makefiles to autogenerate dependencies during compilation using the -MD option to cc(1), with -MP, -MT, and -MF where needed, converting “make depend” to a no-op. This increases parallelism when using “make -j” and keeps the dependencies up to date with each compilation automatically.
  • Implemented -MP, -MT and -MF options in gcc(1) so all platforms can support so-called “advanced automatic dependency generation”.
  • Added fsqueue_message_create(), fsqueue_message_commit() fsqueue_envelope_create() and fsqueue_message_purge() to new smtpd(8) queue API and removed queue_hash().
  • Added support for VIA VT6415 and VX900 IDE to pciide(4).
  • Make smtpd(8) use the new fsqueue API everywhere it needs a file descriptor.
  • Added fsqueue_message_fd_r() and fsqueue_message_fd_rw() to smtpd(8) to obtain a read-only and read/write descriptor to the message file.
  • Added RTL8401E, RTL8102EL, RTL8105E, RTL8168E/8111E-VL to re(4). Corrected definition of RTL8103E.
  • Added support for clarkdale Integrated Graphics Device in vga(4).
  • Prevent newsyslog(8) from compressing wtmp by default.
  • Added fsqueue backend to smtpd(8). It will implement a filesystem queue.
  • Make hppa locore.S spstrcpy work.
  • Removed pcb_uva from hppa64.
  • Reduced call to wskbd(4) update_leds() to what is necessary.
  • Fixed hppa64 locore.S copy_on_fault by decrementing the stack pointer before restoring the return pointer.
  • Make hppa64 bcopy.S and spcopy.S use 64-bit operations for address manipulation.
  • Correctly load p_addr and avoid trashing the source address in hppa64 bcopy.S and spcopy.S.
  • Modified sis(4) interrupt handler so it only processes the rings once rather than looping over them until it runs out of work to do.
  • Make softraid(4) sr_raid_start_stop() ignore SCSI start/stop: a softraid(4) displine should always reflect the correct status.
  • Make smtpd(8) use a ram-queue instead of doing a continuous walk on disk-queue.
  • Make spstrcpy() work as it should in hppa64 locore.S.
  • Enabled siop(4)scsibus(4) and sd(4) in hppa64 GENERIC kernel.
  • Removed noisy debug code from hppa intr.c.
  • Make ipsecctl(8) dump PFKEY in hexadecimal.
  • Fixed sasyncd(8) with NAT/T by making PFKEYv2 export udpencap state of SA to userland.
  • Fixed READ/WRITE confusion in bnx(4).
  • Added support for per-rthread base-offset for the %fs selector on amd64. Added pcb_fsbase to the PCB for tracking what the value for the thread is, and ci_cur_fsbase to struct cpu_info for tracking the CPU’s current value for FS.base, then on return to user-space, skip the setting if the CPU has the right value already. Non-threaded processes without TLS leave FS.base zero, which can be conveniently optimized: setting %fs zeros FS.base for fewer cycles than wrmsr.
  • Replaced NULL by 0 in sparc64 console initialization.
  • Modified ix(4)em(4) interrupt handler so it only processes the rings once rather than looping over them until it runs out of work to do.
  • No longer special-case NULL as a long for kernel and bootblocks.
  • Replaced NULL by 0 in vme(4/MVME88K).
  • Fixed uninitialized variable in ccd(4).
  • Avoid kvm(3) starvation in UFS because of softdeps waiting on too many mapped buffers and consuming all the available kva mapping buffers.
  • Make mount(8) work when the device is provided as a disklabel(8) UID.
  • Enabled sosplice(9) in relayd(8) for TCP.
  • Put the accepted socket of a diverted connection into the routing domain of a connection originator in TCP input. this allows one to query the source rdomain with a SO_RTABLE socket option.
  • Make sshd(8) exit with 0 instead of 255 on SIGTERM. Fixes bz#1879.
  • Fixed -Wshadow in ssh-keygen(1).
  • Prevent as(1) from using NULL for scalar type assignments in vax atof().
  • Fixed SPL handling when PCDISPLAY_SOFTCURSOR is enabled in pcdisplay(4).
  • Allow man(1) to find the ports/infrastructure manpages by default.
  • Added -s option to detach all tmux(1) client attached to a session.
  • Make Xenocara video(1) use VIDIOC_ENUM_FRAMEINTERVALS to get the supported frame intervals and display the frame rates if at least on -v is used. Added new option -R to disable frame rate adjustment and display the frame rates if at least on -v is used.
  • Make uvideo(4) use VIDIOC_ENUM_FRAMEINTERVALS to get the supported frame intervals
  • Make uvideo(4) calculate frame data sizes for uncompressed formats instead of believing the hardware (prevent from hardware returning bogus information); make it skip under-sized and over-sized frames; make it check it’s using the right parameters.
  • Make new security(8) format the “Block device changes” as it was.
  • Fixed logical bug in dvmrpd(8).
  • Fixed a vi(1) display glitch leading to crash.
  • Merged viaenv with viapm(4) added support SMBus for VT82C596, VT82C596B, VT82C686A, VT8231 and ACPI timer for all VIA South Bridges.
  • Added support for Zaurus in xkeyboard-config.
  • Prevent azalia(4) from touching hardware in the detach path when its already gone, but azalia_pci_detach is called if the device could not be initialized.
  • Updated xkeyboard-config to version 2.2.1.
  • Extended amd64 pci(4) memory address space to 36-bit.
  • Allow rdist(1) to handle files larger than 2G. Fixes PR6586.
  • Added support for wscons(4) in Xenocara.
  • Fixed bugs in lrint(3).
  • Replaced NULL by 0 in installboot(8/SPARC64) and in sgi, mips64 machine-dependent code.
  • Implemented remaining checks in the new security(8).
  • Make amd64 bus_space use a 32 bit I/O port value since 64 bits isn’t possible in practice.
  • Replaced NULL by 0 in sgi boot.
  • Repaired a 32-bit truncation in mips64 paddr_t calculation. Fixes Origin 350 boot.
  • Bumped tmux(1) buffer-limit default to 20.
  • Make dhclient(8) ignore obsolete option 33 (static route) that was broken.
  • On m68k, m88k and vax cerror.S WEAK_ALIAS does an implicit _C_LABEL().
  • Fixed issues with tabulation and space handling in rc.subr(8).
  • Replaced NULL usage in non-pointer context by 0 in pthreads(3).
  • Imported xf86-input-synaptics in Xenocara.
  • Make tmux(1) use sitm for italics instead of smso if the terminal supports it.
  • Make amdiic(4)amdpm(4)ichiic(4) and piixpm(4) use unique wait channels.
  • Make sure mfi(4) upper 32 bits are always written to instead of assuming it is 0.
  • Use dma_alloc in mfi(4) transient management commands.
  • Fixed type of a_syms in nlist(3): it’s an int, not a pointer.
  • Make sure aucat(1) socket reorder its outgoing messages.
  • Prevent from doing integer comparison with NULL in alpha parts.
  • Fixed a dma_free() in wd(4) ATA parts.
  • Fixed softraid(4) raidp/raid6 to make them work with new iopool code.
  • Make Xenocara override the new fonts auto-detection code in util-cf-macros.
  • Prevent ports using imake(1) from breaking.
  • Fixed device names in acpitz(4) acpitz_setfan() printf messages.
  • Make hppa64 syscall_return work.
  • Avoid truncating values in mips64 pmap(9) format strings.
  • Make sure the ALIGN() macro uses u_long on all platforms for consistency.
  • Make sendmail(8) the same as the prototype but listen on the loopback interface instead of all interfaces.
  • Avoid to use NULL in integer comparison in various places, as bios(4/AMD64)pxaudc(4/ZAURUS)pxammc(4/ZAURUS), hp300 wscons(4)astro(4/HPPA), hppa64 astro, bios(4/I386)vme(4/MVME88K)mkbc(4/SGI), sparc64 pmap(9)mbus(4/VAX)adw(4)fxp(4)sti(4)isapnp(4),inteldrm(4)malo(4)uath(4)uhts(4), routing sockets, sd(4) and uvm(9).
  • Avoid using an uninitialized variable when downgrading PIO mode on pciide(4) ITExpress chipsets.
  • Synchronized hppa64 apic code with hppa.
  • Moved aha(4) to iopools.
  • Added support for divert-to which provides some benefits over rdr-to in relayd(8).
  • Prevent passing uninitialized variable to uvm(9) uvm_km_free().
  • Added initial interrupt handling implementation for hppa64.
  • Make sd(4) more silent.
  • Changed tmux(1) -t option: an empty session name means the current sessions, empty session names and those containing a colon will be forbidden when they are created.
  • Make attaching decision of acpivideo(4) be based on the same methods than other ACPI drivers.
  • Prevent mbuf(9) from looping endlessly because of IPcomp-quine or IPcomp-IPIP-IPcomp.
  • make ra(4/VAX)mtc(4/VAX) use bdev_decl() to get block device function prototypes.
  • Fix bug in m88k trap to allow a sanity check in m88110_syscall() to be triggered.
  • Make rc.subr(8) print a fail message if reload fails.
  • Synchronized hppa64 cpu_match() and cpu_hardclock() with hppa.
  • Fixed installboot with softraid(4).
  • Moved ips(4) to iopools.
  • Put in the infrastructure for OpenBSD/arm gcc4 support. Not working yet.
  • Added a new serial devid type for scsi(4) devices.
  • Moved hppa64 CPL to struct cpu_info.
  • Make callers of machine-dependent disk subroutines check return value against 0 instead of NULL.
  • Make scsi(4) unconditionally print scsi device IDs instead of just when mpath(4) is enabled.
  • Allow pf(4) to filter on the rdomain a packet belongs to.
  • Make traceroute(8) with type-of-service setted (-t) display a message if the returned packet has a different tos type.
  • Defined NULL as a void pointer instead of a long integer, as required by Single Unix. ppp(8)procmap(1)rtadvd(8)user(8)ypldap(8). Use 0 for integers and ‘\0’ for chars instead.
  • Removed NULL usage in non-pointer context in keynote(3)usbhid(3),
  • Fixed type error in httpd(8) proxy_ftp.
  • Make rc.subr(8) remove leading and trailing spaces from daemon_flags.
  • Allow softraid crypto discipline to work with bigmem.
  • Make softraid(4) handle bigmem for metadata reads and writes.
  • Make scsi(4) enquire against dmaable memory.
  • Make siop(4) dma safely to the xs->sense buffer.
  • Fixed test in uvm(9) in uvm_pmr_rootupdate().
  • Make space and tab the same for roff(7) on .de macro lines, after the new macro name.
  • Fixed a buffer cache bug in vfs(9).
  • Replaced a wrong logical or by a binary or in uticom(4).
  • Make pf(4) pf_check_proto_cksum() considering packets with the CSUM_OUT flags set to be ok.
  • Make IPv4 stack do an ICMP checksum if M_ICMP_CSUM_OUT is set.
  • Define M_ICMP_CSUM_{OUT,OK,BAD} in mbuf(9) header.
  • Prevent em(4) from using em_reset_hw() I/O space on hardware that doesn’t handle it.
  • Added wd_hibernate_io(), a standalone disk I/O writer which tries to not damage kernel memory to wdc(4) and wd(4).
  • Make softraid(4) use iopools.
  • Added a flag to cmd_find_session so that attach-session can prefer unattached sessions when choosing the most recently used.
  • Added icelandic keyboard mapping to pckbd(4) and ukbd(4).
  • Updated xrdb to version 1.0.9. Fixes CVE-2011-0465 to which OpenBSD is not vulnerable.
  • Bind C-u to delete-line in tmux(1) vi mode like ksh does.
  • Removed portalfs.
  • Allow GCC2 to be used as a cross compiler from amd64.
  • Added macros for ssm/rsm in hppa64.
  • Implemented syscall_return in hppa64.
  • Added IPv6 ACK prioritization in pf(4).
  • Moved hppa64 PSW in struct cpu_info and ensure the kernel leave interrupts disabled when switching to virtual mode in the trap handler.
  • Added set_tid_address() syscall to compat_linux(8).
  • Fixed compat_linux(8) PID fetching.
  • Fixed bug to enable splower() and splraise() in hppa64.
  • Allow userland to inform connection to vscsi(4) is lost instead of failing it.
  • Fixed bug in usbhid(3).
  • Allow sgi IP27 kernel to pick memory from a different xbow(4/SGI) node than the one it booted from.
  • Reworked the way scsi(4) paths between mpath(4) capable devices and the kernel are managed.
  • Improved handling of vnode(9) vop_default struct in all file systems.
  • Make rc.subr(8) use printf(1) instead of echo(1) to handle case where daemon_flags is ‘-n’.
  • Make hppa64 locore.S save and restore the PSW value when making a PDC call, rather than blindly reloading from kpsl and enable wide mode for PSW defaults.
  • Removed compat_freebsd(8).
  • Added a SCSI probe routine to isp(4) so it can reject high luns when the midlayer is probing, rather than every time it issues an io.
  • Prevent potential problems with dma in wdc(4).
  • Fixed wrong m_dup_pkthdr() behaviour with M_WAITOK passing in mbuf(9).
  • Added ‘,’ command in systat(1) to display numbers with thousands separators and to switch the ifstat view to Bits/s.
  • Fixed compat_linux(8) argument list.
  • Make xbow(4/SGI) rely on dma_constraints range and removed ATE code.
  • Make iscsid(8) log the SessionName to easily understand which session caused a problem.
  • Added AI_FQDN flag to getaddrinfo(3).
  • Turned macros into functions in IPv4 TCP input code and save more than 1400 bytes from the kernel on amd64.
  • Make sure i386 clear upper bits of the segment selectors in ddb_regs before entering ddb(4) so that “show registers” display sane values.
  • Moved tcp segments flushing from tcp_reass() to its own function: tcp_flush_queue.
  • Added linux_sys_{g,s}et_set_thread_area() support in compat_linux(8).
  • Correctly inherit and set the watermarks on socketbuffers. This fixes NFS problems and ensures that accepted sockets have correct socketbuffer setting.
  • Fixed mbuf(9) leaks in socket buffer.
  • Use routing socket m_copyback() return value to detect failure.
  • Make wcswidth(3) return -1 in case of unprintable character.
  • Cleaned up protocol checksums in pf(4), IPv4 and MPLS.
  • Make uvideo(4) reset time per frame to the default when the time per frame is setted to zero as the v4l2 spec says, instead of returning EINVAL.
  • Make mips64 correctly disassemble triadic version of {d,}m[ft]c instructions found on more and more mips64 processors.
  • Saved the IPv4 stack from a few unneeded IP header pull ups.
  • Prevent IPv4 stack from accepting ICMP redirects when acting as a router as it is done in IPv6 stack.
  • Removed useless check from MPLS.
  • Make gre(4) work between systems in the same LAN.
  • Prevent double free in mbuf(9).
  • Added another bpf hook in carp(4) carp_input to catch multicast and broadcast packets too.
  • Make Arla AFS NPPFS use alra_warnx instead of arla_warn is there is no errno to pass.
  • Removed useless ip checksums from pf(4).
  • Removed unneeded bridge(4) check in IP checksum handling.
  • Allow mount_msdos(8) to mount with option ‘async’.
  • Moved P_EXEC flag from struct proc to process, so that setpgid() will fail regardless of which rthread calls execve().
  • Removed COMPAT_047 from GENERIC kernel.
  • In libc, moved __cerror to ___cerror with a weak alias so that rthreads can override it.
  • Fixed a gcc(1) warning in uvm(9).
  • Use route(8) -q options instead of >/dev/null 2>&1 in dhclient(8).
  • Changed some uvm(9) structs flag from ints to chars to make the structs smaller.
  • Make uvm(9) disallow swapping to vnd(4) devices and return ENOTSUPP to userland.
  • Added a new, unified allocator of kernel memory in uvm(9).
  • Clean up dhclient(8).
  • Added a new sysctl(3): kern.pool_debug which enable or disable POOL_DEBUG on the fly. Still defaults to on on -current.
  • Prevent a userland action to changed size of a closed half socket.
  • Prevent IPv6 input functions from enqueueing mbuf(9)s on sockets marked as SS_CANTRCVMORE.
  • Make aps(4) work on boot or resume.
  • The backplane version of em(4) 82575EB has no link state. It’s always up.
  • Increased wd(4) timeout on I/O from 10s to 45s. This gives loongson enough time to wake up on resume.
  • Enabled the use of all the memory found on sgi IP27 and IP30 kernels.
  • Added a consistency check in sgi bus_dma(9) for the value returned by pmap_extract() against the dma_constraints range in _dmamap_load_buffer.
  • Make sure sgi dma_constraint is listed in uvm_md_constraints[] when it does not span the whole physical address space for uvm(9) pmemrange to operate correctly.
  • In octeon and sgi make sure resetting mtx_lock in mtx_lock is the last operation on the struct mutex.
  • Added helper functions for suspend in uvm(9): allow reclaiming pages from all pools, allow zeroing all pages. Not called yet.
  • Call setlocale() in hexdump(1)tcpdump(8) to avoid display glitches in UTF-8 locales.
  • Prevent libc locale from filling the ctype tab with Latin-1 information in UTF-8 locales.
  • Make mount_ntfs(8) handle disklabel(8) UIDs.
  • Make ahci(4) safer to use with bigmem by using dma_{alloc,free} for I/O.
  • Allow a desync to happen in a routing socket buffer when it becomes full rather than continually retrying until space becomes available.
  • Make ioprbs(4) use iopools.
  • Allow kernel printfs to go to console if in ddb(4) instead of being redirected to xconsole.
  • Make ncrscsi(4/MAC68K) use iopools.
  • Prevent the network stack from enqueueing mbuf(9)s on sockets marked as SS_CANTRCVMORE, as was done for routing sockets.
  • Prevent ipsec(4) from relying on implicit net/route.h inclusion via pf(4).
  • Make twe(4) use iopools.
  • Fixes display glitches occurring during virtual terminal switches with pcdisplay(4) and vga(4).
  • Moved PPWAIT flag from struct proc to process,so that rthreads in a vforked child behave correctly in most architectures machine-dependent code.
  • Use uvm_pmr_isfree() in uvm(9) when DEBUG is defined.
  • Allow allocation in inet6 in6_update_ifo() to wait.
  • Make ATA in wd(4) safer with bigmem.
  • Make spc(4/LUNA88K)mesh(4/MACPPC)aic(4)bha(4)oosiop(4)uha(4/I386)sea(4/I386) use iopools.
  • Allow bce(4) to run properly on systems with more than 1GB of physical memory and re-enable it on i386 and amd64 GENERIC and RAMDISK_CD kernels.
  • Hide the cursor during tetris(6)
  • Removed the AMD GART based iommu code.
  • Make Fujitsu MB89352 SCSI devices use iopools on hp300.
  • Enabled bigmem by default on amd64.
  • Updated xorg-cf-files to version 1.0.4.
  • Prevent pfsync(4) from deferring packets for states with NOSYNC set.
  • Set dma pools to IPL_VM.
  • Moved P_SUGID and P_SUGIDEXEC from struct proc to process. Ensures checks are done even from an rthread.
  • Constrain vfs(9) and uvm(9) buffer cache to use only the dma reachable region of memory. With this change bufcachepercent will be the percentage of dma reachable memory that the buffer cache will attempt to use.
  • Added stat counters to smtpd(8) lookup agent.
  • Make sure that amd64 physical addresses for dma are below the top of the dma constraint range and panic if they are not.
  • Removed obsolete vnode_if.* files from kernel.
  • Updated the xserver to version 1.9.5.
  • Improved DNAME handling in smtpd(8) resolver.
  • Removed buffer queues from vnd(4) since the disk that houses the image backing the vnd(4) also has a bufq.
  • Make ATA to SCSI translation layer safer to use with bigmem.
  • Removed the possibility to set the link 1 flag on an inet 4 lo(4).
  • Make mpii(4) correctly handle data underruns. Makes ses(4)safte(4) and lun probes work.
  • Make uvm(9) count the number of physical pages within a memory range.
  • Added support for pppx interfaces instead of tun(4) interfaces in npppd.
  • Added the local ip address to PIPEX session request ioctl so npppd can tell it to the kernel.
  • Improved libXi client/server endianness difference handling.
  • Make yacc(1) use some of its unused free functions.
  • Fixed error handling in uvm(9), and keep track of which pages need to freed.
  • Fixed wrong frame interval return value in uvideo(4).
  • Make sure everything run from i386 machine-dependent init .init and .fini sections gets a properly aligned stack.
  • Make loongson recognize 3A processor though it won’t accept to run it yet.
  • Prevent udav(4) from processing packets where the USB xfer length is shorter than a packetheader, and prevent it from processing packets where the packet header length field says the packet is longer than the size of the USB xfer.
  • Make the top line of systat(1) stop updating, along with the rest of the data when ‘p’ is pressed.
  • Make sure everything run from amd64 machine-dependent init .init and .fini sections gets a properly aligned stack.
  • Fixed hppa64 trap diagnostic by correctly initializing oldcpi.
  • Make tmux(1) work out what type of option is being set by name regardless of the -s or -w options.
  • Removed unnecessary check in tmux(1) options.
  • On tmux(1), change -t on display-message to be target-pane for the #[A-Z] replacements and add -c as target-client.
  • Make sshd(8) print ipqos friendly string when launched with -T option.
  • Make smtpd(8) resolver use the CNAME query interface from asr for reverse lookups.
  • Added -a and -s options to tmux(1) lsp to list all panes in the server or session respectively. Added -s to lsw.
  • Make libXi aware of endianness difference between an X server and an X client.
  • Allow a start and end line to be specified for tmux(1) capture-pane which may be negative to capture part of the history.
  • Added mlphy(4), a driver for the MicroLinear 6692 Ethernet PHYs and include it in i386 and alpha.
  • Make ieee80211_node clean nodes until the number of cached nodes is smaller than the maximum number of nodes, otherwise it will never actually clean any nodes. Fixes issues with clients failing too attach because the node cache is completely filled.
  • Added icmptype and tcpflags to pcap(3).
  • Make tmux(1) set the terminal blocking earlier.
  • Make tmux(1) give each pane created in a tmux server a unique id (starting from 0), put it in the TMUX_PANE environment variable and accept it as a target.
  • Fixed libXi on sparc64.
  • Make hppa save its r4-r8 registers because the c3700 firmware corrupts their upper half.
  • Make sure loongson machine-dependent message buffer area is not zeroed unconditionaly. This gives up a persistent dmesg.
  • Fixed dhclient(8) interval handling.
  • Added umask and path checks in security(8) replacement.
  • Prevent smtpd(8) from failing to deliver a message if an MX address could not be resolved even though other valid MX exist. Make it only report the failure if no server address can be found at all.
  • Prevent MX from being silently dropped in smtpd(8) resolver.
  • Make sure smtpd(8) have an stdio stream opened for the message before trying to close it in an MTA session. Prevents from segv in case of DNS errors.
  • Modified smtpd(8) asr API to make things a bit smoother on the user side.
  • Make smtpd(8) client API receive an stdio stream rather than a file descriptor to the message file descriptor. Prevents a memory leak.
  • Make smtpd(8) resolver use an index for iterating into the MX list.
  • Make uvideo(4) fill in the timestamp when copying a frame into the mmap buffer.
  • Added support for VIDIOC_ENUM_FRAMEINTERVALS in uvideo(4).
  • In video(4) and uvideo(4), added support for VIDIOC_S_PARM and VIDIOC_G_PARM, ioctls used for setting and getting the frame interval.
  • Make uvideo(4) print the supported frame intervals when printing the frame descriptor.
  • Prevent uvideo(4) from changing the format group’s default frame when configuring the device, and from using the default frame as the current frame: because the format group ‘frame_cur’ handles it.
  • Prevent uvideo(4) from trying to align its array of frame descriptors with the frame descriptor bFrameIndex field. The first valid frame in the array is at index 0, not 1.
  • Multiple improvements to uvideo(4): empty the queue of frames in the mmap frame buffer and set the index of the current frame to -1 when the mmap frame buffer is freed, set the index of the current frame to 0 when allocating the mmap frame buffer, panic if a) the mmap frame buffer is already allocated when it try to be allocated again, or b) the mmap frame buffer is not allocated when frames are tried to be added to it.
  • Allow ftp-proxy to proxy across rdomains.
  • Make pf(4) allow userland proxies to establish cross rdomain proxy sessions.
  • Increased rc.subr(8) timeout to 30 seconds.
  • Rewritten ospfd(8) lsack generation.
  • Make security(8) replacement checks home directories.
  • Make ssh-keygen(1) use strcasecmp() for “clear” cert permission option.
  • Make pf(4) reassemble IPv6 fragments. In the forward case, pf refragments the packets with the same maximum size. This allows the sender to determine the optimal fragment size by Path MTU Discovery.
  • Plugged bug in m4(1) to fix autoconf 2.5 and to match behaviour of Solaris m4.
  • Make hppa process interrupts in priority order.
  • Fixed some memory leaks in ospfd(8).
  • Initiated a replacement of security(8) not yet linked to the build.
  • Make sure smtpd(8) struct asr is always freed in asr_done().
  • Simplify smtpd(8) resolver initialization.
  • Make ifconfig(8) use the define for max rdomain with tunneldomain as well.
  • Make pf(4) address family independent functions reusable by netinet6.
  • Normalize sentinel in various archs machine-dependent code: Use _MACHINE_*_H_ and _<ARCH>_*_H_ properly and consistently.
  • Removed -d option from ssh-keygen(1).
  • Make com(4) read from UART only if there is something to read. Fixes beagle crash.
  • Make rc(8) use ssh-keygen -A to generate new host keys.
  • Added a -A option to ssh-keygen(1) to generate host keys (rsa1, rsa, dsa and ecdsa) with the default file path, an empty passphrase, default bits for the key type and default comment if the keys don’t exist.
  • Allow scp://hostname/~user/subdir to work as a pkg(1) repository.
  • Prevent IPv6 stack from processing ICMP6 redirects by default. rtsol(8) will turn it back if -F is used.
  • Moved netinet6 MTU size check behind pf_test6() to avoid dropping unfragmented packet in ip6_forward().
  • Make cwm mouse reset the XSync timing change for client move only.
  • Make rtsold(8) print a warning when used to do IPv6 autoconfiguration while accepting redirects is turned off. Make it set net.inet6.icmp6.rediraccept to 1 if the -F switch is given.
  • Make netinet6 ip6_fragment() reusable by pf(4).
  • Increased the number of EBRs the kernel can transit looking for the OpenBSD partition from 8 to 256.
  • Make amd64 and i386 warn on install if the newly installed system won’t be able to boot the install root disk.
  • Enabled beagle distrib.
  • Prevent tcpdump(8) from being strict when checking the length of an OSPF packet.
  • Make ueagle(4) and umodem(4) silently clear the endpoint when the device has failed.
  • Improved cwm.
  • Make use of timerclear macro in mrinfo(8)rpc.lockd(8)rtadvd(8)rtsold(8)traceroute(8) and wsmoused(8/I386).
  • Added support for NetMos Nm9922 dual serial port cards in puc(4).
  • Multiple smtpd(8) improvements: make it close datafd in client_close and reset smtp_client pointer to NULL after client_close(). Prevent smtpd(8) bounce_session() from closing msgfd as it is done by client_close().
  • Fixed a memory leak in smtpd(8) client.c and properly close envelope in queue_shared.c.
  • Fixed a memory leak in smtpd(8) client.c and properly close envelope in queue_shared.c.
  • Import the foundation for eqn(7) support in mandoc(1).
  • Prevent a protect fault in i386 and amd64 machine-dependent code by masking out invalid bits when reading MXCSR from userland sigcontext or a ptrace request.
  • Updated util-macros to version 1.13.0, dmxproto to 2.3.1.
  • Allow OpenBSD::Ustar(3p) to be more precise in its error messages: record position in archive, and caller can set description of file handle.
  • Fixes an AML issue on some Asus machines with acpi(4).
  • Make ntpd(8) and timed(8) use timerclear macro.
  • Pass to OpenBSD::PackingElement(3p) the new -c option to grotty when building manuals to avoid ANSI escape sequences and continue traditional backspace escaping.
  • Added support for ecdsa SSH keys in default xinit and xdm.
  • Make installboot(8/I386) and installboot(8/AMD64) error out if /boot cross the BOOTBIOS_MAXSEC line.
  • Added the ONDA MSA11OUP USB modem to umsm(4).
  • Fixed st(4) stdetach() to call vdevgone() with the right device minor numbers.
  • Make netstat(1) print icps_bmcastecho as “XX echo requests to broadcast/multicast rejected”.
  • Improved comkbd(4/SPARC64).
  • Make pkg-config(1) print the URL of installed package newer version when requested.
  • Added basic validation for .pc files in pkg-config(1).
  • Fixed bugs in pkg-config(1).
  • Fixed obj directory probing to support cross compiling on arch hp300, loongson, sgi, sparc and sparc64.
  • Fixed ral(4) RT2661 firmware loading at startup and resume.
  • Prevent uk(4) from provoking a kernel panic when detaching an unknown SCSI device.
  • Make arm platform recognize OMAP3630/DM3730, as found in the beagleboard xM.
  • Make cd(4)ch(4)safte(4)sd(4)ses(4) and st(4) use dma_{alloc,free} instead of malloc to allocate buffers which need to be in the right address space.
  • Make it possible to allocate up to 64K of dma pools in the kernel dma allocator.
  • Make rc.subr(8) quiet unless RC_DEBUG=1.
  • Make rc.subr(8) print daemon names itself instead of using rc.{local,shutdown}.
  • Make rc.subr(8) notify the user if a given operation was successful or not by appending the (ok) or (failed) strings to the end of the daemon name.
  • Introduced an INRC environment variable in rc.subr(8) so it may know if it’s called from rc.local or rc.shutdown.
  • In bios(4/I386)bios(4/AMD64)installboot(8/I386) and installboot(8/AMD64) make the various findopenbsd() functions non-recursive, eliminating a global, a couple of parameters, and opening up possibility of traversing a much longer EBR lists without blowing the stack.
  • Fixed trap sending in snmpd(8).
  • Make npppd use timerclear macro.
  • Removed evaluation of PATH_LOCALE in libc localization code to prevent abuses causing integer overflow.
  • Make smtpd(8) use user-provided Diffie-Hellman parameters for ephemeral key exchange. If no Diffie-Hellman parameters are found, fallback to built-in parameters as it was done until now.
  • Make softraid(4) attach one sensordev per discipline. This results in a drive sensor being attached for each volume under the same sensordev, instead of having multiple sensordevs each with a single drive. Fixes PR6576.
  • Added a -B flag to netstat(1) which displays buffer sizes for TCP sockets.
  • Make ssh-keyscan(1) use timerclear macro.
  • Make aucat(1) use timerclear macro.
  • Fixed uninitialized variable warnings in ksh(1).
  • Make ifstated(8) use appropriate timerclear macro.
  • Fixed a function return in mandoc(1).
  • Make sure tcpbench(1) rebuild its binaries if kvm(3) or event(3) have changed.
  • Updated zoneinfo database to tzdata2011d from
  • Make it possible to boot OpenBSD on an amd64 or i386 up to the 7th extended partition below 128GB.
  • Prevent gcc(1) from warning because of recent HANDLE_PRAGMA_PACK_PUSH_POP.
  • Improved EBR handling in kernel disk(9) subroutines.
  • Added initial beagle distrib pieces.
  • Prevent usb subsystem crash in beagle with prcm.
  • Prevent rc.subr(8) from launching rc_start if rc_pre failed and from launching rc_post if rc_stop failed.
  • Implemented PKG_CONFIG_SYSROOT_DIR in pkg-config(1). Bumped version to 0.23.
  • Fixed a use after free in PIPEX.
  • Make socket(2) soreceive() block a process reading from a spliced socket that already got an end-of-file but still has data in the receive buffer until all data hase been move. Make kqueue(2) work with sosplice(9).
  • Fixed handling of VIS_ALL in vis(3).
  • Added Wake on LAN support for re(4) and vr(4).
  • Added ‘wol’ and ‘-wol’ options to ifconfig(8) to enable and disable Wake on LAN on a system in standby or suspend mode.
  • Updated xkbcomp to version 1.2.1.
  • Synchronized ctype definitions for the UTF-8 locale to FreeBSD, fixing width of various zero-width characters.
  • Replaced type daddr_t (64-bit disk address) by type daddr_32t (32-bit disk address) in all archs machine-dependent code (bios, boot…). The bootblocks only do 32-bit block spanning for now.
  • Removed groff(1) from base.
  • Make sparc and sparc64 libc division and remainder use a better fitted register.
  • Prevent a race in sosplice(9).
  • Fixed relayd(8) client timeout.
  • Make ext2fs utilities use type daddr32_t because they can only operate with a 32-bit block number range for now.
  • Updated xkeyboard-config to version 2.1.
  • Replace the old, broken KERN_PROC ABI and its matching functions in kvm(3) with the stable-ABI versions that are currently named KERN_PROC2, kvm_get{proc,argv,envv}2().
  • In i386 machine-dependent parts, provide distinct segments for the %fs and %gs selectors to use by default, with per-rthread base offsets and with sysarch() functions, I386_{GET,SET}_{FS,GS}BASE, for fetching and setting those base offsets. This is necessary for both rthread and Linux compat support.
  • Fixed a bug that caused nbr addr_tree corruption in ldpd(8).
  • Make ldpd(8) log the fact that a session was not accepted because of missing HELLOs.
  • Clean bios(4/i386) and bios(4/amd64) stack garbage before passing buffer to biosd_io().
  • Added -z <output_zone> to date(1) for changing the specified time zone.
  • Make sure extra arguments are not passed to date(1).
  • Prevent which(1) -a option from changing the exit status.
  • Added support to admtemp(4) for detecting the NXP SA56004X.
  • Implemented options –print-provides, –print-requires and –print-requires-private in pkg-config(1).
  • Make pkg_config honour PKG_CONFIG_DEBUG_SPEW.
  • Allow ssh(1) GSSAPI authentication to detect when a server-side failure causes authentication failure and don’t count such failures against MaxAuthTries. Fixes bz#1244.
  • Make IPv6 stack log MAC address changes in the IPv6 neighbour discovery protocol cache as “ndp info overwritten”. Makes the behaviour similar to ARP.
  • Make smtpctl show stats display inet4 and inet6 repartition for incoming sessions.
  • Moved rc.subr(8) redirections into the rc_cmd itself instead of rc_start and rc_stop so scripts don’t need to set it.
  • Implemented UDP mode for tcpbench(1) and switch it to use libevent.
  • Print em(4) debugging info via ifconfig(8) debug command instead of using a global em_display_debug_stats variable.
  • Make ksh(1) substitute ‘~’ for $HOME in the \W prompt case. Matches bash behaviour.
  • Prevent rc.subr(8) from losing rc_{pre,post} when rc.d(8) override rc_{start,stop}.
  • Fixed truncation of IPv6 addresses in smtpd(8) mail delivery path.
  • Fixed a carp(4) reconfiguration problem.
  • Build xcb by default in Xenocara.
  • Added vrng(4/sparc64) to sparc64 GENERIC kernel.
  • Fixed extended partition searching in biosboot(8/i386)biosboot(8/amd64)cdboot(8/i386)cdboot(8/amd64)installboot(8/i386)installboot(8/amd64)pxeboot(8/i386) and pxeboot(8/amd64).
  • Allow ospfd(8) to send out LS updates larger than the MTU.
  • Make ospfd(8) use IP_MAXPACKET instead of IBUF_READ_SIZE as upper bound for packet building.
  • In tmux(1) prevent tiled producing a corrupt layout when only one column is needed.
  • Added support to pass through escape sequences to the underlying terminal in tmux(1).
  • Updated xterm to version 269.
  • Make usbhidaction(1) use fork(2) and exec(3) instead of system(3).
  • Make pkg_create(1) run makewhatis(8) when verbose mode is set.
  • Added editline support to bc(1).
  • Removed NTFS from alpha GENERIC kernel.
  • Prevent mandoc(1) from leaking information about software used into PostScript and PDF documents.
  • Clean up date handling in mandoc(1): always store dates as strings, not as seconds since the Epoch; for input, try the three most common formats everywhere; for unrecognized format, just pass the date though verbatim; when there is no date at all, still use the current date.
  • Make sure isp(4) MEMORYBARRIER(SYNC_REG) performs a read/write bus_space_barrier, instead of a read barrier only, as it is used in read-modify-write cycles.
  • Added to rc.subr(8) an “rc_bg” variable that is undefined by default and allows to start a daemon in the background.
  • Make getopt(3) ignore leading ‘-‘ in optstring if POSIXLY_CORRECT is set. Fixes PR6267.
  • Fixed potential crash when GZIP variable set and more than 512 command line arguments specified. Closes PR 6573.
  • Improved sparc64 machine-dependent code by removing tests already performed by bus_space_barrier(9).
  • Fixed DMA errors with dc(4) on sparc64.
  • Improved disklabel(8) auto-allocation scheme.
  • Prevent usb(4) devices from being non-functional because of a too long reset.
  • Improved tmux(1).
  • Fixed bug in azalia(4) resume.
  • Added -H to ls(1) (follow symlink) as required by POSIX.
  • Added -W <whiteexp> to spamlogd(8). Adjusts the time for whiteexp in hours.
  • Prevent mpi(4) from reading garbled replies.
  • Added -H to grep(1) (opposite of -h) to always print name.
  • Fixed passing of arguments from spamd(8) to pfctl(8). Fixes PR6142.
  • Prevent division-by-zero in zts(4/ZAURUS) when scaling down to the screen resolution.
  • Resized MAXDSIZ up to 2G on macppc and socppc.
  • Make cron(8) reset the SIGPIPE signal handler immediately before executing a command.
  • Make at(1) use dirfd(3) instead looking into struct dirent.
  • Added a -P option to tmux(1). Detaches to HUP the client’s parent process.
  • Make smtpd(8) log correctly ip addresses on big-endian machines.
  • Make ping6(8) compare minimum amount of bytes between what was received and what was sent out and print additional information explaining payload size differences.
  • Fixed broken handling of ios_base::showpos in libstdc++-v3.
  • Added the socket splicing fields of struct socket to netstat -vP output for debugging.
  • Fixed a bug in atexit(3) __cxa_finalize().
  • Allow <sys/stdarg.h> to use va_arg macro as a local variable name.
  • Fixed a segmentation fault in rtadvd(8).
  • Make pfsync(4) use ip6_output for sending IPv6 frames instead of assuming everything is IPv4 and using ip_output.
  • Define HANDLE_PRAGMA_PACK_PUSH_POP just like on other platforms in gcc(1) to get #pragma pack and #pragma push work in order to be compatible with MS compilers as it is used by some projects like chromium.
  • Make sure disklabel(8) editor save the start and end sector of the OpenBSD area every time a user updates its bounds.
  • Synchronized scsi(4) ASC/ASCQ errors with <>.

This list mentions mostly platform-independent changes. For a list of changes made in a particular platform, please check the page for that platform. If you find them not listed there, the changes are either (1) not being documented or (2) are documented here.

Well this freaking sucks.

Turns out people are poisoning everything out there.

From: Gregory Perry
To: “[email protected]
Subject: OpenBSD Crypto Framework
Thread-Topic: OpenBSD Crypto Framework
Thread-Index: AcuZjuF6cT4gcSmqQv+Fo3/+2m80eg==
Date: Sat, 11 Dec 2010 23:55:25 +0000
Message-ID: <[email protected]domain.local>
Accept-Language: en-US
Content-Language: en-US
Content-Type: text/plain; charset=”iso-8859-1″
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Status: RO

Hello Theo,

Long time no talk. If you will recall, a while back I was the CTO at NETSEC and arranged funding and donations for the OpenBSD Crypto Framework. At that same time I also did some consulting for the FBI, for their GSA Technical Support Center, which was a cryptologic reverse engineering project aimed at backdooring and implementing key escrow mechanisms for smart card and other hardware-based computing

My NDA with the FBI has recently expired, and I wanted to make you aware of the fact that the FBI implemented a number of backdoors and side channel key leaking mechanisms into the OCF, for the express purpose of monitoring the site to site VPN encryption system implemented by EOUSA, the parent organization to the FBI. Jason
Wright and several other developers were responsible for those backdoors, and you would be well advised to review any and all code commits by Wright as well as the other developers he worked with originating from NETSEC.

This is also probably the reason why you lost your DARPA funding, they more than likely caught wind of the fact that those backdoors were present and didn’t want to create any derivative products based upon the same.

This is also why several inside FBI folks have been recently advocating the use of OpenBSD for VPN and firewalling implementations in virtualized environments, for example Scott Lowe is a well respected author in virtualization circles who also happens top be on the FBI payroll, and who has also recently published several tutorials for the use of OpenBSD VMs in enterprise VMware vSphere deployments.

Merry Christmas…

Gregory Perry
Chief Executive Officer
GoVirtual Education

“VMware Training Products & Services”

540-645-6955 x111 (local)
866-354-7369 x111 (toll free)
540-931-9099 (mobile)
877-648-0555 (fax)

Honestly I don’t know what that means for people who want privacy. Basically trust no one, trust nothing..

And certainly don’t run OpenBSD in a VMWare environment.

OpenVPN on OpenBSD 4.8

I just setup an OpenVPN connection for someone, and I ran into this error:

ksh: ./vars[29]: /etc/openvpn/easy-rsa/2.0/whichopensslcnf: not found

Yeah, weird, turns out you have to edit the vars file, and tell it the full path & name for the openssl.conf that it’s going to use… Oh well more of a tip down the road.

Qemu Sparc snapshot getting better!

Thanks to Artyom Tarasenko‘s tireless work on the Sparc MMU, DMA, SCSI It’s not possible to install some versions of Solaris, and boot others to single user mode!
Heck, even the NeXTSTEP 3.3 boot program goes ahead and loads up..

However this is all done without a graphical console, as the sparc rom’s dont understand the framebuffer that Qemu emulates…

qemu-system-sparc.exe -nographic -monitor null -serial mon:telnet:,server -bios ..\ss5-170.bin -M SS-5 -m 256 -hda ..\solaris.disk -startdate “2009-12-13” -cdrom \temp\cd46.iso

Running it is something like this. The key here is the lines:

-nographic -monitor null -serial mon:telnet:,server

Which setup a serial port console you can just telnet into (for us Windows users).

This gets around all the errors like this:

chardev: backend “stdio” not found
qemu: could not open serial device ‘mon:stdio’: Result too large

Sadly my SunOS cd doesn’t seem to want to boot, and I somehow saved a copy of Solaris 8, but not 6..? Sigh.

ok boot cdrom -vb
Boot device: /iommu/sbus/[email protected],8400000/[email protected],8800000/[email protected],0:d File and args:
Size: 259712+54162+47510 Bytes
SunOS Release 5.8 Version Generic_108528-13 32-bit
Copyright 1983-2001 Sun Microsystems, Inc. All rights reserved.
Ethernet address = 52:54:0:12:34:56
Using default device instance data
vac: enabled in write through mode
mem = 262144K (0x10000000)
avail mem = 258322432
root nexus = SUNW,SPARCstation-5
iommu0 at root: obio 0x10000000
sbus0 at iommu0: obio 0x10001000
dma0 at sbus0: SBus slot 5 0x8400000
dma0 is /[email protected],10000000/[email protected],10001000/[email protected],8400000
/[email protected],10000000/[email protected],10001000/[email protected],8400000/[email protected],8800000 (esp0):
esp0 at dma0: SBus slot 5 0x8800000 sparc ipl 4
esp0 is /[email protected],10000000/[email protected],10001000/[email protected],8400000/[email protected],8800000
sd6 at esp0: target 6 lun 0
sd6 is /[email protected],10000000/[email protected],10001000/[email protected],8400000/[email protected],8800000/[email protected],0
root on /[email protected],10000000/[email protected],10001000/[email protected],8400000/[email protected],8800000/[email protected],0:
b fstype ufs
obio0 at root
obio0 at obio0: obio 0x100000, sparc ipl 12
zs0 is /obio/[email protected],100000
obio1 at obio0: obio 0x0, sparc ipl 12
zs1 is /obio/[email protected],0
cpu0: FMI,MB86907 (mid 0 impl 0x0 ver 0x4 clock 1070 MHz)
# uname -a

SunOS 5.8 Generic_108528-13 sun4m sparc SUNW,SPARCstation-5

Which is all cool. And check the CPU, 1070Mhz! Don’t we all wish we had SPARC’s that fast!

I’ve even managed to install OpenBSD/Sparc! … But it crashed on booting.

Anyways it’s late, and thats it for now.

OpenBSD / amd64 fun


Don't you love days like this?

So here I was installing OpenBSD 4.5 amd64 on some HP DL386’s with.. AMD Opterons, and during the install it crashed out with the error message:

fatal machine check in supervisor mode
trap type 18 code 0 rip……….

And odds are if you may be here for the same thing, as google came up with 0 hits on fatal machine check in supervisor mode.



But I’ve got a crash screen to prove it.

Now here is a kicker, I found in the bios if you turn off the “Page directory cache”, for “older Linux kernels”, you can complete your install!!

The downside, is that a dmesg causes a kernel fault.


So annoying.

Why I love Windows NT 4.0!

Years ago I managed to score a bunch of copies of NT 4.0 server for $20 each (5 cals too!) and I have to say that the #1 thing I love about NT 4.0 is that it can run on small machines. In virtual machine space, this means small disks, little ram, and they don’t need that much in the way of CPU power.

And if you keep your eyes out, you can even score the best one of all, NT 4.0 Terminal server. Keep in mind that later versions of the terminal server client (the ones in XP sp2 & higher/vista/windows 7/2003 server/2008 server) will NOT connect to a NT 4.0 terminal server, but you can just grab the mstsc.exe/mstsc.dll from the NT 4.0 Terminal Server CD, or from a pre sp2 XP CD.

Anyways among the things you can setup and run on NT 4.0 right now I’m going to mention something mundane, but fun & and that’s a PPTP server. Since I’ve accidentally screwed up my Proxmox install, I installed Windows 2003 R2 x64, and the downside is that bridged OpenVPN in a VM doesn’t work. Virtual Server seems to be saving me from myself here… So I thought I’d try something a little more ‘normal’ in that space.

When it comes time to build the PPTP server, you just simply have to add the PPTP networking service into the NT 4.0 networking build. It’s easier to do this at install time so all the files will be in sync. If you try to do this to an existing NT 4.0 machine that has any service packs installed, YOU MUST RE-INSTALL THE SERVICE PACK BEFORE YOU REBOOT… Otherwise it’ll BSOD because the network drivers changed radically from sp1 to sp4+

I have an OpenBSD 4.5 firewall in a VM that has OpenVPN connections to various work sites, and connects those tunnels to ipip tunnels on my Cisco router. I then want to PPTP from my wifi into my ‘work’ network and have it automatically work. While digging around there is a minor thing to keep in mind when forwarding PPTP packets from an OpenBSD firewall to a Windows NT 4.0 PPTP server… Make sure you forward the GRE packets as well!

This is what I added to my /etc/pf.conf

rdr on $ext_if proto tcp from any to any port 1723 ->
rdr on $ext_if proto gre from any to any ->

As you can guess, is the address of my PPTP server.

Remember to check the log if you have any issues connecting, I wasted 20 min playing with the authentication protocols before I checked the security log to realize that my user on NT 4.0 didn’t have rights to RAS into the server…

Windows NT 4.0 also makes a great host for any version of SQL Server 7.0 & prior, and it runs Exchange server 5.5 exceedingly well. I like to install my old copy of Office 97 on the terminal server, and setup my own NT 4.0 domain with NT 4.0’s IIS, SQL, Exchange & fileserver. And the overhead on any ‘modern’ computer is negligible. 32mb of ram and a 1 gig disk are more then enough for a basic NT 4.0 server.

One other note, is that I found that Terminal Server would not install on 2003 r2 x64 / Virtual Server 2005 sp1. However I could install it on Virtual PC 2007 sp1 and then just copy the vhd over to the server and it worked fine. That is another plus of the VirtualPC / Virtual Server strategy is that they share each others disk formats without any issues.. Unlike some other products that won’t take an IDE image and let you connect it to a SCSI controller… Grrr.

Anyways I hope this will help someone setup a PPTP server, or at least the missing bits to front one with OpenBSD.

OpenBSD 4.4 on VirtualPC 2007

Well it’s about that time, and OpenBSD has now just released version 4.4!
I’m a big fan of OpenBSD, and of course I wanted to load it up on my laptop. I’ve been wanting to do some tests with Quake1 so I have setup a test server, and now I was needing a client, so I figured OpenBSD should be able to do this.

I installed OpenBSD 4.4, ran ‘startx‘ and naturally had a completely deformed screen.

I did find out that manually running ‘xorgconfig‘ and setting up the wsmouse (protocol & port!), and then selecting the S3 driver “** S3 (not ViRGE or Savage) (generic) [s3]” Option number 25 I think… Anyways from there I told it to use 800×600 16bit depth, and now I’m able to use X11 no worries!