This file describes official patches for the NetBSD 1.2 release.

Mondo patch 1:

[ kernel/alpha ] Fix several SCSI protocol errors in the "esp" driver.

[ kernel/sparc ] Fix several SCSI protocol errors in the "esp" driver.

[ kernel/netinet ] Fix handling of long IP packets; no longer
susceptible to the "Windows 95 death ping" bug.

[ netstat(1) ] Display the `toolong' IP stat count, corresponding to
netinet change above.

[ kernel/scsi ] For ioctl commands which may change the device's state,
ensure the caller has the device open for writing (security precaution).

[ lpd(8) ] Fix some errors in the lpd(8) manual page.

[ eeprom(1) ] Discard setgid privileges if we don't need them.

[ kernel/hp300 ] Make sure clock interrupts are disabled at the end of
the delay calibration routine.  Fixes a bug where the kernel would get a
bad pointer reference and crash very early in kernels without DDB.

[ mt(1) ] Don't attempt to set TCP_MAXSEG for remote mt.

[ kernel/scsi ] In the sd driver, start a mode sense with a clean sense
buffer.

[ kernel/alpha ] Fix race condition in tcds interrupt code.

[ distrib/amiga ] Add missing hardware items to release notes.

[ mountd(8) ] Fix two critical bugs on NetBSD/alpha.

[ kernel/atari ] Fix AHDI badsector list handling.

[ kernel/atari ] Add lpt0 driver to fix undefined symbols.

[ kernel/pmax ] Add initialization of SYSV IPC/SHM/semaphores.

[ kernel/pmax ] Add call to doshutdownhooks().

[ kernel/pmax ] Fix typo in pmax debug code (pr #2739).

[ kernel/pmax ] Fix data corruption bug in asc SCSI driver.

[ kernel/pmax ] Fix semantic confusion between SIGBUS and SIGSEGV.

[ kernel/alpha ] Fix PPP netisr handling.

[ kernel/mac68k ] Fix output interrupt race condtion in zs driver.

[ kernel/elf ] Deal with ELF executables with only one section.

[ kernel/amiga ] Fix m68881_save/restore() on 68060 machines.

[ kernel/atari ] Fix installboot version strings.

[ kernel/m68k ] Fix fmovem register naming in kernel disassembler.

[ kernel/m68k ] Fix error that prevented FPINCOS opcode emulation.

[ kernel/alpha ] Fix TurboChannel framebuffer detection code.

[ kernel/alpha ] Fix register access in SCC driver.

[ kernel/amiga ] Fix spurious interrupt in ARCnet driver.

[ kernel/generic ] Fix infinite loop bug in shutdown code.

[ pppd(8) ] Read TTY-specific options and fix pid file deletion bug.

[ kernel/generic ] Only build ufs_quota.o if ``quota'' option is in
config.

[ sendmail ] Updated to 8.8.4.

[ kernel/generic ] Fix possible overrun bugs in networking code.

[ kernel/i386 ] Added vmstat -i counters.

[ kernel/generic ] Remove possible overrun bugs in error printing code.

[ dump/restore ] Make dump and restore work on alpha, fix bug restoring
images when current directory is on NFS.

[ kernel/sparc ] Fix bug in Sun4m Ethernet driver that caused each
received packet to generate two interrupts rather than one.

[ distrib/mac68k ] Include new hardware and updated install notes.

[ kernel/generic ] Fix ``traceroute host 7000'' bug that crashed kernel.

[ distrib/atari ] Add description of HDX usage when preparing a bootable 
AHDI partition.

[ fsck_ffs(8) ] Fix various type size problems, and an O(n^2) algorithm.

[ setuid(2) ] Document why we don't implement _POSIX_SAVED_IDS.

[ select(2) ] Allow using a nfds larger than the FD_SETSIZE the kernel
was compiled with.

[ kernel/procfs ] Add a missing lock that could cause a panic when
reading /proc/N/mem.

[ kernel/i386 ] Use the memory size passed in by the boot block, to
preserve the BIOS data area.

[ kernel/i386 ] Preserve more registers around BIOS calls in the boot
program, and some other minor bug fixes.

[ kernel/i386 ] Turn off some diagnostic code in the aha, bt, and wds
drivers that would occasionally cause a spurious panic.

[ kernel/i386 ] Speed up in_cksum().

[ ls(1) ] Fix sorting bugs.

[ kernel/pci ] Probe the I/O and memory sizes correctly on cards that
may not permit all of the bits in the address to be set.

[ kernel/i386 ] Fix a race condition where an AST may be delayed until
the next interrupt.

[ kernel/generic ] Don't permit a core dump if P_SUGID is set (the
process has changed IDs during or since the last execve(2)).

[ mtree(8) ] Don't record sizes for things other than regular files.
Add a `-t' option to update time stamps (rather than just complain about
them).

[ kernel/i386 ] Allow CONADDR and CONUNIT to be overridden in the config
file.

[ select(2) ] Document EFAULT as a valid errno value.

[ nfsd(8) ] Make sure to clear the sin_zero fields.

[ rwhod(8) ] Fix type size problems.

[ kernel/i386 ] Fix two bugs in the wds driver that caused -ASC cards to
fail completely.

[ c++(1) ] Fix libgcc so that code using exception handling links.

[ openpty(3) ] Make it work correctly when called multiple times.

[ restore(8) ] Add two missing byte-swaps, so it actually works across
endians.

[ kernel/hp300 ] Fix dca console initialization for use with a serial
terminal, which may require DTR and RTS.

[ kernel/i386 ] Fix com console initialization for use with a serial
terminal, which may require DTR and RTS.

[ setreuid(2), setregid(2) ] Implement these correctly, per SunOS and
other systems.

[ kernel/generic ] Fix bogus references to user-level include files.

[ kernel/ibcs2 ] Fix read(2)ing of directories.

[ kernel/compat ] Make exec*(2) do path name translation.

[ kernel/nfs ] Use NFS-specific malloc types, rather than M_TEMP.

[ kernel/netinet ] Return EAGAIN if there are no free ports in the
normal user range.

[ kernel/netinet ] Fix several RTT scaling errors introduced with the
RTT rounding fixes suggested by Brakmo and Peterson.

[ kernel/mvme68k ] Fix an uninitialized variable and a missing RELOC()
in the startup code.

[ kernel/sparc ] Disable rcons on the bwtwo, since it doesn't work yet.

[ kernel/sparc ] Fix place offset calculation on the cgfour.

[ kernel/netinet ] Ignore the reserved fragment flag when checking for
fragmentation.

[ kernel/netinet ] Don't reset the keepalive timer if in SYN-SENT or
SYN-RECEIVED state and we're not ready to go to ESTABLISHED.

[ kernel/net* ] Eliminate SS_PRIV.  Fix many memory leaks and incorrect
errno values.

[ kernel/i386 ] Fix several bugs in the ahb driver.

[ kernel/generic ] Change the exec locking protocol to fix a deadlock.

[ kernel/generic ] Make physio() work for UIO_SYSSPACE.

[ kernel/generic ] Don't permit negative resource limits, which will
cause various panics.

[ kernel/generic ] Fix a null pointer dereference when shmdt(2) is
called before shmat(2).

[ kernel/generic ] Fix a deadlock when SO_{SND,RCV}BUF is called with a
buffer size of 0.

[ kernel/generic ] Fix a null pointer dereference when attempting to
change the default route without specifying a gateway.

[ kernel/generic ] Fix a null pointer dereference when syncing after a
panic during autoconfig or while idle.

[ kernel/generic ] Seeking on a FIFO should return ESPIPE.

[ kernel/nfs ] Make MNT_FORCE work in more cases.

[ kernel/nfs ] Fix a memory leak when a file formerly mmap(2)ed on the
server is remove(2)d by a client.

[ stat(2) ] S_ISFIFO(x) should not return true with sockets.
S_ISSOCK(x) should not return true with fifos.

[ kernel/i386 ] Fix timing bug in floppy driver.

[ kernel/msdosfs ] Fix a bug with allowed/disallowed characters in non-
Win95 filenames.

[ kernel/msdosfs ] Don't extend directory when nothing is written to it.

[ kernel/amiga ] Update msc serial driver.

[ kernel/generic ] Clarify section of code in sys_setitimer().

[ kernel/generic ] Fix bug in SunOS emulation when using half-open ptys.

[ kernel/bio ] Fix potential NULL-pointer dereference.

[ kernel/slip ] Cleanup unnecessary pointer arithmetic.

[ kernel/mac68k ] Correctly support Mac LC III-type machines.

[ games/larn ] Fix security bug (closes PR #2699).

[ compress(1) ] Fix usage of stdin and stdout (closes PR #774 & #957)

[ cron(8) ] Fix security bugs.

[ pppd(8) ] Allow 255.255.255.255 netmasks.  Fixes bin/2954.

[ sh(1) ] Fix many bugs in system shell.

[ lpr(1)/lprm(1)/lpc(8)/lpd(8) ] Fix security bugs.

[ make(1) ] Fix many bugs in make.

[ write(1) ] Fix a security bug.

[ kernel/i386 ] Fix bug in FP exception handling that might cause a core
dump when there is a signal handler installed.

[ C Library/YP ] Fix bug in ypserv and RPC timeout code.

[ fsck_ffs(8) ] Check for (and remove) holes in directories.

[ netstat(8) ] Fix printing of Unix-domain socket addresses.

[ kernel/scsi ] Add better support for optical disks (e.g. ZIP disks).

[ kernel/i386 ] Fix bugs in ahc driver that affect chips with a small
number of SCBs.  Also, recognize more boards/chips.

[ kernel/nfs ] Fix various possible null pointer dereferences and array
bound violations.  Also, fix directory lease eviction in NQNFS.

[ kernel/i386 ] Recognize more ep boards.

[ kernel/nfs ] Attempting to make a cross-device link into NFS would
panic the client.  Fix this.

[ cron(8) ] Fix possible buffer overflow, from Rick Byers
<rickb@iaw.on.ca>, PR #3293.

[ dmesg(8) ] Don't get stuck in an infinite loop if the msgbuf index is
0 or 1, from enami tsugutomo <enami@ba2.so-net.or.jp>, PR #3285.

[ kernel/i386 ] Fix the 3COM `sniper bug', which could cause packets to
be accepted that were not sent to the local host, in turn causing bogus
redirects and/or ICMP unreachables.

[ kernel/i386 ] Fix trap handling problem that allowed a user to panic
the system.