version 1.55, 2015/08/06 21:50:20 |
version 1.56, 2016/03/21 05:46:19 |
|
|
<ul> |
<ul> |
|
|
<li>The i386 architecture has been switched to the |
<li>The i386 architecture has been switched to the |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=elf">ELF</a> |
<a href="http://man.openbsd.org?query=elf">ELF</a> |
executable format. |
executable format. |
<p> |
<p> |
|
|
|
|
effort limit on code execution. |
effort limit on code execution. |
<p> |
<p> |
|
|
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so">ld.so(1)</a> |
<li><a href="http://man.openbsd.org?query=ld.so">ld.so(1)</a> |
on ELF platforms now loads libraries in a random order for |
on ELF platforms now loads libraries in a random order for |
greater resistance to attacks. The i386 architecture also maps libraries |
greater resistance to attacks. The i386 architecture also maps libraries |
into somewhat randomized addresses. Together with W^X and |
into somewhat randomized addresses. Together with W^X and |
|
|
<li>A static bounds checker has been added to the compiler to perform basic |
<li>A static bounds checker has been added to the compiler to perform basic |
checks on functions which accept buffers and sizes. The checker aims to |
checks on functions which accept buffers and sizes. The checker aims to |
find common mistakes in the use of library functions such as |
find common mistakes in the use of library functions such as |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strlcpy">strlcpy(3)</a> |
<a href="http://man.openbsd.org?query=strlcpy">strlcpy(3)</a> |
or <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sscanf">sscanf(3)</a> |
or <a href="http://man.openbsd.org?query=sscanf">sscanf(3)</a> |
without emitting any false positives. Running it over the source and ports |
without emitting any false positives. Running it over the source and ports |
trees revealed over a hundred real bugs, which were fixed and submitted back |
trees revealed over a hundred real bugs, which were fixed and submitted back |
to the original authors where possible. |
to the original authors where possible. |
<p> |
<p> |
|
|
<li>Privilege separation has been implemented for the |
<li>Privilege separation has been implemented for the |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslogd">syslogd(8)</a> |
<a href="http://man.openbsd.org?query=syslogd">syslogd(8)</a> |
daemon, making it much more robust against future errors. The child which |
daemon, making it much more robust against future errors. The child which |
listens to network traffic now runs as a normal user and chroots itself, |
listens to network traffic now runs as a normal user and chroots itself, |
while the parent process tracks the state of the child and performs |
while the parent process tracks the state of the child and performs |
|
|
<li>Many unsafe string functions have been removed from the kernel and userland |
<li>Many unsafe string functions have been removed from the kernel and userland |
utilities. This audit is one of the most comprehensive OpenBSD has ever |
utilities. This audit is one of the most comprehensive OpenBSD has ever |
done, with thousands of occurrences of |
done, with thousands of occurrences of |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strcpy">strcpy(3)</a>, |
<a href="http://man.openbsd.org?query=strcpy">strcpy(3)</a>, |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strcat">strcat(3)</a>, |
<a href="http://man.openbsd.org?query=strcat">strcat(3)</a>, |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sprintf">sprintf(3)</a>, |
<a href="http://man.openbsd.org?query=sprintf">sprintf(3)</a>, |
and |
and |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vsprintf">vsprintf(3)</a> |
<a href="http://man.openbsd.org?query=vsprintf">vsprintf(3)</a> |
being replaced with safer, bounded alternatives such as |
being replaced with safer, bounded alternatives such as |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strlcpy">strlcpy(3)</a>, |
<a href="http://man.openbsd.org?query=strlcpy">strlcpy(3)</a>, |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strlcat">strlcat(3)</a>, |
<a href="http://man.openbsd.org?query=strlcat">strlcat(3)</a>, |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=snprintf">snprintf(3)</a>, |
<a href="http://man.openbsd.org?query=snprintf">snprintf(3)</a>, |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vsnprintf">vsnprintf(3)</a>, |
<a href="http://man.openbsd.org?query=vsnprintf">vsnprintf(3)</a>, |
and |
and |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=asprintf">asprintf(3)</a>. |
<a href="http://man.openbsd.org?query=asprintf">asprintf(3)</a>. |
<p> |
<p> |
|
|
<li>Many improvements to and bugs fixed in the |
<li>Many improvements to and bugs fixed in the |
|
|
<p> |
<p> |
|
|
<li>Emulation support for binary compatibility is now controlled via |
<li>Emulation support for binary compatibility is now controlled via |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=8">sysctl(8)</a>. |
<a href="http://man.openbsd.org?query=sysctl&sektion=8">sysctl(8)</a>. |
Emulation is now disabled by default to limit exposure to malicious |
Emulation is now disabled by default to limit exposure to malicious |
binaries, and can be enabled in |
binaries, and can be enabled in |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl.conf"> |
<a href="http://man.openbsd.org?query=sysctl.conf"> |
sysctl.conf(5)</a>. |
sysctl.conf(5)</a>. |
<p> |
<p> |
|
|
|
|
<p> |
<p> |
|
|
<li>The ports tree now supports building programs under |
<li>The ports tree now supports building programs under |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace"> |
<a href="http://man.openbsd.org?query=systrace"> |
systrace(1)</a>, preventing the possibility of applications harming the |
systrace(1)</a>, preventing the possibility of applications harming the |
system at compile-time via trojaned configuration scripts or otherwise. |
system at compile-time via trojaned configuration scripts or otherwise. |
<p> |
<p> |
|
|
<li>Symbol caching in |
<li>Symbol caching in |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so">ld.so(1)</a> |
<a href="http://man.openbsd.org?query=ld.so">ld.so(1)</a> |
reduces the startup time of large applications. |
reduces the startup time of large applications. |
<p> |
<p> |
|
|
|
|
<p> |
<p> |
|
|
<li>Replacement of GNU |
<li>Replacement of GNU |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=diff">diff(1)</a>, |
<a href="http://man.openbsd.org?query=diff">diff(1)</a>, |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=diff3">diff3(1)</a>, |
<a href="http://man.openbsd.org?query=diff3">diff3(1)</a>, |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=grep">grep(1)</a>, |
<a href="http://man.openbsd.org?query=grep">grep(1)</a>, |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=egrep">egrep(1)</a>, |
<a href="http://man.openbsd.org?query=egrep">egrep(1)</a>, |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fgrep">fgrep(1)</a>, |
<a href="http://man.openbsd.org?query=fgrep">fgrep(1)</a>, |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=zgrep">zgrep(1)</a>, |
<a href="http://man.openbsd.org?query=zgrep">zgrep(1)</a>, |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=zegrep">zegrep(1)</a>, |
<a href="http://man.openbsd.org?query=zegrep">zegrep(1)</a>, |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=zfgrep">zfgrep(1)</a>, |
<a href="http://man.openbsd.org?query=zfgrep">zfgrep(1)</a>, |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gzip">gzip(1)</a>, |
<a href="http://man.openbsd.org?query=gzip">gzip(1)</a>, |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=zcat">zcat(1)</a>, |
<a href="http://man.openbsd.org?query=zcat">zcat(1)</a>, |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gunzip">gunzip(1)</a>, |
<a href="http://man.openbsd.org?query=gunzip">gunzip(1)</a>, |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gzcat">gzcat(1)</a>, |
<a href="http://man.openbsd.org?query=gzcat">gzcat(1)</a>, |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=zcmp">zcmp(1)</a>, |
<a href="http://man.openbsd.org?query=zcmp">zcmp(1)</a>, |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=zmore">zmore(1)</a>, |
<a href="http://man.openbsd.org?query=zmore">zmore(1)</a>, |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=zdiff">zdiff(1)</a>, |
<a href="http://man.openbsd.org?query=zdiff">zdiff(1)</a>, |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=zforce">zforce(1)</a>, |
<a href="http://man.openbsd.org?query=zforce">zforce(1)</a>, |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gzexe">gzexe(1)</a>, |
<a href="http://man.openbsd.org?query=gzexe">gzexe(1)</a>, |
and |
and |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=znew">znew(1)</a> |
<a href="http://man.openbsd.org?query=znew">znew(1)</a> |
commands with BSD licensed equivalents. |
commands with BSD licensed equivalents. |
<p> |
<p> |
|
|
<li>Addition of read-only support for |
<li>Addition of read-only support for |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mount_ntfs">NTFS</a> |
<a href="http://man.openbsd.org?query=mount_ntfs">NTFS</a> |
file systems. |
file systems. |
<p> |
<p> |
|
|
<li>Reliability improvements to layered file systems, enabling |
<li>Reliability improvements to layered file systems, enabling |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mount_null">NULLFS</a> |
<a href="http://man.openbsd.org?query=mount_null">NULLFS</a> |
to work again. |
to work again. |
<p> |
<p> |
|
|
<li>Import of |
<li>Import of |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=growfs">growfs(8)</a> |
<a href="http://man.openbsd.org?query=growfs">growfs(8)</a> |
utility, allowing expansion of existing file systems. |
utility, allowing expansion of existing file systems. |
<p> |
<p> |
|
|
<li>Improvements to |
<li>Improvements to |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=compat_linux">linux emulation</a> |
<a href="http://man.openbsd.org?query=compat_linux">linux emulation</a> |
enabling more applications to run. |
enabling more applications to run. |
<p> |
<p> |
|
|
<li>Significant improvements to the |
<li>Significant improvements to the |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pthreads">pthreads(3)</a> |
<a href="http://man.openbsd.org?query=pthreads">pthreads(3)</a> |
library. |
library. |
<p> |
<p> |
|
|
<li>Replace many static fd_set uses, to instead use |
<li>Replace many static fd_set uses, to instead use |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=poll">poll(2)</a> |
<a href="http://man.openbsd.org?query=poll">poll(2)</a> |
or dynamic allocation. |
or dynamic allocation. |
<p> |
<p> |
|
|
|
|
<p> |
<p> |
|
|
<li>A large number of bug fixes, changes, and optimizations to our packet filter |
<li>A large number of bug fixes, changes, and optimizations to our packet filter |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf">pf(4)</a> |
<a href="http://man.openbsd.org?query=pf">pf(4)</a> |
including: |
including: |
<ul> |
<ul> |
<li>packet tagging (e.g. filter on tags added by bridge based on MAC address) |
<li>packet tagging (e.g. filter on tags added by bridge based on MAC address) |
|
|
<li>Improved hardware support, including: |
<li>Improved hardware support, including: |
<ul> |
<ul> |
<li>Kauai ATA controllers (Apple ATA100 wdc) |
<li>Kauai ATA controllers (Apple ATA100 wdc) |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kauaiata&arch=macppc"> |
<a href="http://man.openbsd.org?query=kauaiata&arch=macppc"> |
kauaiata(4)</a> enabling support for Powerbook 12" and 17" models. |
kauaiata(4)</a> enabling support for Powerbook 12" and 17" models. |
<li>Support for controlling LongRun registers on Transmeta CPUs. |
<li>Support for controlling LongRun registers on Transmeta CPUs. |
<li>Many fixes to |
<li>Many fixes to |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=aac">aac(4)</a>, |
<a href="http://man.openbsd.org?query=aac">aac(4)</a>, |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ahc">ahc(4)</a>, |
<a href="http://man.openbsd.org?query=ahc">ahc(4)</a>, |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=osiop">osiop(4)</a>, |
<a href="http://man.openbsd.org?query=osiop">osiop(4)</a>, |
and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=siop">siop(4)</a> |
and <a href="http://man.openbsd.org?query=siop">siop(4)</a> |
SCSI drivers. |
SCSI drivers. |
<li>New |
<li>New |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=it">it(4)</a>, |
<a href="http://man.openbsd.org?query=it">it(4)</a>, |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lm">lm(4)</a>, and |
<a href="http://man.openbsd.org?query=lm">lm(4)</a>, and |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=viaenv">viaenv(4)</a> |
<a href="http://man.openbsd.org?query=viaenv">viaenv(4)</a> |
hardware monitor drivers. |
hardware monitor drivers. |
<li>New |
<li>New |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=safe">safe(4)</a> |
<a href="http://man.openbsd.org?query=safe">safe(4)</a> |
driver for SafeNet crypto accelerators. |
driver for SafeNet crypto accelerators. |
<li>New |
<li>New |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mtd">mtd(4)</a> |
<a href="http://man.openbsd.org?query=mtd">mtd(4)</a> |
driver for Myson Technologies network cards. |
driver for Myson Technologies network cards. |
<li>More ethernet cards supported by |
<li>More ethernet cards supported by |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sk">sk(4)</a>, |
<a href="http://man.openbsd.org?query=sk">sk(4)</a>, |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi">wi(4)</a>, |
<a href="http://man.openbsd.org?query=wi">wi(4)</a>, |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fxp">fxp(4)</a>, |
<a href="http://man.openbsd.org?query=fxp">fxp(4)</a>, |
and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dc&sektion=4">dc(4)</a>. |
and <a href="http://man.openbsd.org?query=dc&sektion=4">dc(4)</a>. |
<li>Massive overhaul and sync with NetBSD of the entire |
<li>Massive overhaul and sync with NetBSD of the entire |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=usb&sektion=4">usb(4)</a> |
<a href="http://man.openbsd.org?query=usb&sektion=4">usb(4)</a> |
support system. |
support system. |
<li>New and better support for various controllers in |
<li>New and better support for various controllers in |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pciide">pciide(4)</a>, |
<a href="http://man.openbsd.org?query=pciide">pciide(4)</a>, |
including experimental support for Serial ATA. |
including experimental support for Serial ATA. |
<li>New drivers to support |
<li>New drivers to support |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mgx&arch=sparc"> |
<a href="http://man.openbsd.org?query=mgx&arch=sparc"> |
mgx(4)</a> and |
mgx(4)</a> and |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pninek&arch=sparc"> |
<a href="http://man.openbsd.org?query=pninek&arch=sparc"> |
pninek(4)</a> SPARC framebuffers. The |
pninek(4)</a> SPARC framebuffers. The |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vigra&arch=sparc"> |
<a href="http://man.openbsd.org?query=vigra&arch=sparc"> |
vigra(4)</a> driver also supports more models. |
vigra(4)</a> driver also supports more models. |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pcmcia">pcmcia(4)</a> |
<li><a href="http://man.openbsd.org?query=pcmcia">pcmcia(4)</a> |
support for Tadpole SPARCBooks and SPARCs with pcmcia-sbus bridges. |
support for Tadpole SPARCBooks and SPARCs with pcmcia-sbus bridges. |
<li>Watchdog support for |
<li>Watchdog support for |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=elansc&arch=i386">elansc(4)</a> |
<a href="http://man.openbsd.org?query=elansc&arch=i386">elansc(4)</a> |
and |
and |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=geodesc&arch=i386">geodesc(4)</a> |
<a href="http://man.openbsd.org?query=geodesc&arch=i386">geodesc(4)</a> |
as used on Soekris boards. |
as used on Soekris boards. |
</ul> |
</ul> |
<p> |
<p> |
|
|
<p> |
<p> |
To make a boot floppy under MS-DOS, use the "rawrite" utility located |
To make a boot floppy under MS-DOS, use the "rawrite" utility located |
at <i>CD:/3.4/tools/rawrite.exe</i>. To make the boot floppy under a Unix OS, |
at <i>CD:/3.4/tools/rawrite.exe</i>. To make the boot floppy under a Unix OS, |
use the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query= |
use the <a href="http://man.openbsd.org?query= |
dd&sektion=1">dd(1)</a> utility. The following is an example usage of |
dd&sektion=1">dd(1)</a> utility. The following is an example usage of |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dd&sektion=1">dd(1) |
<a href="http://man.openbsd.org?query=dd&sektion=1">dd(1) |
</a>, where the device could be "floppy", "rfd0c", or |
</a>, where the device could be "floppy", "rfd0c", or |
"rfd0a". |
"rfd0a". |
|
|
|
|
OpenBSD ports system. |
OpenBSD ports system. |
<p> |
<p> |
The <i>ports/</i> directory represents a CVS (see the manpage for |
The <i>ports/</i> directory represents a CVS (see the manpage for |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&apropos=0&sektion=1&manpath=OpenBSD+Current&arch=i386&format=html"> |
<a href="http://man.openbsd.org?query=cvs&apropos=0&sektion=1&manpath=OpenBSD+Current&arch=i386&format=html"> |
cvs(1)</a> if |
cvs(1)</a> if |
you aren't familiar with CVS) checkout of our ports. As with our complete |
you aren't familiar with CVS) checkout of our ports. As with our complete |
source tree, our ports tree is available via anoncvs. So, in |
source tree, our ports tree is available via anoncvs. So, in |