-OpenBSD looks a lot like NetBSD (from which it is derived, following
-the 4.4BSD roots), but is now being developed seperately. Good changes
-from other free operating systems will be merged in (of course, depending
-on various factors like developer time for example.) OpenBSD tracks
-NetBSD changes very closely; say anywhere between 2 to 10 days
-behind the state of NetBSD-current all the time. Hence you can truly
-say that OpenBSD is NetBSD PLUS MORE STUFF.
-
-
-Compared to NetBSD, various additions have been made. This is a
-partial list of the major machine independent changes (ie. these are the
-changes people ask about most often). Check the page of the specific port
-you are interested in for further port-specific details. Note that many ports
-have had architecture-specific enhancements.
-
-
-
Many many NetBSD PR's fixed (which NetBSD has not yet fixed)
-
New curses library, including libform, libpanel and libmenu.
-
a termlib library which understands termcap.db, needed for new curses.
-
The FreeBSD ports subsystem was integrated and is usable by you!
-
ipfilter for filtering dangerous packets
-
better ELF support
-
nlist() that understands ELF, ECOFF, and a.out, allowing non-a.out ports
- to use kvm utilies
-
Verbatim integration of the GNU tools (using a wrapper Makefile)
-
All the pieces needed for cross compilation are in the source tree.
-
Some LKM support in the tree.
-
ATAPI support (should work on all ISA busses)
-
new scsi, md5, pkg_* commands
-
Numerous security related fixes
-
Kerberos and other crypto in the source tree that is exportable
-
Solid YP master, server, and client capabilities.
-
/dev/*random -- a device driver providing some kinds of random data
-
In-kernel update(8) with an adaptive algorithm
-
Some ddb improvements and extensions
-
Numerous scsi fixes
-
ncheck utility for ffs
-
/sbin/init now deals with non-existant ttys, no longer spins gettys madly.
-
new system calls: rfork(), minherit(), poll().
-
select() that can handle any amount of file descriptors.
-
kernfs extensions
-
ATM support (support for one company's sparc & i386 cards available)
-
Boot kernels with "-c" to edit/enable/disable device configuration tables
-
pax as tar, gnutar is toast
-
using AT&T awk, gawk is toast
-
Even more security fixes.
-
Accepts FreeBSD MD5 passwords in password maps, soon will be able to
- generate them too
-
Linux ext2fs and BSD4.4 LFS support being worked on.
-
Working ATAPI audio support for multiple architectures.
-
terminfo database support.
-
Fortran in the tree.
-
The most secure rdist support anywhere.
-
randomized port allocation in bind(), bindresvport(), and rresvport() --
- security via unpredictability.
-
Protection from the udp spamming and ftp bounce attacks.
-
Significantly improved ftp daemon.
-
Numerous more security policy and implimentation improvements (OpenBSD
- defaults to installing in a very secure mode)
-
zlib (non-GPL'd gzip-compatible library)
-
Newest version of pppd.
-
_POSIX_SAVED_IDS behaviour with permitted BSD extensions.
-
Fixed long-standing vm swap-leak.
-
FreeBSD malloc() that uses mmap() and is able to free unused memory.
-
Numerous FreeBSD userland fixes and improvements incorporated.
-
new rdisc Router Discovery daemon
-
generic protection against the bind() takeover problem.
-
at -f security fix.
-
20 or so more security fixes
-
install now supports -C, -p, and -S flags.
-
a real adduser program, which can even be used uninteractively.
-
POSIX & C2 requirement; lose setuid/setgid bits if owner/group changed
- by chown(). This can be turned off with sysctl.
-
partial protection against tcp SYN attacks.
-
added /etc/fbtab support to login & init.
-
RCS version 5.7
-
much newer join command (4.4lite2 with other fixes)
-
scsi subsystem security fix
-
Kerberos is much more silent if not configured
-
arc4-based random support in kernel
-
ncr53cXXX scsi scripts assembler
-
Numerous ftpd improvements and fixes, including multihomed and skey support.
-
`lsof'-style features in fstat.
-
rudimentary support for ISA Plug-and-Play cards
-
Fixed timeout support in RPC library, and also fixed it to support more
- than FD_SETSIZE file descriptors.
-
improved locate command
-
a good start at NETIPX support
-
vim version 4.5
-
gcc 2.7.2.1 (to get closer to native alpha support ar gcc
- bugs).
-
latest version of perl, and a lndir command.
-
Even more security fixes.
-
cdio command for using CD audio.
-
Kernel warns f /dev/ces not ebooting ated /de
libgis gone; our malloc() is better.
-
FreeBSD pipe() system call; quite a bit faster.
-
Some serial driver support for /dev/cuaXX devices to support transparent
- out+dial
-
DDcess symrom LKM es
-
Say goodbye to dump, restore, and mt security holes: They are no longer
- setuid.
-
*Hobbit*'s netcat utility. The crackers use it, so should you.
-
New routed from SGI.
-
Complete in-tree development for MIPS/Alpha systems (ie. binutils).
-
And of course... more security related bugfixes... (ie. dump,
- restore, mt).
-
vim is replacing nvi, since nvi does not have a pure BSD license, and vim
- also works better.
-
16 partitions working on sparc and i386 (yipee!)
-
Nice sample files in /etc
-
sendmail gecos hole fixed (in a number of ways; other programs in the
- source tree were also vulnerable.)
-
secure multicast tools against possible security problems.
-
latest GNU groff, incorporated in a clean wrapperized form.
-
mopd for networking booting Digital machines
-
less version 2.90
-
deal with the SYN bomb problem (denial of service attack) as well known.
-
Sendmail 8.8.4 with smrsh
-
Another kerberos security fix.
-
Almost a hundred more security fixes, including /tmp races because of strncpy.
-
Compile time option to compile the source tree almost completely dynamic.
-
A 7% reduction in size of static binaries.
-
FreeBSD's adduser(8) command. Also an rmuser(8) command.
-
We have completed security reviews of almost all userland programs and
- libraries except for the gnu stuff (where, based on preliminary
- inspection there is poor handling of temp files).
-
Working Linux ext2fs.
-
Added sudo (which is maintained by one of our developers)
-
CTM is now a supported way of obtaining OpenBSD source code.
-
The NIST Posix test suite became free. As a result we have been correcting
- numerous problems in the source tree, and expect to be completely
- POSIX compliant very soon.
-
upgrade to CVS version 1.9.
-
Added -C option to pax/tar. Also made -z support compressed files too.
-
Updated md4 and md5 headers to use bittypes so they work on 64-bit machines.
-
IDE Hard Disk driver fix reduces chance of NULL pointers
-
binutils is now 961112 release from CYGNUS
-
includes and system dependancies now work on explicit 16- and 32-bit quantities-- not the machine dependent "short" and "long" integer.
-
-
-This list only mentions platform-independent changes. For a list of changes
-made in a particular platform, please check the page for that platform.
+OpenBSD looks a lot like NetBSD (from which it is derived, following
+the 4.4BSD roots), but is now being developed seperately. Good changes
+from other free operating systems will be merged in (of course, depending
+on various factors like developer time for example.) OpenBSD tracks
+NetBSD changes very closely; say anywhere between 2 to 10 days
+behind the state of NetBSD-current all the time. Hence you can truly
+say that OpenBSD is NetBSD PLUS MORE STUFF.
+
+
+Compared to NetBSD, various additions have been made. This is a
+partial list of the major machine independent changes (ie. these are the
+changes people ask about most often). Check the page of the specific port
+you are interested in for further port-specific details. Note that many ports
+have had architecture-specific enhancements.
+
+
+
Many many NetBSD PR's fixed (which NetBSD has not yet fixed)
+
New curses library, including libform, libpanel and libmenu.
+
a termlib library which understands termcap.db, needed for new curses.
+
The FreeBSD ports subsystem was integrated and is usable by you!
+
ipfilter for filtering dangerous packets
+
better ELF support
+
nlist() that understands ELF, ECOFF, and a.out, allowing non-a.out ports
+ to use kvm utilies
+
Verbatim integration of the GNU tools (using a wrapper Makefile)
+
All the pieces needed for cross compilation are in the source tree.
+
Some LKM support in the tree.
+
ATAPI support (should work on all ISA busses)
+
new scsi, md5, pkg_* commands
+
Numerous security related fixes
+
Kerberos and other crypto in the source tree that is exportable
+
Solid YP master, server, and client capabilities.
+
/dev/*random -- a device driver providing some kinds of random data
+
In-kernel update(8) with an adaptive algorithm
+
Some ddb improvements and extensions
+
Numerous scsi fixes
+
ncheck utility for ffs
+
/sbin/init now deals with non-existant ttys, no longer spins gettys madly.
+
new system calls: rfork(), minherit(), poll().
+
select() that can handle any amount of file descriptors.
+
kernfs extensions
+
ATM support (support for one company's sparc & i386 cards available)
+
Boot kernels with "-c" to edit/enable/disable device configuration tables
+
pax as tar, gnutar is toast
+
using AT&T awk, gawk is toast
+
Even more security fixes.
+
Accepts FreeBSD MD5 passwords in password maps, soon will be able to
+ generate them too
+
Linux ext2fs and BSD4.4 LFS support being worked on.
+
Working ATAPI audio support for multiple architectures.
+
terminfo database support.
+
Fortran in the tree.
+
The most secure rdist support anywhere.
+
randomized port allocation in bind(), bindresvport(), and rresvport() --
+ security via unpredictability.
+
Protection from the udp spamming and ftp bounce attacks.
+
Significantly improved ftp daemon.
+
Numerous more security policy and implimentation improvements (OpenBSD
+ defaults to installing in a very secure mode)
+
zlib (non-GPL'd gzip-compatible library)
+
Newest version of pppd.
+
_POSIX_SAVED_IDS behaviour with permitted BSD extensions.
+
Fixed long-standing vm swap-leak.
+
FreeBSD malloc() that uses mmap() and is able to free unused memory.
+
Numerous FreeBSD userland fixes and improvements incorporated.
+
new rdisc Router Discovery daemon
+
generic protection against the bind() takeover problem.
+
at -f security fix.
+
20 or so more security fixes
+
install now supports -C, -p, and -S flags.
+
a real adduser program, which can even be used uninteractively.
+
POSIX & C2 requirement; lose setuid/setgid bits if owner/group changed
+ by chown(). This can be turned off with sysctl.
+
partial protection against tcp SYN attacks.
+
added /etc/fbtab support to login & init.
+
RCS version 5.7
+
much newer join command (4.4lite2 with other fixes)
+
scsi subsystem security fix
+
Kerberos is much more silent if not configured
+
arc4-based random support in kernel
+
ncr53cXXX scsi scripts assembler
+
Numerous ftpd improvements and fixes, including multihomed and skey support.
+
`lsof'-style features in fstat.
+
rudimentary support for ISA Plug-and-Play cards
+
Fixed timeout support in RPC library, and also fixed it to support more
+ than FD_SETSIZE file descriptors.
+
improved locate command
+
a good start at NETIPX support
+
vim version 4.5
+
gcc 2.7.2.1 (to get closer to native alpha support ar gcc
+ bugs).
+
latest version of perl, and a lndir command.
+
Even more security fixes.
+
cdio command for using CD audio.
+
Kernel warns f /dev/ces not ebooting ated /de
libgis gone; our malloc() is better.
+
FreeBSD pipe() system call; quite a bit faster.
+
Some serial driver support for /dev/cuaXX devices to support transparent
+ out+dial
+
DDcess symrom LKM es
+
Say goodbye to dump, restore, and mt security holes: They are no longer
+ setuid.
+
*Hobbit*'s netcat utility. The crackers use it, so should you.
+
New routed from SGI.
+
Complete in-tree development for MIPS/Alpha systems (ie. binutils).
+
And of course... more security related bugfixes... (ie. dump,
+ restore, mt).
+
vim is replacing nvi, since nvi does not have a pure BSD license, and vim
+ also works better.
+
16 partitions working on sparc and i386 (yipee!)
+
Nice sample files in /etc
+
sendmail gecos hole fixed (in a number of ways; other programs in the
+ source tree were also vulnerable.)
+
secure multicast tools against possible security problems.
+
latest GNU groff, incorporated in a clean wrapperized form.
+
mopd for networking booting Digital machines
+
less version 2.90
+
deal with the SYN bomb problem (denial of service attack) as well known.
+
Another kerberos security fix.
+
Almost a hundred more security fixes, including /tmp races because of strncpy.
+
Compile time option to compile the source tree almost completely dynamic.
+
A 7% reduction in size of static binaries.
+
FreeBSD's adduser(8) command. Also an rmuser(8) command.
+
We have completed security reviews of almost all userland programs and
+ libraries except for the gnu stuff (where, based on preliminary
+ inspection there is poor handling of temp files).
+
Working Linux ext2fs.
+
Added sudo (which is maintained by one of our developers)
+
CTM is now a supported way of obtaining OpenBSD source code.
+
The NIST Posix test suite became free. As a result we have been correcting
+ numerous problems in the source tree, and expect to be completely
+ POSIX compliant very soon.
+
upgrade to CVS version 1.9.
+
A number of security fixes to the way coredumping works.
+
The /dev/*random devices are now default on all architectures.
+
Add stack tracebacks to Arc port's kernel debugger.
+
Skey revamped into full OTP (RFC1938) support, including sha1 and
+ md5 support.
+
GPL i387 emulator added.
+
Crank kvm space on the i386 port, also limit buffer cache useage
+ so that 512MB machines may work (untested :-)
+
Numerous fixes to the lpr suite, including security.
+
More ftpd raging paranoia security fixes.
+
The NIST suite showed numerous errors in libraries and the kernel.
+ Only a few small errors remain now, mostly regarding serial
+ ports.
+
In numerous utilities: prefer $LOGNAME, but also accept $USER.
+
OLF binary type added. This is like ELF, but includes an OS-dependent
+ tag. elf2olf(1) converts an elf binary to a tagged OLF binary which
+ the kernel can recognize correctly.
+
Beware $HOME overflows throughout the source tree.
+
Integration of the pmax port.
+
Import of ctm.
+
Various repairs to the scsi scanner support.
+
Numerous more difficult-to-exploit-but-possible-if-someone-really-wanted-to
+ buffer overflows found in system utilities..
+
Memory leak paranoia in cron.
+
Make login get more consistantly upset about failed logins, and tell user
+ about these failures at the next successfull login.
+
pdksh version is now 5.2.11
+
New bsd.*.mk feature: DEBUG=-g. Try it, you'll like it.
+
The Arc port family has a new member: The rPC44 works!
+
lpt driver is now bus-independent.
+
com driver is now bus-independent.
+
Numerous small security fixes again...
+
Use pdksh as our /bin/sh. This provides excellent POSIX compliance.
+
Prevent generic users from mounting filesystems by default.
+
Added -C option to pax/tar. Also made -z support compressed files too.
+
Increased compatibility in the pccons driver with BSDi features.
+
Imported FreeBSD's calendar.
+
GNU gdb works on the mips-based platforms.
+
Add FreeBSD md5 diffs to mtree(8). This can be used to implement a
+ tripwire-like system.
+
Some YP and bootparamd security changes.
+
Hundreds of little fixes all over the place.
+
Multiple updates for GNU software
+
Add disklabels to the floppy device drivers.
+
At boottime, have (*mountroot)() look at the root device's disklabel
+ to determine which filesystem type is to be mounted.
+
If disklabel reading code discovers an ISOFS filesystem underlying,
+ spoof a nice disklabel (enough to fool mountroot).
+
tcpdump 3.3
+
Fix information gathering attack in ping(8).
+
Add NetBSD's "route show" implementation, and at the samet time fix
+ the new buffer overflows that this provided.
+
Fix a few setgroups() related security holes.
+
sendmail 8.8.4
+
texinfo 3.9
+
f77 0.5.19
+
Repair some more KerberosIV buffer overflows. Hard to believe this is
+ supposed to be security software.
+
Add XCASE/IUCLC/OLCUC/OCRNL/ONOCR/ONLRET tty subsystem flags for
+ backwards compatibility.
+
Permit NFS attribute cache to be configured on a per-mount basis.
+
+
Properly split fsck, mount, and newfs into multiple pieces. Use
+ disklabel information if it is available.
+
Add disklabels to the vnd device driver.
+
Change the games to be run setgid games, not setuid games. This closes
+ a whole slew of fascinating security holes.
+
Import of the powerpc port.
+
Properly use _POSIX_SAVED_IDS throughout the source tree.
+
Permit building of kernels without a.out support.
+
ppp 2.3b3
+
libcrypt goes away. We do not need this stub library anymore. Do not link
+ against it on OpenBSD, all the pieces you need are in libc.
+
+
+
+This list only mentions platform-independent changes. For a list of changes
+made in a particular platform, please check the page for that platform.