Annotation of www/plus.html, Revision 1.13
1.13 ! jkatz 1: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML Strict//EN">
! 2: <html>
! 3: <head>
! 4: <title>OpenBSD changes</title>
! 5: <link rev=made href=mailto:www@openbsd.org>
! 6: <meta name="resource-type" content="document">
! 7: <meta name="description" content="the main OpenBSD page">
! 8: <meta name="keywords" content="openbsd,main">
! 9: <meta name="distribution" content="global">
! 10: <meta name="copyright" content="This document copyright 1996 by OpenBSD, Inc.">
! 11: </head>
! 12:
! 13: <body>
! 14:
! 15: <h1>OpenBSD</h1>
! 16: <hr>
! 17: <h3>Changes Relative to other *BSD's.</h3>
! 18:
! 19: <p>
! 20: OpenBSD looks a lot like NetBSD (from which it is derived, following
! 21: the 4.4BSD roots), but is now being developed seperately. Good changes
! 22: from other free operating systems will be merged in (of course, depending
! 23: on various factors like developer time for example.) OpenBSD tracks
! 24: NetBSD changes very closely; say anywhere between 2 to 10 days
! 25: behind the state of NetBSD-current all the time. Hence you can truly
! 26: say that OpenBSD is NetBSD <b>PLUS MORE STUFF</b>.
! 27:
! 28: <p>
! 29: Compared to NetBSD, various additions have been made. This is a
! 30: partial list of the major machine independent changes (ie. these are the
! 31: changes people ask about most often). Check the page of the specific port
! 32: you are interested in for further port-specific details. Note that many ports
! 33: have had architecture-specific enhancements.
! 34:
! 35: <ul>
! 36: <li>Many many NetBSD PR's fixed (which NetBSD has not yet fixed)
! 37: <li>New curses library, including libform, libpanel and libmenu.
! 38: <li>a termlib library which understands termcap.db, needed for new curses.
! 39: <li>The FreeBSD ports subsystem was integrated and is usable by you!
! 40: <li>ipfilter for filtering dangerous packets
! 41: <li>better ELF support
! 42: <li>nlist() that understands ELF, ECOFF, and a.out, allowing non-a.out ports
! 43: to use kvm utilies
! 44: <li>Verbatim integration of the GNU tools (using a wrapper Makefile)
! 45: <li>All the pieces needed for cross compilation are in the source tree.
! 46: <li>Some LKM support in the tree.
! 47: <li>ATAPI support (should work on all ISA busses)
! 48: <li>new scsi, md5, pkg_* commands
! 49: <li>Numerous security related fixes
! 50: <li>Kerberos and other crypto in the source tree that is exportable
! 51: <li>Solid YP master, server, and client capabilities.
! 52: <li>/dev/*random -- a device driver providing some kinds of random data
! 53: <li>In-kernel update(8) with an adaptive algorithm
! 54: <li>Some ddb improvements and extensions
! 55: <li>Numerous scsi fixes
! 56: <li>ncheck utility for ffs
! 57: <li>/sbin/init now deals with non-existant ttys, no longer spins gettys madly.
! 58: <li>new system calls: rfork(), minherit(), poll().
! 59: <li>select() that can handle any amount of file descriptors.
! 60: <li>kernfs extensions
! 61: <li>ATM support (support for one company's sparc & i386 cards available)
! 62: <li>Boot kernels with "-c" to edit/enable/disable device configuration tables
! 63: <li>pax as tar, gnutar is toast
! 64: <li>using AT&T awk, gawk is toast
! 65: <li>Even more security fixes.
! 66: <li>Accepts FreeBSD MD5 passwords in password maps, soon will be able to
! 67: generate them too
! 68: <li>Linux ext2fs and BSD4.4 LFS support being worked on.
! 69: <li>Working ATAPI audio support for multiple architectures.
! 70: <li>terminfo database support.
! 71: <li>Fortran in the tree.
! 72: <li>The most secure rdist support anywhere.
! 73: <li>randomized port allocation in bind(), bindresvport(), and rresvport() --
! 74: security via unpredictability.
! 75: <li>Protection from the udp spamming and ftp bounce attacks.
! 76: <li>Significantly improved ftp daemon.
! 77: <li>Numerous more security policy and implimentation improvements (OpenBSD
! 78: defaults to installing in a very secure mode)
! 79: <li>zlib (non-GPL'd gzip-compatible library)
! 80: <li>Newest version of pppd.
! 81: <li>_POSIX_SAVED_IDS behaviour with permitted BSD extensions.
! 82: <li>Fixed long-standing vm swap-leak.
! 83: <li>FreeBSD malloc() that uses mmap() and is able to free unused memory.
! 84: <li>Numerous FreeBSD userland fixes and improvements incorporated.
! 85: <li>new rdisc Router Discovery daemon
! 86: <li>generic protection against the bind() takeover problem.
! 87: <li>at -f security fix.
! 88: <li>20 or so more security fixes
! 89: <li>install now supports -C, -p, and -S flags.
! 90: <li>a real adduser program, which can even be used uninteractively.
! 91: <li>POSIX & C2 requirement; lose setuid/setgid bits if owner/group changed
! 92: by chown(). This can be turned off with sysctl.
! 93: <li>partial protection against tcp SYN attacks.
! 94: <li>added /etc/fbtab support to login & init.
! 95: <li>RCS version 5.7
! 96: <li>much newer join command (4.4lite2 with other fixes)
! 97: <li>scsi subsystem security fix
! 98: <li>Kerberos is much more silent if not configured
! 99: <li>arc4-based random support in kernel
! 100: <li>ncr53cXXX scsi scripts assembler
! 101: <li>Numerous ftpd improvements and fixes, including multihomed and skey support.
! 102: <li>`lsof'-style features in fstat.
! 103: <li>rudimentary support for ISA Plug-and-Play cards
! 104: <li>Fixed timeout support in RPC library, and also fixed it to support more
! 105: than FD_SETSIZE file descriptors.
! 106: <li>improved locate command
! 107: <li>a good start at NETIPX support
! 108: <li>vim version 4.5
! 109: <li>gcc 2.7.2.1 (to get closer to native alpha support ar gcc
! 110: bugs).
! 111: <li>latest version of perl, and a lndir command.
! 112: <li>Even more security fixes.
! 113: <li>cdio command for using CD audio.
! 114: <li>Kernel warns f /dev/ces not ebooting ated /de<li>libgis gone; our malloc() is better.
! 115: <li>FreeBSD pipe() system call; quite a bit faster.
! 116: <li>Some serial driver support for /dev/cuaXX devices to support transparent
! 117: out+dial
! 118: <li>DDcess symrom LKM es
! 119: <li>Say goodbye to dump, restore, and mt security holes: They are no longer
! 120: setuid.
! 121: <li>*Hobbit*'s netcat utility. The crackers use it, so should you.
! 122: <li>New routed from SGI.
! 123: <li>Complete in-tree development for MIPS/Alpha systems (ie. binutils).
! 124: <li>ftp command modified for easily scripted ftp & http downloads.
! 125: <li>And of course... more security related bugfixes... (ie. dump,
! 126: restore, mt).
! 127: <li>vim is replacing nvi, since nvi does not have a pure BSD license, and vim
! 128: also works better.
! 129: <li>16 partitions working on sparc and i386 (yipee!)
! 130: <li>Nice sample files in /etc
! 131: <li>sendmail gecos hole fixed (in a number of ways; other programs in the
! 132: source tree were also vulnerable.)
! 133: <li>secure multicast tools against possible security problems.
! 134: <li>latest GNU groff, incorporated in a clean wrapperized form.
! 135: <li>mopd for networking booting Digital machines
! 136: <li>less version 2.90
! 137: <li>deal with the SYN bomb problem (denial of service attack) as well known.
! 138: <li>Sendmail 8.8.4 with smrsh
! 139: <li>Another kerberos security fix.
! 140: <li>Almost a hundred more security fixes, including /tmp races because of strncpy.
! 141: <li>Compile time option to compile the source tree almost completely dynamic.
! 142: <li>A 7% reduction in size of static binaries.
! 143: <li>FreeBSD's adduser(8) command. Also an rmuser(8) command.
! 144: <li>We have completed security reviews of almost all userland programs and
! 145: libraries except for the gnu stuff (where, based on preliminary
! 146: inspection there is poor handling of temp files).
! 147: <li>Working Linux ext2fs.
! 148: <li>Added sudo (which is maintained by one of our developers)
! 149: <li>CTM is now a supported way of obtaining OpenBSD source code.
! 150: <li>The NIST Posix test suite became free. As a result we have been correcting
! 151: numerous problems in the source tree, and expect to be completely
! 152: POSIX compliant very soon.
! 153: <li>upgrade to CVS version 1.9.
! 154: <li>Added -C option to pax/tar. Also made -z support compressed files too.
! 155: <li>Updated md4 and md5 headers to use bittypes so they work on 64-bit machines.
! 156: <li>Added secure hashing-- nearing RFC 1938 compliance.
! 157: <li>Fix for PCI etherlink3 packet-receive bug.
! 158: <li>sleep will "return time unslept" if interrupted.
! 159: <li>yp and bootparam warns about security problems. ypserv will not allow operations if not operating on reserved port.
! 160: <li>config now supports pmax
! 161: <li>pdksh version is now 5.2.11
! 162: <li>documentation added/updated for various architectures
! 163: <li>/dev/ttyv series is now useable
! 164: <li>Security fixes to sysctl, default to prevent users from using mount syscall
! 165: <li>Cleaned up Amiga's Makefile's and documentation
! 166: <li>Added more ATAPI CD-ROM sipport
! 167: <li>Multiple updates for legacy GNU software
! 168: <li>Many man pages cleaned up
! 169: <li>updates to installation floppy disks for many ports.
! 170: <li>fsck now checks for holes in directories.
! 171: <li>updated default console drivers on Mac 68k port. Dropping to system debugger from a serial console is now an option, not the default.
! 172: <li>ftpd security fix-- will not write passwords if core dumps. ALL suid/root process will dump to a mode 600 file
! 173: <li>Stack traceback support added to arc port.
! 174: <li>Fixed prevalent poor "C" syntax strcpy() strlen() in many sources
! 175: <li>cd fix so that `cp kernel /' works with all shells
! 176: <li>SCSI subsystem updates: updated scanner and unknown device routines
! 177: <li>lpr/lpd/lp fixes (security, POSIX/ANSI compliance)
! 178: <li>IDE Hard Disk driver fix reduces chance of NULL pointers
! 179: <li>binutils is now 961112 release from CYGNUS
! 180: <li>includes and system dependancies now work on explicit 16- and 32-bit quantities-- not the machine dependent "short" and "long" integer.
! 181: <br><br>
! 182:
! 183: This list only mentions platform-independent changes. For a list of changes
! 184: made in a particular platform, please check the page for that platform.<br><br>
! 185:
! 186: <hr>
! 187: <a href="index.html"><img src=back.gif border=0 alt=OpenBSD></a>
! 188: <a href=mailto:www@openbsd.org>www@openbsd.org</a>
! 189: <br><small>$OpenBSD: plus.html,v 1.12 1996/11/02 04:19:39 deraadt Exp $</small>
! 190:
! 191: </body>
! 192: </html>