Annotation of www/plus.html, Revision 1.188
1.14 deraadt 1: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML Strict//EN">
2: <html>
3: <head>
4: <title>OpenBSD changes</title>
5: <link rev=made href=mailto:www@openbsd.org>
6: <meta name="resource-type" content="document">
7: <meta name="description" content="the main OpenBSD page">
8: <meta name="keywords" content="openbsd,main">
9: <meta name="distribution" content="global">
1.59 deraadt 10: <meta name="copyright" content="This document copyright 1996 by OpenBSD.">
1.14 deraadt 11: </head>
12:
1.64 downsj 13: <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E">
1.14 deraadt 14:
1.64 downsj 15: <img alt="[OpenBSD]" SRC="images/smalltitle.gif">
16:
17: <p>
1.186 deraadt 18: <h2>Changes made between OpenBSD versions.</h2>
1.14 deraadt 19:
20: <p>
1.180 deraadt 21: The OpenBSD project was spawned from NetBSD (a member of the 4.4BSD
22: family) and is developed separately. As well as developments by our
23: development group, good changes from the other free operating systems
24: are evaluated and merged into OpenBSD. We track bug reports and
25: source tree changes from the NetBSD and FreeBSD projects fairly
26: closely. Even pieces of code from the Linux projects have been used.
1.14 deraadt 27:
28: <p>
1.29 deraadt 29: In the early days of OpenBSD, it was possible to be able to say
1.180 deraadt 30: "OpenBSD is NetBSD PLUS MORE STUFF". Now, after the substantial work
31: the group members have done, OpenBSD is very much is it's own thing.
32: Too much stuff has been added and fixed to easily compare it to
33: something else. OpenBSD is OpenBSD.
1.29 deraadt 34:
35: <p>
36: This is a partial list of the major machine independent changes
37: (ie. these are the changes people ask about most often). Port
38: specific changes have also been made, and are sometimes mentioned
39: in the pages for the specific <a href=plat.html>ports</a> if you
40: are interested in for further port-specific details. Many ports
41: have had architecture-specific enhancements relative to NetBSD,
42: but when they do not they certainly have plenty of platform-independent
43: changes, starting with those listed below..
1.14 deraadt 44:
1.17 deraadt 45: <p>
1.185 deraadt 46: Note: <font color=#e00000>Problems for which patches exist are marked in red</font>.
47:
48: <p>
1.186 deraadt 49: <h3>
50: <a href=#22>To go straight to the changes since OpenBSD 2.2, click here</a>.
51: <br>
52: <a href=#end>To go straight to the end of the list, click here</a>.
53: </h3>
54:
55: <hr>
56: <p>
1.156 deraadt 57: <h3><font color=#0000e0>Life for the OpenBSD project begins...</font></h3>
1.17 deraadt 58: <p>
1.14 deraadt 59: <ul>
60: <li>Many many NetBSD PR's fixed (which NetBSD has not yet fixed)
61: <li>New curses library, including libform, libpanel and libmenu.
62: <li>a termlib library which understands termcap.db, needed for new curses.
63: <li>The FreeBSD ports subsystem was integrated and is usable by you!
1.35 kstailey 64: <li>ipfilter for filtering dangerous packets and Network Address Translation
65: for IP masquerading.
1.14 deraadt 66: <li>better ELF support
67: <li>nlist() that understands ELF, ECOFF, and a.out, allowing non-a.out ports
68: to use kvm utilies
69: <li>Verbatim integration of the GNU tools (using a wrapper Makefile)
70: <li>All the pieces needed for cross compilation are in the source tree.
71: <li>Some LKM support in the tree.
72: <li>ATAPI support (should work on all ISA busses)
73: <li>new scsi, md5, pkg_* commands
74: <li>Numerous security related fixes
75: <li>Kerberos and other crypto in the source tree that is exportable
76: <li>Solid YP master, server, and client capabilities.
77: <li>/dev/*random -- a device driver providing some kinds of random data
78: <li>In-kernel update(8) with an adaptive algorithm
79: <li>Some ddb improvements and extensions
80: <li>Numerous scsi fixes
81: <li>ncheck utility for ffs
82: <li>/sbin/init now deals with non-existant ttys, no longer spins gettys madly.
83: <li>new system calls: rfork(), minherit(), poll().
84: <li>select() that can handle any amount of file descriptors.
85: <li>kernfs extensions
86: <li>ATM support (support for one company's sparc & i386 cards available)
87: <li>Boot kernels with "-c" to edit/enable/disable device configuration tables
88: <li>pax as tar, gnutar is toast
89: <li>using AT&T awk, gawk is toast
90: <li>Even more security fixes.
91: <li>Accepts FreeBSD MD5 passwords in password maps, soon will be able to
92: generate them too
93: <li>Linux ext2fs and BSD4.4 LFS support being worked on.
94: <li>Working ATAPI audio support for multiple architectures.
95: <li>terminfo database support.
96: <li>Fortran in the tree.
97: <li>The most secure rdist support anywhere.
98: <li>randomized port allocation in bind(), bindresvport(), and rresvport() --
99: security via unpredictability.
100: <li>Protection from the udp spamming and ftp bounce attacks.
101: <li>Significantly improved ftp daemon.
1.140 gene 102: <li>Numerous more security policy and implementation improvements (OpenBSD
1.14 deraadt 103: defaults to installing in a very secure mode)
104: <li>zlib (non-GPL'd gzip-compatible library)
105: <li>Newest version of pppd.
106: <li>_POSIX_SAVED_IDS behaviour with permitted BSD extensions.
107: <li>Fixed long-standing vm swap-leak.
108: <li>FreeBSD malloc() that uses mmap() and is able to free unused memory.
109: <li>Numerous FreeBSD userland fixes and improvements incorporated.
110: <li>new rdisc Router Discovery daemon
111: <li>generic protection against the bind() takeover problem.
112: <li>at -f security fix.
113: <li>20 or so more security fixes
114: <li>install now supports -C, -p, and -S flags.
115: <li>a real adduser program, which can even be used uninteractively.
116: <li>POSIX & C2 requirement; lose setuid/setgid bits if owner/group changed
117: by chown(). This can be turned off with sysctl.
118: <li>partial protection against tcp SYN attacks.
119: <li>added /etc/fbtab support to login & init.
120: <li>RCS version 5.7
121: <li>much newer join command (4.4lite2 with other fixes)
122: <li>scsi subsystem security fix
123: <li>Kerberos is much more silent if not configured
124: <li>arc4-based random support in kernel
125: <li>ncr53cXXX scsi scripts assembler
126: <li>Numerous ftpd improvements and fixes, including multihomed and skey support.
127: <li>`lsof'-style features in fstat.
128: <li>rudimentary support for ISA Plug-and-Play cards
129: <li>Fixed timeout support in RPC library, and also fixed it to support more
130: than FD_SETSIZE file descriptors.
131: <li>improved locate command
132: <li>a good start at NETIPX support
133: <li>vim version 4.5
134: <li>gcc 2.7.2.1 (to get closer to native alpha support ar gcc
135: bugs).
136: <li>latest version of perl, and a lndir command.
137: <li>Even more security fixes.
138: <li>cdio command for using CD audio.
1.40 gvf 139: <li>Kernel warns if /dev/console does not exist; nice warning for booting with
140: an unpopulated /dev directory.
1.41 deraadt 141: <li>libgnumalloc is gone; our malloc() is better.
1.14 deraadt 142: <li>FreeBSD pipe() system call; quite a bit faster.
143: <li>Some serial driver support for /dev/cuaXX devices to support transparent
144: out+dial
1.40 gvf 145: <li>DDB can now access symbol tables from LKM modules
1.14 deraadt 146: <li>Say goodbye to dump, restore, and mt security holes: They are no longer
147: setuid.
148: <li>*Hobbit*'s netcat utility. The crackers use it, so should you.
149: <li>New routed from SGI.
150: <li>Complete in-tree development for MIPS/Alpha systems (ie. binutils).
151: <li>ftp command modified for easily scripted ftp & http downloads.
152: <li>And of course... more security related bugfixes... (ie. dump,
153: restore, mt).
154: <li>vim is replacing nvi, since nvi does not have a pure BSD license, and vim
155: also works better.
156: <li>16 partitions working on sparc and i386 (yipee!)
157: <li>Nice sample files in /etc
158: <li>sendmail gecos hole fixed (in a number of ways; other programs in the
159: source tree were also vulnerable.)
160: <li>secure multicast tools against possible security problems.
161: <li>latest GNU groff, incorporated in a clean wrapperized form.
162: <li>mopd for networking booting Digital machines
163: <li>less version 2.90
164: <li>deal with the SYN bomb problem (denial of service attack) as well known.
165: <li>Another kerberos security fix.
166: <li>Almost a hundred more security fixes, including /tmp races because of strncpy.
167: <li>Compile time option to compile the source tree almost completely dynamic.
168: <li>A 7% reduction in size of static binaries.
169: <li>FreeBSD's adduser(8) command. Also an rmuser(8) command.
170: <li>We have completed security reviews of almost all userland programs and
171: libraries except for the gnu stuff (where, based on preliminary
172: inspection there is poor handling of temp files).
173: <li>Working Linux ext2fs.
174: <li>Added sudo (which is maintained by one of our developers)
175: <li>CTM is now a supported way of obtaining OpenBSD source code.
1.17 deraadt 176: </ul>
177: <p>
1.156 deraadt 178: <h3><font color=#0000e0>OpenBSD 2.0 released.</font></h3>
1.17 deraadt 179: <p>
1.15 deraadt 180: <ul>
1.14 deraadt 181: <li>The NIST Posix test suite became free. As a result we have been correcting
182: numerous problems in the source tree, and expect to be completely
183: POSIX compliant very soon.
184: <li>upgrade to CVS version 1.9.
185: <li>A number of security fixes to the way coredumping works.
186: <li>The /dev/*random devices are now default on all architectures.
187: <li>Add stack tracebacks to Arc port's kernel debugger.
188: <li>Skey revamped into full OTP (RFC1938) support, including sha1 and
189: md5 support.
190: <li>GPL i387 emulator added.
191: <li>Crank kvm space on the i386 port, also limit buffer cache useage
192: so that 512MB machines may work (untested :-)
193: <li>Numerous fixes to the lpr suite, including security.
194: <li>More ftpd raging paranoia security fixes.
195: <li>The NIST suite showed numerous errors in libraries and the kernel.
196: Only a few small errors remain now, mostly regarding serial
197: ports.
198: <li>In numerous utilities: prefer $LOGNAME, but also accept $USER.
199: <li>OLF binary type added. This is like ELF, but includes an OS-dependent
200: tag. elf2olf(1) converts an elf binary to a tagged OLF binary which
201: the kernel can recognize correctly.
202: <li>Beware $HOME overflows throughout the source tree.
203: <li>Integration of the pmax port.
204: <li>Import of ctm.
205: <li>Various repairs to the scsi scanner support.
206: <li>Numerous more difficult-to-exploit-but-possible-if-someone-really-wanted-to
207: buffer overflows found in system utilities..
208: <li>Memory leak paranoia in cron.
209: <li>Make login get more consistantly upset about failed logins, and tell user
1.147 todd 210: about these failures at the next successful login.
1.14 deraadt 211: <li>pdksh version is now 5.2.11
212: <li>New bsd.*.mk feature: DEBUG=-g. Try it, you'll like it.
213: <li>The Arc port family has a new member: The rPC44 works!
214: <li>lpt driver is now bus-independent.
215: <li>com driver is now bus-independent.
216: <li>Numerous small security fixes again...
217: <li>Use pdksh as our /bin/sh. This provides excellent POSIX compliance.
218: <li>Prevent generic users from mounting filesystems by default.
219: <li>Added -C option to pax/tar. Also made -z support compressed files too.
220: <li>Increased compatibility in the pccons driver with BSDi features.
221: <li>Imported FreeBSD's calendar.
222: <li>GNU gdb works on the mips-based platforms.
223: <li>Add FreeBSD md5 diffs to mtree(8). This can be used to implement a
224: tripwire-like system.
225: <li>Some YP and bootparamd security changes.
226: <li>Hundreds of little fixes all over the place.
227: <li>Multiple updates for GNU software
228: <li>Add disklabels to the floppy device drivers.
229: <li>At boottime, have (*mountroot)() look at the root device's disklabel
230: to determine which filesystem type is to be mounted.
231: <li>If disklabel reading code discovers an ISOFS filesystem underlying,
232: spoof a nice disklabel (enough to fool mountroot).
233: <li>tcpdump 3.3
234: <li>Fix information gathering attack in ping(8).
1.147 todd 235: <li>Add NetBSD's "route show" implementation, and at the same time fix
1.14 deraadt 236: the new buffer overflows that this provided.
237: <li>Fix a few setgroups() related security holes.
238: <li>sendmail 8.8.4
239: <li>texinfo 3.9
240: <li>f77 0.5.19
241: <li>Repair some more KerberosIV buffer overflows. Hard to believe this is
242: supposed to be security software.
243: <li>Add XCASE/IUCLC/OLCUC/OCRNL/ONOCR/ONLRET tty subsystem flags for
244: backwards compatibility.
245: <li>Permit NFS attribute cache to be configured on a per-mount basis.
246: <li>Properly split fsck, mount, and newfs into multiple pieces. Use
247: disklabel information if it is available.
248: <li>Add disklabels to the vnd device driver.
249: <li>Change the games to be run setgid games, not setuid games. This closes
250: a whole slew of fascinating security holes.
251: <li>Import of the powerpc port.
252: <li>Properly use _POSIX_SAVED_IDS throughout the source tree.
253: <li>Permit building of kernels without a.out support.
254: <li>ppp 2.3b3
255: <li>libcrypt goes away. We do not need this stub library anymore. Do not link
256: against it on OpenBSD, all the pieces you need are in libc.
1.18 deraadt 257: <li>new aucat command.
258: <li>Fix a fairly nasty security hole in all of the games.
1.20 downsj 259: <li>Support for the <a href="hp300.html">hp300</a> added.
260: <li>Upgrade of awk(1), integration of BSD tsort(1), getopt fixes.
261: <li>Sendmail upgraded to version 8.8.5.
1.21 downsj 262: <li>Added lchown(2) for compatibility with SVR4 implementations.
1.23 deraadt 263: <li>New gnu cpio 2.4.2
264: <li>Support lchown(2) in dump(8), cp(1), pax(1), cpio(1), chown(8), and
265: restore(8).
266: <li>No buffer lengths in fmt(1).
267: <li>various adjtime() corrections inside the kernel.
268: <li>Prevent stat() from disclosing inode generation numbers to non-root userland.
269: <li>pax in tar mode will understand multiple -v options to generate ls-like output.
270: <li>Repair many uses of the SIOCGIFCONF code for machines with an outrageous
271: number of network interfaces.
1.22 deraadt 272: <li>More kerberosIV security patches.
273: <li>A working fsirand.
1.56 deraadt 274: <li>Completely in-tree <a href="powerpc.html">PowerPC</a> port for non-Apple
1.28 deraadt 275: hardware. This port requires nothing outside the in-tree development
276: environment to build (except mkisofs for building distributions).
277: <li>Some ypbind(8) tightening up, includes a method to specify a list of
278: valid servers
1.25 niklas 279: <li>Bug fixed that prevented bufpages/nbuf > 1 setups. This allows large
280: buffer caches even when available kvm space is low, like for i386
281: & sparc.
1.26 deraadt 282: <li>Changed netinet IP_HDRINCL option to require ip_len and ip_off in network
283: byte order. This is a compatibility/portability fix and we expect
284: other BSD systems to eventually follow suit.
285: <li>amd (the automounter) is now 64-bit and working on the alpha.
286: <li>The <a href="alpha.html">Alpha</a> port and all it's utilities now compiles
287: using in-tree versions of all tools. Yipee!
1.34 deraadt 288: <li>A SA_SIGINFO implementation for sigaction() and signal handlers. This is a
289: small part of POSIX 1003.1b and permits the signal handler to figure
290: out the exact cause of a signal; such as fault address information
291: for SIGSEGV or more detailed information for SIGFPE.
1.31 downsj 292: <li>config.old(8) has been removed from the tree, as the <a href="hp300.html">
293: hp300</a> port switches to config(8).
1.32 deraadt 294: <li>/sbin/dump -a saves you from needing to deal with finicky tape length
295: options (from FreeBSD)
1.34 deraadt 296: <li>Added RFC-1812 ICMP unreachable codes to ip_icmp.h, traceroute, and ping.
1.36 deraadt 297: <li>Be more careful if some fool decides to enable source routing ;-)
298: <li>Support for gzip'd kernels in some bootblocks.
299: <li>New wgrisc port for Willowglen embedded r3081-based machine with ISA slots.
300: <li>Add cdev and partition support to the ramdisk driver.
301: <li>Merge new ftp(1) changes from NetBSD.
1.37 deraadt 302: <li>Change mktemp(3) and family to generate more random filenames, yet still
303: as collision free as possible.
304: <li>Have libc/rpc save you from yourself if you do enable source routing.
1.38 downsj 305: <li>The <a href="hp300.html">hp300</a> joins many other ports in supporting
306: 16 disk partitions.
1.55 kstailey 307: <li>IPF 3.1.7 which includes fully working NAT support (ie. IP masquerading).
1.39 deraadt 308: <li>Use lots more XXXX characters in calls to the few remaining mktemp() calls
309: in the source tree. This cuts out a whole class of races.
310: <li>Improved NFS filehandle creation.
1.42 deraadt 311: <li>Make dd(1) work fine with our 64-bit off_t types, now you can copy very
312: large disks using it.
313: <li>add RPC service name generation to netstat -a
1.43 deraadt 314: <li>Fix pax & tar to be POSIX compliant.
1.42 deraadt 315: <li>Fix a few netinet kernel crash problems.
316: <li>Fix so that stack limits which are not a multiple of the pagesize work.
317: <li>fix some more memory and file descriptor leaks in libc/rpc
1.43 deraadt 318: <li>New scalable BLOWFISH-based crypt algorithm for passwd file entries. It
319: uses a very large strong-random `salt' and the number of rotor
320: runs is configurable. Hence if you have faster machines you can
321: slow the crypt routine down and make harder keys.
322: <li>Add support for /etc/passwd.conf which controls the format and strength
323: of passwd entries for the next time a user changes their password.
324: These options can be set per-user.
1.44 deraadt 325: <li>Working kadmind for kerberosIV.
326: <li>IPSEC package from John Ioannidis and Angelos D. Keromytis.
327: <li>cvs 1.9.2
328: <li>Fix weak symbol support in ld.
329: <li>libg++ pulls in libcurses automatically.
330: <li>Replace which(1) with a C program.
1.45 millert 331: <li>newfs(8) now has an inline fsirand(8) with no noticable speed decrease.
332: <li>settimeofday(2) won't roll back the date if securelevel > 0 (from lite2).
1.46 kstailey 333: <li>deroff(1) 1.0 from Debian (a Linux).
1.47 downsj 334: <li>BIND 4.9.5-P1.
1.48 deraadt 335: <li>Add support for FreeBSD md5 to /etc/passwd.conf.
336: <li>Import of the mvme88k kernel port.
337: <li>Import of libwrap and tcpd (tcp wrappers).
338: <li>Numerous improvements to pax, including full support for cpio and
339: a lot of fixes to tar mode.
340: <li>Let fsck and fsirand automatically work on very large filesystems.
341: <li>Various fixes to the fsck tools.
342: <li>ipsecadm as an initial cut at controlling IPSEC sessions.
343: <li>Fix pcmcia on the i386.
344: <li>Merged changes from at 2.9 into our own at.
345: <li>pccon(1) to control the pccons driver.
346: <li>Bye bye tahoe bits.
347: <li>noaccesstime option for filesystems (saves batteries on laptops)
348: <li>Substantial changes and fixes to the scsi scanner support.
349: <li>Support for "secure" YP password maps.
350: <li>Various atm fixes.
351: <li>The NE2000 if_ed driver now works on the alpha, too.
352: <li>ddb improvements for 64 bit machines.
353: <li>Fixes to fts(3).
354: <li>A few ypbind fixes.
355: <li>sysctl kern.osrevision gives OpenBSD date.
356: <li>gcc no longer defines -D__NetBSD__, only -D__OpenBSD__ now!
1.147 todd 357: <li>Implement NOFILE_MAX--hard limit on max descriptors per process.
1.48 deraadt 358: <li>Be more careful about modes of lost+found directories.
359: <li>New termcap and terminfo database files.
360: <li>Change mail.local -H behaviour slightly, and convince mail(1) to use it
361: for correct locking!
362: <li>64 bit clean in.rarpd.
363: <li>cvs 1.9.6
1.49 millert 364: <li>16 partition support for the alpha port.
1.50 deraadt 365: <li>Add ./.message support to ftpd
366: <li>Numerous more pax/tar fixes.
367: <li>Add md5 & blowfish passwd support to adduser(8).
368: <li>Add support for YP v1 to ypserv.
369: <li>Fixed some more mktemp races (sigh, will this ever end!)
370: <li>More buffer overflows, but none in sensitive programs.
371: <li>getnetent() and friends now work a lot more like gethostent().
372: <li>Use 10 X characters in many remaining mktemp() calls which are
373: hard to excise.
374: <li>Solve a few resolver problems after the recent 4.9.5-P1 integration,
375: not all our fault.
376: <li>Fix patch to honour Index lines better.
377: <li>A whole bunch of 64 bit fixes in the source tree (hint: alpha).
378: <li>Once again, really correct the various source routing pieces of the
379: userland source tree.
380: <li>Make real i386 cpu's work again. In case noone noticed, they didn't
381: work for about 5 months. The bug was very hard to find...
382: <li>For config(8), if any kernel options get added/deleted/changed since
383: the previous commit, warn that the compile tree needs 'make clean'.
384: <li>Use in_addr_t and in_port_t all over the place.
385: <li>Correct DEV_BSIZE and lp->d_secsize confusion throughout the source
386: tree. CD9660 is much happier now.
387: <li>Fix AFS string-to-key handling in kerberos.
1.51 kstailey 388: <li>NAT now gets started from /etc/netstart.
1.50 deraadt 389: <li>Various man page fixes.
390: <li>For the first time ever, an obj@ populated /usr/src tree compiles cleanly
391: when mounted read-only.
1.54 kstailey 392: <li>The df(1) utility now has a human-readable "-h" option.
1.53 deraadt 393: <li>Always skip the first 8KB of all swap partitions (hint: disklabels &
394: bootblocks)
395: <li>Repair some bugs in mail(1), especially regarding signal handling.
396: <li>Support .group entries in /etc/passwd.conf
397: <li>PCI aic7860 scsi support improved.
398: <li>Support /etc/rc.shutdown from halt(8).
399: <li>Support extended partitions in fdisk(8).
400: <li>Various fixes to the YP utilities.
401: <li>Signal handling fix to crontab(1).
1.147 todd 402: <li>Unify naming of architecture names between gcc & binutils.
1.53 deraadt 403: <li>Some more userland 64 bit fixes.
404: <li>Support for PCI NE2000 clones.
405: <li>libpthread works on the m68k.
406: <li>Significantly improved the unpredictability of the DNS packet id's
407: in the resolver and named.
408: <li>newfs_msdos(8) can has enough brains to find the partition size itself.
409: <li>Split rc.local, creating rc.securelevel. (Securelevels look like a worse
410: and worse idea every month).
411: <li>A bit more man page cleanup starting to happen...
1.57 kstailey 412: <li>GNU Groff 1.10 with (improved) Makefile wrapper.
1.58 kstailey 413: <li>sleep(3) and usleep(3) now call nanosleep(2) for significantly less
414: overhead.
1.60 niklas 415: <li>The vnd(4) device has a new safer mode of operation called svnd
416: where you can trust a disk-image right after it's unmounted,
417: i.e. cache-coherency.
1.61 deraadt 418: <li>Repaired install stuff for most architectures significantly, improving
419: ftp/http installs, single bootable install floppies, and in some
420: cases CDROM booting. Most floppies contain vi, too.
421: <li>Support crunch on arc (for bootable installs).
422: <li>Added gzip and cdrom support to the sparc and alpha bootblocks.
423: <li>Fix keyboard and delay timing in i386 bootfloppy bootblocks. Whee!
424: </ul>
425: <p>
1.150 deraadt 426: <a name=2.1release>
1.156 deraadt 427: <h3><font color=#0000e0>OpenBSD 2.1 released (July 2, 1997).</font></h3>
1.61 deraadt 428: <p>
429: <ul>
430: <li>Few quirky changes to the way ISO9660 disklabel spoofing works in
431: some ports.
432: <li>Fix a few more libc functions to generate very large fd_set's properly
433: for select(2).
434: <li>Import newer version of vax port.
1.65 deraadt 435: <li>Newer version of ext2fs that is reliable for read/write operation. This
436: is essentially FULLY OPERATIONAL.
1.61 deraadt 437: <li>Make adduser understand /etc/passwd.conf
438: <li>Support SIGINFO in ping; also add more complete icmp reporting
439: capabilities.
440: <li>New named root.cache from Internic.
441: <li>Lots of man page fixes.
442: <li>Fix more overflows and other bugs in mail(1).
443: <li>tail(1) can now notice if the file been replaced or truncated.
444: <li>getpgid(2) from XPG3(?)
445: <li>In ar(1), truncate uid & gid if too large.
446: <li>Add some more malloc options to malloc(3)
447: <li>tcp wrappers 7.6
448: <li>Fix lots more NetBSD PR's.
1.62 deraadt 449: <li>Few more fixes to pax(1).
450: <li>kill process timers if execve'ing a setuid/setgid executable.
451: <li>fix sendsmg() credential passing on 64 bit machines.
452: <li>Kernel now generates random pid values in fork().
453: <li>A few netinet fixes.
1.63 deraadt 454: <li>Some more security and robustness changes to traceroute and ping.
455: <li>Add <strong>-P proto</strong> support to traceroute.
456: <li>fix SO_SNDTIMEO.
457: <li>add sysctl net.inet.tcp.{keepidle,keepintvl,slowhz}
458: <li>fix disklabel support in vnd/svnd.
459: <li>Ensure TCP RST is within window.
460: <li>Use /etc/namedb/tmp/ to avoid /var/tmp race conditions.
1.147 todd 461: <li>Use dynamic fd_set allocation in more places, particularly setuid
1.63 deraadt 462: programs.
1.65 deraadt 463: <li>tftpd -c flag.
464: <li>document the ddb hangman.
465: <li>Move named tmp files to /etc/named/tmp/ to avoid localhost race
466: attacks.
467: <li>Addition of readlink(1).
468: <li>Implement hex/octal offsets in cmp(1), as documented.
469: <li>Repair many cross-references and other documentation problems in
470: the section 2 and 3 man pages, and also fix a few minor
471: other bugs discovered by analysis of recent changes in
472: FreeBSD's and NetBSD's libc.
473: <li>Add tsearch(3) and friends to libc, as required by XPG3(?).
474: <li>Fixed a few netinet bugs as pointed out by TCP/IP Illustrated
475: Vol.2.
1.66 deraadt 476: <li>Improved performance in /dev/*random.
477: <li>Deal with atapi drives that cannot lock their doors.
478: <li>Fix /tmp races in make(1).
479: <li>Add tsearch(3) to libc.
480: <li>In newfs(8), fix -o and -m to work better.
481: <li>Correct -n behaviour in sort(1).
482: <li>Better support for unmounted filesystems in df(1).
483: <li>add per-interface bindings to inetd(8).
484: <li>Fix some more /tmp races in various programs.
485: <li>Support "-d dir" in rpc.yppasswdd(8).
486: <li>Make ifconfig(8) print full information about the full set of
487: interface aliases.
488: <li>add -insecure flag to ypbind(8) so that it can bind to very old ypserv's.
489: <li>More ipsec changes!
490: <li>Change mount(2) to return EFTYPE for invalid filesystem.
1.147 todd 491: <li>Some NLS improvements, notably some more language catalogs.
1.66 deraadt 492: <li>Add ELOOP error handling to realpath(3).
1.68 deraadt 493: <li>More paranoia in procfs.
1.67 deraadt 494: <li>Slightly improve ftpd log file.
1.69 downsj 495: <li>Added automatic power down framework at halt(8) time, currently only
496: supported on sun4m machines with the <i>power</i> device.
1.70 kstailey 497: <li>IPF 3.1.11 + Darren's patches + 64-bit cleanup.
1.72 deraadt 498: <li>Fix a minor problem in popen().
499: <li>Use O_EXLOCK for passwd locking to avoid a class of localhost denial of
500: service attacks.
501: <li>Clip setsockopt SO_SND*/SO_RCV parameters.
502: <li>Repaired hundreds of long != int problems (in a bunch of programs) that
503: affect the alpha.
504: <li>Y2K enhancement to date(1).
505: <li>Race fix to amd(8).
506: <li>Support IP option handling in IPSEC packets.
507: <li>Import of the gnu multi-precision math library, libgmp. This will be
508: used by an IPSEC key daemon soon.
509: <li>Modify inetd to accept a "hostname,[hostname,...]:" token to added to the
510: front of any line in /etc/inetd.conf. This permits services to be
511: supplied only on certain interfaces.
512: <li>A few more minor netinet problems fixed.
513: <li>Import of cvs-1.9.10.
514: <li>Fix readlink(1).
1.74 deraadt 515: <li>Permit tftpd to provide files over 32K blocks in size.
516: <li>New kprop/kpropd man pages.
517: <li>Make sleep(1) handle fractions of seconds. This is a nice extension.
518: <li>Move libdes out of the kerberos tree so that it can be used by other
519: parts of the system too.
520: <li>Many more 64 bit fixes for the alpha, in about 20 more programs.
521: <li>libedit update with lots of fixes.
1.75 kstailey 522: <li>Fixed all(?) Makefile wrappers for GNU software to not build and install
523: manpages when NOMAN is set.
1.76 deraadt 524: <li>Fixed highscore handling in battlestar(6).
525: <li>Repaired nfs handling in tcpdump.
526: <li>split ifconfig -a into -a/-A: -A prints ifaliases, -a does not.
527: <li>Fix a number of rtld dynamic loading problems.
528: <li>More IPSEC changes. IPSEC is almost fully useable now.
529: <li>Intel EtherExpress Pro/100B PCI driver.
1.77 downsj 530: <li>ATAPI devices may now reside in a kernel without wd (disk) devices.
1.78 deraadt 531: <li>Amended issetugid(2) man page to be quite a bit more clear.
532: <li>Fix ruptime output for machines up > 99 days.
1.79 kstailey 533: <li>Maintain process size stats in forkstat struct for "vmstat -f".
1.80 deraadt 534: <li>make compress(1) do gzip support too.
535: <li>Make ed(1) work properly on a non-tty.
536: <li>Fix passive buffer overflow in rusers.
537: <li>Replace libc sha1 code with another version that is better in some respects.
538: <li>Repair symbolic link handling during coredumps (correctly, this time).
539: <li>Lots more IPSEC improvements.
540: <li>Add sha1 support to md5(1).
541: <li>Add sha1 digest support to mtree(8).
1.147 todd 542: <li>More mail(1) fixes, particularly regarding long lines.
1.81 downsj 543: <li>cua devices, new <strong>MAKEDEV</strong> script in the hp300 port.
544: <li>Updated <a href="http://www.sendmail.org/">Sendmail</a> to 8.8.6.
1.82 deraadt 545: <li>man page cleanups.
546: <li>lpd security fixes.
547: <li>Add rmd160 hash support throughout the source tree.
548: <li>Import of the IPSEC photuris daemon.
549: <li>Add <strong>-d date</strong> support to last(1).
1.147 todd 550: <li>make ctags operate a bit better in the presence of extra spacing.
1.85 deraadt 551: <li>IPSEC Photuris daemon is integrated into the source tree.
1.83 millert 552: <li>mail(1) behaves correctly when interrupted while getting headers from the user.
1.85 deraadt 553: <li>mail(1) supports "inc" command.
1.84 millert 554: <li>S/Key keyfile is now readable only by root. skeyinfo(1) and skeyaudit(1)
555: have been enhanced and rewritten as C programs.
1.85 deraadt 556: <li>Appletalk networking support.
557: <li>permit ftp(1) to download http pages without Content-Length.
558: <li>Some cribbage(6) fixes.
1.90 kstailey 559: <li>All Makefile.bsd-wrapper files can now strip GNU binaries during install (pr 188.)
1.86 deraadt 560: <li>Do not use tempnam(3) in mail(1).
561: <li>make amd(8) use /tmp_mnt by default.
562: <li>Implement IFF_NOARP handling in netinet.
563: <li>Fix pax to not need getcwd(3).
564: <li>Add -T support to last(1).
565: <li>-d flag for shutdown(8).
566: <li>Support lpc(8) "all" keyword option.
567: <li>Support YP map mail.aliases set of maps.
1.123 kstailey 568: <li>Hardcode a list of reserved ports that random port allocation should not
1.86 deraadt 569: reuse.
570: <li>Use sendmail -t instead of other invocation forms inside lots of
571: programs in the source tree.
572: <li>mremap(2) support for Linux emulation.
573: <li>Switch back to nvi; vim has copyright licensing issues.
574: <li>stime(2) support for SunOS emulation.
575: <li>More mail(1) fixes.... It's amazing Todd hasn't broken it.
576: <li>Support -H flag in who(1).
577: <li>Allocate reserved ports for NFS inside the kernel randomly.
578: <li>Man page improvements in many areas.
1.87 deraadt 579: <li>Fix systat manpage.
580: <li>An ugly identd race fixed.
581: <li>More buffer overflow fixes in mail(1).
1.88 deraadt 582: <li>Various fixes and improvements to the 3cXXX ethernet drivers.
583: <li>routed(8) is now disabled by default.
584: <li>Support fpx cards with i82555 PHY.
585: <li>Todd Miller is on a rampage, and making every single buffer inside mail(1)
586: dynamically allocated...
587: <li>Radius support in tcpdump.
1.93 kstailey 588: <li>More fixes to the alpha vga driver. Curses-based programs now work on it.
1.92 kstailey 589: <li>FSF GNU texinfo 3.11.
1.94 deraadt 590: <li>Attempt to cleanup identd. A long road left.
591: <li>Deal nicer with rfork/execve interactions.
592: <li>Make if_tun to prefix address family as a host byte order u_int32_t instead
593: of a u_char, so that bpf can deal with the interface.
1.97 deraadt 594: <li>Fix a kernel bug regarding double m_freem()..
1.96 downsj 595: <li>Sendmail 8.8.7.
1.98 deraadt 596: <li>Fixed getnetbyaddr() 'always tried DNS' resolution problem from 2.1.
597: <li>Cyclades driver fixed. Works on alpha, too.
598: <li>More mdoc pages.
599: <li>save errno in most of the tree's SIGCHLD handlers, just in case.
1.99 deraadt 600: <li>Make 127.0.0.1 assumed OK if /var/yp/securenet is in use.
601: <li>Fix pdksh bugs: closed too many fd's on exec, fix handling of (( )) to be
602: compatible with POSIX sh spec without breaking $((, and explain how
603: IFS works when splitting text after a substitution.
604: <li>Fix another race condition in identd.
605: <li>Work has started to fix the remainder of the signal handlers in the
606: source tree with respect to errno clobbering.
1.100 deraadt 607: <li>Seriously rework the identd daemon even further, to avoid even more
608: input parsing problems and race conditions.
609: <li>Fix a memory leak in grep(1).
610: <li>Fix vacation(1) properly.
611: <li>Make bsd.doc.mk use DOCDIR.
612: <li>Support -n better in pstat(8).
613: <li>Change the bounds_check_with_label() API to handle a cpu_disklabel too.
614: <li>Optional TCP syn cookie support enabled via TCPCOOKIE kernel option.
615: <li>Import ypserv performance.
616: <li>Make bad random allocation ports settable via sysctl(8).
617: <li>Make gzexe(1) use mktemp to avoid races.
618: <li>Fix pcap_inject(3) in libpcap.
619: <li>In mountd(8), handle ext2fs specially, like most exported filesystems.
620: <li>Be even more paranoid (if it can be believed) in mail.local(8).
621: <li>Add top(1) to the source tree. Fix some problems.
622: <li>Fix another procfs security hole.
623: <li>ATAPI quirk for MATSHITA CR-574.
1.114 kstailey 624: <li>Attempt to deal with archive timestamp and filemode problems in texinfo...
1.100 deraadt 625: <li>Put hostname in root crontab mailout subjects.
1.101 deraadt 626: <li>We are starting to pay attention to good things found in the XPG4
627: standard. We hope to never be compliant, because XPG4 goes way
628: too far.
629: <li>More 1003.2 conformance: cal, cksum, sleep, compress, expr, etc.
630: <li>Support simple add/delete operations on ports in the baddynamic masks
631: via sysctl(8)
632: <li>Be more careful about YP groups in getgrouplist().
633: <li>New PCMCIA Wavelan driver.
1.102 millert 634: <li>More user-friendly error messages from mount_* when the filesystem
635: is not in the kernel.
636: <li>Changed realloc(foo,0) semantics to be like malloc(0), not free(foo).
637: <li>Fixed a bug in cp(1) when the -r option is used and the source dir
638: ends in a '/'.
1.103 millert 639: <li>Verbose SCSI warnings are now available and on by default.
640: <li>Added basename(3) and dirname(3) for XPG4. dirname(1) is now trivial.
641: <li>XPG4 compatibility for ps(1) format options.
642: <li>Buffer overflow fixes in tip(1).
643: <li>Fixed err(3)/warn(3) argument usage in the tree.
644: <li>shutdown(8) now gets its own session as it deserves.
645: <li>Fixed a bug where the kernel could lie about how many file descriptors
646: are available and cause a panic.
647: <li>ash is gone gone gone.
648: <li>The group vector could end up with duplicates esp. with YP. Now it won't.
649: <li>Document a64l(3) and l64a(3).
650: <li>basename(1) and dirname(1) no longer give an error for paths starting
651: with '-'.
652: <li>Don't print duplicate fields in ps(1) when called with silly arguments.
1.109 deraadt 653: <li>Few more 64 bit fixes in userland, in some rarely used system tools.
654: <li>Various fixes to battlestar(6).
655: <li>A few fixes to tip(1).
656: <li>In join(1), require compat options start with '-'.
657: <li>In dump(8), do not consider tape changing time in the timing estimates.
658: <li>Correct 'sync' option to dd(1).
1.107 kstailey 659: <li>Lucent Technologies (formerly AT&T) awk version 970821.
1.109 deraadt 660: <li>Handle setgid lossage in tip(1).
661: <li>Fix a crash in systat(8).
662: <li>Further IPSEC enhancement (but still no man pages for it though).
663: <li>In calendar(1), support "-t date" to let you see the calendar for other days.
1.112 kstailey 664: <li>More SysVR4 emulation: sockets, NTP, POSIX time functions, pread(2)/pwrite(2).
1.110 deraadt 665: <li>Kill "union wait" in a few more places.
666: <li>Handle SIGCHLD better in rlogin.
667: <li>Correct some remaining small inetd bugs.
1.111 deraadt 668: <li>Do permission checking at delivery time for pgid's derived from TIOCSPGRP,
669: F_SETOWN, or FIOSETOWN.
670: <li>Some FreeBSD m4(1) fixes.
671: <li>Fix first directory handling in "find -execdir"
1.115 deraadt 672: <li>make glob(3) XPG4.2 compliant, which means use GLOB_ABORT.
1.116 deraadt 673: <li>ppp 2.3.1...
1.115 deraadt 674: <li>Another tip(1) overflow fix.
675: <li>New COMPAT_BSDOS binary compatibility subsystem.
1.113 kstailey 676: <li>Print system call emulation in ps(1) output. Try "ps -axO emul".
1.116 deraadt 677: <li>Update ftp(1) to new NetBSD changes.
678: <li>make mail(1) be permissive about <CR><LF> pairs in mailbox files.
679: <li>Cleaned up verbose scsi error reporting.
680: <li>make bpfread() return ENXIO for uninitialized descriptors.
681: <li>Extend buffer lengths in patch(1).
682: <li>Fix a coredumping problem in tip(1).
683: <li>Preliminary manual pages for the IPSEC utils.
1.117 deraadt 684: <li>Fix a long-standing and minor problem with ld.so on m68k.
685: <li>Ignore trailing spaces on priority in /etc/syslogd.conf.
686: <li>Make ddb not think 'h' means hangman.
687: <li>Some setlogin() and getlogin() fixes in the tree.
688: <li>Fixed small pathname buffer in man(1).
689: <li>Made indent(1) handle unlimited number of -T options.
1.119 deraadt 690: <li>Some fsck_msdos(8) fixes.
691: <li>Make popen(3) safe if vfork(2) does real parent address space borrowing.
692: <li>Always set the SCSI-1 LUN field correctly in all transfers.
1.118 gene 693: <li>Added ex (EtherExpress Pro/10) driver ported from FreeBSD
1.119 deraadt 694: <li>Fix a ksh(1) bug.
695: <li>Permit a longer path buffer in tgetent(3).
696: <li>Some syslogd fixes.
697: <li>Fix SA_* sigaction(2) fields in the OS compat code.
698: <li>Don't error out of MDTM fails.
699: <li>Add sigaction(2) SA_NOCLDWAIT support.
700: <li>Add mkisofs(8).
701: <li>Run calendar -a in the background. (Points to whoever figures out why).
702: <li>Another important disk-full check in pwd_mkdb(8).
1.120 deraadt 703: <li>Fix ftime(3).
704: <li>Fixed various MAKEDEV bugs on lots of architectures.
705: <li>Deal with some possible buffer overflows in sup.
706: <li>Make top(1) work better on very small screens.
707: <li>Fix tar to deal better with one more kind of strange tar file.
708: <li>Shrink most of the install floppies ;-)
1.147 todd 709: <li>Fix a few small problems in rarpd(8).
1.120 deraadt 710: <li>Make ls -d sort directories with files.
1.121 deraadt 711: <li>Do not init pgid in /dev/log's logopen().
712: <li>Fixed a pstat -s related bug in pcvt.
713: <li>Ignore SIGPIPE in inetd(8).
714: <li>In struct sigaction, split sa_handler and the new sa_sigaction function
715: pointers as is being done on newer POSIX systems. This permits proper
716: prototyping of signal handlers.
717: <li>Fix an ifconfig bug related to interfaces that do not exist.
718: <li>Make execle() use alloca() instead of malloc(); to ensure execle() can be
719: safely called in a signal hander.
720: <li>Fix the : and . support in chown so that usernames can have . in them.
721: <li>Fix a network performance problem introduced with IPSEC.
722: <li>Add support for FNM_LEADING_DIR, FNM_CASEFOLD, FNM_IGNORECASE to fnmatch(3).
723: <li>Fix a bug in libform.
724: <li>Add -f option to readlink which does a realpath(3).
725: <li>More IPSEC improvements after the Interop ANX bakeoff.
726: <li>A few pppd fixes.
1.122 kstailey 727: <li>The random(6) tool (game?) now uses arc4random(3).
1.124 deraadt 728: <li>Fix prompting code in pw_edit(3)
729: <li>Ignore bogus hostnames in the /etc/exports file.
730: <li>Make /etc/security handle blowfish-a passwd entries.
731: <li>Rewrite of fdisk(8).
732: <li>Handle a potential crash in the bpf driver.
733: <li>Quirks for two kinds of hitachi dk515 scsi drives and the
734: Cipher ST150S tape drive.
735: <li>Handle creation of /var/tmp/vi.recover more securely.
736: <li>Implementation of the new disklabel -E mode.
737: <li>Support 'q' modifier in kernel vsprintf/kprintf
738: <li>In fmt(1), support backslashed whitespace inside words better.
739: <li>Make disklabel -E always succeed at writing a label. Now you
740: can load a fictitious label, edit it, and write it out.
741: <li>Repair the msdosfs timestamping code so that NT/Win95 do not complain.
742: <li>Another lpd security fix.
743: <li>Some minor tftpd bug fixes.
744: <li>Fix one last little problem case in the fts(3) library routine. This
745: is a very complicated piece of code...
746: <li>Fix a memory leak in libdes.
747: <li>Fix mktemp() to work correctly when specified against non-existant
748: directories.
749: <li>Make ac(8) use the correct timestamp if the user specifies a different
750: wtmp file.
751: <li>Fix a select/read race in identd(8) which would make it spin wildly.
752: <li>Make the ncr scsi driver work on big-endian machines too.
753: <li>Add per-host locking support to supfilesrv.
754: <li>Make clri(8) mark the filesystem dirty.
755: <li>Addition of 'kbus' port for the Solbourne Series5 sparc-based machines.
1.185 deraadt 756: <li><strong>The new afterboot(8) man page. Everyone should look at
757: this</strong>.
1.124 deraadt 758: <li>Prevent open(2) with wrong flag modes.
1.105 deraadt 759: </ul>
1.125 deraadt 760:
1.186 deraadt 761: <a name=22>
1.125 deraadt 762: <p>
1.156 deraadt 763: <h3><font color=#0000e0>OpenBSD 2.2 released (Dec 4, 1997).</font></h3>
1.150 deraadt 764: <p>
765:
766: <p>
1.156 deraadt 767: <h3><font color=#0000e0>Work begins on what will become 2.3....</font></h3>
1.125 deraadt 768: <p>
769:
770: <ul>
771: <li>Add svr4 jioctl() compat interface.
772: <li>Make kdump(1) handle the newer emulations.
773: <li>a buffer underrun in ctags(1).
774: <li>In tftpd(8), permit syslog() to work when running chroot(2)'d.
775: <li>Add blowfish and cast encryption to IPSEC.
776: <li>SIGWINCH handling in systat(1).
777: <li>If a non-existant user logs in and asks for s/key authentication, fake a
778: proper s/key prompt.
779: <li>Make disklabel -E deal with multiple partitions which overlap.
780: <li>Replace kernel printf with Torek's libc printf.
781: <li>Be more careful with getpwent() information inside rcp(1).
782: <li>Handle C++ and other languages in yacc(1) far better.
783: <li>Fix an as(1) parsing bug relating to the .ascii directive.
784: <li>Fix some memory leaks in the RPC code.
785: <li>Document how crypt(3) handles blowfish and MD5 passwords.
786: <li>Truncate large uid and gid values in ranlib(1), in the same way as this
787: is handled in ar(1).
788: <li>Fix rpc.rquotad support if the quotas file resides on another filesystem.
789: <li>makewhatis(8) manpage added.
1.142 deraadt 790: <li>Fixed ps(1) LIM and STAT columns.
1.130 deraadt 791: <li>usleep(3) returns int, and add useconds_t type as required by XPG4.2
792: <li>4.4BSD lite2 vfs integration.
793: <li>Support execution sections in syslog.conf.
1.131 deraadt 794: <li>Start named(8) earlier in /etc/rc.
795: <li>add uu_lock(), uu_unlock() and uu_lockerr() to libutil.
796: <li>sendmail 8.8.8
797: <li>double MAX_KMAPENT and MAX_KMAP
798: <li>Fix tty suspend during <strong>sh -c "less file"</strong>.
799: <li>Add more things to afterboot(8).
800: <li>Correct TCP's handling of RST.
1.132 deraadt 801: <li>Fix EXTPROC in pty code.
802: <li>Update getNAME(8) and fix makewhatis(8) to use it more optimally.
803: <li>Some compat_svr4 fixes.
804: <li>Flesh out compat_freebsd a fair bit more.
805: <li>Some minor fixes for the libc/db/btree code.
806: <li>Add getsid(2) system call as mandated by XPG4.2.
1.133 deraadt 807: <li>Make dumpfs(8) report if soft updates are requested by the superblock.
808: <li>Make "expr a : /" work.
809: <li>Support an "object" keyword in config(8).
810: <li>Support -mmin, -amin, and -cmin in find(1).
1.134 deraadt 811: <li>Fix a ONLCR + FLUSHO situation in tty.c
812: <li>Make msync(2) POSIX compliant.
813: <li>Make the if_de driver support more cards.
1.135 deraadt 814: <li>Clear CLOCAL mode in pppd if modem is set but modem_chat is not.
815: <li>Add inetd(8) <strong>-R rate</strong> flag, and crank default rate to 256.
816: <li>Fix a line continuation bug in sed(1).
1.136 deraadt 817: <li>Change various system calls to take void * instead of caddr_t.
818: <li>Range-check the "how" argument for shutdown(2).
819: <li>Make the <strong>-Ss</strong> flag in rpcgen(1) work right.
1.137 deraadt 820: <li>Add <strong>SHUT_RD</strong>, <strong>SHUT_WR</strong>, and
821: <strong>SHUT_RDWR</strong> values for shutdown(2) as
822: specified by XPG4.2.
823: <li>in chat(8), replace Mini Getopt from hell with real getopt().
824: <li>Minor logging feature changes in fingerd(8).
825: <li>Fix some Y2K problems in the nroff tmac macros.
826: <li>Added mode rangecheck in chmod(2) and fchmod(2).
1.139 deraadt 827: <li>Consider only the 0177777 bits of the umask(2) value, as documented.
1.140 gene 828: <li>Implement FIONBIO in ibcs2 emulation code.
1.139 deraadt 829: <li>Make fstat(2) on AF_UNIX socket return proper st_[acm]time field values.
1.185 deraadt 830: <li><font color=#e00000>make readlink(1) terminate it's buffer correctly.
1.155 deraadt 831: <a href=errata.html#all>This affects CDROM builds so a patch is
1.185 deraadt 832: available for 2.2</a></font>.
1.139 deraadt 833: <li>Clean /var earlier in the /etc/rc script.
834: <li>Fix the internals of open(2) when O_TRUNC and either O_SHLOCK or O_EXLOCK
835: are set. (That was a nasty kernel bug).
1.142 deraadt 836: <li>Fixed bug in 'systat vm' output.
1.141 deraadt 837: <li>Update sudo(8).
838: <li>Import of FreeBSD's ppp(8) program.
839: <li>Fix a memory leak in the kernel process group manipulation code.
840: <li>Some man page cleanups.
1.143 deraadt 841: <li>add <strong>-t</strong> option to disklabel(8).
842: <li>Fix a mget prompting error in ftp(1).
843: <li>Update to ncurses 4.1.
844: <li>Work around stupid linux emulation behaviour involving non-blocking
845: connect(2).
1.144 niklas 846: <li>Massive performance optimization of the ccd device (RAID-like striping
847: disk driver).
1.145 deraadt 848: <li>Fix arp(8) ethernet address parsing for the illegal cases.
849: <li>Fix <strong>-amin</strong> option in find(1).
850: <li>Moving towards KTH kerberos 4-0.9.7.
851: <li>Fix /etc/rc scripts to require IPF if NAT is requested.
852: <li>Add asprintf(3) and vasprintf(3).
853: <li>Add hosts.equiv(3) and .rhosts(3) man page.
1.148 deraadt 854: <li>Import perl 5.004_04.
855: <li>Add some more XPG4.2 *_t types.
856: <li>Fix SunOS emulation of TIOCGPGRP.
857: <li>Newer ncr device driver.
1.185 deraadt 858: <li><font color=#e00000>On the i386, handle the nasty problem with
859: distinguishing SVR4 and Linux binaries.
860: <a href=errata.html#i386>A patch is available for 2.2</a></font>.
1.149 millert 861: <li>Update to ncurses-4.1-971129
1.151 deraadt 862: <li>Fix a deadlock on cd9660.
863: <li>Fix an overflow in top(1).
864: <li>Prevent ipf/ipnnat configuration changes when securelevel > 1.
865: <li>Fix scsi CDIOCREADSUBCHANNEL.
1.152 deraadt 866: <li>Indicate connect direction for tcp sockets in fstat(1).
867: <li>In linux compat, handle the CDROM ioctl() calls.
1.153 deraadt 868: <li>Flesh out scsi(8) a tiny bit more.
869: <li>Use <strong>cp -R</strong> instead of <strong>cp -r</strong> for local
870: copies in rcp(1).
871: <li>Enhance the performance of pwd_mkdb(8) by expanding the db(3) cache based
872: on input filesize.
873: <li>Add a <strong>kern.nosuidcoredump</strong> sysctl.
874: <li>Fix minor numbers for /dev/ch* in the MAKEDEV scripts.
1.185 deraadt 875: <li><font color=#e00000>A workaround for the Intel P5 F00F lockup problem.
876: <a href=errata.html#i386>A patch is available for 2.2</a></font>.
1.153 deraadt 877: <li>Fix numerous problems with new KTH kerberos.
878: <li>Fix a problem in -current regarding open() of O_TRUNC and O_SHLOCK.
879: <li>Correct an XPG violation in stdlib.h.
880: <li>Handle the cdrom ejecting ioctl in linux emulation.
881: <li>Handle SIOCGIFHWADDR ioctl in linux emulation.
882: <li>Use recursive vnode locks to solve a page-in panic reported by chuck & chuck.
1.157 deraadt 883: <li>Handle nanosleep() in linux emulation.
884: <li>Handle SIOCGIFMETRIC and SIOCGIFMTU in linux emulation.
885: <li>Handle the controlling tty ioctl in linux emulation.
886: <li>Repair a number of retry operation problems in the wdc driver that mostly
887: affected sleeping laptops.
1.185 deraadt 888: <li><font color=#e00000>Fixed a panic problem in the i386 apm driver.
889: <a href=errata.html#i386>A patch is available for 2.2</a></font>.
1.157 deraadt 890: <li>Enable new FreeBSD ppp(8) daemon. There are now two ppp daemons in the
891: source tree, they have quite different feature sets.
892: <li>Do not clear the setuid/setgid file mode bits for a call to
893: {,f,l}chmod(-1, -1).
1.185 deraadt 894: <li><font color=#e00000>Due to timing constraints, mac68k X11 binaries did
895: not make it onto the 2.2 CDROM.
896: <a href=errata.html#mac68k>But it is now available for ftp</a></font>.
1.158 deraadt 897: <li>Addition of Obtuse smtpd(8) and smtpfwd(8) v2.0.
898: <li>In ftpd, default to RFC non-conforming behaviour for the PORT command,
899: but provide a runtime switch for those who like holes.
900: <li>Make route(8) non-setuid.
901: <li>Honour TMPDIR in the locate(8) tools.
1.159 deraadt 902: <li>Update the pkg_* tools a bit.
903: <li>Support IP_HDRINCL in Linux emulation.
904: <li>Fix a kernel bug related to "route change ...".
905: <li>Fix MAKEDEV script regarding /dev/fd/* for some architectures.
906: <li>In numerous programs, avoid fd_set overflows.
907: <li>Fix Linux accept/recvmsg if kernel is compiled with other compat options.
908: <li>Implement fcntl() of F_FREESP in SVR4 emulation. Does this belong
909: in ibcs2 also?
910: <li>Provide workaround for the Cyrix 6x86 COMA bug. (A workaround for 2.2
911: is not available).
1.160 deraadt 912: <li>Change ftp(1) so that tries to use passive mode, and falls back to active
913: mode. Provide environment variables to fall back. This is
914: incredibly cool.
915: <li>Fail better for over-long usernames.
916: <li>Check the values of the ftp PORT command even more carefully.
917: <li>Fix a bug in make(1) regarding SYSV style : substitution on
918: null variables.
1.161 deraadt 919: <li>Support fcntl() GETLK,SETLK,UNLK variants in SunOS emulation.
920: <li>If mountd(8) discovers getfh(2) not supported, it now aborts nicely.
921: <li>The new KTH KerberosIV integration (and security audit) is almost
922: complete.
1.162 deraadt 923: <li>IBCS2 emulation also requires fcntl() F_FREESP support.
924: <li>Handle DST changeovers automatically in cron.
925: <li>lockf() implimentation.
926: <li>Correct exit code of nohup(1).
927: <li>Swap quit and exit commands in fdisk.
1.163 deraadt 928: <li>Add sysctl ddb.panic_ddb; indicates whether to drop into ddb on a panic.
929: <li>Correct an splx botch in the tunnel driver.
930: <li>Fix some gzip buf oflows.
931: <li>Make mmap() return void * instead of caddr_t, and add the MAP_FAILED
932: define required by new standards.
933: <li>Make {f,}chflags(.., -1) return error EINVAL.
934: <li>Make md5(1), rmd160(1), and sha1(1) use getopt().
1.164 deraadt 935: <li>Some slight changes to the PCI device subsystem to make it probe
936: devices nicer (mostly dmesg printing).
937: <li>Some more manpage cleanups.
938: <li>Workaround a problem that happens if a TCP socket is shutdown(2)'d more
939: than once.
940: <li>Some fixes to fdisk(8) and disklabel(8).
941: <li>Add sysctl net.inet.icmp.bmcastecho to block the smurf problem.
1.165 deraadt 942: <li>Make sure it is clear that so_linger is in seconds.
943: <li>New rc.conf(7) manpage.
944: <li>Fix some problems regaring transfer of secure yp maps.
945: <li>Permit extra / terminators in some path-based system calls.
946: <li>Do not permit dumping corefiles over symbolic links. (We have wanted
947: this changed for a long time, but it required Lite2 vfs).
948: <li>Fix a output error in finger(1).
949: <li>Fix a vnode creation race.
950: <li>For scsi tape drives, be silent in the presence of ILI errors.
1.166 provos 951: <li>Support for FAT32 partitions.
1.167 deraadt 952: <li>Support all kinds of keyboards in pcvt, like pccons does.
953: <li>In disklabel(8), make IDE drive type handling more obvious and
954: intuitive.
955: <li>Bring gethostent() back to life, even though it is a bad interface.
956: <li>Merge some slight standardization fixes for *printf(3) from
957: FreeBSD (some unlikely cases get handled better).
958: <li>sudo version 1.5.4.
959: <li>Make pkg_install(1) feed a -p option to tar.
960: <li>In w(1), handle processes that set argv[0] to NULL, by printing p_pcomm.
961: <li>ncurses 4.1-980103
962: <li>Handle unparseable ulimit specifications as an error, not as the value 0.
963: <li>pppd 2.3.3
1.168 deraadt 964: <li>Support <strong>-h host</strong> flag to ypwhich(1).
965: <li>Use new ypwhich(1) flag in ypinit(8) script to get maps from the real
966: master server.
1.169 millert 967: <li>Import of tzcode1998b and tzdata1998b.
1.170 millert 968: <li>Properly ignore whitespace between a conversion and %n in *scanf(3).
969: <li>Groff 1.11a
1.171 deraadt 970: <li>Properly error out if yp_match() or yp_first() is asked to lookup
971: long keys.
972: <li>Start at bus_dma support.
973: <li>Much more complete KerberosIV documentation.
1.172 deraadt 974: <li>Repaired the expansion of the kernel panic string.
975: <li>If tar(1) extracts as root, preserve uid/gid as is traditional.
976: <li>Fix argument handling in expand(1).
977: <li>In termcap databases, map the keyboard backspace key to DEL
978: instead of BS as that is how it really is.
1.173 deraadt 979: <li>Fix select(2) use in sudo(8) so that it can handle large fd_set sizes.
980: <li>More cdrom ioctl's in Linux emulation.
981: <li>Fix a race in mkdir(1).
982: <li>IPF 3.2.3
983: <li>On binutils platforms, make ldd(1) work on static executables.
984: <li>Add <strong>-a</strong> flag to which(1).
985: <li>Check both old and new shells in rpc.yppasswdd(8).
986: <li>Cleanups in wump(6).
987: <li>Glob extensions for XPG4.
988: <li>Require commands started from in /etc/rc to be executable -- not just
989: readable.
990: <li>In rc.local, bail on starting cfsd(8) if mountd(8) is not running.
991: <li>Self-extending kernel maps in the vm subsystem.
992: <li>Low-memory bug fix in setenv(3).
1.174 deraadt 993: <li>Some man page fixes so that <strong>man -k</strong> is happier.
994: <li>Workaround a race condition in syslogd's handling of SIGHUP.
995: <li>Teach the kernel about newer PCI device types.
996: <li>Be more careful about sourcerouted packets, including never forwarding
997: them.
1.185 deraadt 998: <li><font color=#e00000>Two bugs existed in the the 2.2 pmax release which all users
1.176 deraadt 999: should be aware of.
1.185 deraadt 1000: <a href=errata.html#pmax>Patches are now available</a></font>.
1.174 deraadt 1001: <li>Fix the __{CTOR,DTOR}_LIST__ declarations in c++rt0.c
1002: <li>Avoid DNS lookup timing effects in ping -R.
1.185 deraadt 1003: <li><font color=#e00000>Buffer overflow fix in the MIPS ld.so. Replacement
1004: binaries for the <a href=errata.html#pmax>pmax</a> and
1005: <a href=errata.html#arc>arc</a> platforms are available</font>.
1.174 deraadt 1006: <li>Add strptime(3).
1007: <li>Add scan_ffs(8), a very useful tool for reconstructing disks.
1008: <li>Create two new sysctl options: <strong>ddb.panic</strong> decides
1009: whether the kernel should enter ddb when it panics, and
1010: <strong>ddb.console</strong> controls if it is possible to enter
1011: ddb from the console via a hot-key.
1012: <li>Fix a free page count bug in the vm system.
1013: <li>Add <strong>/etc/sysctl.conf</strong> which specifies sysctl variables
1014: to change at boottime.
1015: <li>Add <strong>FS_CCD</strong> partition type so that the ccd driver can
1016: ensure it has the right components.
1.185 deraadt 1017: <li><font color=#e00000>In the 2.2 release, the sparc scsi driver caused problems
1018: for the Sun 4/300 machines.
1019: <a href=errata.html#sparc>Patches are now available</a></font>.
1.177 deraadt 1020: <li>Fix /etc/yp/domainname support in ypbind(8).
1021: <li>Fix some bugs in vacation(1).
1022: <li>Emulate that disgusting linux connect() braindamage even better.
1.178 deraadt 1023: <li>smtpd(8) integration spiffied up. Everything you need is now in the
1024: system.
1025: <li>A start at full lint library support.
1.179 deraadt 1026: <li>Fix rarpd(8) to work properly in the presence of massive routing traffic.
1027: <li>New compat_ibcs2(8) manpage.
1028: <li>The web pages now have a new section on <a href=advisories>
1029: security advisories</a>.
1030: <li>Make MIPS ldconfig emulate the <strong>-m</strong> flag better.
1.181 deraadt 1031: <li>Permit restore(8) to work on a filesystem that has a basic blocksize
1032: smaller than the blocksize of the filesystem that was dumped.
1033: <li>New <strong>-a logdev</strong> argument for syslogd(8), useful for
1034: setting up additional /dev/log devices in various chroot spaces.
1035: <li>raise IPPORT_USERRESERVED significantly. Random port numbers will now
1036: look much more random than they did before.
1.185 deraadt 1037: <li><font color=#e00000>Make ruserok() significantly more paranoid when
1038: parsing the .rhosts file. This along with another issue is a
1039: security problem in OpenBSD 2.2, and is <a href=errata.html#ruserok>
1040: described and fixed with a patch</a></font>.
1.182 deraadt 1041: <li>In compress(1), if the st_flags is 0, do not attempt a chflags(2) call.
1042: <li>Make stty(1) recognize STRIPDISC.
1043: <li>Fix a map corruption bug in ypxfr(8).
1.185 deraadt 1044: <li><font color=#e00000>In the sparc 2.2 release, the SS4/SS5 kernel was not
1045: very reliable. <a href=errata.html#sparciommu>A simple reliability
1046: patch is now available</a></font>.
1.182 deraadt 1047: <li>Place seperate so_ruid and so_euid fields in struct socket, so that
1048: in_pcb.c can still do it's job, but also so that identd(8) can
1049: be fast and return the proper uid.
1.187 deraadt 1050: <li>If <strong>link0<strong> is set on a loopback interface (ie. lo1) make
1051: the address/netmask sets on it make supernets instead of subnets.
1052: <li>Various fixes to some of the games, ie. rain, worms, wump.
1053: <li>Fixed "%c" in strftime(3).
1054: <li>Support the WINBOND pci ethernet cards.
1.188 ! deraadt 1055: <li>Make lpd(8) use keepalives so that it can detect dead network printers.
! 1056: <li><font color=#e00000>The mac68k 2.2 CD release had a few problems.
! 1057: These problems have been resolved in the FTP release.
! 1058: <a href=errata.html#mac68k>For more details...</a></font>
! 1059: <li>Fix another signal handler bug in mail(1).
1.125 deraadt 1060: </ul>
1061:
1.186 deraadt 1062: <a name=end>
1.17 deraadt 1063: <p>
1.156 deraadt 1064: <h3><font color=#0000e0>Development is rapidly continuing...</font></h3>
1.17 deraadt 1065: <p>
1.14 deraadt 1066:
1.95 deraadt 1067: This list mentions mostly platform-independent changes. For a list of changes
1068: made in a particular platform, please check the page for that platform. If you
1069: find them not listed there, the changes are either (1) not being documented or
1070: (2) are documented here.<br><br>
1.14 deraadt 1071:
1072: <hr>
1073: <a href="index.html"><img src=back.gif border=0 alt=OpenBSD></a>
1074: <a href=mailto:www@openbsd.org>www@openbsd.org</a>
1.188 ! deraadt 1075: <br><small>$OpenBSD: plus.html,v 1.187 1998/02/15 07:19:05 deraadt Exp $</small>
1.14 deraadt 1076:
1077: </body>
1078: </html>