Annotation of www/plus.html, Revision 1.205
1.14 deraadt 1: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML Strict//EN">
2: <html>
3: <head>
4: <title>OpenBSD changes</title>
5: <link rev=made href=mailto:www@openbsd.org>
6: <meta name="resource-type" content="document">
7: <meta name="description" content="the main OpenBSD page">
8: <meta name="keywords" content="openbsd,main">
9: <meta name="distribution" content="global">
1.59 deraadt 10: <meta name="copyright" content="This document copyright 1996 by OpenBSD.">
1.14 deraadt 11: </head>
12:
1.64 downsj 13: <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E">
1.14 deraadt 14:
1.64 downsj 15: <img alt="[OpenBSD]" SRC="images/smalltitle.gif">
16:
17: <p>
1.186 deraadt 18: <h2>Changes made between OpenBSD versions.</h2>
1.14 deraadt 19:
20: <p>
1.180 deraadt 21: The OpenBSD project was spawned from NetBSD (a member of the 4.4BSD
1.195 deraadt 22: family) in the summer of 1996 and is now developed completely
23: separately. As well as developments by our development group, good
24: changes from the other free operating systems are evaluated and merged
25: into OpenBSD. We track bug reports and source tree changes from the
26: NetBSD and FreeBSD projects fairly closely. Even pieces of code from
27: the Linux projects have been used.
1.14 deraadt 28:
29: <p>
1.29 deraadt 30: In the early days of OpenBSD, it was possible to be able to say
1.180 deraadt 31: "OpenBSD is NetBSD PLUS MORE STUFF". Now, after the substantial work
32: the group members have done, OpenBSD is very much is it's own thing.
33: Too much stuff has been added and fixed to easily compare it to
34: something else. OpenBSD is OpenBSD.
1.29 deraadt 35:
36: <p>
37: This is a partial list of the major machine independent changes
38: (ie. these are the changes people ask about most often). Port
39: specific changes have also been made, and are sometimes mentioned
40: in the pages for the specific <a href=plat.html>ports</a> if you
41: are interested in for further port-specific details. Many ports
42: have had architecture-specific enhancements relative to NetBSD,
43: but when they do not they certainly have plenty of platform-independent
44: changes, starting with those listed below..
1.14 deraadt 45:
1.17 deraadt 46: <p>
1.185 deraadt 47: Note: <font color=#e00000>Problems for which patches exist are marked in red</font>.
48:
49: <p>
1.186 deraadt 50: <h3>
51: <a href=#22>To go straight to the changes since OpenBSD 2.2, click here</a>.
52: <br>
53: <a href=#end>To go straight to the end of the list, click here</a>.
54: </h3>
55:
56: <hr>
57: <p>
1.156 deraadt 58: <h3><font color=#0000e0>Life for the OpenBSD project begins...</font></h3>
1.17 deraadt 59: <p>
1.14 deraadt 60: <ul>
61: <li>Many many NetBSD PR's fixed (which NetBSD has not yet fixed)
62: <li>New curses library, including libform, libpanel and libmenu.
63: <li>a termlib library which understands termcap.db, needed for new curses.
64: <li>The FreeBSD ports subsystem was integrated and is usable by you!
1.35 kstailey 65: <li>ipfilter for filtering dangerous packets and Network Address Translation
66: for IP masquerading.
1.14 deraadt 67: <li>better ELF support
68: <li>nlist() that understands ELF, ECOFF, and a.out, allowing non-a.out ports
69: to use kvm utilies
70: <li>Verbatim integration of the GNU tools (using a wrapper Makefile)
71: <li>All the pieces needed for cross compilation are in the source tree.
72: <li>Some LKM support in the tree.
73: <li>ATAPI support (should work on all ISA busses)
74: <li>new scsi, md5, pkg_* commands
75: <li>Numerous security related fixes
76: <li>Kerberos and other crypto in the source tree that is exportable
77: <li>Solid YP master, server, and client capabilities.
78: <li>/dev/*random -- a device driver providing some kinds of random data
79: <li>In-kernel update(8) with an adaptive algorithm
80: <li>Some ddb improvements and extensions
81: <li>Numerous scsi fixes
82: <li>ncheck utility for ffs
83: <li>/sbin/init now deals with non-existant ttys, no longer spins gettys madly.
84: <li>new system calls: rfork(), minherit(), poll().
85: <li>select() that can handle any amount of file descriptors.
86: <li>kernfs extensions
87: <li>ATM support (support for one company's sparc & i386 cards available)
88: <li>Boot kernels with "-c" to edit/enable/disable device configuration tables
89: <li>pax as tar, gnutar is toast
90: <li>using AT&T awk, gawk is toast
91: <li>Even more security fixes.
92: <li>Accepts FreeBSD MD5 passwords in password maps, soon will be able to
93: generate them too
94: <li>Linux ext2fs and BSD4.4 LFS support being worked on.
95: <li>Working ATAPI audio support for multiple architectures.
96: <li>terminfo database support.
97: <li>Fortran in the tree.
98: <li>The most secure rdist support anywhere.
99: <li>randomized port allocation in bind(), bindresvport(), and rresvport() --
100: security via unpredictability.
101: <li>Protection from the udp spamming and ftp bounce attacks.
102: <li>Significantly improved ftp daemon.
1.140 gene 103: <li>Numerous more security policy and implementation improvements (OpenBSD
1.14 deraadt 104: defaults to installing in a very secure mode)
105: <li>zlib (non-GPL'd gzip-compatible library)
106: <li>Newest version of pppd.
107: <li>_POSIX_SAVED_IDS behaviour with permitted BSD extensions.
108: <li>Fixed long-standing vm swap-leak.
109: <li>FreeBSD malloc() that uses mmap() and is able to free unused memory.
110: <li>Numerous FreeBSD userland fixes and improvements incorporated.
111: <li>new rdisc Router Discovery daemon
112: <li>generic protection against the bind() takeover problem.
113: <li>at -f security fix.
114: <li>20 or so more security fixes
115: <li>install now supports -C, -p, and -S flags.
116: <li>a real adduser program, which can even be used uninteractively.
117: <li>POSIX & C2 requirement; lose setuid/setgid bits if owner/group changed
118: by chown(). This can be turned off with sysctl.
119: <li>partial protection against tcp SYN attacks.
120: <li>added /etc/fbtab support to login & init.
121: <li>RCS version 5.7
122: <li>much newer join command (4.4lite2 with other fixes)
123: <li>scsi subsystem security fix
124: <li>Kerberos is much more silent if not configured
125: <li>arc4-based random support in kernel
126: <li>ncr53cXXX scsi scripts assembler
127: <li>Numerous ftpd improvements and fixes, including multihomed and skey support.
128: <li>`lsof'-style features in fstat.
129: <li>rudimentary support for ISA Plug-and-Play cards
130: <li>Fixed timeout support in RPC library, and also fixed it to support more
131: than FD_SETSIZE file descriptors.
132: <li>improved locate command
133: <li>a good start at NETIPX support
134: <li>vim version 4.5
135: <li>gcc 2.7.2.1 (to get closer to native alpha support ar gcc
136: bugs).
137: <li>latest version of perl, and a lndir command.
138: <li>Even more security fixes.
139: <li>cdio command for using CD audio.
1.40 gvf 140: <li>Kernel warns if /dev/console does not exist; nice warning for booting with
141: an unpopulated /dev directory.
1.41 deraadt 142: <li>libgnumalloc is gone; our malloc() is better.
1.14 deraadt 143: <li>FreeBSD pipe() system call; quite a bit faster.
144: <li>Some serial driver support for /dev/cuaXX devices to support transparent
145: out+dial
1.40 gvf 146: <li>DDB can now access symbol tables from LKM modules
1.14 deraadt 147: <li>Say goodbye to dump, restore, and mt security holes: They are no longer
148: setuid.
149: <li>*Hobbit*'s netcat utility. The crackers use it, so should you.
150: <li>New routed from SGI.
151: <li>Complete in-tree development for MIPS/Alpha systems (ie. binutils).
152: <li>ftp command modified for easily scripted ftp & http downloads.
153: <li>And of course... more security related bugfixes... (ie. dump,
154: restore, mt).
155: <li>vim is replacing nvi, since nvi does not have a pure BSD license, and vim
156: also works better.
157: <li>16 partitions working on sparc and i386 (yipee!)
158: <li>Nice sample files in /etc
159: <li>sendmail gecos hole fixed (in a number of ways; other programs in the
160: source tree were also vulnerable.)
161: <li>secure multicast tools against possible security problems.
162: <li>latest GNU groff, incorporated in a clean wrapperized form.
163: <li>mopd for networking booting Digital machines
164: <li>less version 2.90
165: <li>deal with the SYN bomb problem (denial of service attack) as well known.
166: <li>Another kerberos security fix.
167: <li>Almost a hundred more security fixes, including /tmp races because of strncpy.
168: <li>Compile time option to compile the source tree almost completely dynamic.
169: <li>A 7% reduction in size of static binaries.
170: <li>FreeBSD's adduser(8) command. Also an rmuser(8) command.
171: <li>We have completed security reviews of almost all userland programs and
172: libraries except for the gnu stuff (where, based on preliminary
173: inspection there is poor handling of temp files).
174: <li>Working Linux ext2fs.
175: <li>Added sudo (which is maintained by one of our developers)
176: <li>CTM is now a supported way of obtaining OpenBSD source code.
1.17 deraadt 177: </ul>
178: <p>
1.156 deraadt 179: <h3><font color=#0000e0>OpenBSD 2.0 released.</font></h3>
1.17 deraadt 180: <p>
1.15 deraadt 181: <ul>
1.14 deraadt 182: <li>The NIST Posix test suite became free. As a result we have been correcting
183: numerous problems in the source tree, and expect to be completely
184: POSIX compliant very soon.
185: <li>upgrade to CVS version 1.9.
186: <li>A number of security fixes to the way coredumping works.
187: <li>The /dev/*random devices are now default on all architectures.
188: <li>Add stack tracebacks to Arc port's kernel debugger.
189: <li>Skey revamped into full OTP (RFC1938) support, including sha1 and
190: md5 support.
191: <li>GPL i387 emulator added.
192: <li>Crank kvm space on the i386 port, also limit buffer cache useage
193: so that 512MB machines may work (untested :-)
194: <li>Numerous fixes to the lpr suite, including security.
195: <li>More ftpd raging paranoia security fixes.
196: <li>The NIST suite showed numerous errors in libraries and the kernel.
197: Only a few small errors remain now, mostly regarding serial
198: ports.
199: <li>In numerous utilities: prefer $LOGNAME, but also accept $USER.
200: <li>OLF binary type added. This is like ELF, but includes an OS-dependent
201: tag. elf2olf(1) converts an elf binary to a tagged OLF binary which
202: the kernel can recognize correctly.
203: <li>Beware $HOME overflows throughout the source tree.
204: <li>Integration of the pmax port.
205: <li>Import of ctm.
206: <li>Various repairs to the scsi scanner support.
207: <li>Numerous more difficult-to-exploit-but-possible-if-someone-really-wanted-to
208: buffer overflows found in system utilities..
209: <li>Memory leak paranoia in cron.
210: <li>Make login get more consistantly upset about failed logins, and tell user
1.147 todd 211: about these failures at the next successful login.
1.14 deraadt 212: <li>pdksh version is now 5.2.11
213: <li>New bsd.*.mk feature: DEBUG=-g. Try it, you'll like it.
214: <li>The Arc port family has a new member: The rPC44 works!
215: <li>lpt driver is now bus-independent.
216: <li>com driver is now bus-independent.
217: <li>Numerous small security fixes again...
218: <li>Use pdksh as our /bin/sh. This provides excellent POSIX compliance.
219: <li>Prevent generic users from mounting filesystems by default.
220: <li>Added -C option to pax/tar. Also made -z support compressed files too.
221: <li>Increased compatibility in the pccons driver with BSDi features.
222: <li>Imported FreeBSD's calendar.
223: <li>GNU gdb works on the mips-based platforms.
224: <li>Add FreeBSD md5 diffs to mtree(8). This can be used to implement a
225: tripwire-like system.
226: <li>Some YP and bootparamd security changes.
227: <li>Hundreds of little fixes all over the place.
228: <li>Multiple updates for GNU software
229: <li>Add disklabels to the floppy device drivers.
230: <li>At boottime, have (*mountroot)() look at the root device's disklabel
231: to determine which filesystem type is to be mounted.
232: <li>If disklabel reading code discovers an ISOFS filesystem underlying,
233: spoof a nice disklabel (enough to fool mountroot).
234: <li>tcpdump 3.3
235: <li>Fix information gathering attack in ping(8).
1.147 todd 236: <li>Add NetBSD's "route show" implementation, and at the same time fix
1.14 deraadt 237: the new buffer overflows that this provided.
238: <li>Fix a few setgroups() related security holes.
239: <li>sendmail 8.8.4
240: <li>texinfo 3.9
241: <li>f77 0.5.19
242: <li>Repair some more KerberosIV buffer overflows. Hard to believe this is
243: supposed to be security software.
244: <li>Add XCASE/IUCLC/OLCUC/OCRNL/ONOCR/ONLRET tty subsystem flags for
245: backwards compatibility.
246: <li>Permit NFS attribute cache to be configured on a per-mount basis.
247: <li>Properly split fsck, mount, and newfs into multiple pieces. Use
248: disklabel information if it is available.
249: <li>Add disklabels to the vnd device driver.
250: <li>Change the games to be run setgid games, not setuid games. This closes
251: a whole slew of fascinating security holes.
252: <li>Import of the powerpc port.
253: <li>Properly use _POSIX_SAVED_IDS throughout the source tree.
254: <li>Permit building of kernels without a.out support.
255: <li>ppp 2.3b3
256: <li>libcrypt goes away. We do not need this stub library anymore. Do not link
257: against it on OpenBSD, all the pieces you need are in libc.
1.18 deraadt 258: <li>new aucat command.
259: <li>Fix a fairly nasty security hole in all of the games.
1.20 downsj 260: <li>Support for the <a href="hp300.html">hp300</a> added.
261: <li>Upgrade of awk(1), integration of BSD tsort(1), getopt fixes.
262: <li>Sendmail upgraded to version 8.8.5.
1.21 downsj 263: <li>Added lchown(2) for compatibility with SVR4 implementations.
1.23 deraadt 264: <li>New gnu cpio 2.4.2
265: <li>Support lchown(2) in dump(8), cp(1), pax(1), cpio(1), chown(8), and
266: restore(8).
267: <li>No buffer lengths in fmt(1).
268: <li>various adjtime() corrections inside the kernel.
269: <li>Prevent stat() from disclosing inode generation numbers to non-root userland.
270: <li>pax in tar mode will understand multiple -v options to generate ls-like output.
271: <li>Repair many uses of the SIOCGIFCONF code for machines with an outrageous
272: number of network interfaces.
1.22 deraadt 273: <li>More kerberosIV security patches.
274: <li>A working fsirand.
1.56 deraadt 275: <li>Completely in-tree <a href="powerpc.html">PowerPC</a> port for non-Apple
1.28 deraadt 276: hardware. This port requires nothing outside the in-tree development
277: environment to build (except mkisofs for building distributions).
278: <li>Some ypbind(8) tightening up, includes a method to specify a list of
279: valid servers
1.25 niklas 280: <li>Bug fixed that prevented bufpages/nbuf > 1 setups. This allows large
281: buffer caches even when available kvm space is low, like for i386
282: & sparc.
1.26 deraadt 283: <li>Changed netinet IP_HDRINCL option to require ip_len and ip_off in network
284: byte order. This is a compatibility/portability fix and we expect
285: other BSD systems to eventually follow suit.
286: <li>amd (the automounter) is now 64-bit and working on the alpha.
287: <li>The <a href="alpha.html">Alpha</a> port and all it's utilities now compiles
288: using in-tree versions of all tools. Yipee!
1.34 deraadt 289: <li>A SA_SIGINFO implementation for sigaction() and signal handlers. This is a
290: small part of POSIX 1003.1b and permits the signal handler to figure
291: out the exact cause of a signal; such as fault address information
292: for SIGSEGV or more detailed information for SIGFPE.
1.31 downsj 293: <li>config.old(8) has been removed from the tree, as the <a href="hp300.html">
294: hp300</a> port switches to config(8).
1.32 deraadt 295: <li>/sbin/dump -a saves you from needing to deal with finicky tape length
296: options (from FreeBSD)
1.34 deraadt 297: <li>Added RFC-1812 ICMP unreachable codes to ip_icmp.h, traceroute, and ping.
1.36 deraadt 298: <li>Be more careful if some fool decides to enable source routing ;-)
299: <li>Support for gzip'd kernels in some bootblocks.
300: <li>New wgrisc port for Willowglen embedded r3081-based machine with ISA slots.
301: <li>Add cdev and partition support to the ramdisk driver.
302: <li>Merge new ftp(1) changes from NetBSD.
1.37 deraadt 303: <li>Change mktemp(3) and family to generate more random filenames, yet still
304: as collision free as possible.
305: <li>Have libc/rpc save you from yourself if you do enable source routing.
1.38 downsj 306: <li>The <a href="hp300.html">hp300</a> joins many other ports in supporting
307: 16 disk partitions.
1.55 kstailey 308: <li>IPF 3.1.7 which includes fully working NAT support (ie. IP masquerading).
1.39 deraadt 309: <li>Use lots more XXXX characters in calls to the few remaining mktemp() calls
310: in the source tree. This cuts out a whole class of races.
311: <li>Improved NFS filehandle creation.
1.42 deraadt 312: <li>Make dd(1) work fine with our 64-bit off_t types, now you can copy very
313: large disks using it.
314: <li>add RPC service name generation to netstat -a
1.43 deraadt 315: <li>Fix pax & tar to be POSIX compliant.
1.42 deraadt 316: <li>Fix a few netinet kernel crash problems.
317: <li>Fix so that stack limits which are not a multiple of the pagesize work.
318: <li>fix some more memory and file descriptor leaks in libc/rpc
1.43 deraadt 319: <li>New scalable BLOWFISH-based crypt algorithm for passwd file entries. It
320: uses a very large strong-random `salt' and the number of rotor
321: runs is configurable. Hence if you have faster machines you can
322: slow the crypt routine down and make harder keys.
323: <li>Add support for /etc/passwd.conf which controls the format and strength
324: of passwd entries for the next time a user changes their password.
325: These options can be set per-user.
1.44 deraadt 326: <li>Working kadmind for kerberosIV.
327: <li>IPSEC package from John Ioannidis and Angelos D. Keromytis.
328: <li>cvs 1.9.2
329: <li>Fix weak symbol support in ld.
330: <li>libg++ pulls in libcurses automatically.
331: <li>Replace which(1) with a C program.
1.45 millert 332: <li>newfs(8) now has an inline fsirand(8) with no noticable speed decrease.
333: <li>settimeofday(2) won't roll back the date if securelevel > 0 (from lite2).
1.46 kstailey 334: <li>deroff(1) 1.0 from Debian (a Linux).
1.47 downsj 335: <li>BIND 4.9.5-P1.
1.48 deraadt 336: <li>Add support for FreeBSD md5 to /etc/passwd.conf.
337: <li>Import of the mvme88k kernel port.
338: <li>Import of libwrap and tcpd (tcp wrappers).
339: <li>Numerous improvements to pax, including full support for cpio and
340: a lot of fixes to tar mode.
341: <li>Let fsck and fsirand automatically work on very large filesystems.
342: <li>Various fixes to the fsck tools.
343: <li>ipsecadm as an initial cut at controlling IPSEC sessions.
344: <li>Fix pcmcia on the i386.
345: <li>Merged changes from at 2.9 into our own at.
346: <li>pccon(1) to control the pccons driver.
347: <li>Bye bye tahoe bits.
348: <li>noaccesstime option for filesystems (saves batteries on laptops)
349: <li>Substantial changes and fixes to the scsi scanner support.
350: <li>Support for "secure" YP password maps.
351: <li>Various atm fixes.
352: <li>The NE2000 if_ed driver now works on the alpha, too.
353: <li>ddb improvements for 64 bit machines.
354: <li>Fixes to fts(3).
355: <li>A few ypbind fixes.
356: <li>sysctl kern.osrevision gives OpenBSD date.
357: <li>gcc no longer defines -D__NetBSD__, only -D__OpenBSD__ now!
1.147 todd 358: <li>Implement NOFILE_MAX--hard limit on max descriptors per process.
1.48 deraadt 359: <li>Be more careful about modes of lost+found directories.
360: <li>New termcap and terminfo database files.
361: <li>Change mail.local -H behaviour slightly, and convince mail(1) to use it
362: for correct locking!
363: <li>64 bit clean in.rarpd.
364: <li>cvs 1.9.6
1.49 millert 365: <li>16 partition support for the alpha port.
1.50 deraadt 366: <li>Add ./.message support to ftpd
367: <li>Numerous more pax/tar fixes.
368: <li>Add md5 & blowfish passwd support to adduser(8).
369: <li>Add support for YP v1 to ypserv.
370: <li>Fixed some more mktemp races (sigh, will this ever end!)
371: <li>More buffer overflows, but none in sensitive programs.
372: <li>getnetent() and friends now work a lot more like gethostent().
373: <li>Use 10 X characters in many remaining mktemp() calls which are
374: hard to excise.
375: <li>Solve a few resolver problems after the recent 4.9.5-P1 integration,
376: not all our fault.
377: <li>Fix patch to honour Index lines better.
378: <li>A whole bunch of 64 bit fixes in the source tree (hint: alpha).
379: <li>Once again, really correct the various source routing pieces of the
380: userland source tree.
381: <li>Make real i386 cpu's work again. In case noone noticed, they didn't
382: work for about 5 months. The bug was very hard to find...
383: <li>For config(8), if any kernel options get added/deleted/changed since
384: the previous commit, warn that the compile tree needs 'make clean'.
385: <li>Use in_addr_t and in_port_t all over the place.
386: <li>Correct DEV_BSIZE and lp->d_secsize confusion throughout the source
387: tree. CD9660 is much happier now.
388: <li>Fix AFS string-to-key handling in kerberos.
1.51 kstailey 389: <li>NAT now gets started from /etc/netstart.
1.50 deraadt 390: <li>Various man page fixes.
391: <li>For the first time ever, an obj@ populated /usr/src tree compiles cleanly
392: when mounted read-only.
1.54 kstailey 393: <li>The df(1) utility now has a human-readable "-h" option.
1.53 deraadt 394: <li>Always skip the first 8KB of all swap partitions (hint: disklabels &
395: bootblocks)
396: <li>Repair some bugs in mail(1), especially regarding signal handling.
397: <li>Support .group entries in /etc/passwd.conf
398: <li>PCI aic7860 scsi support improved.
399: <li>Support /etc/rc.shutdown from halt(8).
400: <li>Support extended partitions in fdisk(8).
401: <li>Various fixes to the YP utilities.
402: <li>Signal handling fix to crontab(1).
1.147 todd 403: <li>Unify naming of architecture names between gcc & binutils.
1.53 deraadt 404: <li>Some more userland 64 bit fixes.
405: <li>Support for PCI NE2000 clones.
406: <li>libpthread works on the m68k.
407: <li>Significantly improved the unpredictability of the DNS packet id's
408: in the resolver and named.
409: <li>newfs_msdos(8) can has enough brains to find the partition size itself.
410: <li>Split rc.local, creating rc.securelevel. (Securelevels look like a worse
411: and worse idea every month).
412: <li>A bit more man page cleanup starting to happen...
1.57 kstailey 413: <li>GNU Groff 1.10 with (improved) Makefile wrapper.
1.58 kstailey 414: <li>sleep(3) and usleep(3) now call nanosleep(2) for significantly less
415: overhead.
1.60 niklas 416: <li>The vnd(4) device has a new safer mode of operation called svnd
417: where you can trust a disk-image right after it's unmounted,
418: i.e. cache-coherency.
1.61 deraadt 419: <li>Repaired install stuff for most architectures significantly, improving
420: ftp/http installs, single bootable install floppies, and in some
421: cases CDROM booting. Most floppies contain vi, too.
422: <li>Support crunch on arc (for bootable installs).
423: <li>Added gzip and cdrom support to the sparc and alpha bootblocks.
424: <li>Fix keyboard and delay timing in i386 bootfloppy bootblocks. Whee!
425: </ul>
426: <p>
1.150 deraadt 427: <a name=2.1release>
1.156 deraadt 428: <h3><font color=#0000e0>OpenBSD 2.1 released (July 2, 1997).</font></h3>
1.61 deraadt 429: <p>
430: <ul>
431: <li>Few quirky changes to the way ISO9660 disklabel spoofing works in
432: some ports.
433: <li>Fix a few more libc functions to generate very large fd_set's properly
434: for select(2).
435: <li>Import newer version of vax port.
1.65 deraadt 436: <li>Newer version of ext2fs that is reliable for read/write operation. This
437: is essentially FULLY OPERATIONAL.
1.61 deraadt 438: <li>Make adduser understand /etc/passwd.conf
439: <li>Support SIGINFO in ping; also add more complete icmp reporting
440: capabilities.
441: <li>New named root.cache from Internic.
442: <li>Lots of man page fixes.
443: <li>Fix more overflows and other bugs in mail(1).
444: <li>tail(1) can now notice if the file been replaced or truncated.
445: <li>getpgid(2) from XPG3(?)
446: <li>In ar(1), truncate uid & gid if too large.
447: <li>Add some more malloc options to malloc(3)
448: <li>tcp wrappers 7.6
449: <li>Fix lots more NetBSD PR's.
1.62 deraadt 450: <li>Few more fixes to pax(1).
451: <li>kill process timers if execve'ing a setuid/setgid executable.
452: <li>fix sendsmg() credential passing on 64 bit machines.
453: <li>Kernel now generates random pid values in fork().
454: <li>A few netinet fixes.
1.63 deraadt 455: <li>Some more security and robustness changes to traceroute and ping.
456: <li>Add <strong>-P proto</strong> support to traceroute.
457: <li>fix SO_SNDTIMEO.
458: <li>add sysctl net.inet.tcp.{keepidle,keepintvl,slowhz}
459: <li>fix disklabel support in vnd/svnd.
460: <li>Ensure TCP RST is within window.
461: <li>Use /etc/namedb/tmp/ to avoid /var/tmp race conditions.
1.147 todd 462: <li>Use dynamic fd_set allocation in more places, particularly setuid
1.63 deraadt 463: programs.
1.65 deraadt 464: <li>tftpd -c flag.
465: <li>document the ddb hangman.
466: <li>Move named tmp files to /etc/named/tmp/ to avoid localhost race
467: attacks.
468: <li>Addition of readlink(1).
469: <li>Implement hex/octal offsets in cmp(1), as documented.
470: <li>Repair many cross-references and other documentation problems in
471: the section 2 and 3 man pages, and also fix a few minor
472: other bugs discovered by analysis of recent changes in
473: FreeBSD's and NetBSD's libc.
474: <li>Add tsearch(3) and friends to libc, as required by XPG3(?).
475: <li>Fixed a few netinet bugs as pointed out by TCP/IP Illustrated
476: Vol.2.
1.66 deraadt 477: <li>Improved performance in /dev/*random.
478: <li>Deal with atapi drives that cannot lock their doors.
479: <li>Fix /tmp races in make(1).
480: <li>Add tsearch(3) to libc.
481: <li>In newfs(8), fix -o and -m to work better.
482: <li>Correct -n behaviour in sort(1).
483: <li>Better support for unmounted filesystems in df(1).
484: <li>add per-interface bindings to inetd(8).
485: <li>Fix some more /tmp races in various programs.
486: <li>Support "-d dir" in rpc.yppasswdd(8).
487: <li>Make ifconfig(8) print full information about the full set of
488: interface aliases.
489: <li>add -insecure flag to ypbind(8) so that it can bind to very old ypserv's.
490: <li>More ipsec changes!
491: <li>Change mount(2) to return EFTYPE for invalid filesystem.
1.147 todd 492: <li>Some NLS improvements, notably some more language catalogs.
1.66 deraadt 493: <li>Add ELOOP error handling to realpath(3).
1.68 deraadt 494: <li>More paranoia in procfs.
1.67 deraadt 495: <li>Slightly improve ftpd log file.
1.69 downsj 496: <li>Added automatic power down framework at halt(8) time, currently only
497: supported on sun4m machines with the <i>power</i> device.
1.70 kstailey 498: <li>IPF 3.1.11 + Darren's patches + 64-bit cleanup.
1.72 deraadt 499: <li>Fix a minor problem in popen().
500: <li>Use O_EXLOCK for passwd locking to avoid a class of localhost denial of
501: service attacks.
502: <li>Clip setsockopt SO_SND*/SO_RCV parameters.
503: <li>Repaired hundreds of long != int problems (in a bunch of programs) that
504: affect the alpha.
505: <li>Y2K enhancement to date(1).
506: <li>Race fix to amd(8).
507: <li>Support IP option handling in IPSEC packets.
508: <li>Import of the gnu multi-precision math library, libgmp. This will be
509: used by an IPSEC key daemon soon.
510: <li>Modify inetd to accept a "hostname,[hostname,...]:" token to added to the
511: front of any line in /etc/inetd.conf. This permits services to be
512: supplied only on certain interfaces.
513: <li>A few more minor netinet problems fixed.
514: <li>Import of cvs-1.9.10.
515: <li>Fix readlink(1).
1.74 deraadt 516: <li>Permit tftpd to provide files over 32K blocks in size.
517: <li>New kprop/kpropd man pages.
518: <li>Make sleep(1) handle fractions of seconds. This is a nice extension.
519: <li>Move libdes out of the kerberos tree so that it can be used by other
520: parts of the system too.
521: <li>Many more 64 bit fixes for the alpha, in about 20 more programs.
522: <li>libedit update with lots of fixes.
1.75 kstailey 523: <li>Fixed all(?) Makefile wrappers for GNU software to not build and install
524: manpages when NOMAN is set.
1.76 deraadt 525: <li>Fixed highscore handling in battlestar(6).
526: <li>Repaired nfs handling in tcpdump.
527: <li>split ifconfig -a into -a/-A: -A prints ifaliases, -a does not.
528: <li>Fix a number of rtld dynamic loading problems.
529: <li>More IPSEC changes. IPSEC is almost fully useable now.
530: <li>Intel EtherExpress Pro/100B PCI driver.
1.77 downsj 531: <li>ATAPI devices may now reside in a kernel without wd (disk) devices.
1.78 deraadt 532: <li>Amended issetugid(2) man page to be quite a bit more clear.
533: <li>Fix ruptime output for machines up > 99 days.
1.79 kstailey 534: <li>Maintain process size stats in forkstat struct for "vmstat -f".
1.80 deraadt 535: <li>make compress(1) do gzip support too.
536: <li>Make ed(1) work properly on a non-tty.
537: <li>Fix passive buffer overflow in rusers.
538: <li>Replace libc sha1 code with another version that is better in some respects.
539: <li>Repair symbolic link handling during coredumps (correctly, this time).
540: <li>Lots more IPSEC improvements.
541: <li>Add sha1 support to md5(1).
542: <li>Add sha1 digest support to mtree(8).
1.147 todd 543: <li>More mail(1) fixes, particularly regarding long lines.
1.81 downsj 544: <li>cua devices, new <strong>MAKEDEV</strong> script in the hp300 port.
545: <li>Updated <a href="http://www.sendmail.org/">Sendmail</a> to 8.8.6.
1.82 deraadt 546: <li>man page cleanups.
547: <li>lpd security fixes.
548: <li>Add rmd160 hash support throughout the source tree.
549: <li>Import of the IPSEC photuris daemon.
550: <li>Add <strong>-d date</strong> support to last(1).
1.147 todd 551: <li>make ctags operate a bit better in the presence of extra spacing.
1.85 deraadt 552: <li>IPSEC Photuris daemon is integrated into the source tree.
1.83 millert 553: <li>mail(1) behaves correctly when interrupted while getting headers from the user.
1.85 deraadt 554: <li>mail(1) supports "inc" command.
1.84 millert 555: <li>S/Key keyfile is now readable only by root. skeyinfo(1) and skeyaudit(1)
556: have been enhanced and rewritten as C programs.
1.85 deraadt 557: <li>Appletalk networking support.
558: <li>permit ftp(1) to download http pages without Content-Length.
559: <li>Some cribbage(6) fixes.
1.90 kstailey 560: <li>All Makefile.bsd-wrapper files can now strip GNU binaries during install (pr 188.)
1.86 deraadt 561: <li>Do not use tempnam(3) in mail(1).
562: <li>make amd(8) use /tmp_mnt by default.
563: <li>Implement IFF_NOARP handling in netinet.
564: <li>Fix pax to not need getcwd(3).
565: <li>Add -T support to last(1).
566: <li>-d flag for shutdown(8).
567: <li>Support lpc(8) "all" keyword option.
568: <li>Support YP map mail.aliases set of maps.
1.123 kstailey 569: <li>Hardcode a list of reserved ports that random port allocation should not
1.86 deraadt 570: reuse.
571: <li>Use sendmail -t instead of other invocation forms inside lots of
572: programs in the source tree.
573: <li>mremap(2) support for Linux emulation.
574: <li>Switch back to nvi; vim has copyright licensing issues.
575: <li>stime(2) support for SunOS emulation.
576: <li>More mail(1) fixes.... It's amazing Todd hasn't broken it.
577: <li>Support -H flag in who(1).
578: <li>Allocate reserved ports for NFS inside the kernel randomly.
579: <li>Man page improvements in many areas.
1.87 deraadt 580: <li>Fix systat manpage.
581: <li>An ugly identd race fixed.
582: <li>More buffer overflow fixes in mail(1).
1.88 deraadt 583: <li>Various fixes and improvements to the 3cXXX ethernet drivers.
584: <li>routed(8) is now disabled by default.
585: <li>Support fpx cards with i82555 PHY.
586: <li>Todd Miller is on a rampage, and making every single buffer inside mail(1)
587: dynamically allocated...
588: <li>Radius support in tcpdump.
1.93 kstailey 589: <li>More fixes to the alpha vga driver. Curses-based programs now work on it.
1.92 kstailey 590: <li>FSF GNU texinfo 3.11.
1.94 deraadt 591: <li>Attempt to cleanup identd. A long road left.
592: <li>Deal nicer with rfork/execve interactions.
593: <li>Make if_tun to prefix address family as a host byte order u_int32_t instead
594: of a u_char, so that bpf can deal with the interface.
1.97 deraadt 595: <li>Fix a kernel bug regarding double m_freem()..
1.96 downsj 596: <li>Sendmail 8.8.7.
1.98 deraadt 597: <li>Fixed getnetbyaddr() 'always tried DNS' resolution problem from 2.1.
598: <li>Cyclades driver fixed. Works on alpha, too.
599: <li>More mdoc pages.
600: <li>save errno in most of the tree's SIGCHLD handlers, just in case.
1.99 deraadt 601: <li>Make 127.0.0.1 assumed OK if /var/yp/securenet is in use.
602: <li>Fix pdksh bugs: closed too many fd's on exec, fix handling of (( )) to be
603: compatible with POSIX sh spec without breaking $((, and explain how
604: IFS works when splitting text after a substitution.
605: <li>Fix another race condition in identd.
606: <li>Work has started to fix the remainder of the signal handlers in the
607: source tree with respect to errno clobbering.
1.100 deraadt 608: <li>Seriously rework the identd daemon even further, to avoid even more
609: input parsing problems and race conditions.
610: <li>Fix a memory leak in grep(1).
611: <li>Fix vacation(1) properly.
612: <li>Make bsd.doc.mk use DOCDIR.
613: <li>Support -n better in pstat(8).
614: <li>Change the bounds_check_with_label() API to handle a cpu_disklabel too.
615: <li>Optional TCP syn cookie support enabled via TCPCOOKIE kernel option.
616: <li>Import ypserv performance.
617: <li>Make bad random allocation ports settable via sysctl(8).
618: <li>Make gzexe(1) use mktemp to avoid races.
619: <li>Fix pcap_inject(3) in libpcap.
620: <li>In mountd(8), handle ext2fs specially, like most exported filesystems.
621: <li>Be even more paranoid (if it can be believed) in mail.local(8).
622: <li>Add top(1) to the source tree. Fix some problems.
623: <li>Fix another procfs security hole.
624: <li>ATAPI quirk for MATSHITA CR-574.
1.114 kstailey 625: <li>Attempt to deal with archive timestamp and filemode problems in texinfo...
1.100 deraadt 626: <li>Put hostname in root crontab mailout subjects.
1.101 deraadt 627: <li>We are starting to pay attention to good things found in the XPG4
628: standard. We hope to never be compliant, because XPG4 goes way
629: too far.
630: <li>More 1003.2 conformance: cal, cksum, sleep, compress, expr, etc.
631: <li>Support simple add/delete operations on ports in the baddynamic masks
632: via sysctl(8)
633: <li>Be more careful about YP groups in getgrouplist().
634: <li>New PCMCIA Wavelan driver.
1.102 millert 635: <li>More user-friendly error messages from mount_* when the filesystem
636: is not in the kernel.
637: <li>Changed realloc(foo,0) semantics to be like malloc(0), not free(foo).
638: <li>Fixed a bug in cp(1) when the -r option is used and the source dir
639: ends in a '/'.
1.103 millert 640: <li>Verbose SCSI warnings are now available and on by default.
641: <li>Added basename(3) and dirname(3) for XPG4. dirname(1) is now trivial.
642: <li>XPG4 compatibility for ps(1) format options.
643: <li>Buffer overflow fixes in tip(1).
644: <li>Fixed err(3)/warn(3) argument usage in the tree.
645: <li>shutdown(8) now gets its own session as it deserves.
646: <li>Fixed a bug where the kernel could lie about how many file descriptors
647: are available and cause a panic.
648: <li>ash is gone gone gone.
649: <li>The group vector could end up with duplicates esp. with YP. Now it won't.
650: <li>Document a64l(3) and l64a(3).
651: <li>basename(1) and dirname(1) no longer give an error for paths starting
652: with '-'.
653: <li>Don't print duplicate fields in ps(1) when called with silly arguments.
1.109 deraadt 654: <li>Few more 64 bit fixes in userland, in some rarely used system tools.
655: <li>Various fixes to battlestar(6).
656: <li>A few fixes to tip(1).
657: <li>In join(1), require compat options start with '-'.
658: <li>In dump(8), do not consider tape changing time in the timing estimates.
659: <li>Correct 'sync' option to dd(1).
1.107 kstailey 660: <li>Lucent Technologies (formerly AT&T) awk version 970821.
1.109 deraadt 661: <li>Handle setgid lossage in tip(1).
662: <li>Fix a crash in systat(8).
663: <li>Further IPSEC enhancement (but still no man pages for it though).
664: <li>In calendar(1), support "-t date" to let you see the calendar for other days.
1.112 kstailey 665: <li>More SysVR4 emulation: sockets, NTP, POSIX time functions, pread(2)/pwrite(2).
1.110 deraadt 666: <li>Kill "union wait" in a few more places.
667: <li>Handle SIGCHLD better in rlogin.
668: <li>Correct some remaining small inetd bugs.
1.111 deraadt 669: <li>Do permission checking at delivery time for pgid's derived from TIOCSPGRP,
670: F_SETOWN, or FIOSETOWN.
671: <li>Some FreeBSD m4(1) fixes.
672: <li>Fix first directory handling in "find -execdir"
1.115 deraadt 673: <li>make glob(3) XPG4.2 compliant, which means use GLOB_ABORT.
1.116 deraadt 674: <li>ppp 2.3.1...
1.115 deraadt 675: <li>Another tip(1) overflow fix.
676: <li>New COMPAT_BSDOS binary compatibility subsystem.
1.113 kstailey 677: <li>Print system call emulation in ps(1) output. Try "ps -axO emul".
1.116 deraadt 678: <li>Update ftp(1) to new NetBSD changes.
679: <li>make mail(1) be permissive about <CR><LF> pairs in mailbox files.
680: <li>Cleaned up verbose scsi error reporting.
681: <li>make bpfread() return ENXIO for uninitialized descriptors.
682: <li>Extend buffer lengths in patch(1).
683: <li>Fix a coredumping problem in tip(1).
684: <li>Preliminary manual pages for the IPSEC utils.
1.117 deraadt 685: <li>Fix a long-standing and minor problem with ld.so on m68k.
686: <li>Ignore trailing spaces on priority in /etc/syslogd.conf.
687: <li>Make ddb not think 'h' means hangman.
688: <li>Some setlogin() and getlogin() fixes in the tree.
689: <li>Fixed small pathname buffer in man(1).
690: <li>Made indent(1) handle unlimited number of -T options.
1.119 deraadt 691: <li>Some fsck_msdos(8) fixes.
692: <li>Make popen(3) safe if vfork(2) does real parent address space borrowing.
693: <li>Always set the SCSI-1 LUN field correctly in all transfers.
1.118 gene 694: <li>Added ex (EtherExpress Pro/10) driver ported from FreeBSD
1.119 deraadt 695: <li>Fix a ksh(1) bug.
696: <li>Permit a longer path buffer in tgetent(3).
697: <li>Some syslogd fixes.
698: <li>Fix SA_* sigaction(2) fields in the OS compat code.
699: <li>Don't error out of MDTM fails.
700: <li>Add sigaction(2) SA_NOCLDWAIT support.
701: <li>Add mkisofs(8).
702: <li>Run calendar -a in the background. (Points to whoever figures out why).
703: <li>Another important disk-full check in pwd_mkdb(8).
1.120 deraadt 704: <li>Fix ftime(3).
705: <li>Fixed various MAKEDEV bugs on lots of architectures.
706: <li>Deal with some possible buffer overflows in sup.
707: <li>Make top(1) work better on very small screens.
708: <li>Fix tar to deal better with one more kind of strange tar file.
709: <li>Shrink most of the install floppies ;-)
1.147 todd 710: <li>Fix a few small problems in rarpd(8).
1.120 deraadt 711: <li>Make ls -d sort directories with files.
1.121 deraadt 712: <li>Do not init pgid in /dev/log's logopen().
713: <li>Fixed a pstat -s related bug in pcvt.
714: <li>Ignore SIGPIPE in inetd(8).
715: <li>In struct sigaction, split sa_handler and the new sa_sigaction function
716: pointers as is being done on newer POSIX systems. This permits proper
717: prototyping of signal handlers.
718: <li>Fix an ifconfig bug related to interfaces that do not exist.
719: <li>Make execle() use alloca() instead of malloc(); to ensure execle() can be
720: safely called in a signal hander.
721: <li>Fix the : and . support in chown so that usernames can have . in them.
722: <li>Fix a network performance problem introduced with IPSEC.
723: <li>Add support for FNM_LEADING_DIR, FNM_CASEFOLD, FNM_IGNORECASE to fnmatch(3).
724: <li>Fix a bug in libform.
725: <li>Add -f option to readlink which does a realpath(3).
726: <li>More IPSEC improvements after the Interop ANX bakeoff.
727: <li>A few pppd fixes.
1.122 kstailey 728: <li>The random(6) tool (game?) now uses arc4random(3).
1.124 deraadt 729: <li>Fix prompting code in pw_edit(3)
730: <li>Ignore bogus hostnames in the /etc/exports file.
731: <li>Make /etc/security handle blowfish-a passwd entries.
732: <li>Rewrite of fdisk(8).
733: <li>Handle a potential crash in the bpf driver.
734: <li>Quirks for two kinds of hitachi dk515 scsi drives and the
735: Cipher ST150S tape drive.
736: <li>Handle creation of /var/tmp/vi.recover more securely.
737: <li>Implementation of the new disklabel -E mode.
738: <li>Support 'q' modifier in kernel vsprintf/kprintf
739: <li>In fmt(1), support backslashed whitespace inside words better.
740: <li>Make disklabel -E always succeed at writing a label. Now you
741: can load a fictitious label, edit it, and write it out.
742: <li>Repair the msdosfs timestamping code so that NT/Win95 do not complain.
743: <li>Another lpd security fix.
744: <li>Some minor tftpd bug fixes.
745: <li>Fix one last little problem case in the fts(3) library routine. This
746: is a very complicated piece of code...
747: <li>Fix a memory leak in libdes.
748: <li>Fix mktemp() to work correctly when specified against non-existant
749: directories.
750: <li>Make ac(8) use the correct timestamp if the user specifies a different
751: wtmp file.
752: <li>Fix a select/read race in identd(8) which would make it spin wildly.
753: <li>Make the ncr scsi driver work on big-endian machines too.
754: <li>Add per-host locking support to supfilesrv.
755: <li>Make clri(8) mark the filesystem dirty.
756: <li>Addition of 'kbus' port for the Solbourne Series5 sparc-based machines.
1.185 deraadt 757: <li><strong>The new afterboot(8) man page. Everyone should look at
758: this</strong>.
1.124 deraadt 759: <li>Prevent open(2) with wrong flag modes.
1.105 deraadt 760: </ul>
1.125 deraadt 761:
1.186 deraadt 762: <a name=22>
1.125 deraadt 763: <p>
1.156 deraadt 764: <h3><font color=#0000e0>OpenBSD 2.2 released (Dec 4, 1997).</font></h3>
1.150 deraadt 765: <p>
766:
767: <p>
1.156 deraadt 768: <h3><font color=#0000e0>Work begins on what will become 2.3....</font></h3>
1.125 deraadt 769: <p>
770:
771: <ul>
772: <li>Add svr4 jioctl() compat interface.
773: <li>Make kdump(1) handle the newer emulations.
774: <li>a buffer underrun in ctags(1).
775: <li>In tftpd(8), permit syslog() to work when running chroot(2)'d.
776: <li>Add blowfish and cast encryption to IPSEC.
777: <li>SIGWINCH handling in systat(1).
778: <li>If a non-existant user logs in and asks for s/key authentication, fake a
779: proper s/key prompt.
780: <li>Make disklabel -E deal with multiple partitions which overlap.
781: <li>Replace kernel printf with Torek's libc printf.
782: <li>Be more careful with getpwent() information inside rcp(1).
783: <li>Handle C++ and other languages in yacc(1) far better.
784: <li>Fix an as(1) parsing bug relating to the .ascii directive.
785: <li>Fix some memory leaks in the RPC code.
786: <li>Document how crypt(3) handles blowfish and MD5 passwords.
787: <li>Truncate large uid and gid values in ranlib(1), in the same way as this
788: is handled in ar(1).
789: <li>Fix rpc.rquotad support if the quotas file resides on another filesystem.
790: <li>makewhatis(8) manpage added.
1.142 deraadt 791: <li>Fixed ps(1) LIM and STAT columns.
1.130 deraadt 792: <li>usleep(3) returns int, and add useconds_t type as required by XPG4.2
793: <li>4.4BSD lite2 vfs integration.
794: <li>Support execution sections in syslog.conf.
1.131 deraadt 795: <li>Start named(8) earlier in /etc/rc.
796: <li>add uu_lock(), uu_unlock() and uu_lockerr() to libutil.
797: <li>sendmail 8.8.8
798: <li>double MAX_KMAPENT and MAX_KMAP
799: <li>Fix tty suspend during <strong>sh -c "less file"</strong>.
800: <li>Add more things to afterboot(8).
801: <li>Correct TCP's handling of RST.
1.132 deraadt 802: <li>Fix EXTPROC in pty code.
803: <li>Update getNAME(8) and fix makewhatis(8) to use it more optimally.
804: <li>Some compat_svr4 fixes.
805: <li>Flesh out compat_freebsd a fair bit more.
806: <li>Some minor fixes for the libc/db/btree code.
807: <li>Add getsid(2) system call as mandated by XPG4.2.
1.133 deraadt 808: <li>Make dumpfs(8) report if soft updates are requested by the superblock.
809: <li>Make "expr a : /" work.
810: <li>Support an "object" keyword in config(8).
811: <li>Support -mmin, -amin, and -cmin in find(1).
1.134 deraadt 812: <li>Fix a ONLCR + FLUSHO situation in tty.c
813: <li>Make msync(2) POSIX compliant.
814: <li>Make the if_de driver support more cards.
1.135 deraadt 815: <li>Clear CLOCAL mode in pppd if modem is set but modem_chat is not.
816: <li>Add inetd(8) <strong>-R rate</strong> flag, and crank default rate to 256.
817: <li>Fix a line continuation bug in sed(1).
1.136 deraadt 818: <li>Change various system calls to take void * instead of caddr_t.
819: <li>Range-check the "how" argument for shutdown(2).
820: <li>Make the <strong>-Ss</strong> flag in rpcgen(1) work right.
1.137 deraadt 821: <li>Add <strong>SHUT_RD</strong>, <strong>SHUT_WR</strong>, and
822: <strong>SHUT_RDWR</strong> values for shutdown(2) as
823: specified by XPG4.2.
824: <li>in chat(8), replace Mini Getopt from hell with real getopt().
825: <li>Minor logging feature changes in fingerd(8).
826: <li>Fix some Y2K problems in the nroff tmac macros.
827: <li>Added mode rangecheck in chmod(2) and fchmod(2).
1.139 deraadt 828: <li>Consider only the 0177777 bits of the umask(2) value, as documented.
1.140 gene 829: <li>Implement FIONBIO in ibcs2 emulation code.
1.139 deraadt 830: <li>Make fstat(2) on AF_UNIX socket return proper st_[acm]time field values.
1.194 deraadt 831: <li><font color=#e00000><strong>make readlink(1) terminate it's buffer correctly.
1.155 deraadt 832: <a href=errata.html#all>This affects CDROM builds so a patch is
1.194 deraadt 833: available for 2.2</a></strong></font>.
1.139 deraadt 834: <li>Clean /var earlier in the /etc/rc script.
835: <li>Fix the internals of open(2) when O_TRUNC and either O_SHLOCK or O_EXLOCK
836: are set. (That was a nasty kernel bug).
1.142 deraadt 837: <li>Fixed bug in 'systat vm' output.
1.141 deraadt 838: <li>Update sudo(8).
839: <li>Import of FreeBSD's ppp(8) program.
840: <li>Fix a memory leak in the kernel process group manipulation code.
841: <li>Some man page cleanups.
1.143 deraadt 842: <li>add <strong>-t</strong> option to disklabel(8).
843: <li>Fix a mget prompting error in ftp(1).
844: <li>Update to ncurses 4.1.
845: <li>Work around stupid linux emulation behaviour involving non-blocking
846: connect(2).
1.144 niklas 847: <li>Massive performance optimization of the ccd device (RAID-like striping
848: disk driver).
1.145 deraadt 849: <li>Fix arp(8) ethernet address parsing for the illegal cases.
850: <li>Fix <strong>-amin</strong> option in find(1).
851: <li>Moving towards KTH kerberos 4-0.9.7.
852: <li>Fix /etc/rc scripts to require IPF if NAT is requested.
853: <li>Add asprintf(3) and vasprintf(3).
854: <li>Add hosts.equiv(3) and .rhosts(3) man page.
1.148 deraadt 855: <li>Import perl 5.004_04.
856: <li>Add some more XPG4.2 *_t types.
857: <li>Fix SunOS emulation of TIOCGPGRP.
858: <li>Newer ncr device driver.
1.194 deraadt 859: <li><font color=#e00000><strong>On the i386, handle the nasty problem with
1.185 deraadt 860: distinguishing SVR4 and Linux binaries.
1.194 deraadt 861: <a href=errata.html#i386>A patch is available for 2.2</a></strong></font>.
1.149 millert 862: <li>Update to ncurses-4.1-971129
1.151 deraadt 863: <li>Fix a deadlock on cd9660.
864: <li>Fix an overflow in top(1).
865: <li>Prevent ipf/ipnnat configuration changes when securelevel > 1.
866: <li>Fix scsi CDIOCREADSUBCHANNEL.
1.152 deraadt 867: <li>Indicate connect direction for tcp sockets in fstat(1).
868: <li>In linux compat, handle the CDROM ioctl() calls.
1.153 deraadt 869: <li>Flesh out scsi(8) a tiny bit more.
870: <li>Use <strong>cp -R</strong> instead of <strong>cp -r</strong> for local
871: copies in rcp(1).
872: <li>Enhance the performance of pwd_mkdb(8) by expanding the db(3) cache based
873: on input filesize.
874: <li>Add a <strong>kern.nosuidcoredump</strong> sysctl.
875: <li>Fix minor numbers for /dev/ch* in the MAKEDEV scripts.
1.194 deraadt 876: <li><font color=#e00000><strong>A workaround for the Intel P5 F00F lockup problem.
877: <a href=errata.html#i386>A patch is available for 2.2</a></strong></font>.
1.153 deraadt 878: <li>Fix numerous problems with new KTH kerberos.
879: <li>Fix a problem in -current regarding open() of O_TRUNC and O_SHLOCK.
880: <li>Correct an XPG violation in stdlib.h.
881: <li>Handle the cdrom ejecting ioctl in linux emulation.
882: <li>Handle SIOCGIFHWADDR ioctl in linux emulation.
883: <li>Use recursive vnode locks to solve a page-in panic reported by chuck & chuck.
1.157 deraadt 884: <li>Handle nanosleep() in linux emulation.
885: <li>Handle SIOCGIFMETRIC and SIOCGIFMTU in linux emulation.
886: <li>Handle the controlling tty ioctl in linux emulation.
887: <li>Repair a number of retry operation problems in the wdc driver that mostly
888: affected sleeping laptops.
1.194 deraadt 889: <li><font color=#e00000><strong>Fixed a panic problem in the i386 apm driver.
890: <a href=errata.html#i386>A patch is available for 2.2</a></strong></font>.
1.157 deraadt 891: <li>Enable new FreeBSD ppp(8) daemon. There are now two ppp daemons in the
892: source tree, they have quite different feature sets.
893: <li>Do not clear the setuid/setgid file mode bits for a call to
894: {,f,l}chmod(-1, -1).
1.194 deraadt 895: <li><font color=#e00000><strong>Due to timing constraints, mac68k X11 binaries did
1.185 deraadt 896: not make it onto the 2.2 CDROM.
1.194 deraadt 897: <a href=errata.html#mac68k>But it is now available for ftp</a></strong></font>.
1.158 deraadt 898: <li>Addition of Obtuse smtpd(8) and smtpfwd(8) v2.0.
899: <li>In ftpd, default to RFC non-conforming behaviour for the PORT command,
900: but provide a runtime switch for those who like holes.
901: <li>Make route(8) non-setuid.
902: <li>Honour TMPDIR in the locate(8) tools.
1.159 deraadt 903: <li>Update the pkg_* tools a bit.
904: <li>Support IP_HDRINCL in Linux emulation.
905: <li>Fix a kernel bug related to "route change ...".
906: <li>Fix MAKEDEV script regarding /dev/fd/* for some architectures.
907: <li>In numerous programs, avoid fd_set overflows.
908: <li>Fix Linux accept/recvmsg if kernel is compiled with other compat options.
909: <li>Implement fcntl() of F_FREESP in SVR4 emulation. Does this belong
910: in ibcs2 also?
911: <li>Provide workaround for the Cyrix 6x86 COMA bug. (A workaround for 2.2
912: is not available).
1.160 deraadt 913: <li>Change ftp(1) so that tries to use passive mode, and falls back to active
914: mode. Provide environment variables to fall back. This is
915: incredibly cool.
916: <li>Fail better for over-long usernames.
917: <li>Check the values of the ftp PORT command even more carefully.
918: <li>Fix a bug in make(1) regarding SYSV style : substitution on
919: null variables.
1.161 deraadt 920: <li>Support fcntl() GETLK,SETLK,UNLK variants in SunOS emulation.
921: <li>If mountd(8) discovers getfh(2) not supported, it now aborts nicely.
922: <li>The new KTH KerberosIV integration (and security audit) is almost
923: complete.
1.162 deraadt 924: <li>IBCS2 emulation also requires fcntl() F_FREESP support.
925: <li>Handle DST changeovers automatically in cron.
926: <li>lockf() implimentation.
927: <li>Correct exit code of nohup(1).
928: <li>Swap quit and exit commands in fdisk.
1.163 deraadt 929: <li>Add sysctl ddb.panic_ddb; indicates whether to drop into ddb on a panic.
930: <li>Correct an splx botch in the tunnel driver.
931: <li>Fix some gzip buf oflows.
932: <li>Make mmap() return void * instead of caddr_t, and add the MAP_FAILED
933: define required by new standards.
934: <li>Make {f,}chflags(.., -1) return error EINVAL.
935: <li>Make md5(1), rmd160(1), and sha1(1) use getopt().
1.164 deraadt 936: <li>Some slight changes to the PCI device subsystem to make it probe
937: devices nicer (mostly dmesg printing).
938: <li>Some more manpage cleanups.
939: <li>Workaround a problem that happens if a TCP socket is shutdown(2)'d more
940: than once.
941: <li>Some fixes to fdisk(8) and disklabel(8).
942: <li>Add sysctl net.inet.icmp.bmcastecho to block the smurf problem.
1.165 deraadt 943: <li>Make sure it is clear that so_linger is in seconds.
944: <li>New rc.conf(7) manpage.
945: <li>Fix some problems regaring transfer of secure yp maps.
946: <li>Permit extra / terminators in some path-based system calls.
947: <li>Do not permit dumping corefiles over symbolic links. (We have wanted
948: this changed for a long time, but it required Lite2 vfs).
949: <li>Fix a output error in finger(1).
950: <li>Fix a vnode creation race.
951: <li>For scsi tape drives, be silent in the presence of ILI errors.
1.166 provos 952: <li>Support for FAT32 partitions.
1.167 deraadt 953: <li>Support all kinds of keyboards in pcvt, like pccons does.
954: <li>In disklabel(8), make IDE drive type handling more obvious and
955: intuitive.
956: <li>Bring gethostent() back to life, even though it is a bad interface.
957: <li>Merge some slight standardization fixes for *printf(3) from
958: FreeBSD (some unlikely cases get handled better).
959: <li>sudo version 1.5.4.
960: <li>Make pkg_install(1) feed a -p option to tar.
961: <li>In w(1), handle processes that set argv[0] to NULL, by printing p_pcomm.
962: <li>ncurses 4.1-980103
963: <li>Handle unparseable ulimit specifications as an error, not as the value 0.
964: <li>pppd 2.3.3
1.168 deraadt 965: <li>Support <strong>-h host</strong> flag to ypwhich(1).
966: <li>Use new ypwhich(1) flag in ypinit(8) script to get maps from the real
967: master server.
1.169 millert 968: <li>Import of tzcode1998b and tzdata1998b.
1.170 millert 969: <li>Properly ignore whitespace between a conversion and %n in *scanf(3).
970: <li>Groff 1.11a
1.171 deraadt 971: <li>Properly error out if yp_match() or yp_first() is asked to lookup
972: long keys.
973: <li>Start at bus_dma support.
974: <li>Much more complete KerberosIV documentation.
1.172 deraadt 975: <li>Repaired the expansion of the kernel panic string.
976: <li>If tar(1) extracts as root, preserve uid/gid as is traditional.
977: <li>Fix argument handling in expand(1).
978: <li>In termcap databases, map the keyboard backspace key to DEL
979: instead of BS as that is how it really is.
1.173 deraadt 980: <li>Fix select(2) use in sudo(8) so that it can handle large fd_set sizes.
981: <li>More cdrom ioctl's in Linux emulation.
982: <li>Fix a race in mkdir(1).
1.190 dgregor 983: <li>IPF 3.2.3. When you upgrade to this version, you <strong>must</strong>
984: also upgrade the userland utilities (ipf, ipnat, etc.). You also
985: need to get the latest MAKEDEV and run "sh MAKEDEV ipl" in /dev
986: to create new device entries.
1.173 deraadt 987: <li>On binutils platforms, make ldd(1) work on static executables.
988: <li>Add <strong>-a</strong> flag to which(1).
989: <li>Check both old and new shells in rpc.yppasswdd(8).
990: <li>Cleanups in wump(6).
991: <li>Glob extensions for XPG4.
992: <li>Require commands started from in /etc/rc to be executable -- not just
993: readable.
994: <li>In rc.local, bail on starting cfsd(8) if mountd(8) is not running.
995: <li>Self-extending kernel maps in the vm subsystem.
996: <li>Low-memory bug fix in setenv(3).
1.174 deraadt 997: <li>Some man page fixes so that <strong>man -k</strong> is happier.
998: <li>Workaround a race condition in syslogd's handling of SIGHUP.
999: <li>Teach the kernel about newer PCI device types.
1.194 deraadt 1000: <li><font color=#e00000><strong>Be more careful about sourcerouted packets,
1001: including never forwarding them. This is a security
1002: problem in OpenBSD 2.2, and is <a href=errata.html#sourceroute>
1003: described and fixed with a patch</a></strong></font>.
1004: <li><font color=#e00000><strong>Two bugs existed in the the 2.2 pmax release which all users
1.176 deraadt 1005: should be aware of.
1.194 deraadt 1006: <a href=errata.html#pmax>Patches are now available</a></strong></font>.
1.174 deraadt 1007: <li>Fix the __{CTOR,DTOR}_LIST__ declarations in c++rt0.c
1008: <li>Avoid DNS lookup timing effects in ping -R.
1.194 deraadt 1009: <li><font color=#e00000><strong>Buffer overflow fix in the MIPS ld.so. Replacement
1.185 deraadt 1010: binaries for the <a href=errata.html#pmax>pmax</a> and
1.194 deraadt 1011: <a href=errata.html#arc>arc</a> platforms are available</strong></font>.
1.174 deraadt 1012: <li>Add strptime(3).
1013: <li>Add scan_ffs(8), a very useful tool for reconstructing disks.
1014: <li>Create two new sysctl options: <strong>ddb.panic</strong> decides
1015: whether the kernel should enter ddb when it panics, and
1016: <strong>ddb.console</strong> controls if it is possible to enter
1017: ddb from the console via a hot-key.
1018: <li>Fix a free page count bug in the vm system.
1019: <li>Add <strong>/etc/sysctl.conf</strong> which specifies sysctl variables
1020: to change at boottime.
1021: <li>Add <strong>FS_CCD</strong> partition type so that the ccd driver can
1022: ensure it has the right components.
1.194 deraadt 1023: <li><font color=#e00000><strong>In the 2.2 release, the sparc scsi driver caused problems
1.185 deraadt 1024: for the Sun 4/300 machines.
1.194 deraadt 1025: <a href=errata.html#sparc>Patches are now available</a></strong></font>.
1.177 deraadt 1026: <li>Fix /etc/yp/domainname support in ypbind(8).
1027: <li>Fix some bugs in vacation(1).
1028: <li>Emulate that disgusting linux connect() braindamage even better.
1.178 deraadt 1029: <li>smtpd(8) integration spiffied up. Everything you need is now in the
1030: system.
1031: <li>A start at full lint library support.
1.179 deraadt 1032: <li>Fix rarpd(8) to work properly in the presence of massive routing traffic.
1033: <li>New compat_ibcs2(8) manpage.
1.199 deraadt 1034: <li>The web pages now have a new section on <a href=security.html>
1.179 deraadt 1035: security advisories</a>.
1036: <li>Make MIPS ldconfig emulate the <strong>-m</strong> flag better.
1.181 deraadt 1037: <li>Permit restore(8) to work on a filesystem that has a basic blocksize
1038: smaller than the blocksize of the filesystem that was dumped.
1039: <li>New <strong>-a logdev</strong> argument for syslogd(8), useful for
1040: setting up additional /dev/log devices in various chroot spaces.
1041: <li>raise IPPORT_USERRESERVED significantly. Random port numbers will now
1042: look much more random than they did before.
1.194 deraadt 1043: <li><font color=#e00000><strong>Make ruserok() significantly more paranoid when
1.185 deraadt 1044: parsing the .rhosts file. This along with another issue is a
1045: security problem in OpenBSD 2.2, and is <a href=errata.html#ruserok>
1.194 deraadt 1046: described and fixed with a patch</a></strong></font>.
1.182 deraadt 1047: <li>In compress(1), if the st_flags is 0, do not attempt a chflags(2) call.
1048: <li>Make stty(1) recognize STRIPDISC.
1049: <li>Fix a map corruption bug in ypxfr(8).
1.194 deraadt 1050: <li><font color=#e00000><strong>In the sparc 2.2 release, the SS4/SS5 kernel was not
1.185 deraadt 1051: very reliable. <a href=errata.html#sparciommu>A simple reliability
1.194 deraadt 1052: patch is now available</a></strong></font>.
1.182 deraadt 1053: <li>Place seperate so_ruid and so_euid fields in struct socket, so that
1054: in_pcb.c can still do it's job, but also so that identd(8) can
1055: be fast and return the proper uid.
1.189 deraadt 1056: <li>If <strong>link0</strong> is set on a loopback interface (ie. lo1) make
1.187 deraadt 1057: the address/netmask sets on it make supernets instead of subnets.
1058: <li>Various fixes to some of the games, ie. rain, worms, wump.
1059: <li>Fixed "%c" in strftime(3).
1060: <li>Support the WINBOND pci ethernet cards.
1.188 deraadt 1061: <li>Make lpd(8) use keepalives so that it can detect dead network printers.
1.194 deraadt 1062: <li><font color=#e00000><strong>The mac68k 2.2 CD release had a few problems.
1.188 deraadt 1063: These problems have been resolved in the FTP release.
1.194 deraadt 1064: <a href=errata.html#mac68k>For more details...</a></strong></font>
1.188 deraadt 1065: <li>Fix another signal handler bug in mail(1).
1.191 deraadt 1066: <li>New quirk for another Archive VIPER scsi tape drive.
1067: <li>Support <strong>-[width]</strong> option in fmt(1).
1068: <li>Add XPG4 <strong>-r</strong> option to du(1).
1.196 deraadt 1069: <li><a href=ftp://ftp.openbsd.org/pub/OpenBSD/tools/openbsdpower.gif>New
1.191 deraadt 1070: fancy OpenBSD logo for your use</a>.
1071: <li>Change chflags(2) and fchflags(2) to take a u_int for the second
1072: parameter.
1073: <li>Fix two bugs in adduser(8).
1.192 deraadt 1074: <li>Pull in all the NetBSD changes to the old version of gas over the
1075: last year or so.
1.195 deraadt 1076: <li>Remove the ftp(1) `stdout redirection' hack and replace it with a
1.192 deraadt 1077: <strong>-o filename</strong> option (which also understands a
1078: filename of "-" to mean stdout).
1079: <li>On the i386, move XFree86 aperature driver into the kernel. The new
1080: sysctl(8) variable <strong>machdep.allowaperture</strong> decides
1081: if this driver is active or not. (This variable can only be
1082: modified at high securelevel).
1083: <li>Add kerberos kauthd(8).
1084: <li>Rename /etc/nat.rules to /etc/ipnat.rules.
1.194 deraadt 1085: <li><font color=#e00000><strong>Do not permit a read+write mmap() operation on
1086: a read-only file descriptor open on a device. This is a security
1087: problem in OpenBSD 2.2, and is <a href=errata.html#mmap>
1088: described and fixed with a patch</a></strong></font>.
1.197 deraadt 1089: <li>Make the kernel compile properly (with full warnings) under gcc 2.8.
1090: <li>For OLF/ELF binaries, remember the OS tag in execve(), so that emulation
1091: code can reference it later.
1092: <li>CVS version 1.9.24
1093: <li>Support <strong>-rpath dir</strong>, <strong>-shared</strong>,
1094: <strong>-soname</strong>, <strong>--whole-archive</strong>,
1095: and <strong>--no-whole-archive</strong> in the old ld used on
1096: many of our platforms.
1.198 deraadt 1097: <li>Some more repair in the games.
1098: <li>Do not copy from off the end of an nfs boot mbuf.
1099: <li>Support for the ST16650 32-byte FIFO uart.
1.200 deraadt 1100: <li>Add <strong>-p</strong> option to uname(1), to display detailed
1101: CPU information.
1102: <li>In mail.local(8), document how to use quotas on a mail spool.
1.201 deraadt 1103: <li>Convert the xdr(3) and rpc(3) manpages to mandoc format.
1104: <li>Permit the disabling of skey system-wide.
1105: <li>Do not let a user set their password to "s/key".
1.202 deraadt 1106: <li>Do not permit TCP connections to any of the broadcast addresses.
1107: <li>Clarify crypt(3) manpage as to how many characters each transform
1108: actually considers in its calculation.
1.203 deraadt 1109: <li>In the RPC code, ensure that __svc_fdsetsize is always manipulated as
1110: a bitcount.
1.204 deraadt 1111: <li>Add a clarifying statement to all the Kerberos code that explains how
1112: it came to be that this code was released from the USA's crypto
1113: stranglehold.
1114: <li>Add a command to ddb that reports out the extent tables.
1115: <li><font color=#e00000><strong>The 3rd revision of the patch for the mmap()
1116: security problem is available, and <a href=errata.html#mmap>has been
1117: placed on top of the 2nd revision</a></strong></font>.
1118: <li>Fix some bugs in the 3c[59]xx device driver.
1119: <li>Make <strong>netstat -r</strong> report better information about
1120: non-standard netmasks.
1.205 ! deraadt 1121: <li>In libpcap and tcpdump, use our system ethers(5) parsing routines.
! 1122: <li>Fix a configuration file parsing bug in ipf(8).
! 1123: <li>In old gas, move to late resolution of symbols because gcc 2.8
! 1124: will require this.
1.125 deraadt 1125: </ul>
1126:
1.17 deraadt 1127: <p>
1.203 deraadt 1128: <h3><font color=#0000e0>OpenBSD 2.3 will be released in June 1998</font></h3>
1.17 deraadt 1129: <p>
1.14 deraadt 1130:
1.203 deraadt 1131: <a name=end>
1132:
1.95 deraadt 1133: This list mentions mostly platform-independent changes. For a list of changes
1134: made in a particular platform, please check the page for that platform. If you
1135: find them not listed there, the changes are either (1) not being documented or
1136: (2) are documented here.<br><br>
1.14 deraadt 1137:
1138: <hr>
1139: <a href="index.html"><img src=back.gif border=0 alt=OpenBSD></a>
1140: <a href=mailto:www@openbsd.org>www@openbsd.org</a>
1.205 ! deraadt 1141: <br><small>$OpenBSD: plus.html,v 1.204 1998/02/26 12:23:55 deraadt Exp $</small>
1.14 deraadt 1142:
1143: </body>
1144: </html>