Annotation of www/plus.html, Revision 1.269
1.14 deraadt 1: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML Strict//EN">
2: <html>
3: <head>
4: <title>OpenBSD changes</title>
5: <link rev=made href=mailto:www@openbsd.org>
6: <meta name="resource-type" content="document">
7: <meta name="description" content="the main OpenBSD page">
8: <meta name="keywords" content="openbsd,main">
9: <meta name="distribution" content="global">
1.59 deraadt 10: <meta name="copyright" content="This document copyright 1996 by OpenBSD.">
1.14 deraadt 11: </head>
12:
1.64 downsj 13: <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E">
1.14 deraadt 14:
1.64 downsj 15: <img alt="[OpenBSD]" SRC="images/smalltitle.gif">
16:
17: <p>
1.186 deraadt 18: <h2>Changes made between OpenBSD versions.</h2>
1.14 deraadt 19:
20: <p>
1.180 deraadt 21: The OpenBSD project was spawned from NetBSD (a member of the 4.4BSD
1.195 deraadt 22: family) in the summer of 1996 and is now developed completely
23: separately. As well as developments by our development group, good
24: changes from the other free operating systems are evaluated and merged
25: into OpenBSD. We track bug reports and source tree changes from the
26: NetBSD and FreeBSD projects fairly closely. Even pieces of code from
27: the Linux projects have been used.
1.14 deraadt 28:
29: <p>
1.29 deraadt 30: In the early days of OpenBSD, it was possible to be able to say
1.180 deraadt 31: "OpenBSD is NetBSD PLUS MORE STUFF". Now, after the substantial work
32: the group members have done, OpenBSD is very much is it's own thing.
33: Too much stuff has been added and fixed to easily compare it to
34: something else. OpenBSD is OpenBSD.
1.29 deraadt 35:
36: <p>
37: This is a partial list of the major machine independent changes
38: (ie. these are the changes people ask about most often). Port
39: specific changes have also been made, and are sometimes mentioned
40: in the pages for the specific <a href=plat.html>ports</a> if you
41: are interested in for further port-specific details. Many ports
42: have had architecture-specific enhancements relative to NetBSD,
43: but when they do not they certainly have plenty of platform-independent
44: changes, starting with those listed below..
1.14 deraadt 45:
1.17 deraadt 46: <p>
1.185 deraadt 47: Note: <font color=#e00000>Problems for which patches exist are marked in red</font>.
48:
49: <p>
1.186 deraadt 50: <h3>
1.240 deraadt 51: <a href=#21>To go straight to the changes since OpenBSD 2.1, click here</a>.
52: <br>
1.186 deraadt 53: <a href=#22>To go straight to the changes since OpenBSD 2.2, click here</a>.
54: <br>
1.240 deraadt 55: <a href=#23>To go straight to the changes since OpenBSD 2.3, click here</a>.
56: <br>
1.186 deraadt 57: <a href=#end>To go straight to the end of the list, click here</a>.
58: </h3>
59:
60: <hr>
61: <p>
1.156 deraadt 62: <h3><font color=#0000e0>Life for the OpenBSD project begins...</font></h3>
1.17 deraadt 63: <p>
1.14 deraadt 64: <ul>
65: <li>Many many NetBSD PR's fixed (which NetBSD has not yet fixed)
66: <li>New curses library, including libform, libpanel and libmenu.
67: <li>a termlib library which understands termcap.db, needed for new curses.
68: <li>The FreeBSD ports subsystem was integrated and is usable by you!
1.35 kstailey 69: <li>ipfilter for filtering dangerous packets and Network Address Translation
70: for IP masquerading.
1.14 deraadt 71: <li>better ELF support
72: <li>nlist() that understands ELF, ECOFF, and a.out, allowing non-a.out ports
73: to use kvm utilies
74: <li>Verbatim integration of the GNU tools (using a wrapper Makefile)
75: <li>All the pieces needed for cross compilation are in the source tree.
76: <li>Some LKM support in the tree.
77: <li>ATAPI support (should work on all ISA busses)
78: <li>new scsi, md5, pkg_* commands
79: <li>Numerous security related fixes
80: <li>Kerberos and other crypto in the source tree that is exportable
81: <li>Solid YP master, server, and client capabilities.
82: <li>/dev/*random -- a device driver providing some kinds of random data
83: <li>In-kernel update(8) with an adaptive algorithm
84: <li>Some ddb improvements and extensions
85: <li>Numerous scsi fixes
86: <li>ncheck utility for ffs
87: <li>/sbin/init now deals with non-existant ttys, no longer spins gettys madly.
88: <li>new system calls: rfork(), minherit(), poll().
89: <li>select() that can handle any amount of file descriptors.
90: <li>kernfs extensions
91: <li>ATM support (support for one company's sparc & i386 cards available)
92: <li>Boot kernels with "-c" to edit/enable/disable device configuration tables
93: <li>pax as tar, gnutar is toast
94: <li>using AT&T awk, gawk is toast
95: <li>Even more security fixes.
96: <li>Accepts FreeBSD MD5 passwords in password maps, soon will be able to
97: generate them too
98: <li>Linux ext2fs and BSD4.4 LFS support being worked on.
99: <li>Working ATAPI audio support for multiple architectures.
100: <li>terminfo database support.
101: <li>Fortran in the tree.
102: <li>The most secure rdist support anywhere.
103: <li>randomized port allocation in bind(), bindresvport(), and rresvport() --
104: security via unpredictability.
105: <li>Protection from the udp spamming and ftp bounce attacks.
106: <li>Significantly improved ftp daemon.
1.140 gene 107: <li>Numerous more security policy and implementation improvements (OpenBSD
1.14 deraadt 108: defaults to installing in a very secure mode)
109: <li>zlib (non-GPL'd gzip-compatible library)
110: <li>Newest version of pppd.
111: <li>_POSIX_SAVED_IDS behaviour with permitted BSD extensions.
112: <li>Fixed long-standing vm swap-leak.
113: <li>FreeBSD malloc() that uses mmap() and is able to free unused memory.
114: <li>Numerous FreeBSD userland fixes and improvements incorporated.
115: <li>new rdisc Router Discovery daemon
116: <li>generic protection against the bind() takeover problem.
117: <li>at -f security fix.
118: <li>20 or so more security fixes
119: <li>install now supports -C, -p, and -S flags.
120: <li>a real adduser program, which can even be used uninteractively.
121: <li>POSIX & C2 requirement; lose setuid/setgid bits if owner/group changed
122: by chown(). This can be turned off with sysctl.
123: <li>partial protection against tcp SYN attacks.
124: <li>added /etc/fbtab support to login & init.
125: <li>RCS version 5.7
126: <li>much newer join command (4.4lite2 with other fixes)
127: <li>scsi subsystem security fix
128: <li>Kerberos is much more silent if not configured
129: <li>arc4-based random support in kernel
130: <li>ncr53cXXX scsi scripts assembler
131: <li>Numerous ftpd improvements and fixes, including multihomed and skey support.
132: <li>`lsof'-style features in fstat.
133: <li>rudimentary support for ISA Plug-and-Play cards
134: <li>Fixed timeout support in RPC library, and also fixed it to support more
135: than FD_SETSIZE file descriptors.
136: <li>improved locate command
137: <li>a good start at NETIPX support
138: <li>vim version 4.5
139: <li>gcc 2.7.2.1 (to get closer to native alpha support ar gcc
140: bugs).
141: <li>latest version of perl, and a lndir command.
142: <li>Even more security fixes.
143: <li>cdio command for using CD audio.
1.40 gvf 144: <li>Kernel warns if /dev/console does not exist; nice warning for booting with
145: an unpopulated /dev directory.
1.41 deraadt 146: <li>libgnumalloc is gone; our malloc() is better.
1.14 deraadt 147: <li>FreeBSD pipe() system call; quite a bit faster.
148: <li>Some serial driver support for /dev/cuaXX devices to support transparent
149: out+dial
1.40 gvf 150: <li>DDB can now access symbol tables from LKM modules
1.14 deraadt 151: <li>Say goodbye to dump, restore, and mt security holes: They are no longer
152: setuid.
153: <li>*Hobbit*'s netcat utility. The crackers use it, so should you.
154: <li>New routed from SGI.
155: <li>Complete in-tree development for MIPS/Alpha systems (ie. binutils).
156: <li>ftp command modified for easily scripted ftp & http downloads.
157: <li>And of course... more security related bugfixes... (ie. dump,
158: restore, mt).
159: <li>vim is replacing nvi, since nvi does not have a pure BSD license, and vim
160: also works better.
161: <li>16 partitions working on sparc and i386 (yipee!)
162: <li>Nice sample files in /etc
163: <li>sendmail gecos hole fixed (in a number of ways; other programs in the
164: source tree were also vulnerable.)
165: <li>secure multicast tools against possible security problems.
166: <li>latest GNU groff, incorporated in a clean wrapperized form.
167: <li>mopd for networking booting Digital machines
168: <li>less version 2.90
169: <li>deal with the SYN bomb problem (denial of service attack) as well known.
170: <li>Another kerberos security fix.
171: <li>Almost a hundred more security fixes, including /tmp races because of strncpy.
172: <li>Compile time option to compile the source tree almost completely dynamic.
173: <li>A 7% reduction in size of static binaries.
174: <li>FreeBSD's adduser(8) command. Also an rmuser(8) command.
175: <li>We have completed security reviews of almost all userland programs and
176: libraries except for the gnu stuff (where, based on preliminary
177: inspection there is poor handling of temp files).
178: <li>Working Linux ext2fs.
179: <li>Added sudo (which is maintained by one of our developers)
180: <li>CTM is now a supported way of obtaining OpenBSD source code.
1.17 deraadt 181: </ul>
182: <p>
1.156 deraadt 183: <h3><font color=#0000e0>OpenBSD 2.0 released.</font></h3>
1.17 deraadt 184: <p>
1.15 deraadt 185: <ul>
1.14 deraadt 186: <li>The NIST Posix test suite became free. As a result we have been correcting
187: numerous problems in the source tree, and expect to be completely
188: POSIX compliant very soon.
189: <li>upgrade to CVS version 1.9.
190: <li>A number of security fixes to the way coredumping works.
191: <li>The /dev/*random devices are now default on all architectures.
192: <li>Add stack tracebacks to Arc port's kernel debugger.
193: <li>Skey revamped into full OTP (RFC1938) support, including sha1 and
194: md5 support.
195: <li>GPL i387 emulator added.
196: <li>Crank kvm space on the i386 port, also limit buffer cache useage
197: so that 512MB machines may work (untested :-)
198: <li>Numerous fixes to the lpr suite, including security.
199: <li>More ftpd raging paranoia security fixes.
200: <li>The NIST suite showed numerous errors in libraries and the kernel.
201: Only a few small errors remain now, mostly regarding serial
202: ports.
203: <li>In numerous utilities: prefer $LOGNAME, but also accept $USER.
204: <li>OLF binary type added. This is like ELF, but includes an OS-dependent
205: tag. elf2olf(1) converts an elf binary to a tagged OLF binary which
206: the kernel can recognize correctly.
207: <li>Beware $HOME overflows throughout the source tree.
208: <li>Integration of the pmax port.
209: <li>Import of ctm.
210: <li>Various repairs to the scsi scanner support.
211: <li>Numerous more difficult-to-exploit-but-possible-if-someone-really-wanted-to
212: buffer overflows found in system utilities..
213: <li>Memory leak paranoia in cron.
214: <li>Make login get more consistantly upset about failed logins, and tell user
1.147 todd 215: about these failures at the next successful login.
1.14 deraadt 216: <li>pdksh version is now 5.2.11
217: <li>New bsd.*.mk feature: DEBUG=-g. Try it, you'll like it.
218: <li>The Arc port family has a new member: The rPC44 works!
219: <li>lpt driver is now bus-independent.
220: <li>com driver is now bus-independent.
221: <li>Numerous small security fixes again...
222: <li>Use pdksh as our /bin/sh. This provides excellent POSIX compliance.
223: <li>Prevent generic users from mounting filesystems by default.
224: <li>Added -C option to pax/tar. Also made -z support compressed files too.
225: <li>Increased compatibility in the pccons driver with BSDi features.
226: <li>Imported FreeBSD's calendar.
227: <li>GNU gdb works on the mips-based platforms.
228: <li>Add FreeBSD md5 diffs to mtree(8). This can be used to implement a
229: tripwire-like system.
230: <li>Some YP and bootparamd security changes.
231: <li>Hundreds of little fixes all over the place.
232: <li>Multiple updates for GNU software
233: <li>Add disklabels to the floppy device drivers.
234: <li>At boottime, have (*mountroot)() look at the root device's disklabel
235: to determine which filesystem type is to be mounted.
236: <li>If disklabel reading code discovers an ISOFS filesystem underlying,
237: spoof a nice disklabel (enough to fool mountroot).
238: <li>tcpdump 3.3
239: <li>Fix information gathering attack in ping(8).
1.147 todd 240: <li>Add NetBSD's "route show" implementation, and at the same time fix
1.14 deraadt 241: the new buffer overflows that this provided.
242: <li>Fix a few setgroups() related security holes.
243: <li>sendmail 8.8.4
244: <li>texinfo 3.9
245: <li>f77 0.5.19
246: <li>Repair some more KerberosIV buffer overflows. Hard to believe this is
247: supposed to be security software.
248: <li>Add XCASE/IUCLC/OLCUC/OCRNL/ONOCR/ONLRET tty subsystem flags for
249: backwards compatibility.
250: <li>Permit NFS attribute cache to be configured on a per-mount basis.
251: <li>Properly split fsck, mount, and newfs into multiple pieces. Use
252: disklabel information if it is available.
253: <li>Add disklabels to the vnd device driver.
254: <li>Change the games to be run setgid games, not setuid games. This closes
255: a whole slew of fascinating security holes.
256: <li>Import of the powerpc port.
257: <li>Properly use _POSIX_SAVED_IDS throughout the source tree.
258: <li>Permit building of kernels without a.out support.
259: <li>ppp 2.3b3
260: <li>libcrypt goes away. We do not need this stub library anymore. Do not link
261: against it on OpenBSD, all the pieces you need are in libc.
1.18 deraadt 262: <li>new aucat command.
263: <li>Fix a fairly nasty security hole in all of the games.
1.20 downsj 264: <li>Support for the <a href="hp300.html">hp300</a> added.
265: <li>Upgrade of awk(1), integration of BSD tsort(1), getopt fixes.
266: <li>Sendmail upgraded to version 8.8.5.
1.21 downsj 267: <li>Added lchown(2) for compatibility with SVR4 implementations.
1.23 deraadt 268: <li>New gnu cpio 2.4.2
269: <li>Support lchown(2) in dump(8), cp(1), pax(1), cpio(1), chown(8), and
270: restore(8).
271: <li>No buffer lengths in fmt(1).
272: <li>various adjtime() corrections inside the kernel.
273: <li>Prevent stat() from disclosing inode generation numbers to non-root userland.
274: <li>pax in tar mode will understand multiple -v options to generate ls-like output.
275: <li>Repair many uses of the SIOCGIFCONF code for machines with an outrageous
276: number of network interfaces.
1.22 deraadt 277: <li>More kerberosIV security patches.
278: <li>A working fsirand.
1.56 deraadt 279: <li>Completely in-tree <a href="powerpc.html">PowerPC</a> port for non-Apple
1.28 deraadt 280: hardware. This port requires nothing outside the in-tree development
281: environment to build (except mkisofs for building distributions).
282: <li>Some ypbind(8) tightening up, includes a method to specify a list of
283: valid servers
1.25 niklas 284: <li>Bug fixed that prevented bufpages/nbuf > 1 setups. This allows large
285: buffer caches even when available kvm space is low, like for i386
286: & sparc.
1.26 deraadt 287: <li>Changed netinet IP_HDRINCL option to require ip_len and ip_off in network
288: byte order. This is a compatibility/portability fix and we expect
289: other BSD systems to eventually follow suit.
290: <li>amd (the automounter) is now 64-bit and working on the alpha.
291: <li>The <a href="alpha.html">Alpha</a> port and all it's utilities now compiles
292: using in-tree versions of all tools. Yipee!
1.34 deraadt 293: <li>A SA_SIGINFO implementation for sigaction() and signal handlers. This is a
294: small part of POSIX 1003.1b and permits the signal handler to figure
295: out the exact cause of a signal; such as fault address information
296: for SIGSEGV or more detailed information for SIGFPE.
1.31 downsj 297: <li>config.old(8) has been removed from the tree, as the <a href="hp300.html">
298: hp300</a> port switches to config(8).
1.32 deraadt 299: <li>/sbin/dump -a saves you from needing to deal with finicky tape length
300: options (from FreeBSD)
1.34 deraadt 301: <li>Added RFC-1812 ICMP unreachable codes to ip_icmp.h, traceroute, and ping.
1.36 deraadt 302: <li>Be more careful if some fool decides to enable source routing ;-)
303: <li>Support for gzip'd kernels in some bootblocks.
304: <li>New wgrisc port for Willowglen embedded r3081-based machine with ISA slots.
305: <li>Add cdev and partition support to the ramdisk driver.
306: <li>Merge new ftp(1) changes from NetBSD.
1.37 deraadt 307: <li>Change mktemp(3) and family to generate more random filenames, yet still
308: as collision free as possible.
309: <li>Have libc/rpc save you from yourself if you do enable source routing.
1.38 downsj 310: <li>The <a href="hp300.html">hp300</a> joins many other ports in supporting
311: 16 disk partitions.
1.55 kstailey 312: <li>IPF 3.1.7 which includes fully working NAT support (ie. IP masquerading).
1.39 deraadt 313: <li>Use lots more XXXX characters in calls to the few remaining mktemp() calls
314: in the source tree. This cuts out a whole class of races.
315: <li>Improved NFS filehandle creation.
1.42 deraadt 316: <li>Make dd(1) work fine with our 64-bit off_t types, now you can copy very
317: large disks using it.
318: <li>add RPC service name generation to netstat -a
1.43 deraadt 319: <li>Fix pax & tar to be POSIX compliant.
1.42 deraadt 320: <li>Fix a few netinet kernel crash problems.
321: <li>Fix so that stack limits which are not a multiple of the pagesize work.
322: <li>fix some more memory and file descriptor leaks in libc/rpc
1.43 deraadt 323: <li>New scalable BLOWFISH-based crypt algorithm for passwd file entries. It
324: uses a very large strong-random `salt' and the number of rotor
325: runs is configurable. Hence if you have faster machines you can
326: slow the crypt routine down and make harder keys.
327: <li>Add support for /etc/passwd.conf which controls the format and strength
328: of passwd entries for the next time a user changes their password.
329: These options can be set per-user.
1.44 deraadt 330: <li>Working kadmind for kerberosIV.
331: <li>IPSEC package from John Ioannidis and Angelos D. Keromytis.
332: <li>cvs 1.9.2
333: <li>Fix weak symbol support in ld.
334: <li>libg++ pulls in libcurses automatically.
335: <li>Replace which(1) with a C program.
1.45 millert 336: <li>newfs(8) now has an inline fsirand(8) with no noticable speed decrease.
337: <li>settimeofday(2) won't roll back the date if securelevel > 0 (from lite2).
1.46 kstailey 338: <li>deroff(1) 1.0 from Debian (a Linux).
1.47 downsj 339: <li>BIND 4.9.5-P1.
1.48 deraadt 340: <li>Add support for FreeBSD md5 to /etc/passwd.conf.
341: <li>Import of the mvme88k kernel port.
342: <li>Import of libwrap and tcpd (tcp wrappers).
343: <li>Numerous improvements to pax, including full support for cpio and
344: a lot of fixes to tar mode.
345: <li>Let fsck and fsirand automatically work on very large filesystems.
346: <li>Various fixes to the fsck tools.
347: <li>ipsecadm as an initial cut at controlling IPSEC sessions.
348: <li>Fix pcmcia on the i386.
349: <li>Merged changes from at 2.9 into our own at.
350: <li>pccon(1) to control the pccons driver.
351: <li>Bye bye tahoe bits.
352: <li>noaccesstime option for filesystems (saves batteries on laptops)
353: <li>Substantial changes and fixes to the scsi scanner support.
354: <li>Support for "secure" YP password maps.
355: <li>Various atm fixes.
356: <li>The NE2000 if_ed driver now works on the alpha, too.
357: <li>ddb improvements for 64 bit machines.
358: <li>Fixes to fts(3).
359: <li>A few ypbind fixes.
360: <li>sysctl kern.osrevision gives OpenBSD date.
361: <li>gcc no longer defines -D__NetBSD__, only -D__OpenBSD__ now!
1.147 todd 362: <li>Implement NOFILE_MAX--hard limit on max descriptors per process.
1.48 deraadt 363: <li>Be more careful about modes of lost+found directories.
364: <li>New termcap and terminfo database files.
365: <li>Change mail.local -H behaviour slightly, and convince mail(1) to use it
366: for correct locking!
367: <li>64 bit clean in.rarpd.
368: <li>cvs 1.9.6
1.49 millert 369: <li>16 partition support for the alpha port.
1.50 deraadt 370: <li>Add ./.message support to ftpd
371: <li>Numerous more pax/tar fixes.
372: <li>Add md5 & blowfish passwd support to adduser(8).
373: <li>Add support for YP v1 to ypserv.
374: <li>Fixed some more mktemp races (sigh, will this ever end!)
375: <li>More buffer overflows, but none in sensitive programs.
376: <li>getnetent() and friends now work a lot more like gethostent().
377: <li>Use 10 X characters in many remaining mktemp() calls which are
378: hard to excise.
379: <li>Solve a few resolver problems after the recent 4.9.5-P1 integration,
380: not all our fault.
381: <li>Fix patch to honour Index lines better.
382: <li>A whole bunch of 64 bit fixes in the source tree (hint: alpha).
383: <li>Once again, really correct the various source routing pieces of the
384: userland source tree.
385: <li>Make real i386 cpu's work again. In case noone noticed, they didn't
386: work for about 5 months. The bug was very hard to find...
387: <li>For config(8), if any kernel options get added/deleted/changed since
388: the previous commit, warn that the compile tree needs 'make clean'.
389: <li>Use in_addr_t and in_port_t all over the place.
390: <li>Correct DEV_BSIZE and lp->d_secsize confusion throughout the source
391: tree. CD9660 is much happier now.
392: <li>Fix AFS string-to-key handling in kerberos.
1.51 kstailey 393: <li>NAT now gets started from /etc/netstart.
1.50 deraadt 394: <li>Various man page fixes.
395: <li>For the first time ever, an obj@ populated /usr/src tree compiles cleanly
396: when mounted read-only.
1.54 kstailey 397: <li>The df(1) utility now has a human-readable "-h" option.
1.53 deraadt 398: <li>Always skip the first 8KB of all swap partitions (hint: disklabels &
399: bootblocks)
400: <li>Repair some bugs in mail(1), especially regarding signal handling.
401: <li>Support .group entries in /etc/passwd.conf
402: <li>PCI aic7860 scsi support improved.
403: <li>Support /etc/rc.shutdown from halt(8).
404: <li>Support extended partitions in fdisk(8).
405: <li>Various fixes to the YP utilities.
406: <li>Signal handling fix to crontab(1).
1.147 todd 407: <li>Unify naming of architecture names between gcc & binutils.
1.53 deraadt 408: <li>Some more userland 64 bit fixes.
409: <li>Support for PCI NE2000 clones.
410: <li>libpthread works on the m68k.
411: <li>Significantly improved the unpredictability of the DNS packet id's
412: in the resolver and named.
413: <li>newfs_msdos(8) can has enough brains to find the partition size itself.
414: <li>Split rc.local, creating rc.securelevel. (Securelevels look like a worse
415: and worse idea every month).
416: <li>A bit more man page cleanup starting to happen...
1.57 kstailey 417: <li>GNU Groff 1.10 with (improved) Makefile wrapper.
1.58 kstailey 418: <li>sleep(3) and usleep(3) now call nanosleep(2) for significantly less
419: overhead.
1.60 niklas 420: <li>The vnd(4) device has a new safer mode of operation called svnd
421: where you can trust a disk-image right after it's unmounted,
422: i.e. cache-coherency.
1.61 deraadt 423: <li>Repaired install stuff for most architectures significantly, improving
424: ftp/http installs, single bootable install floppies, and in some
425: cases CDROM booting. Most floppies contain vi, too.
426: <li>Support crunch on arc (for bootable installs).
427: <li>Added gzip and cdrom support to the sparc and alpha bootblocks.
428: <li>Fix keyboard and delay timing in i386 bootfloppy bootblocks. Whee!
429: </ul>
430: <p>
1.253 deraadt 431: <a name=21></a>
1.156 deraadt 432: <h3><font color=#0000e0>OpenBSD 2.1 released (July 2, 1997).</font></h3>
1.61 deraadt 433: <p>
434: <ul>
435: <li>Few quirky changes to the way ISO9660 disklabel spoofing works in
436: some ports.
437: <li>Fix a few more libc functions to generate very large fd_set's properly
438: for select(2).
439: <li>Import newer version of vax port.
1.65 deraadt 440: <li>Newer version of ext2fs that is reliable for read/write operation. This
441: is essentially FULLY OPERATIONAL.
1.61 deraadt 442: <li>Make adduser understand /etc/passwd.conf
443: <li>Support SIGINFO in ping; also add more complete icmp reporting
444: capabilities.
445: <li>New named root.cache from Internic.
446: <li>Lots of man page fixes.
447: <li>Fix more overflows and other bugs in mail(1).
448: <li>tail(1) can now notice if the file been replaced or truncated.
449: <li>getpgid(2) from XPG3(?)
450: <li>In ar(1), truncate uid & gid if too large.
451: <li>Add some more malloc options to malloc(3)
452: <li>tcp wrappers 7.6
453: <li>Fix lots more NetBSD PR's.
1.62 deraadt 454: <li>Few more fixes to pax(1).
455: <li>kill process timers if execve'ing a setuid/setgid executable.
456: <li>fix sendsmg() credential passing on 64 bit machines.
457: <li>Kernel now generates random pid values in fork().
458: <li>A few netinet fixes.
1.63 deraadt 459: <li>Some more security and robustness changes to traceroute and ping.
460: <li>Add <strong>-P proto</strong> support to traceroute.
461: <li>fix SO_SNDTIMEO.
462: <li>add sysctl net.inet.tcp.{keepidle,keepintvl,slowhz}
463: <li>fix disklabel support in vnd/svnd.
464: <li>Ensure TCP RST is within window.
465: <li>Use /etc/namedb/tmp/ to avoid /var/tmp race conditions.
1.147 todd 466: <li>Use dynamic fd_set allocation in more places, particularly setuid
1.63 deraadt 467: programs.
1.65 deraadt 468: <li>tftpd -c flag.
469: <li>document the ddb hangman.
470: <li>Move named tmp files to /etc/named/tmp/ to avoid localhost race
471: attacks.
472: <li>Addition of readlink(1).
473: <li>Implement hex/octal offsets in cmp(1), as documented.
474: <li>Repair many cross-references and other documentation problems in
475: the section 2 and 3 man pages, and also fix a few minor
476: other bugs discovered by analysis of recent changes in
477: FreeBSD's and NetBSD's libc.
478: <li>Add tsearch(3) and friends to libc, as required by XPG3(?).
479: <li>Fixed a few netinet bugs as pointed out by TCP/IP Illustrated
480: Vol.2.
1.66 deraadt 481: <li>Improved performance in /dev/*random.
482: <li>Deal with atapi drives that cannot lock their doors.
483: <li>Fix /tmp races in make(1).
484: <li>Add tsearch(3) to libc.
485: <li>In newfs(8), fix -o and -m to work better.
486: <li>Correct -n behaviour in sort(1).
487: <li>Better support for unmounted filesystems in df(1).
488: <li>add per-interface bindings to inetd(8).
489: <li>Fix some more /tmp races in various programs.
490: <li>Support "-d dir" in rpc.yppasswdd(8).
491: <li>Make ifconfig(8) print full information about the full set of
492: interface aliases.
493: <li>add -insecure flag to ypbind(8) so that it can bind to very old ypserv's.
494: <li>More ipsec changes!
495: <li>Change mount(2) to return EFTYPE for invalid filesystem.
1.147 todd 496: <li>Some NLS improvements, notably some more language catalogs.
1.66 deraadt 497: <li>Add ELOOP error handling to realpath(3).
1.68 deraadt 498: <li>More paranoia in procfs.
1.67 deraadt 499: <li>Slightly improve ftpd log file.
1.69 downsj 500: <li>Added automatic power down framework at halt(8) time, currently only
501: supported on sun4m machines with the <i>power</i> device.
1.70 kstailey 502: <li>IPF 3.1.11 + Darren's patches + 64-bit cleanup.
1.72 deraadt 503: <li>Fix a minor problem in popen().
504: <li>Use O_EXLOCK for passwd locking to avoid a class of localhost denial of
505: service attacks.
506: <li>Clip setsockopt SO_SND*/SO_RCV parameters.
507: <li>Repaired hundreds of long != int problems (in a bunch of programs) that
508: affect the alpha.
509: <li>Y2K enhancement to date(1).
510: <li>Race fix to amd(8).
511: <li>Support IP option handling in IPSEC packets.
512: <li>Import of the gnu multi-precision math library, libgmp. This will be
513: used by an IPSEC key daemon soon.
514: <li>Modify inetd to accept a "hostname,[hostname,...]:" token to added to the
515: front of any line in /etc/inetd.conf. This permits services to be
516: supplied only on certain interfaces.
517: <li>A few more minor netinet problems fixed.
518: <li>Import of cvs-1.9.10.
519: <li>Fix readlink(1).
1.74 deraadt 520: <li>Permit tftpd to provide files over 32K blocks in size.
521: <li>New kprop/kpropd man pages.
522: <li>Make sleep(1) handle fractions of seconds. This is a nice extension.
523: <li>Move libdes out of the kerberos tree so that it can be used by other
524: parts of the system too.
525: <li>Many more 64 bit fixes for the alpha, in about 20 more programs.
526: <li>libedit update with lots of fixes.
1.75 kstailey 527: <li>Fixed all(?) Makefile wrappers for GNU software to not build and install
528: manpages when NOMAN is set.
1.76 deraadt 529: <li>Fixed highscore handling in battlestar(6).
530: <li>Repaired nfs handling in tcpdump.
531: <li>split ifconfig -a into -a/-A: -A prints ifaliases, -a does not.
532: <li>Fix a number of rtld dynamic loading problems.
533: <li>More IPSEC changes. IPSEC is almost fully useable now.
534: <li>Intel EtherExpress Pro/100B PCI driver.
1.77 downsj 535: <li>ATAPI devices may now reside in a kernel without wd (disk) devices.
1.78 deraadt 536: <li>Amended issetugid(2) man page to be quite a bit more clear.
537: <li>Fix ruptime output for machines up > 99 days.
1.79 kstailey 538: <li>Maintain process size stats in forkstat struct for "vmstat -f".
1.80 deraadt 539: <li>make compress(1) do gzip support too.
540: <li>Make ed(1) work properly on a non-tty.
541: <li>Fix passive buffer overflow in rusers.
542: <li>Replace libc sha1 code with another version that is better in some respects.
543: <li>Repair symbolic link handling during coredumps (correctly, this time).
544: <li>Lots more IPSEC improvements.
545: <li>Add sha1 support to md5(1).
546: <li>Add sha1 digest support to mtree(8).
1.147 todd 547: <li>More mail(1) fixes, particularly regarding long lines.
1.81 downsj 548: <li>cua devices, new <strong>MAKEDEV</strong> script in the hp300 port.
549: <li>Updated <a href="http://www.sendmail.org/">Sendmail</a> to 8.8.6.
1.82 deraadt 550: <li>man page cleanups.
551: <li>lpd security fixes.
552: <li>Add rmd160 hash support throughout the source tree.
553: <li>Import of the IPSEC photuris daemon.
554: <li>Add <strong>-d date</strong> support to last(1).
1.147 todd 555: <li>make ctags operate a bit better in the presence of extra spacing.
1.85 deraadt 556: <li>IPSEC Photuris daemon is integrated into the source tree.
1.83 millert 557: <li>mail(1) behaves correctly when interrupted while getting headers from the user.
1.85 deraadt 558: <li>mail(1) supports "inc" command.
1.84 millert 559: <li>S/Key keyfile is now readable only by root. skeyinfo(1) and skeyaudit(1)
560: have been enhanced and rewritten as C programs.
1.85 deraadt 561: <li>Appletalk networking support.
562: <li>permit ftp(1) to download http pages without Content-Length.
563: <li>Some cribbage(6) fixes.
1.90 kstailey 564: <li>All Makefile.bsd-wrapper files can now strip GNU binaries during install (pr 188.)
1.86 deraadt 565: <li>Do not use tempnam(3) in mail(1).
566: <li>make amd(8) use /tmp_mnt by default.
567: <li>Implement IFF_NOARP handling in netinet.
568: <li>Fix pax to not need getcwd(3).
569: <li>Add -T support to last(1).
570: <li>-d flag for shutdown(8).
571: <li>Support lpc(8) "all" keyword option.
572: <li>Support YP map mail.aliases set of maps.
1.123 kstailey 573: <li>Hardcode a list of reserved ports that random port allocation should not
1.86 deraadt 574: reuse.
575: <li>Use sendmail -t instead of other invocation forms inside lots of
576: programs in the source tree.
577: <li>mremap(2) support for Linux emulation.
578: <li>Switch back to nvi; vim has copyright licensing issues.
579: <li>stime(2) support for SunOS emulation.
580: <li>More mail(1) fixes.... It's amazing Todd hasn't broken it.
581: <li>Support -H flag in who(1).
582: <li>Allocate reserved ports for NFS inside the kernel randomly.
583: <li>Man page improvements in many areas.
1.87 deraadt 584: <li>Fix systat manpage.
585: <li>An ugly identd race fixed.
586: <li>More buffer overflow fixes in mail(1).
1.88 deraadt 587: <li>Various fixes and improvements to the 3cXXX ethernet drivers.
588: <li>routed(8) is now disabled by default.
589: <li>Support fpx cards with i82555 PHY.
590: <li>Todd Miller is on a rampage, and making every single buffer inside mail(1)
591: dynamically allocated...
592: <li>Radius support in tcpdump.
1.93 kstailey 593: <li>More fixes to the alpha vga driver. Curses-based programs now work on it.
1.92 kstailey 594: <li>FSF GNU texinfo 3.11.
1.94 deraadt 595: <li>Attempt to cleanup identd. A long road left.
596: <li>Deal nicer with rfork/execve interactions.
597: <li>Make if_tun to prefix address family as a host byte order u_int32_t instead
598: of a u_char, so that bpf can deal with the interface.
1.97 deraadt 599: <li>Fix a kernel bug regarding double m_freem()..
1.96 downsj 600: <li>Sendmail 8.8.7.
1.98 deraadt 601: <li>Fixed getnetbyaddr() 'always tried DNS' resolution problem from 2.1.
602: <li>Cyclades driver fixed. Works on alpha, too.
603: <li>More mdoc pages.
604: <li>save errno in most of the tree's SIGCHLD handlers, just in case.
1.99 deraadt 605: <li>Make 127.0.0.1 assumed OK if /var/yp/securenet is in use.
606: <li>Fix pdksh bugs: closed too many fd's on exec, fix handling of (( )) to be
607: compatible with POSIX sh spec without breaking $((, and explain how
608: IFS works when splitting text after a substitution.
609: <li>Fix another race condition in identd.
610: <li>Work has started to fix the remainder of the signal handlers in the
611: source tree with respect to errno clobbering.
1.100 deraadt 612: <li>Seriously rework the identd daemon even further, to avoid even more
613: input parsing problems and race conditions.
614: <li>Fix a memory leak in grep(1).
615: <li>Fix vacation(1) properly.
616: <li>Make bsd.doc.mk use DOCDIR.
617: <li>Support -n better in pstat(8).
618: <li>Change the bounds_check_with_label() API to handle a cpu_disklabel too.
619: <li>Optional TCP syn cookie support enabled via TCPCOOKIE kernel option.
620: <li>Import ypserv performance.
621: <li>Make bad random allocation ports settable via sysctl(8).
622: <li>Make gzexe(1) use mktemp to avoid races.
623: <li>Fix pcap_inject(3) in libpcap.
624: <li>In mountd(8), handle ext2fs specially, like most exported filesystems.
625: <li>Be even more paranoid (if it can be believed) in mail.local(8).
626: <li>Add top(1) to the source tree. Fix some problems.
627: <li>Fix another procfs security hole.
628: <li>ATAPI quirk for MATSHITA CR-574.
1.114 kstailey 629: <li>Attempt to deal with archive timestamp and filemode problems in texinfo...
1.100 deraadt 630: <li>Put hostname in root crontab mailout subjects.
1.101 deraadt 631: <li>We are starting to pay attention to good things found in the XPG4
632: standard. We hope to never be compliant, because XPG4 goes way
633: too far.
634: <li>More 1003.2 conformance: cal, cksum, sleep, compress, expr, etc.
635: <li>Support simple add/delete operations on ports in the baddynamic masks
636: via sysctl(8)
637: <li>Be more careful about YP groups in getgrouplist().
638: <li>New PCMCIA Wavelan driver.
1.102 millert 639: <li>More user-friendly error messages from mount_* when the filesystem
640: is not in the kernel.
641: <li>Changed realloc(foo,0) semantics to be like malloc(0), not free(foo).
642: <li>Fixed a bug in cp(1) when the -r option is used and the source dir
643: ends in a '/'.
1.103 millert 644: <li>Verbose SCSI warnings are now available and on by default.
645: <li>Added basename(3) and dirname(3) for XPG4. dirname(1) is now trivial.
646: <li>XPG4 compatibility for ps(1) format options.
647: <li>Buffer overflow fixes in tip(1).
648: <li>Fixed err(3)/warn(3) argument usage in the tree.
649: <li>shutdown(8) now gets its own session as it deserves.
650: <li>Fixed a bug where the kernel could lie about how many file descriptors
651: are available and cause a panic.
652: <li>ash is gone gone gone.
653: <li>The group vector could end up with duplicates esp. with YP. Now it won't.
654: <li>Document a64l(3) and l64a(3).
655: <li>basename(1) and dirname(1) no longer give an error for paths starting
656: with '-'.
657: <li>Don't print duplicate fields in ps(1) when called with silly arguments.
1.109 deraadt 658: <li>Few more 64 bit fixes in userland, in some rarely used system tools.
659: <li>Various fixes to battlestar(6).
660: <li>A few fixes to tip(1).
661: <li>In join(1), require compat options start with '-'.
662: <li>In dump(8), do not consider tape changing time in the timing estimates.
663: <li>Correct 'sync' option to dd(1).
1.107 kstailey 664: <li>Lucent Technologies (formerly AT&T) awk version 970821.
1.109 deraadt 665: <li>Handle setgid lossage in tip(1).
666: <li>Fix a crash in systat(8).
667: <li>Further IPSEC enhancement (but still no man pages for it though).
668: <li>In calendar(1), support "-t date" to let you see the calendar for other days.
1.112 kstailey 669: <li>More SysVR4 emulation: sockets, NTP, POSIX time functions, pread(2)/pwrite(2).
1.110 deraadt 670: <li>Kill "union wait" in a few more places.
671: <li>Handle SIGCHLD better in rlogin.
672: <li>Correct some remaining small inetd bugs.
1.111 deraadt 673: <li>Do permission checking at delivery time for pgid's derived from TIOCSPGRP,
674: F_SETOWN, or FIOSETOWN.
675: <li>Some FreeBSD m4(1) fixes.
676: <li>Fix first directory handling in "find -execdir"
1.115 deraadt 677: <li>make glob(3) XPG4.2 compliant, which means use GLOB_ABORT.
1.116 deraadt 678: <li>ppp 2.3.1...
1.115 deraadt 679: <li>Another tip(1) overflow fix.
680: <li>New COMPAT_BSDOS binary compatibility subsystem.
1.113 kstailey 681: <li>Print system call emulation in ps(1) output. Try "ps -axO emul".
1.116 deraadt 682: <li>Update ftp(1) to new NetBSD changes.
683: <li>make mail(1) be permissive about <CR><LF> pairs in mailbox files.
684: <li>Cleaned up verbose scsi error reporting.
685: <li>make bpfread() return ENXIO for uninitialized descriptors.
686: <li>Extend buffer lengths in patch(1).
687: <li>Fix a coredumping problem in tip(1).
688: <li>Preliminary manual pages for the IPSEC utils.
1.117 deraadt 689: <li>Fix a long-standing and minor problem with ld.so on m68k.
690: <li>Ignore trailing spaces on priority in /etc/syslogd.conf.
691: <li>Make ddb not think 'h' means hangman.
692: <li>Some setlogin() and getlogin() fixes in the tree.
693: <li>Fixed small pathname buffer in man(1).
694: <li>Made indent(1) handle unlimited number of -T options.
1.119 deraadt 695: <li>Some fsck_msdos(8) fixes.
696: <li>Make popen(3) safe if vfork(2) does real parent address space borrowing.
697: <li>Always set the SCSI-1 LUN field correctly in all transfers.
1.118 gene 698: <li>Added ex (EtherExpress Pro/10) driver ported from FreeBSD
1.119 deraadt 699: <li>Fix a ksh(1) bug.
700: <li>Permit a longer path buffer in tgetent(3).
701: <li>Some syslogd fixes.
702: <li>Fix SA_* sigaction(2) fields in the OS compat code.
703: <li>Don't error out of MDTM fails.
704: <li>Add sigaction(2) SA_NOCLDWAIT support.
705: <li>Add mkisofs(8).
706: <li>Run calendar -a in the background. (Points to whoever figures out why).
707: <li>Another important disk-full check in pwd_mkdb(8).
1.120 deraadt 708: <li>Fix ftime(3).
709: <li>Fixed various MAKEDEV bugs on lots of architectures.
710: <li>Deal with some possible buffer overflows in sup.
711: <li>Make top(1) work better on very small screens.
712: <li>Fix tar to deal better with one more kind of strange tar file.
713: <li>Shrink most of the install floppies ;-)
1.147 todd 714: <li>Fix a few small problems in rarpd(8).
1.120 deraadt 715: <li>Make ls -d sort directories with files.
1.121 deraadt 716: <li>Do not init pgid in /dev/log's logopen().
717: <li>Fixed a pstat -s related bug in pcvt.
718: <li>Ignore SIGPIPE in inetd(8).
719: <li>In struct sigaction, split sa_handler and the new sa_sigaction function
720: pointers as is being done on newer POSIX systems. This permits proper
721: prototyping of signal handlers.
722: <li>Fix an ifconfig bug related to interfaces that do not exist.
723: <li>Make execle() use alloca() instead of malloc(); to ensure execle() can be
724: safely called in a signal hander.
725: <li>Fix the : and . support in chown so that usernames can have . in them.
726: <li>Fix a network performance problem introduced with IPSEC.
727: <li>Add support for FNM_LEADING_DIR, FNM_CASEFOLD, FNM_IGNORECASE to fnmatch(3).
728: <li>Fix a bug in libform.
729: <li>Add -f option to readlink which does a realpath(3).
730: <li>More IPSEC improvements after the Interop ANX bakeoff.
731: <li>A few pppd fixes.
1.122 kstailey 732: <li>The random(6) tool (game?) now uses arc4random(3).
1.124 deraadt 733: <li>Fix prompting code in pw_edit(3)
734: <li>Ignore bogus hostnames in the /etc/exports file.
735: <li>Make /etc/security handle blowfish-a passwd entries.
736: <li>Rewrite of fdisk(8).
737: <li>Handle a potential crash in the bpf driver.
738: <li>Quirks for two kinds of hitachi dk515 scsi drives and the
739: Cipher ST150S tape drive.
740: <li>Handle creation of /var/tmp/vi.recover more securely.
741: <li>Implementation of the new disklabel -E mode.
742: <li>Support 'q' modifier in kernel vsprintf/kprintf
743: <li>In fmt(1), support backslashed whitespace inside words better.
744: <li>Make disklabel -E always succeed at writing a label. Now you
745: can load a fictitious label, edit it, and write it out.
746: <li>Repair the msdosfs timestamping code so that NT/Win95 do not complain.
747: <li>Another lpd security fix.
748: <li>Some minor tftpd bug fixes.
749: <li>Fix one last little problem case in the fts(3) library routine. This
750: is a very complicated piece of code...
751: <li>Fix a memory leak in libdes.
752: <li>Fix mktemp() to work correctly when specified against non-existant
753: directories.
754: <li>Make ac(8) use the correct timestamp if the user specifies a different
755: wtmp file.
756: <li>Fix a select/read race in identd(8) which would make it spin wildly.
757: <li>Make the ncr scsi driver work on big-endian machines too.
758: <li>Add per-host locking support to supfilesrv.
759: <li>Make clri(8) mark the filesystem dirty.
760: <li>Addition of 'kbus' port for the Solbourne Series5 sparc-based machines.
1.185 deraadt 761: <li><strong>The new afterboot(8) man page. Everyone should look at
762: this</strong>.
1.124 deraadt 763: <li>Prevent open(2) with wrong flag modes.
1.105 deraadt 764: </ul>
1.125 deraadt 765:
1.253 deraadt 766: <a name=22></a>
1.125 deraadt 767: <p>
1.156 deraadt 768: <h3><font color=#0000e0>OpenBSD 2.2 released (Dec 4, 1997).</font></h3>
1.150 deraadt 769: <p>
770:
771: <p>
1.156 deraadt 772: <h3><font color=#0000e0>Work begins on what will become 2.3....</font></h3>
1.125 deraadt 773: <p>
774:
775: <ul>
776: <li>Add svr4 jioctl() compat interface.
777: <li>Make kdump(1) handle the newer emulations.
778: <li>a buffer underrun in ctags(1).
779: <li>In tftpd(8), permit syslog() to work when running chroot(2)'d.
780: <li>Add blowfish and cast encryption to IPSEC.
781: <li>SIGWINCH handling in systat(1).
782: <li>If a non-existant user logs in and asks for s/key authentication, fake a
783: proper s/key prompt.
784: <li>Make disklabel -E deal with multiple partitions which overlap.
785: <li>Replace kernel printf with Torek's libc printf.
786: <li>Be more careful with getpwent() information inside rcp(1).
787: <li>Handle C++ and other languages in yacc(1) far better.
788: <li>Fix an as(1) parsing bug relating to the .ascii directive.
789: <li>Fix some memory leaks in the RPC code.
790: <li>Document how crypt(3) handles blowfish and MD5 passwords.
791: <li>Truncate large uid and gid values in ranlib(1), in the same way as this
792: is handled in ar(1).
793: <li>Fix rpc.rquotad support if the quotas file resides on another filesystem.
794: <li>makewhatis(8) manpage added.
1.142 deraadt 795: <li>Fixed ps(1) LIM and STAT columns.
1.130 deraadt 796: <li>usleep(3) returns int, and add useconds_t type as required by XPG4.2
797: <li>4.4BSD lite2 vfs integration.
798: <li>Support execution sections in syslog.conf.
1.131 deraadt 799: <li>Start named(8) earlier in /etc/rc.
800: <li>add uu_lock(), uu_unlock() and uu_lockerr() to libutil.
801: <li>sendmail 8.8.8
802: <li>double MAX_KMAPENT and MAX_KMAP
803: <li>Fix tty suspend during <strong>sh -c "less file"</strong>.
804: <li>Add more things to afterboot(8).
805: <li>Correct TCP's handling of RST.
1.132 deraadt 806: <li>Fix EXTPROC in pty code.
807: <li>Update getNAME(8) and fix makewhatis(8) to use it more optimally.
808: <li>Some compat_svr4 fixes.
809: <li>Flesh out compat_freebsd a fair bit more.
810: <li>Some minor fixes for the libc/db/btree code.
811: <li>Add getsid(2) system call as mandated by XPG4.2.
1.133 deraadt 812: <li>Make dumpfs(8) report if soft updates are requested by the superblock.
813: <li>Make "expr a : /" work.
814: <li>Support an "object" keyword in config(8).
815: <li>Support -mmin, -amin, and -cmin in find(1).
1.134 deraadt 816: <li>Fix a ONLCR + FLUSHO situation in tty.c
817: <li>Make msync(2) POSIX compliant.
818: <li>Make the if_de driver support more cards.
1.135 deraadt 819: <li>Clear CLOCAL mode in pppd if modem is set but modem_chat is not.
820: <li>Add inetd(8) <strong>-R rate</strong> flag, and crank default rate to 256.
821: <li>Fix a line continuation bug in sed(1).
1.136 deraadt 822: <li>Change various system calls to take void * instead of caddr_t.
823: <li>Range-check the "how" argument for shutdown(2).
824: <li>Make the <strong>-Ss</strong> flag in rpcgen(1) work right.
1.137 deraadt 825: <li>Add <strong>SHUT_RD</strong>, <strong>SHUT_WR</strong>, and
826: <strong>SHUT_RDWR</strong> values for shutdown(2) as
827: specified by XPG4.2.
828: <li>in chat(8), replace Mini Getopt from hell with real getopt().
829: <li>Minor logging feature changes in fingerd(8).
830: <li>Fix some Y2K problems in the nroff tmac macros.
831: <li>Added mode rangecheck in chmod(2) and fchmod(2).
1.139 deraadt 832: <li>Consider only the 0177777 bits of the umask(2) value, as documented.
1.140 gene 833: <li>Implement FIONBIO in ibcs2 emulation code.
1.139 deraadt 834: <li>Make fstat(2) on AF_UNIX socket return proper st_[acm]time field values.
1.194 deraadt 835: <li><font color=#e00000><strong>make readlink(1) terminate it's buffer correctly.
1.239 deraadt 836: <a href=errata22.html#all>This affects CDROM builds so a patch is
1.194 deraadt 837: available for 2.2</a></strong></font>.
1.139 deraadt 838: <li>Clean /var earlier in the /etc/rc script.
839: <li>Fix the internals of open(2) when O_TRUNC and either O_SHLOCK or O_EXLOCK
840: are set. (That was a nasty kernel bug).
1.142 deraadt 841: <li>Fixed bug in 'systat vm' output.
1.141 deraadt 842: <li>Update sudo(8).
843: <li>Import of FreeBSD's ppp(8) program.
844: <li>Fix a memory leak in the kernel process group manipulation code.
845: <li>Some man page cleanups.
1.143 deraadt 846: <li>add <strong>-t</strong> option to disklabel(8).
847: <li>Fix a mget prompting error in ftp(1).
848: <li>Update to ncurses 4.1.
849: <li>Work around stupid linux emulation behaviour involving non-blocking
850: connect(2).
1.144 niklas 851: <li>Massive performance optimization of the ccd device (RAID-like striping
852: disk driver).
1.145 deraadt 853: <li>Fix arp(8) ethernet address parsing for the illegal cases.
854: <li>Fix <strong>-amin</strong> option in find(1).
855: <li>Moving towards KTH kerberos 4-0.9.7.
856: <li>Fix /etc/rc scripts to require IPF if NAT is requested.
857: <li>Add asprintf(3) and vasprintf(3).
858: <li>Add hosts.equiv(3) and .rhosts(3) man page.
1.148 deraadt 859: <li>Import perl 5.004_04.
860: <li>Add some more XPG4.2 *_t types.
861: <li>Fix SunOS emulation of TIOCGPGRP.
862: <li>Newer ncr device driver.
1.194 deraadt 863: <li><font color=#e00000><strong>On the i386, handle the nasty problem with
1.185 deraadt 864: distinguishing SVR4 and Linux binaries.
1.239 deraadt 865: <a href=errata22.html#i386>A patch is available for 2.2</a></strong></font>.
1.149 millert 866: <li>Update to ncurses-4.1-971129
1.151 deraadt 867: <li>Fix a deadlock on cd9660.
868: <li>Fix an overflow in top(1).
869: <li>Prevent ipf/ipnnat configuration changes when securelevel > 1.
870: <li>Fix scsi CDIOCREADSUBCHANNEL.
1.152 deraadt 871: <li>Indicate connect direction for tcp sockets in fstat(1).
872: <li>In linux compat, handle the CDROM ioctl() calls.
1.153 deraadt 873: <li>Flesh out scsi(8) a tiny bit more.
874: <li>Use <strong>cp -R</strong> instead of <strong>cp -r</strong> for local
875: copies in rcp(1).
876: <li>Enhance the performance of pwd_mkdb(8) by expanding the db(3) cache based
877: on input filesize.
878: <li>Add a <strong>kern.nosuidcoredump</strong> sysctl.
879: <li>Fix minor numbers for /dev/ch* in the MAKEDEV scripts.
1.194 deraadt 880: <li><font color=#e00000><strong>A workaround for the Intel P5 F00F lockup problem.
1.239 deraadt 881: <a href=errata22.html#i386>A patch is available for 2.2</a></strong></font>.
1.153 deraadt 882: <li>Fix numerous problems with new KTH kerberos.
883: <li>Fix a problem in -current regarding open() of O_TRUNC and O_SHLOCK.
884: <li>Correct an XPG violation in stdlib.h.
885: <li>Handle the cdrom ejecting ioctl in linux emulation.
886: <li>Handle SIOCGIFHWADDR ioctl in linux emulation.
887: <li>Use recursive vnode locks to solve a page-in panic reported by chuck & chuck.
1.157 deraadt 888: <li>Handle nanosleep() in linux emulation.
889: <li>Handle SIOCGIFMETRIC and SIOCGIFMTU in linux emulation.
890: <li>Handle the controlling tty ioctl in linux emulation.
891: <li>Repair a number of retry operation problems in the wdc driver that mostly
892: affected sleeping laptops.
1.194 deraadt 893: <li><font color=#e00000><strong>Fixed a panic problem in the i386 apm driver.
1.239 deraadt 894: <a href=errata22.html#i386>A patch is available for 2.2</a></strong></font>.
1.157 deraadt 895: <li>Enable new FreeBSD ppp(8) daemon. There are now two ppp daemons in the
896: source tree, they have quite different feature sets.
897: <li>Do not clear the setuid/setgid file mode bits for a call to
898: {,f,l}chmod(-1, -1).
1.194 deraadt 899: <li><font color=#e00000><strong>Due to timing constraints, mac68k X11 binaries did
1.185 deraadt 900: not make it onto the 2.2 CDROM.
1.239 deraadt 901: <a href=errata22.html#mac68k>But it is now available for ftp</a></strong></font>.
1.158 deraadt 902: <li>Addition of Obtuse smtpd(8) and smtpfwd(8) v2.0.
903: <li>In ftpd, default to RFC non-conforming behaviour for the PORT command,
904: but provide a runtime switch for those who like holes.
905: <li>Make route(8) non-setuid.
906: <li>Honour TMPDIR in the locate(8) tools.
1.159 deraadt 907: <li>Update the pkg_* tools a bit.
908: <li>Support IP_HDRINCL in Linux emulation.
909: <li>Fix a kernel bug related to "route change ...".
910: <li>Fix MAKEDEV script regarding /dev/fd/* for some architectures.
911: <li>In numerous programs, avoid fd_set overflows.
912: <li>Fix Linux accept/recvmsg if kernel is compiled with other compat options.
913: <li>Implement fcntl() of F_FREESP in SVR4 emulation. Does this belong
914: in ibcs2 also?
915: <li>Provide workaround for the Cyrix 6x86 COMA bug. (A workaround for 2.2
916: is not available).
1.160 deraadt 917: <li>Change ftp(1) so that tries to use passive mode, and falls back to active
918: mode. Provide environment variables to fall back. This is
919: incredibly cool.
920: <li>Fail better for over-long usernames.
921: <li>Check the values of the ftp PORT command even more carefully.
922: <li>Fix a bug in make(1) regarding SYSV style : substitution on
923: null variables.
1.161 deraadt 924: <li>Support fcntl() GETLK,SETLK,UNLK variants in SunOS emulation.
925: <li>If mountd(8) discovers getfh(2) not supported, it now aborts nicely.
926: <li>The new KTH KerberosIV integration (and security audit) is almost
927: complete.
1.162 deraadt 928: <li>IBCS2 emulation also requires fcntl() F_FREESP support.
929: <li>Handle DST changeovers automatically in cron.
930: <li>lockf() implimentation.
931: <li>Correct exit code of nohup(1).
932: <li>Swap quit and exit commands in fdisk.
1.163 deraadt 933: <li>Add sysctl ddb.panic_ddb; indicates whether to drop into ddb on a panic.
934: <li>Correct an splx botch in the tunnel driver.
935: <li>Fix some gzip buf oflows.
936: <li>Make mmap() return void * instead of caddr_t, and add the MAP_FAILED
937: define required by new standards.
938: <li>Make {f,}chflags(.., -1) return error EINVAL.
939: <li>Make md5(1), rmd160(1), and sha1(1) use getopt().
1.164 deraadt 940: <li>Some slight changes to the PCI device subsystem to make it probe
941: devices nicer (mostly dmesg printing).
942: <li>Some more manpage cleanups.
943: <li>Workaround a problem that happens if a TCP socket is shutdown(2)'d more
944: than once.
945: <li>Some fixes to fdisk(8) and disklabel(8).
946: <li>Add sysctl net.inet.icmp.bmcastecho to block the smurf problem.
1.165 deraadt 947: <li>Make sure it is clear that so_linger is in seconds.
948: <li>New rc.conf(7) manpage.
949: <li>Fix some problems regaring transfer of secure yp maps.
950: <li>Permit extra / terminators in some path-based system calls.
951: <li>Do not permit dumping corefiles over symbolic links. (We have wanted
952: this changed for a long time, but it required Lite2 vfs).
953: <li>Fix a output error in finger(1).
954: <li>Fix a vnode creation race.
955: <li>For scsi tape drives, be silent in the presence of ILI errors.
1.166 provos 956: <li>Support for FAT32 partitions.
1.167 deraadt 957: <li>Support all kinds of keyboards in pcvt, like pccons does.
958: <li>In disklabel(8), make IDE drive type handling more obvious and
959: intuitive.
960: <li>Bring gethostent() back to life, even though it is a bad interface.
961: <li>Merge some slight standardization fixes for *printf(3) from
962: FreeBSD (some unlikely cases get handled better).
963: <li>sudo version 1.5.4.
964: <li>Make pkg_install(1) feed a -p option to tar.
965: <li>In w(1), handle processes that set argv[0] to NULL, by printing p_pcomm.
966: <li>ncurses 4.1-980103
967: <li>Handle unparseable ulimit specifications as an error, not as the value 0.
968: <li>pppd 2.3.3
1.168 deraadt 969: <li>Support <strong>-h host</strong> flag to ypwhich(1).
970: <li>Use new ypwhich(1) flag in ypinit(8) script to get maps from the real
971: master server.
1.169 millert 972: <li>Import of tzcode1998b and tzdata1998b.
1.170 millert 973: <li>Properly ignore whitespace between a conversion and %n in *scanf(3).
974: <li>Groff 1.11a
1.171 deraadt 975: <li>Properly error out if yp_match() or yp_first() is asked to lookup
976: long keys.
977: <li>Start at bus_dma support.
978: <li>Much more complete KerberosIV documentation.
1.172 deraadt 979: <li>Repaired the expansion of the kernel panic string.
980: <li>If tar(1) extracts as root, preserve uid/gid as is traditional.
981: <li>Fix argument handling in expand(1).
982: <li>In termcap databases, map the keyboard backspace key to DEL
983: instead of BS as that is how it really is.
1.173 deraadt 984: <li>Fix select(2) use in sudo(8) so that it can handle large fd_set sizes.
985: <li>More cdrom ioctl's in Linux emulation.
986: <li>Fix a race in mkdir(1).
1.190 dgregor 987: <li>IPF 3.2.3. When you upgrade to this version, you <strong>must</strong>
988: also upgrade the userland utilities (ipf, ipnat, etc.). You also
989: need to get the latest MAKEDEV and run "sh MAKEDEV ipl" in /dev
990: to create new device entries.
1.173 deraadt 991: <li>On binutils platforms, make ldd(1) work on static executables.
992: <li>Add <strong>-a</strong> flag to which(1).
993: <li>Check both old and new shells in rpc.yppasswdd(8).
994: <li>Cleanups in wump(6).
995: <li>Glob extensions for XPG4.
996: <li>Require commands started from in /etc/rc to be executable -- not just
997: readable.
998: <li>In rc.local, bail on starting cfsd(8) if mountd(8) is not running.
999: <li>Self-extending kernel maps in the vm subsystem.
1000: <li>Low-memory bug fix in setenv(3).
1.174 deraadt 1001: <li>Some man page fixes so that <strong>man -k</strong> is happier.
1002: <li>Workaround a race condition in syslogd's handling of SIGHUP.
1003: <li>Teach the kernel about newer PCI device types.
1.194 deraadt 1004: <li><font color=#e00000><strong>Be more careful about sourcerouted packets,
1005: including never forwarding them. This is a security
1.239 deraadt 1006: problem in OpenBSD 2.2, and is <a href=errata22.html#sourceroute>
1.194 deraadt 1007: described and fixed with a patch</a></strong></font>.
1008: <li><font color=#e00000><strong>Two bugs existed in the the 2.2 pmax release which all users
1.176 deraadt 1009: should be aware of.
1.239 deraadt 1010: <a href=errata22.html#pmax>Patches are now available</a></strong></font>.
1.174 deraadt 1011: <li>Fix the __{CTOR,DTOR}_LIST__ declarations in c++rt0.c
1012: <li>Avoid DNS lookup timing effects in ping -R.
1.194 deraadt 1013: <li><font color=#e00000><strong>Buffer overflow fix in the MIPS ld.so. Replacement
1.239 deraadt 1014: binaries for the <a href=errata22.html#pmax>pmax</a> and
1015: <a href=errata22.html#arc>arc</a> platforms are available</strong></font>.
1.174 deraadt 1016: <li>Add strptime(3).
1017: <li>Add scan_ffs(8), a very useful tool for reconstructing disks.
1018: <li>Create two new sysctl options: <strong>ddb.panic</strong> decides
1019: whether the kernel should enter ddb when it panics, and
1020: <strong>ddb.console</strong> controls if it is possible to enter
1021: ddb from the console via a hot-key.
1022: <li>Fix a free page count bug in the vm system.
1023: <li>Add <strong>/etc/sysctl.conf</strong> which specifies sysctl variables
1024: to change at boottime.
1025: <li>Add <strong>FS_CCD</strong> partition type so that the ccd driver can
1026: ensure it has the right components.
1.194 deraadt 1027: <li><font color=#e00000><strong>In the 2.2 release, the sparc scsi driver caused problems
1.185 deraadt 1028: for the Sun 4/300 machines.
1.239 deraadt 1029: <a href=errata22.html#sparc>Patches are now available</a></strong></font>.
1.177 deraadt 1030: <li>Fix /etc/yp/domainname support in ypbind(8).
1031: <li>Fix some bugs in vacation(1).
1032: <li>Emulate that disgusting linux connect() braindamage even better.
1.178 deraadt 1033: <li>smtpd(8) integration spiffied up. Everything you need is now in the
1034: system.
1035: <li>A start at full lint library support.
1.179 deraadt 1036: <li>Fix rarpd(8) to work properly in the presence of massive routing traffic.
1037: <li>New compat_ibcs2(8) manpage.
1.199 deraadt 1038: <li>The web pages now have a new section on <a href=security.html>
1.179 deraadt 1039: security advisories</a>.
1040: <li>Make MIPS ldconfig emulate the <strong>-m</strong> flag better.
1.181 deraadt 1041: <li>Permit restore(8) to work on a filesystem that has a basic blocksize
1042: smaller than the blocksize of the filesystem that was dumped.
1043: <li>New <strong>-a logdev</strong> argument for syslogd(8), useful for
1044: setting up additional /dev/log devices in various chroot spaces.
1045: <li>raise IPPORT_USERRESERVED significantly. Random port numbers will now
1046: look much more random than they did before.
1.194 deraadt 1047: <li><font color=#e00000><strong>Make ruserok() significantly more paranoid when
1.185 deraadt 1048: parsing the .rhosts file. This along with another issue is a
1.239 deraadt 1049: security problem in OpenBSD 2.2, and is <a href=errata22.html#ruserok>
1.194 deraadt 1050: described and fixed with a patch</a></strong></font>.
1.182 deraadt 1051: <li>In compress(1), if the st_flags is 0, do not attempt a chflags(2) call.
1052: <li>Make stty(1) recognize STRIPDISC.
1053: <li>Fix a map corruption bug in ypxfr(8).
1.194 deraadt 1054: <li><font color=#e00000><strong>In the sparc 2.2 release, the SS4/SS5 kernel was not
1.239 deraadt 1055: very reliable. <a href=errata22.html#sparciommu>A simple reliability
1.194 deraadt 1056: patch is now available</a></strong></font>.
1.182 deraadt 1057: <li>Place seperate so_ruid and so_euid fields in struct socket, so that
1058: in_pcb.c can still do it's job, but also so that identd(8) can
1059: be fast and return the proper uid.
1.189 deraadt 1060: <li>If <strong>link0</strong> is set on a loopback interface (ie. lo1) make
1.187 deraadt 1061: the address/netmask sets on it make supernets instead of subnets.
1062: <li>Various fixes to some of the games, ie. rain, worms, wump.
1063: <li>Fixed "%c" in strftime(3).
1064: <li>Support the WINBOND pci ethernet cards.
1.188 deraadt 1065: <li>Make lpd(8) use keepalives so that it can detect dead network printers.
1.194 deraadt 1066: <li><font color=#e00000><strong>The mac68k 2.2 CD release had a few problems.
1.188 deraadt 1067: These problems have been resolved in the FTP release.
1.239 deraadt 1068: <a href=errata22.html#mac68k>For more details...</a></strong></font>
1.188 deraadt 1069: <li>Fix another signal handler bug in mail(1).
1.191 deraadt 1070: <li>New quirk for another Archive VIPER scsi tape drive.
1071: <li>Support <strong>-[width]</strong> option in fmt(1).
1072: <li>Add XPG4 <strong>-r</strong> option to du(1).
1.196 deraadt 1073: <li><a href=ftp://ftp.openbsd.org/pub/OpenBSD/tools/openbsdpower.gif>New
1.191 deraadt 1074: fancy OpenBSD logo for your use</a>.
1075: <li>Change chflags(2) and fchflags(2) to take a u_int for the second
1076: parameter.
1077: <li>Fix two bugs in adduser(8).
1.192 deraadt 1078: <li>Pull in all the NetBSD changes to the old version of gas over the
1079: last year or so.
1.195 deraadt 1080: <li>Remove the ftp(1) `stdout redirection' hack and replace it with a
1.192 deraadt 1081: <strong>-o filename</strong> option (which also understands a
1082: filename of "-" to mean stdout).
1083: <li>On the i386, move XFree86 aperature driver into the kernel. The new
1084: sysctl(8) variable <strong>machdep.allowaperture</strong> decides
1085: if this driver is active or not. (This variable can only be
1086: modified at high securelevel).
1087: <li>Add kerberos kauthd(8).
1088: <li>Rename /etc/nat.rules to /etc/ipnat.rules.
1.194 deraadt 1089: <li><font color=#e00000><strong>Do not permit a read+write mmap() operation on
1090: a read-only file descriptor open on a device. This is a security
1.239 deraadt 1091: problem in OpenBSD 2.2, and is <a href=errata22.html#mmap>
1.194 deraadt 1092: described and fixed with a patch</a></strong></font>.
1.197 deraadt 1093: <li>Make the kernel compile properly (with full warnings) under gcc 2.8.
1094: <li>For OLF/ELF binaries, remember the OS tag in execve(), so that emulation
1095: code can reference it later.
1096: <li>CVS version 1.9.24
1097: <li>Support <strong>-rpath dir</strong>, <strong>-shared</strong>,
1098: <strong>-soname</strong>, <strong>--whole-archive</strong>,
1099: and <strong>--no-whole-archive</strong> in the old ld used on
1100: many of our platforms.
1.198 deraadt 1101: <li>Some more repair in the games.
1102: <li>Do not copy from off the end of an nfs boot mbuf.
1103: <li>Support for the ST16650 32-byte FIFO uart.
1.200 deraadt 1104: <li>Add <strong>-p</strong> option to uname(1), to display detailed
1105: CPU information.
1106: <li>In mail.local(8), document how to use quotas on a mail spool.
1.201 deraadt 1107: <li>Convert the xdr(3) and rpc(3) manpages to mandoc format.
1108: <li>Permit the disabling of skey system-wide.
1109: <li>Do not let a user set their password to "s/key".
1.202 deraadt 1110: <li>Do not permit TCP connections to any of the broadcast addresses.
1111: <li>Clarify crypt(3) manpage as to how many characters each transform
1112: actually considers in its calculation.
1.203 deraadt 1113: <li>In the RPC code, ensure that __svc_fdsetsize is always manipulated as
1114: a bitcount.
1.204 deraadt 1115: <li>Add a clarifying statement to all the Kerberos code that explains how
1116: it came to be that this code was released from the USA's crypto
1117: stranglehold.
1118: <li>Add a command to ddb that reports out the extent tables.
1119: <li><font color=#e00000><strong>The 3rd revision of the patch for the mmap()
1.239 deraadt 1120: security problem is available, and <a href=errata22.html#mmap>has been
1.204 deraadt 1121: placed on top of the 2nd revision</a></strong></font>.
1122: <li>Fix some bugs in the 3c[59]xx device driver.
1123: <li>Make <strong>netstat -r</strong> report better information about
1124: non-standard netmasks.
1.205 deraadt 1125: <li>In libpcap and tcpdump, use our system ethers(5) parsing routines.
1126: <li>Fix a configuration file parsing bug in ipf(8).
1127: <li>In old gas, move to late resolution of symbols because gcc 2.8
1128: will require this.
1.206 deraadt 1129: <li>Add XDM-AUTHORIZATION to X11.
1130: <li>Inside the kernel, change struct file's members f_count and
1131: f_msgcount to longs, and then add checking for overflows as well.
1132: <li>Handle unknown hostnames in mountd(8) better.
1.207 deraadt 1133: <li>Improve blowfish performance by a factor of 2, and hence increase
1134: the rounds by 1 in passwd.conf.
1135: <li>Remove one of the two copies of math.h in the source tree.
1.208 deraadt 1136: <li>Correct behaviour <strong>-x</strong> and <strong>-p</strong> flags
1137: in tar(1) to be traditional.
1138: <li>Make ping(8) work with very large packet sizes on all types
1139: of interfaces.
1140: <li>Upgrade to libg++ 2.8.0
1141: <li>Upgrade to gcc 2.8.0
1142: <li>Fix a few more mktemp(3) problems in f77 libraries, and other assorted
1143: GNU software.
1144: <li>Fix a race bug in mkstemp(3) itself that would make mkstemp(3) have
1145: occasionally fail strangely.
1146: <li>New photurisd(8) that complies with
1147: <strong>draft-simpson-photuris-18.txt</strong>.
1148: <li>Add support for <strong>TIOCM*</strong> family of ioctl(2) values to
1149: the sparc serial driver.
1.209 deraadt 1150: <li>Fix syslog(3) sockaddr initialization.
1151: <li>Spend almost a week finding and fixing minor goobers discovered by
1152: gcc 2.8 throughout the source tree.
1.210 deraadt 1153: <li>Use a p_os field to sub-divide operating system emulation capabilities
1154: (like for SVR4 binaries).
1155: <li>Add another missing ntohl() in ipnat(8).
1156: <li>XFree86 3.3.2 is now in our X11 source tree.
1157: <li>Add many new machine-dependent man4 man pages.
1158: <li>Improve IPSEC performance.
1159: <li>Rename 2.2 to 2.3 tree-wide, for the upcoming release.
1.211 millert 1160: <li>Upgrade to gcc 2.8.1
1.212 deraadt 1161: <li>Significant efforts made at fleshing out the device driver man page
1162: tree better.
1.213 deraadt 1163: <li>Fix passwd(1) so that YP passwords do not get edited in the
1.212 deraadt 1164: local password file.
1.213 deraadt 1165: <li>On the sparc, print hotfix information at the right place in the
1166: dmesg log.
1167: <li>On the sparc, support 128KB lebuffer devices.
1168: <li>Fix KerberosIV password changing.
1169: <li>Change the configuration of man(1) so that man4 is read much later;
1170: this makes it easier to see pages in man8 with similar names.
1171: <li>Add support for <strong>-s section</strong> and <strong>-S subsection</strong>
1172: to man(1).
1173: <li>Add <strong>-s</strong> and <strong>-c</strong> options to last(1).
1.214 deraadt 1174: <li>Fix a crash case in compress(1).
1175: <li>Fix vnd and ccd drivers to work properly with soft updates.
1176: <li>Fix tmpfile(3) to fchown() the file after unlink() (taking umask() into
1177: consideration, too). This is required by standards.
1178: <li>Add support for 82553 and 82555B PHY in the fxp driver.
1179: <li>Add lynx 2.8 to the system.
1.215 deraadt 1180: <li>Configure cc(1) to pass the <strong>-R</strong> flag on to ld(1).
1181: <li>Fix an interaction bug in inetd(8) due to SIGPIPE blocking; caused a
1182: bad effect in rlogind(8) or other inetd(8) children.
1183: <li>Fix mktemp(3) problems in two more YP tools.
1184: <li>CVS version 1.9.26
1185: <li>Fixes to a few more games.
1186: <li>Fully working KerberosIV encryption in telnet(1) and telnetd(8).
1.216 deraadt 1187: <li>Flesh out the man pages and explain the security problems behind
1188: mktemp(3) and other similar functions, plus explain how to
1189: handle these problems better.
1190: <li>Merge Kirk McKusick's <a href=softupdate.html>soft update</a> code.
1191: This code is still experimental and under a non-commercial
1192: license. It will be included in the next release as an optional
1193: compile flag; we cannot ship it enabled by default.
1194: <li>Fix <strong>%m</strong>, <strong>%I</strong>, <strong>%S</strong>,
1195: <strong>%y</strong>, <strong>%C</strong>, and <strong>%j</strong>
1196: conversions in strptime(3).
1197: <li>Fix a NULL deference bug in make(1) when using the <strong>-j</strong>
1198: flag.
1.217 deraadt 1199: <li>In strptime(3), make <strong>%C</strong> influence <strong>%y</strong>
1200: regardless of ordering.
1201: <li>Add options(4). This manpage describes what all the kernel options
1202: do. If you spot an error in it, notify us immediately.
1203: <li>In get*ent() family of routines in libc, use fgetln(3) instead of
1204: fgets(3) so that parsing of overly long lines is more correct.
1.218 deraadt 1205: <li>Fix support for VFS loadable kernel modules.
1206: <li>Make the functions described in ethers(3) more careful.
1.219 deraadt 1207: <li>Add support for <strong>atalk</strong> to ifconfig(8).
1208: <li>Make <strong>%Y</strong> override an earlier <strong>%y</strong> in
1209: strptime(3).
1.220 deraadt 1210: <li>Add support for more PCI NE2000 cards.
1211: <li>In the ksh(1) manpage, clarify the behaviour of the
1212: <strong>CDPATH</strong> variable.
1213: <li>Make <strong>-R path</strong> work a well as <strong>-Rpath</strong>
1214: in cc(1).
1215: <li>In telnet(1), fix connecting to IP addresses; this was recently broken
1216: by the new KTH kerberos telnet integration.
1.221 deraadt 1217: <li>In mktemp(1), document why this should be used for temporary filename
1218: generation.
1219: <li>Add (complete?) support for KerberosIV to our X11R6.
1220: <li>Change <strong>SIOCGIFNETMASK</strong>, <strong>SIOCGIFDSTADDR</strong>,
1221: and <strong>SIOCGIFBRDADDR</strong> to return information for
1222: named/addressed mappings rather than simply named mappings, so that
1223: these calls can work on interface aliases.
1224: <li>Add ISAPNP driver for the 3c509 cards.
1225: <li>On the sparc, switch to an alternate font if the console is <
1226: 800*600 resolution.
1.222 deraadt 1227: <li>Fix ch(4) operation on ncr(4) scsi controllers.
1228: <li>Add UID_MAX and GID_MAX to <machine/limits.h> on each architecture.
1229: <li>Make edquota(8) handle numeric names as uid's only after checking that
1230: an account named so does not exist.
1231: <li>Remove libtelnet.so.* from the distribution. People compiling kerberos
1232: into their system were generating significantly different shared
1233: libraries; thus it is wrong to make this a shared library.
1234: <li>Fix rarpd(8) interaction with routed(8); too much routing information
1235: would pile up un-read on the AF_ROUTE socket and rarpd(8) would
1236: get too grumpy.
1.223 deraadt 1237: <li>Emulate SunOS <strong>otimes(2)</strong> system call so that Netscape
1238: doesn't explode.
1239: <li>Fix rmd160(3) (and also the IPSEC algorithm) to properly handle data beyond
1240: it's block boundary.
1241: <li>Support QLogic PCI scsi controllers (at least on the i386).
1.224 deraadt 1242: <li>Import <strong>xpm</strong> into our X11 source tree.
1243: <li>Add httpd(8) to the OpenBSD tree. It is apache 1.2.6.
1244: <li>Add a <strong>SIOCGIFDATA</strong> ifreq-style ioctl which will get
1245: the ifdata informational structure attached to each interface.
1.225 deraadt 1246: <li>Import <strong>kx</strong> into our X11 source tree.
1247: <li>In utimes(2) and futimes(2), handle <strong>tv_sec</strong> values of -1
1248: more carefully, as they are really illegal cases.
1249: <li>In ftp(1), for HTTP requests pass the hostname so that virtual hosts
1250: work.
1.226 deraadt 1251: <li>In login(1), handle cleanup of environment variables correctly.
1252: <li>Add AFS token fetching capability to various parts of the source tree.
1253: <li>Fix <strong>ru_majflt</strong> counting in the VM system.
1254: <li>Add xlockmore(1) to the X11 tree.
1.227 millert 1255: <li>Add disklabel spoofing to the hp300 port.
1.228 deraadt 1256: <li>Significantly improve the system install scripts.
1257: <li>Switch a.out ports in the tree (sparc, m68k, i386) to use the
1258: newer version of gdb that is part of the binutils tree.
1.229 deraadt 1259: <li>Fixes for various (minor) Y2K problems.
1.230 deraadt 1260: <li>In the <strong>le</strong> ethernet driver, if the detected ethernet
1261: address is ff:ff:ff:ff:ff ... fail.
1262: <li>Fix DNS fake-iquery bug.
1263: <li>Do not prepend /usr/local/bin to the PATH in zdiff(1), zforce(1), zgrep(1),
1264: zmore(1), znew(1), or rcsfreeze(1).
1265: <li>sudo version 1.5.5
1266: <li>In tar(1), only preserve the uid/gid if the <strong>-p</strong> flag is
1267: given.
1268: <li>Fix bug oflow in ping(8) <strong>-R</strong> option.
1269: <li>Remove KTH Kerberos "eavesdropping" message from telnet(1) and telnetd(8).
1.231 deraadt 1270: <li>Modify i386 PS/2 driver to be read/write; this permits new XFree86 source
1271: to put mice into advanced modes of operation.
1.232 deraadt 1272: <li>Support 3c905B.
1273: <li>Fix backtraces in gdb on m68k platforms.
1274: <li>Disable console ddb by default. sysctl can re-enable it.
1275: <li>mkisofs 1.11.2
1.233 deraadt 1276: <li>Add support for the XR16850 serial chip (128 byte fifos).
1.234 deraadt 1277: <li>Fix a race condition in unmount(2).
1278: <li>Repair the pkg_add(1) sufficiently for the 2.3 release...
1279: <li>Fix 'u'ndo support in disklabel(8)'s <strong>-E</strong> mode, and
1280: also add a new 'r' command.
1281: <li>Configure xdm(8) and the fwvm window manager sensibly enough for
1282: default users to not feel utterly lost.
1.235 deraadt 1283: <li>Fix ipsec encap notifies.
1284: <li>When root logs in for the first time, let him find that he has an
1285: interesting piece of mail about how the system works.
1286: <li>Make install procedure prompt & set the initial root password.
1287: <li>For the i386, have the install procedure ask if the xf86 driver should
1288: be enabled by default.
1289: <li>Make disklabel(8) mentions IDE (which is an alias for ESDI).
1290: <li>Fix /etc/fbtab handling in init(8).
1291: <li>Various other install script fixes.
1292: <li>In mktemp(3), repair a bug in the filename incrementing loop.
1.236 deraadt 1293: <li>In disklabel(8)'s <strong>-E</strong> mode, set the bootblock sizes
1294: so that the hp300 install does not freak out.
1295: <li>Fix installboot(8) on the sparc Sun4 models.
1296: <li>Support lots of file descriptors in named(8), for when many virtual
1297: interfaces exist.
1298: <li>On the i386, fix installboot(8) so it works reliably on various filesystem
1299: layouts that did not work before.
1.238 deraadt 1300: <li><font color=#e00000><strong>A security problem due to a buffer overflow
1301: exists in uucpd(8) (which is not enabled by default in our releases).
1.239 deraadt 1302: <a href=errata22.html#uucpd>A patch exists</a></strong></font>.
1.238 deraadt 1303: <li><font color=#e00000><strong>A security problem due to buffer mismanagement
1304: exists in lprm(1).
1.239 deraadt 1305: <a href=errata22.html#rmjob>A patch exists</a></strong></font>.
1.125 deraadt 1306: </ul>
1307:
1.253 deraadt 1308: <a name=23></a>
1.17 deraadt 1309: <p>
1.203 deraadt 1310: <h3><font color=#0000e0>OpenBSD 2.3 will be released in June 1998</font></h3>
1.17 deraadt 1311: <p>
1.14 deraadt 1312:
1.239 deraadt 1313: <p>
1314: <h3><font color=#0000e0>Work begins on what will become 2.4 or 3.0....</font></h3>
1315: <p>
1316:
1.241 deraadt 1317: <ul>
1.242 deraadt 1318: <li>Ignore SIGPIPE in reboot(8).
1319: <li>Do not do gethostbyname(3) on "*" in pppd(8).
1320: <li>Set <strong>d_bbsize</strong> and <strong>d_sbsize</strong> to defaults
1321: in the disk drivers.
1322: <li>Make last(1) report on the year.
1323: <li>Improve numerous manpages.
1324: <li>Change tset(1) and /root/.cshrc behaviour so that ^C at the prompt does
1325: not result in noglob remaining set.
1326: <li>Add <strong>dev</strong> command to cdio(1) so that user can change
1327: device.
1328: <li>Use mkdtemp(3) in pkg_add(8) and friends.
1329: <li>Fix relative tags in vi(1).
1330: <li>Fix gcc on the m68k to correctly invalidate cached condition codes when
1331: only a-registers are involved.
1332: <li>Add <strong>/var/run/rarpd.pid</strong> and syslogging support to
1333: rarpd(8).
1334: <li>Handle truncated reads in dumpfs(8).
1.243 deraadt 1335: <li>Let fdisk(8) and disklabel(8) compile if NOMAN= is defined.
1336: <li>Change 3rd parameter to be size_t as required by XPG.
1337: <li>Make strptime(3) handling of month and weekday names case insensitive.
1338: <li>Fix the i386 versions of libm's scalb*() functions.
1.244 millert 1339: <li>Run rc.shutdown even if -h or -r was not specified.
1340: <li>Completely rewritten fmt(1) with more features.
1.245 deraadt 1341: <li>Make hp300 use new m68k kcore format.
1342: <li>Fix a very strange bug in backgammon by using -ltermlib instead of -ltermcap.
1343: <li>64 bit cleanups to the uucp subsystem.
1344: <li>Correct utimes(2) emulation in Linux compat.
1345: <li>Make ps(1) look at the kernel physmem variable instead of the far uglier
1346: thing it did before this change.
1.248 gene 1347: <li>Delete old gdb; we use modern binutils everywhere now.
1.246 deraadt 1348: <li>Fix a coredumping problem in oldrdist(1).
1349: <li>Change ld(1) to accept the first matching shared library it finds.
1350: <li>Teach dump(8) that ENOSPC on remote or local media means end of tape.
1351: <li>Merge OSS-like audio code into i386, sparc, amiga, and other architectures.
1352: <li>Add audioctl(1) and mixerctl(1).
1353: <li>Permit socketpair(2) to accept <strong>PF_LOCAL</strong>.
1.247 deraadt 1354: <li>In oldrdist(8), avoid attempting to create hardlinks between devices.
1.249 deraadt 1355: <li>talk(1) cannot distinguish the host a reply comes from. If it is
1356: suspicious, it now prints that hostname in the connection banner.
1357: <li>Fix a bug in h2ph(1).
1.250 deraadt 1358: <li>For 3c9xx drivers, fix a bug where bpf attach caused a change to 10Mb mode.
1359: <li>Make ctype macros dealing with unsigned characters properly index into
1360: their respective tables.
1361: <li>Make 'y' command in sed(1) 8-bit clean.
1362: <li>Fix iommu flushing on the sparc Microsparc-1 based machines.
1363: <li>Our c++ compiler is called c++, not g++.
1.251 deraadt 1364: <li>Use inet_ntoa() in a diagnostic in rwhod(8).
1365: <li>Fix a timeout bug in ping(8). (What a troublesome program it is...)
1366: <li>Fix ZIP drive use on the hp300.
1367: <li>msdosfs in FAT32 mode would hang during a write.
1368: <li>Permit relative adjustments in mixerctl(1) using +/- prefixes.
1.252 deraadt 1369: <li><font color=#e00000><strong>xterm(1) and libXaw contain security issues
1370: due to buffer mismanagement.
1.257 deraadt 1371: <a href=errata.html#xterm-xaw>A patch exists which solves the problem</a>.
1372: <a href=errata22.html#xterm-xaw>(A similar patch which solves the
1373: problem for OpenBSD 2.2 also exists)</a></strong></font>.
1.251 deraadt 1374: <li>In mail(1), do not attempt to remove a mail spool since directory write
1375: permission may not exist. Instead, simply truncate it.
1.253 deraadt 1376: <li>Add libossaudio(3) to the source tree.
1377: <li>In the hp300 port, use actual code to determine how fast the 68040 cpu
1378: is running.
1379: <li>Fix a select(3) bug in syslogd(8).
1380: <li><font color=#e00000><strong>A security issue exists in 2.2 and 2.3. A
1381: lacking test for invalid padding length in IPSEC packets can cause
1382: a remote attack possibility if IPSEC is in use.
1.254 deraadt 1383: <a href=errata.html#ipsec>A patch exists which solves the problem</a>.
1.257 deraadt 1384: <a href=errata22.html#ipsec>(A similar patch exists for OpenBSD
1385: 2.2)</a></strong></font>.
1.256 deraadt 1386: <li>Add information about more deviant scsi devices.
1387: <li>Fix at least one remotely activated buffer overflow in lynx(1).
1388: <li>Enable <strong>#pragma pack</strong> and <strong>#pragma weak</strong>
1389: support in gcc.
1390: <li>Fix a number of disklabel issues in the hp300 and pmax ports.
1391: <li>Fix localtime(3) support inside perl(1).
1.258 deraadt 1392: <li>pppd 2.3.5
1.259 deraadt 1393: <li>Make the AD1848 and Yamaha OPL3-SA3 sound drivers work.
1394: <li>Correct handling of escaped % correctly in crontab lines.
1.260 deraadt 1395: <li>Support 16 partitions in the pmax port.
1396: <li>Fix i386 copyoutstr().
1397: <li>Fix some bad uses of sscanf problems in the source tree.
1398: <li>Fix short read() and write() operation in the RFC1413 handling code in
1399: httpd(1).
1400: <li>Fix 'z' command in mail(1).
1.261 deraadt 1401: <li><strong>const</strong> the parameters to a few more system calls.
1402: <li>Make config(8) store the first free unit number in its tables so that
1403: pcmcia device re-insertion can come back to the same unit number.
1404: <li>Fix a file parsing overflow in kdb_util(8).
1405: <li>Niklas is taking a shot at making our cross compiler toolset sufficient
1406: for a full cross compile of the vax port.
1.262 deraadt 1407: <li><font color=#e00000><strong>A possible new security problem exists if
1408: you rely on securelevels and immutable or append-only files or
1409: character devices. The fix does not permit mmap'ing of immutable
1410: or append-only files which are otherwise writeable, as the VM
1411: system will bypass the meaning of the file flags when writes
1412: happen to the file.
1.261 deraadt 1413: <a href=errata.html#immutable>A patch exists which solves the
1414: problem</a></strong></font>.
1415: <li>Make size(1) work on files created via <strong>ld -Z</strong>.
1416: <li>Disable dynamic loading in the mips version of perl(1).
1417: <li>Make perl(1) support calls to lockf(3) now that we have it.
1.263 deraadt 1418: <li>Emulate <strong>umask</strong> and <strong>exit</strong> script
1419: commands inside make(1) directly, to get closer to the expected
1420: behaviour. Later on we may want to emulate more commands, like
1421: gnumake does...
1.264 deraadt 1422: <li>Improve documentation about how to properly enable YP client databases.
1423: <li>Make the csh(1) command <strong>kill</strong> more standards compliant.
1424: <li>As described a few lines above, support even more commands in make(1).
1.265 deraadt 1425: <li>Add a man page for ndbm(3).
1426: <li>Remove some more incorrect uses of long in kerberos code.
1427: <li>Fix i386 divide overflows traps which were possible in the NTP code.
1428: <li>Fix less <strong>-d</strong> option.
1429: <li>Improve XR16C850 support.
1430: <li>Fix a bunch of scanf related buffer overflows.
1431: <li>Compile the system with <strong>-O2</strong> instead of <strong>-O</strong>.
1432: <li>Start cron at the end of /etc/rc to avoid some security issues.
1.266 deraadt 1433: <li>Correct 64 bit timeval storage in ping(8) packets; also put the time in
1434: network byte order.
1435: <li>In mount_nfs(8), contact the portmapper about the correct protocol (tcp or udp).
1436: <li>Fix buffer overflows in getNAME(1).
1437: <li>Fix acct(2) to work with append-only files.
1438: <li>Fix a memory trashing bug in the IPSEC SPI chain delete function.
1439: <li>Fix a free() related bug in csh(1).
1440: <li><font color=#e00000><strong>Constrain how kill(2) operates against target
1441: processes that are running setuid. The previous unrestricted
1442: behaviour may have had security consequences.
1.267 deraadt 1443: <a href=errata.html#kill>The 2nd revision of a patch which solves the
1444: problem is available</a></strong></font>.
1.266 deraadt 1445: <li>In gdb, do not use 4.3 compatibility tty ioctl() calls.
1.268 deraadt 1446: <li>New distribution install notes that use m4 instead of cpp for formatting.
1447: <li>Install gdb(1) info pages.
1448: <li>Fix numerous source tree uses of readlink() with an incorrect length
1449: parameter.
1450: <li>Fix numerous uses of MAXHOSTNAMELEN+1 instead of MAXHOSTNAMELEN, and also
1451: do the same for other similar cpp variables.
1452: <li>Add the required setsockopt(2) interface for IPSEC, update photurisd(8)
1453: to accept notify messages from the kernel.
1454: <li>Fix two cases of incorrect timeout handling in the RPC library.
1.269 ! deraadt 1455: <li>Install sendmail configuration goo in /usr/share/sendmail.
! 1456: <li>Add sparc magma serial device driver.
1.241 deraadt 1457: </ul>
1458:
1.253 deraadt 1459: <a name=end></a>
1.203 deraadt 1460:
1.95 deraadt 1461: This list mentions mostly platform-independent changes. For a list of changes
1462: made in a particular platform, please check the page for that platform. If you
1463: find them not listed there, the changes are either (1) not being documented or
1464: (2) are documented here.<br><br>
1.14 deraadt 1465:
1466: <hr>
1467: <a href="index.html"><img src=back.gif border=0 alt=OpenBSD></a>
1468: <a href=mailto:www@openbsd.org>www@openbsd.org</a>
1.269 ! deraadt 1469: <br><small>$OpenBSD: plus.html,v 1.268 1998/05/19 07:10:33 deraadt Exp $</small>
1.14 deraadt 1470:
1471: </body>
1472: </html>