Annotation of www/plus.html, Revision 1.71
1.14 deraadt 1: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML Strict//EN">
2: <html>
3: <head>
4: <title>OpenBSD changes</title>
5: <link rev=made href=mailto:www@openbsd.org>
6: <meta name="resource-type" content="document">
7: <meta name="description" content="the main OpenBSD page">
8: <meta name="keywords" content="openbsd,main">
9: <meta name="distribution" content="global">
1.59 deraadt 10: <meta name="copyright" content="This document copyright 1996 by OpenBSD.">
1.14 deraadt 11: </head>
12:
1.64 downsj 13: <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E">
1.14 deraadt 14:
1.64 downsj 15: <img alt="[OpenBSD]" SRC="images/smalltitle.gif">
16:
17: <p>
1.14 deraadt 18: <h3>Changes Relative to other *BSD's.</h3>
19:
20: <p>
1.29 deraadt 21: The OpenBSD project was spawned from NetBSD (ie. a member of the
1.71 ! denny 22: 4.4BSD family) and is developed separately. As well as developments
1.29 deraadt 23: by our development group, good changes from the other free operating
24: systems are evaluated and merged into OpenBSD (of course, depending on
25: various factors like developer time for example.) OpenBSD tracks bug
26: reports and source tree changes from the NetBSD and FreeBSD projects
27: fairly closely. Even pieces of code from the Linux projects have been
28: used.
1.14 deraadt 29:
30: <p>
1.29 deraadt 31: In the early days of OpenBSD, it was possible to be able to say
32: "OpenBSD is NetBSD <b>PLUS MORE STUFF</b>" Now, after substantial
1.30 deraadt 33: work OpenBSD is very much is it's own thing. Too much stuff has been
1.29 deraadt 34: added and fixed. OpenBSD is OpenBSD.
35:
36: <p>
37: This is a partial list of the major machine independent changes
38: (ie. these are the changes people ask about most often). Port
39: specific changes have also been made, and are sometimes mentioned
40: in the pages for the specific <a href=plat.html>ports</a> if you
41: are interested in for further port-specific details. Many ports
42: have had architecture-specific enhancements relative to NetBSD,
43: but when they do not they certainly have plenty of platform-independent
44: changes, starting with those listed below..
1.14 deraadt 45:
1.17 deraadt 46: <p>
47: <h3>Life for the OpenBSD project begins...</h3>
48: <p>
1.14 deraadt 49: <ul>
50: <li>Many many NetBSD PR's fixed (which NetBSD has not yet fixed)
51: <li>New curses library, including libform, libpanel and libmenu.
52: <li>a termlib library which understands termcap.db, needed for new curses.
53: <li>The FreeBSD ports subsystem was integrated and is usable by you!
1.35 kstailey 54: <li>ipfilter for filtering dangerous packets and Network Address Translation
55: for IP masquerading.
1.14 deraadt 56: <li>better ELF support
57: <li>nlist() that understands ELF, ECOFF, and a.out, allowing non-a.out ports
58: to use kvm utilies
59: <li>Verbatim integration of the GNU tools (using a wrapper Makefile)
60: <li>All the pieces needed for cross compilation are in the source tree.
61: <li>Some LKM support in the tree.
62: <li>ATAPI support (should work on all ISA busses)
63: <li>new scsi, md5, pkg_* commands
64: <li>Numerous security related fixes
65: <li>Kerberos and other crypto in the source tree that is exportable
66: <li>Solid YP master, server, and client capabilities.
67: <li>/dev/*random -- a device driver providing some kinds of random data
68: <li>In-kernel update(8) with an adaptive algorithm
69: <li>Some ddb improvements and extensions
70: <li>Numerous scsi fixes
71: <li>ncheck utility for ffs
72: <li>/sbin/init now deals with non-existant ttys, no longer spins gettys madly.
73: <li>new system calls: rfork(), minherit(), poll().
74: <li>select() that can handle any amount of file descriptors.
75: <li>kernfs extensions
76: <li>ATM support (support for one company's sparc & i386 cards available)
77: <li>Boot kernels with "-c" to edit/enable/disable device configuration tables
78: <li>pax as tar, gnutar is toast
79: <li>using AT&T awk, gawk is toast
80: <li>Even more security fixes.
81: <li>Accepts FreeBSD MD5 passwords in password maps, soon will be able to
82: generate them too
83: <li>Linux ext2fs and BSD4.4 LFS support being worked on.
84: <li>Working ATAPI audio support for multiple architectures.
85: <li>terminfo database support.
86: <li>Fortran in the tree.
87: <li>The most secure rdist support anywhere.
88: <li>randomized port allocation in bind(), bindresvport(), and rresvport() --
89: security via unpredictability.
90: <li>Protection from the udp spamming and ftp bounce attacks.
91: <li>Significantly improved ftp daemon.
92: <li>Numerous more security policy and implimentation improvements (OpenBSD
93: defaults to installing in a very secure mode)
94: <li>zlib (non-GPL'd gzip-compatible library)
95: <li>Newest version of pppd.
96: <li>_POSIX_SAVED_IDS behaviour with permitted BSD extensions.
97: <li>Fixed long-standing vm swap-leak.
98: <li>FreeBSD malloc() that uses mmap() and is able to free unused memory.
99: <li>Numerous FreeBSD userland fixes and improvements incorporated.
100: <li>new rdisc Router Discovery daemon
101: <li>generic protection against the bind() takeover problem.
102: <li>at -f security fix.
103: <li>20 or so more security fixes
104: <li>install now supports -C, -p, and -S flags.
105: <li>a real adduser program, which can even be used uninteractively.
106: <li>POSIX & C2 requirement; lose setuid/setgid bits if owner/group changed
107: by chown(). This can be turned off with sysctl.
108: <li>partial protection against tcp SYN attacks.
109: <li>added /etc/fbtab support to login & init.
110: <li>RCS version 5.7
111: <li>much newer join command (4.4lite2 with other fixes)
112: <li>scsi subsystem security fix
113: <li>Kerberos is much more silent if not configured
114: <li>arc4-based random support in kernel
115: <li>ncr53cXXX scsi scripts assembler
116: <li>Numerous ftpd improvements and fixes, including multihomed and skey support.
117: <li>`lsof'-style features in fstat.
118: <li>rudimentary support for ISA Plug-and-Play cards
119: <li>Fixed timeout support in RPC library, and also fixed it to support more
120: than FD_SETSIZE file descriptors.
121: <li>improved locate command
122: <li>a good start at NETIPX support
123: <li>vim version 4.5
124: <li>gcc 2.7.2.1 (to get closer to native alpha support ar gcc
125: bugs).
126: <li>latest version of perl, and a lndir command.
127: <li>Even more security fixes.
128: <li>cdio command for using CD audio.
1.40 gvf 129: <li>Kernel warns if /dev/console does not exist; nice warning for booting with
130: an unpopulated /dev directory.
1.41 deraadt 131: <li>libgnumalloc is gone; our malloc() is better.
1.14 deraadt 132: <li>FreeBSD pipe() system call; quite a bit faster.
133: <li>Some serial driver support for /dev/cuaXX devices to support transparent
134: out+dial
1.40 gvf 135: <li>DDB can now access symbol tables from LKM modules
1.14 deraadt 136: <li>Say goodbye to dump, restore, and mt security holes: They are no longer
137: setuid.
138: <li>*Hobbit*'s netcat utility. The crackers use it, so should you.
139: <li>New routed from SGI.
140: <li>Complete in-tree development for MIPS/Alpha systems (ie. binutils).
141: <li>ftp command modified for easily scripted ftp & http downloads.
142: <li>And of course... more security related bugfixes... (ie. dump,
143: restore, mt).
144: <li>vim is replacing nvi, since nvi does not have a pure BSD license, and vim
145: also works better.
146: <li>16 partitions working on sparc and i386 (yipee!)
147: <li>Nice sample files in /etc
148: <li>sendmail gecos hole fixed (in a number of ways; other programs in the
149: source tree were also vulnerable.)
150: <li>secure multicast tools against possible security problems.
151: <li>latest GNU groff, incorporated in a clean wrapperized form.
152: <li>mopd for networking booting Digital machines
153: <li>less version 2.90
154: <li>deal with the SYN bomb problem (denial of service attack) as well known.
155: <li>Another kerberos security fix.
156: <li>Almost a hundred more security fixes, including /tmp races because of strncpy.
157: <li>Compile time option to compile the source tree almost completely dynamic.
158: <li>A 7% reduction in size of static binaries.
159: <li>FreeBSD's adduser(8) command. Also an rmuser(8) command.
160: <li>We have completed security reviews of almost all userland programs and
161: libraries except for the gnu stuff (where, based on preliminary
162: inspection there is poor handling of temp files).
163: <li>Working Linux ext2fs.
164: <li>Added sudo (which is maintained by one of our developers)
165: <li>CTM is now a supported way of obtaining OpenBSD source code.
1.17 deraadt 166: </ul>
167: <p>
168: <h3>OpenBSD 2.0 released.</h3>
169: <p>
1.15 deraadt 170: <ul>
1.14 deraadt 171: <li>The NIST Posix test suite became free. As a result we have been correcting
172: numerous problems in the source tree, and expect to be completely
173: POSIX compliant very soon.
174: <li>upgrade to CVS version 1.9.
175: <li>A number of security fixes to the way coredumping works.
176: <li>The /dev/*random devices are now default on all architectures.
177: <li>Add stack tracebacks to Arc port's kernel debugger.
178: <li>Skey revamped into full OTP (RFC1938) support, including sha1 and
179: md5 support.
180: <li>GPL i387 emulator added.
181: <li>Crank kvm space on the i386 port, also limit buffer cache useage
182: so that 512MB machines may work (untested :-)
183: <li>Numerous fixes to the lpr suite, including security.
184: <li>More ftpd raging paranoia security fixes.
185: <li>The NIST suite showed numerous errors in libraries and the kernel.
186: Only a few small errors remain now, mostly regarding serial
187: ports.
188: <li>In numerous utilities: prefer $LOGNAME, but also accept $USER.
189: <li>OLF binary type added. This is like ELF, but includes an OS-dependent
190: tag. elf2olf(1) converts an elf binary to a tagged OLF binary which
191: the kernel can recognize correctly.
192: <li>Beware $HOME overflows throughout the source tree.
193: <li>Integration of the pmax port.
194: <li>Import of ctm.
195: <li>Various repairs to the scsi scanner support.
196: <li>Numerous more difficult-to-exploit-but-possible-if-someone-really-wanted-to
197: buffer overflows found in system utilities..
198: <li>Memory leak paranoia in cron.
199: <li>Make login get more consistantly upset about failed logins, and tell user
200: about these failures at the next successfull login.
201: <li>pdksh version is now 5.2.11
202: <li>New bsd.*.mk feature: DEBUG=-g. Try it, you'll like it.
203: <li>The Arc port family has a new member: The rPC44 works!
204: <li>lpt driver is now bus-independent.
205: <li>com driver is now bus-independent.
206: <li>Numerous small security fixes again...
207: <li>Use pdksh as our /bin/sh. This provides excellent POSIX compliance.
208: <li>Prevent generic users from mounting filesystems by default.
209: <li>Added -C option to pax/tar. Also made -z support compressed files too.
210: <li>Increased compatibility in the pccons driver with BSDi features.
211: <li>Imported FreeBSD's calendar.
212: <li>GNU gdb works on the mips-based platforms.
213: <li>Add FreeBSD md5 diffs to mtree(8). This can be used to implement a
214: tripwire-like system.
215: <li>Some YP and bootparamd security changes.
216: <li>Hundreds of little fixes all over the place.
217: <li>Multiple updates for GNU software
218: <li>Add disklabels to the floppy device drivers.
219: <li>At boottime, have (*mountroot)() look at the root device's disklabel
220: to determine which filesystem type is to be mounted.
221: <li>If disklabel reading code discovers an ISOFS filesystem underlying,
222: spoof a nice disklabel (enough to fool mountroot).
223: <li>tcpdump 3.3
224: <li>Fix information gathering attack in ping(8).
225: <li>Add NetBSD's "route show" implementation, and at the samet time fix
226: the new buffer overflows that this provided.
227: <li>Fix a few setgroups() related security holes.
228: <li>sendmail 8.8.4
229: <li>texinfo 3.9
230: <li>f77 0.5.19
231: <li>Repair some more KerberosIV buffer overflows. Hard to believe this is
232: supposed to be security software.
233: <li>Add XCASE/IUCLC/OLCUC/OCRNL/ONOCR/ONLRET tty subsystem flags for
234: backwards compatibility.
235: <li>Permit NFS attribute cache to be configured on a per-mount basis.
236: <li>Properly split fsck, mount, and newfs into multiple pieces. Use
237: disklabel information if it is available.
238: <li>Add disklabels to the vnd device driver.
239: <li>Change the games to be run setgid games, not setuid games. This closes
240: a whole slew of fascinating security holes.
241: <li>Import of the powerpc port.
242: <li>Properly use _POSIX_SAVED_IDS throughout the source tree.
243: <li>Permit building of kernels without a.out support.
244: <li>ppp 2.3b3
245: <li>libcrypt goes away. We do not need this stub library anymore. Do not link
246: against it on OpenBSD, all the pieces you need are in libc.
1.18 deraadt 247: <li>new aucat command.
248: <li>Fix a fairly nasty security hole in all of the games.
1.20 downsj 249: <li>Support for the <a href="hp300.html">hp300</a> added.
250: <li>Upgrade of awk(1), integration of BSD tsort(1), getopt fixes.
251: <li>Sendmail upgraded to version 8.8.5.
1.21 downsj 252: <li>Added lchown(2) for compatibility with SVR4 implementations.
1.23 deraadt 253: <li>New gnu cpio 2.4.2
254: <li>Support lchown(2) in dump(8), cp(1), pax(1), cpio(1), chown(8), and
255: restore(8).
256: <li>No buffer lengths in fmt(1).
257: <li>various adjtime() corrections inside the kernel.
258: <li>Prevent stat() from disclosing inode generation numbers to non-root userland.
259: <li>pax in tar mode will understand multiple -v options to generate ls-like output.
260: <li>Repair many uses of the SIOCGIFCONF code for machines with an outrageous
261: number of network interfaces.
1.22 deraadt 262: <li>More kerberosIV security patches.
263: <li>A working fsirand.
1.56 deraadt 264: <li>Completely in-tree <a href="powerpc.html">PowerPC</a> port for non-Apple
1.28 deraadt 265: hardware. This port requires nothing outside the in-tree development
266: environment to build (except mkisofs for building distributions).
267: <li>Some ypbind(8) tightening up, includes a method to specify a list of
268: valid servers
1.25 niklas 269: <li>Bug fixed that prevented bufpages/nbuf > 1 setups. This allows large
270: buffer caches even when available kvm space is low, like for i386
271: & sparc.
1.26 deraadt 272: <li>Changed netinet IP_HDRINCL option to require ip_len and ip_off in network
273: byte order. This is a compatibility/portability fix and we expect
274: other BSD systems to eventually follow suit.
275: <li>amd (the automounter) is now 64-bit and working on the alpha.
276: <li>The <a href="alpha.html">Alpha</a> port and all it's utilities now compiles
277: using in-tree versions of all tools. Yipee!
1.34 deraadt 278: <li>A SA_SIGINFO implementation for sigaction() and signal handlers. This is a
279: small part of POSIX 1003.1b and permits the signal handler to figure
280: out the exact cause of a signal; such as fault address information
281: for SIGSEGV or more detailed information for SIGFPE.
1.31 downsj 282: <li>config.old(8) has been removed from the tree, as the <a href="hp300.html">
283: hp300</a> port switches to config(8).
1.32 deraadt 284: <li>/sbin/dump -a saves you from needing to deal with finicky tape length
285: options (from FreeBSD)
1.34 deraadt 286: <li>Added RFC-1812 ICMP unreachable codes to ip_icmp.h, traceroute, and ping.
1.36 deraadt 287: <li>Be more careful if some fool decides to enable source routing ;-)
288: <li>Support for gzip'd kernels in some bootblocks.
289: <li>New wgrisc port for Willowglen embedded r3081-based machine with ISA slots.
290: <li>Add cdev and partition support to the ramdisk driver.
291: <li>Merge new ftp(1) changes from NetBSD.
1.37 deraadt 292: <li>Change mktemp(3) and family to generate more random filenames, yet still
293: as collision free as possible.
294: <li>Have libc/rpc save you from yourself if you do enable source routing.
1.38 downsj 295: <li>The <a href="hp300.html">hp300</a> joins many other ports in supporting
296: 16 disk partitions.
1.55 kstailey 297: <li>IPF 3.1.7 which includes fully working NAT support (ie. IP masquerading).
1.39 deraadt 298: <li>Use lots more XXXX characters in calls to the few remaining mktemp() calls
299: in the source tree. This cuts out a whole class of races.
300: <li>Improved NFS filehandle creation.
1.42 deraadt 301: <li>Make dd(1) work fine with our 64-bit off_t types, now you can copy very
302: large disks using it.
303: <li>add RPC service name generation to netstat -a
1.43 deraadt 304: <li>Fix pax & tar to be POSIX compliant.
1.42 deraadt 305: <li>Fix a few netinet kernel crash problems.
306: <li>Fix so that stack limits which are not a multiple of the pagesize work.
307: <li>fix some more memory and file descriptor leaks in libc/rpc
1.43 deraadt 308: <li>New scalable BLOWFISH-based crypt algorithm for passwd file entries. It
309: uses a very large strong-random `salt' and the number of rotor
310: runs is configurable. Hence if you have faster machines you can
311: slow the crypt routine down and make harder keys.
312: <li>Add support for /etc/passwd.conf which controls the format and strength
313: of passwd entries for the next time a user changes their password.
314: These options can be set per-user.
1.44 deraadt 315: <li>Working kadmind for kerberosIV.
316: <li>IPSEC package from John Ioannidis and Angelos D. Keromytis.
317: <li>cvs 1.9.2
318: <li>Fix weak symbol support in ld.
319: <li>libg++ pulls in libcurses automatically.
320: <li>Replace which(1) with a C program.
1.45 millert 321: <li>newfs(8) now has an inline fsirand(8) with no noticable speed decrease.
322: <li>settimeofday(2) won't roll back the date if securelevel > 0 (from lite2).
1.46 kstailey 323: <li>deroff(1) 1.0 from Debian (a Linux).
1.47 downsj 324: <li>BIND 4.9.5-P1.
1.48 deraadt 325: <li>Add support for FreeBSD md5 to /etc/passwd.conf.
326: <li>Import of the mvme88k kernel port.
327: <li>Import of libwrap and tcpd (tcp wrappers).
328: <li>Numerous improvements to pax, including full support for cpio and
329: a lot of fixes to tar mode.
330: <li>Let fsck and fsirand automatically work on very large filesystems.
331: <li>Various fixes to the fsck tools.
332: <li>ipsecadm as an initial cut at controlling IPSEC sessions.
333: <li>Fix pcmcia on the i386.
334: <li>Merged changes from at 2.9 into our own at.
335: <li>pccon(1) to control the pccons driver.
336: <li>Bye bye tahoe bits.
337: <li>noaccesstime option for filesystems (saves batteries on laptops)
338: <li>Substantial changes and fixes to the scsi scanner support.
339: <li>Support for "secure" YP password maps.
340: <li>Various atm fixes.
341: <li>The NE2000 if_ed driver now works on the alpha, too.
342: <li>ddb improvements for 64 bit machines.
343: <li>Fixes to fts(3).
344: <li>A few ypbind fixes.
345: <li>sysctl kern.osrevision gives OpenBSD date.
346: <li>gcc no longer defines -D__NetBSD__, only -D__OpenBSD__ now!
347: <li>Implement NOFILE_MAX--hard limit on max descriptors per proccess.
348: <li>Be more careful about modes of lost+found directories.
349: <li>New termcap and terminfo database files.
350: <li>Change mail.local -H behaviour slightly, and convince mail(1) to use it
351: for correct locking!
352: <li>64 bit clean in.rarpd.
353: <li>cvs 1.9.6
1.49 millert 354: <li>16 partition support for the alpha port.
1.50 deraadt 355: <li>Add ./.message support to ftpd
356: <li>Numerous more pax/tar fixes.
357: <li>Add md5 & blowfish passwd support to adduser(8).
358: <li>Add support for YP v1 to ypserv.
359: <li>Fixed some more mktemp races (sigh, will this ever end!)
360: <li>More buffer overflows, but none in sensitive programs.
361: <li>getnetent() and friends now work a lot more like gethostent().
362: <li>Use 10 X characters in many remaining mktemp() calls which are
363: hard to excise.
364: <li>Solve a few resolver problems after the recent 4.9.5-P1 integration,
365: not all our fault.
366: <li>Fix patch to honour Index lines better.
367: <li>A whole bunch of 64 bit fixes in the source tree (hint: alpha).
368: <li>Once again, really correct the various source routing pieces of the
369: userland source tree.
370: <li>Make real i386 cpu's work again. In case noone noticed, they didn't
371: work for about 5 months. The bug was very hard to find...
372: <li>For config(8), if any kernel options get added/deleted/changed since
373: the previous commit, warn that the compile tree needs 'make clean'.
374: <li>Use in_addr_t and in_port_t all over the place.
375: <li>Correct DEV_BSIZE and lp->d_secsize confusion throughout the source
376: tree. CD9660 is much happier now.
377: <li>Fix AFS string-to-key handling in kerberos.
1.51 kstailey 378: <li>NAT now gets started from /etc/netstart.
1.50 deraadt 379: <li>Various man page fixes.
380: <li>For the first time ever, an obj@ populated /usr/src tree compiles cleanly
381: when mounted read-only.
1.54 kstailey 382: <li>The df(1) utility now has a human-readable "-h" option.
1.53 deraadt 383: <li>Always skip the first 8KB of all swap partitions (hint: disklabels &
384: bootblocks)
385: <li>Repair some bugs in mail(1), especially regarding signal handling.
386: <li>Support .group entries in /etc/passwd.conf
387: <li>PCI aic7860 scsi support improved.
388: <li>Support /etc/rc.shutdown from halt(8).
389: <li>Support extended partitions in fdisk(8).
390: <li>Various fixes to the YP utilities.
391: <li>Signal handling fix to crontab(1).
392: <li>Unify naming of archictecture names between gcc & binutils.
393: <li>Some more userland 64 bit fixes.
394: <li>Support for PCI NE2000 clones.
395: <li>libpthread works on the m68k.
396: <li>Significantly improved the unpredictability of the DNS packet id's
397: in the resolver and named.
398: <li>newfs_msdos(8) can has enough brains to find the partition size itself.
399: <li>Split rc.local, creating rc.securelevel. (Securelevels look like a worse
400: and worse idea every month).
401: <li>A bit more man page cleanup starting to happen...
1.57 kstailey 402: <li>GNU Groff 1.10 with (improved) Makefile wrapper.
1.58 kstailey 403: <li>sleep(3) and usleep(3) now call nanosleep(2) for significantly less
404: overhead.
1.60 niklas 405: <li>The vnd(4) device has a new safer mode of operation called svnd
406: where you can trust a disk-image right after it's unmounted,
407: i.e. cache-coherency.
1.61 deraadt 408: <li>Repaired install stuff for most architectures significantly, improving
409: ftp/http installs, single bootable install floppies, and in some
410: cases CDROM booting. Most floppies contain vi, too.
411: <li>Support crunch on arc (for bootable installs).
412: <li>Added gzip and cdrom support to the sparc and alpha bootblocks.
413: <li>Fix keyboard and delay timing in i386 bootfloppy bootblocks. Whee!
414: </ul>
415: <p>
416: <h3>OpenBSD 2.1 released.</h3>
417: <p>
418: <ul>
419: <li>Few quirky changes to the way ISO9660 disklabel spoofing works in
420: some ports.
421: <li>Fix a few more libc functions to generate very large fd_set's properly
422: for select(2).
423: <li>Import newer version of vax port.
1.65 deraadt 424: <li>Newer version of ext2fs that is reliable for read/write operation. This
425: is essentially FULLY OPERATIONAL.
1.61 deraadt 426: <li>Make adduser understand /etc/passwd.conf
427: <li>Support SIGINFO in ping; also add more complete icmp reporting
428: capabilities.
429: <li>New named root.cache from Internic.
430: <li>Lots of man page fixes.
431: <li>Fix more overflows and other bugs in mail(1).
432: <li>tail(1) can now notice if the file been replaced or truncated.
433: <li>getpgid(2) from XPG3(?)
434: <li>In ar(1), truncate uid & gid if too large.
435: <li>Add some more malloc options to malloc(3)
436: <li>tcp wrappers 7.6
437: <li>Fix lots more NetBSD PR's.
1.62 deraadt 438: <li>Few more fixes to pax(1).
439: <li>kill process timers if execve'ing a setuid/setgid executable.
440: <li>fix sendsmg() credential passing on 64 bit machines.
441: <li>Kernel now generates random pid values in fork().
442: <li>A few netinet fixes.
1.63 deraadt 443: <li>Some more security and robustness changes to traceroute and ping.
444: <li>Add <strong>-P proto</strong> support to traceroute.
445: <li>fix SO_SNDTIMEO.
446: <li>add sysctl net.inet.tcp.{keepidle,keepintvl,slowhz}
447: <li>fix disklabel support in vnd/svnd.
448: <li>Ensure TCP RST is within window.
449: <li>Use /etc/namedb/tmp/ to avoid /var/tmp race conditions.
450: <li>Use dynamic fd_set allocation in more places, particularily setuid
451: programs.
1.65 deraadt 452: <li>tftpd -c flag.
453: <li>document the ddb hangman.
454: <li>Move named tmp files to /etc/named/tmp/ to avoid localhost race
455: attacks.
456: <li>Addition of readlink(1).
457: <li>Implement hex/octal offsets in cmp(1), as documented.
458: <li>Repair many cross-references and other documentation problems in
459: the section 2 and 3 man pages, and also fix a few minor
460: other bugs discovered by analysis of recent changes in
461: FreeBSD's and NetBSD's libc.
462: <li>Add tsearch(3) and friends to libc, as required by XPG3(?).
463: <li>Fixed a few netinet bugs as pointed out by TCP/IP Illustrated
464: Vol.2.
1.66 deraadt 465: <li>Improved performance in /dev/*random.
466: <li>Deal with atapi drives that cannot lock their doors.
467: <li>Fix /tmp races in make(1).
468: <li>Add tsearch(3) to libc.
469: <li>In newfs(8), fix -o and -m to work better.
470: <li>Correct -n behaviour in sort(1).
471: <li>Better support for unmounted filesystems in df(1).
472: <li>add per-interface bindings to inetd(8).
473: <li>Fix some more /tmp races in various programs.
474: <li>Support "-d dir" in rpc.yppasswdd(8).
475: <li>Make ifconfig(8) print full information about the full set of
476: interface aliases.
477: <li>add -insecure flag to ypbind(8) so that it can bind to very old ypserv's.
478: <li>More ipsec changes!
479: <li>Change mount(2) to return EFTYPE for invalid filesystem.
480: <li>Some NLS improvements, noteably some more language catalogs.
481: <li>Add ELOOP error handling to realpath(3).
1.68 deraadt 482: <li>More paranoia in procfs.
1.67 deraadt 483: <li>Slightly improve ftpd log file.
1.69 downsj 484: <li>Added automatic power down framework at halt(8) time, currently only
485: supported on sun4m machines with the <i>power</i> device.
1.70 kstailey 486: <li>IPF 3.1.11 + Darren's patches + 64-bit cleanup.
1.14 deraadt 487: </ul>
1.17 deraadt 488: <p>
489: <h3>Development is rapidly continuing...</h3>
490: <p>
1.14 deraadt 491:
492: This list only mentions platform-independent changes. For a list of changes
493: made in a particular platform, please check the page for that platform.<br><br>
494:
495: <hr>
496: <a href="index.html"><img src=back.gif border=0 alt=OpenBSD></a>
497: <a href=mailto:www@openbsd.org>www@openbsd.org</a>
1.71 ! denny 498: <br><small>$OpenBSD: plus.html,v 1.70 1997/06/23 20:20:05 kstailey Exp $</small>
1.14 deraadt 499:
500: </body>
501: </html>