Annotation of www/plus.html, Revision 1.728
1.14 deraadt 1: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML Strict//EN">
2: <html>
3: <head>
1.424 deraadt 4: <title>OpenBSD-current changes</title>
1.728 ! horacio 5: <link rev="made" href="mailto:www@openbsd.org">
1.14 deraadt 6: <meta name="resource-type" content="document">
1.716 deraadt 7: <meta name="description" content="OpenBSD-current changes">
8: <meta name="keywords" content="openbsd,current,changes">
1.14 deraadt 9: <meta name="distribution" content="global">
1.716 deraadt 10: <meta name="copyright" content="This document copyright 1996-2001 by OpenBSD.">
1.14 deraadt 11: </head>
12:
1.728 ! horacio 13: <body bgcolor="#ffffff" text="#000000" link="#23238e">
1.14 deraadt 14:
1.728 ! horacio 15: <img alt="[OpenBSD]" height=30 width=141 src="images/smalltitle.gif">
1.64 downsj 16: <p>
1.682 krw 17: <h2><font color=#e00000>Changes made between OpenBSD 2.8 and OpenBSD-current</font><hr></h2>
1.14 deraadt 18:
19: <p>
1.29 deraadt 20: This is a partial list of the major machine independent changes
1.602 aaron 21: (i.e., these are the changes people ask about most often). Port
1.29 deraadt 22: specific changes have also been made, and are sometimes mentioned
1.728 ! horacio 23: in the pages for the specific <a href="plat.html">platforms</a>.
1.14 deraadt 24:
1.17 deraadt 25: <p>
1.725 naddy 26: Changes to the <a href="ports.html">ports</a> collection are documented
27: <a href="portsplus.html">here</a>.
28:
29: <p>
1.185 deraadt 30: Note: <font color=#e00000>Problems for which patches exist are marked in red</font>.
31:
32: <p>
1.186 deraadt 33: <h3>
1.684 deraadt 34: <a href="plus20.html">For changes leading up to OpenBSD 2.0, click here</a>.<br>
35: <a href="plus21.html">For changes leading up to OpenBSD 2.1, click here</a>.<br>
36: <a href="plus22.html">For changes leading up to OpenBSD 2.2, click here</a>.<br>
37: <a href="plus23.html">For changes leading up to OpenBSD 2.3, click here</a>.<br>
38: <a href="plus24.html">For changes leading up to OpenBSD 2.4, click here</a>.<br>
39: <a href="plus25.html">For changes leading up to OpenBSD 2.5, click here</a>.<br>
40: <a href="plus26.html">For changes leading up to OpenBSD 2.6, click here</a>.<br>
41: <a href="plus27.html">For changes leading up to OpenBSD 2.7, click here</a>.<br>
42: <a href="plus28.html">For changes leading up to OpenBSD 2.8, click here</a>.<br>
1.422 deraadt 43: <br>
1.186 deraadt 44: </h3>
45:
46: <hr>
1.280 deraadt 47:
1.186 deraadt 48: <p>
1.674 deraadt 49: <h3><font color=#0000e0>We are working on OpenBSD-current.</font></h3><p>
1.422 deraadt 50: <ul>
1.728 ! horacio 51: <li><font color=#e00000><strong>SECURITY FIX: for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a>, handle AH packets with IP options more strictly.</strong></font><br>
1.727 jason 52: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
53: <li><font color=#e00000><strong>SECURITY FIX: on i386, check arguments to USER_LDT (not enabled by default) mappings.</strong></font><br>
54: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
55: <li><font color=#e00000><strong>SECURITY FIX: update to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sudo&sektion=8">sudo</a>-1.6.3p6 which fixes a buffer overflow on very long argv components.</strong></font><br>
56: <a href="errata.html#sudo">A patch is available</a></strong></font>.<br>
57: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
1.726 jason 58: <li><a href="http://www.openssh.com/">OpenSSH</a> 2.5.1 released.<br>
59: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
1.724 jason 60: <li><a href="http://www.openssh.com/">OpenSSH</a> 2.5.0 released.<br>
61: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
1.723 jason 62: <li><font color=#e00000><strong>IMPLEMENTATION FIX: fix port number computation in libwrap client side ident implementation.</strong></font><br>
63: <a href="errata.html#libwrap">A patch is available</a></strong></font>.<br>
64: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
1.728 ! horacio 65: <li>disable bogus file check in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1">cvs(1)</a>.<br>
1.723 jason 66: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
1.728 ! horacio 67: <li><font color=#e00000><strong>IMPLEMENTATION FIX: fix memory allocation in the PCI LANCE ethernet driver, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=le&sektion=4&arch=i386">le(4)</a>.</strong></font><br>
1.720 jason 68: <a href="errata.html#lepci">A patch is available</a></strong></font>.<br>
69: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
1.728 ! horacio 70: <li>Fix some incorrect return values for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mmap&sektion=2">mmap(2)</a> functions.<br>
1.720 jason 71: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
1.728 ! horacio 72: <li><font color=#e00000><strong>SECURITY FIX: fix some buffer overflows in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=named&sektion=8">named(8)</a>.</strong></font><br>
1.719 jason 73: <a href="errata.html#named">A patch is available</a></strong></font>.<br>
74: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
1.721 aaron 75: <li><font color=#e00000><strong>SECURITY FIX: The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=random&sektion=4">rnd(4)</a> device does not use all of its input when data is written to it.</strong></font><br>
1.715 jason 76: <a href="errata.html#rnd">A patch is available</a></strong></font>.<br>
77: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
1.721 aaron 78: <li><font color=#e00000><strong>IMPLEMENTATION FIX: Compute <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypto&sektion=9">crypto(9)</a> session IDs correctly for kernel.</strong></font><br>
79: <a href="errata.html#hwcrypto">A patch is available</a></strong></font>.<br>
80: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
1.722 aaron 81: <li>Permit stripped VAX kernels to load despite unexpected values from libsa.
1.728 ! horacio 82: <li>Simplify locking and a few more fixes to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=twe&sektion=4">twe(4)</a>.
1.722 aaron 83: <li>Plug some memory leaks in OpenSSH.
1.728 ! horacio 84: <li>Fix <b>-P</b> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftpd&sektion8">ftpd(8)</a>.
1.722 aaron 85: <li>Emulation fixes to the VAX code.
1.728 ! horacio 86: <li>Protect bits of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient&sektion=8">dhclient(8)</a> with a locking mechanism to prevent multiple instances from using the leases file simultaneously.
! 87: <li>Fix 3 cases in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mv&sektion=1">mv(1)</a> relating to the moving of symlinks across filesystems.
! 88: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftpd&sektion=8">ftpd(8)</a>, expand the tilde character in ftp-dir <b>login.conf</b> variable.
! 89: <li>Prohibit binding to an anycast, notready, or detached <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ip6&sektion=4">IPv6</a> address.
! 90: <li>Rename <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fsinfo&sektion=8">fsinfo(8)</a> to xfsinfo in X11 to avoid naming conflict.
! 91: <li>Set the correct pfkeyv2 direction for KAME SPD entries in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>.
! 92: <li>Save and restore errno properly in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=flex&sektion=1">flex(1)</a> since it may be whacked by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isatty&sektion=3">isatty(3)</a>.
! 93: <li>Fix sending/receiving passwords in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=routed&sektion=8">routed(8)</a>.
! 94: <li>Add an i386-specific <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> that modifies <b>halt -p</b> processing in APM to deal with some quirky machines.
1.722 aaron 95: <li>More sun3 fixes, mostly to conform better to other m68k architecture code.
1.728 ! horacio 96: <li>Handle login banners better in SSH2 instances of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>.
1.722 aaron 97: <li>Various spelling and grammar fixes across the tree.
1.728 ! horacio 98: <li>Use new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> interface for kernel memory bucket statistics and clock information.
! 99: <li>Correctly check for empty <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mailq&sektion=1">mailq(1)</a> in <b>/etc/daily</b>.
1.722 aaron 100: <li>Y2K fix in the mvme68k NVRAM code.
1.728 ! horacio 101: <li>Extend <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> to support quad values.
! 102: <li>Improve SMB packet printing in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a>.
1.722 aaron 103: <li>Add common pidfile-writing code to DHCP so each program doesn't need to roll its own.
1.728 ! horacio 104: <li>To please <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cap_mkdb&sektion=1">cap_mkdb(1)</a>, make it an error to open a zero-length file for read-only access in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hash&sektion=3">hash(3)</a>.
1.722 aaron 105: <li>Some sun3 architecture fixes.
1.728 ! horacio 106: <li>Ignore environment variables in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=8">libssl</a> if we're running <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=issetugid&sektion=2">setugid</a>.
! 107: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>, log the remote IP address on disconnect.
! 108: <li>Check for memory allocation failure in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vmstat&sektion=8">vmstat(8)</a>.
! 109: <li>Fix a buffer overflow in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fsinfo&sektion=8">fsinfo(8)</a>.
! 110: <li>Handle another special case in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=apm&sektion=4&arch=i386">apm(4)</a>.
! 111: <li>Fix a panic in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=raid&sektion=4">RAIDframe</a> locking management code.
! 112: <li>Add <b>setpid</b> command to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fdisk&sektion=8&arch=i386">fdisk(8)</a> for setting the partition ID.
! 113: <li>Change <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a> to use gif* instead of enc*.
! 114: <li>Set SO_REUSEPORT socket option in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcp&sektion=8">DHCP</a> code, so multiple dhclients work.
! 115: <li>Allow printing of 8-bit ASCII characters in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=talk&sektion=1">talk(1)</a> through an option.
! 116: <li>Do not perform getnetbyname() in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mountd&sektion=8">mountd(8)</a> if the address is already in dot-notation.
! 117: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftpd&sektion=8">ftpd(8)</a>, log the actual number of bytes transferred instead of the original file size.
1.721 aaron 118: <li>Fix ^C in termtype prompt.
1.728 ! horacio 119: <li>Prevent <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fsck_ffs&sektion=8">fsck_ffs(8)</a> from marking a filesystem clean if <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fsck&sektion=8">fsck(8)</a> needs to be rerun.
! 120: <li>Resolve scheduling conflict in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=newsyslog&sektion=8">newsyslog(8)</a>.
! 121: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient&sektion=8">dhclient(8)</a>, set a reasonable default lease time if the server does not provide one.
! 122: <li>Suppress uninteresting PCI bus error messages in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ahc&sektion=4">ahc(4)</a>.
! 123: <li>Add m88k support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gprof&sektion=1">gprof(1)</a>.
! 124: <li>Add HostKeyAlias option to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>.
! 125: <li>Behave nicely with fixed-rate codecs in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=auvia&sektion=4">auvia(4)</a>.
! 126: <li>Fix a minor off-by-one error in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gprof&sektion=1">gprof(1)</a>.
1.721 aaron 127: <li>In the ports infrastructure, take the old non-fake code out-of-line.
1.728 ! horacio 128: <li>Repair a disgusting <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rwhod&sektion=8">rwhod(8)</a> crash.
! 129: <li>Fix buffer overflow in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=csh&sektion=1">csh(1)</a> builtin <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=printf&sektion=1">printf(1)</a> implementation.
! 130: <li>Convert <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atoi&sektion=3">atoi(3)</a> to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strtoul&sektion=3">strtoul(3)</a> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=top&sektion=1">top(1)</a>.
1.721 aaron 131: <li>Emulate Linux truncate64, stat64, lstat64, and fstat64 syscalls.
1.728 ! horacio 132: <li>Revoke root privileges earlier in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ping6&sektion=8">ping6(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=traceroute6&sektion=8">traceroute6(8)</a>.
1.721 aaron 133: <li>Many man page fixes.
1.728 ! horacio 134: <li>Use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=arc4random&sektion=3">arc4random(3)</a> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=jot&sektion=1">jot(1)</a>.
! 135: <li>Handle quotas over 4GB in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=edquota&sektion=8">edquota(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=repquota&sektion=8">repquota(8)</a>.
1.721 aaron 136: <li>Fix IPv6 Path MTU Discovery.
1.728 ! horacio 137: <li>Give up euid more carefully in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mrinfo&sektion=8">mrinfo(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mtrace&sektion=8">mtrace(8)</a>.
1.721 aaron 138: <li>Various OpenSSH fixes.
139: <li>Add support for ActivCard, CRYPTOCard, and SNK-004 authentication for the BSD authentication framework.
1.728 ! horacio 140: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ksh&sektion=1">ksh(1)</a>, remain in non-blocking mode if the shell is not interactive.
! 141: <li><font color=#e00000><strong>SECURITY FIX: xlock now authenticates via a pipe.</strong></font><br>
1.716 deraadt 142: <a href="errata.html#xlock">A patch is available</a></strong></font>.<br>
143: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
1.712 jason 144: <li><font color=#e00000><strong>IMPLEMENTATION FIX: PS/2 mouse driver, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pms&sektion=4&arch=i386">pms</a>, lockup fix.</strong></font><br>
1.711 jason 145: <a href="errata.html#pms">A patch is available</a></strong></font>.<br>
146: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
1.728 ! horacio 147: <li>Implement a workaround in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=atapiscsi&sektion=4">atapiscsi(4)</a> for buggy Toshiba drivers.
1.710 jason 148: <li><font color=#e00000><strong>SECURITY FIX: Fix holes in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mount_procfs&sektion=8">procfs</a>.</strong></font><br>
1.708 jason 149: <a href="errata.html#procfs">A patch is available</a></strong></font>.<br>
150: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
1.728 ! horacio 151: <li>Put <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strlcat&sektion=3">strlcat(3)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strlcpy&sektion=3">strlcpy(3)</a> into libkern for kernel use.
1.716 deraadt 152: <li>Fix setting of nwid for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4">wi(4)</a>.<br>
153: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
1.721 aaron 154: <li>Change <b>/etc/security</b> to spit out unified diffs.
155: <li>Add driver for Compaq SMART Array RAID controllers, cac(4).
156: <li>Extend the i386 allowaperature sysctl to allow access to the whole 1st MB of memory.
157: <li>Add some more sanity checking to the PCMCIA code to fix some obscure panics.
158: <li>Import Apache 1.3.14 + mod_ssl 2.7.1.
159: <li>Support multiple pfkeyv2 keying daemons.
160: <li>Compute diffie-hellman in parallel between server and client in OpenSSH.
161: <li>Support Amigas with more than 64MB of RAM.
162: <li>Ensure <b>/etc/sudoers</b> is created with a proper secure mode.
163: <li>Import OpenSSL 0.9.6.
164: <li>More photurisd(8) improvements.
165: <li>Update kernel pfkeyv2 code for better conformance to the RFC.
166: <li>Enable loading of ELF kernels for alpha.
167: <li>Add extraction support for shell archives to the bsd.port.mk infrastructure.
1.705 jason 168: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(9)</a>, look for TDB if gateway is unspecified.<br>
169: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
1.721 aaron 170: <li>Fixes to patch(1) <b>-f</b> and <b>-b</b>.
171: <li>Convert some more drivers to the new timeout(9) interface.
172: <li>Add bytecounter statistics reporting to netstat(8).
173: <li>Instrument more random TCP sequence numbers.
174: <li>In sshd(8), permit logins with read-only root filesystems if the tty already has sane modes set.
175: <li>Source port < 1024 is no longer required for rhosts-rsa in sshd(8).
176: <li>Remove dead code in hifn(4) driver.
177: <li>Proper getopt(3) usage in compress(1).
178: <li>Fix a time specification in last(1).
179: <li>Do not disable PMTU for established TCP connections unless there is data to send.
180: <li>Add support for the 802.1D spanning tree protocol to bridge(4).
181: <li>New BSD authentication login scripts.
182: <li>Listen to pfkeyv2 acquire messages in photurisd(8), and setup SAs accordingly.
183: <li>isakmpd(8) update.
184: <li>APM bug fix that helps a few laptops.
185: <li>Remove unnecessary code from photurisd(8) in preparation of new SPD framework.
186: <li>Repair a memory leak in ICMPv6 code.
187: <li>Turn off PMTU when ICMP needfrag messages get blocked.
188: <li>Finnish updates for <b>inter.phone</b>.
189: <li>Display number of successful IPv6 PMTU changes in netstat(8) <b>-s</b> output.
190: <li>Do not re-print ETA on completion in scp(1) when copying 0-sized files.
191: <li>Validate ICMPv6 "too big" messages based on PCB.
192: <li>Do not use already-freed memory in route(8).
193: <li>Avoid repeated <b>host controller halted</b> messages in uhci(4).
194: <li>Remove unused libgmp.
195: <li>Import KerberosIV v1.0.4.
196: <li>Always request a new challenge for skey/tis-auth in ssh(1).
197: <li>Support newer cy(4) communication cards.
198: <li>Provide new international keymaps for pcvt(4).
199: <li>Ignore filesystems marked "xx" in the install scripts.
200: <li>Document that pipe(2) is bidirectional, although this behavior is unportable.
201: <li>Move the default cvs(1) connection protocol from rsh(1) to ssh(1).
202: <li>Remove a bogus memory free in getnetgrent(3).
203: <li>Fix a buffer overflow in bad144(8).
204: <li>Revert back to the old rijndael implementation and solve byte ordering bugs there instead.
205: <li>Drop unneeded support for RTF_TUNNEL in route(8).
206: <li>Maintain count of routing table timer entries in route(8).
207: <li>In makewhatis(8), strip weird characters first, then sequences of spaces.
208: <li>Big improvements to adw(4).
209: <li>Teach tcpdump(8) about VRRP, SMB, and timed.
210: <li>Force calendar(1) to only accept real calendar files as input.
211: <li>Fix various perror() overflows in pcvt(4).
212: <li>Repair a tftp(1) argv parsing overflow.
213: <li>Conditionalize some BPF code in wx(4).
214: <li>Finally remove remaining references to extra RSA libs, since the patent has expired.
215: <li>New rijndael implementation which solves endian issues.
216: <li>Support Intel 82801BA pciide(4) controllers.
217: <li>Exercise more paranoia with passed KRB environment settings in telnetd(8).
218: <li>Convert some more drivers to the new timeout(9) interface.
219: <li>Many improvements and modernizations to isp(4).
220: <li>Update wx(4) with LIVENGOOD support.
221: <li>Recognize and support the IODATA USB-ET/T Ethernet adapter in kue(4).
222: <li>Implement asynchronous connections for ssh(1) <b>-R</b> and <b>-L</b>.
223: <li>Simplify atrun(8) tasks by using asprintf(3).
224: <li>Kill unused libtermlib.
225: <li>Import new pool(9) code.
226: <li>Fix RIPv0 packet printing and NFS port number parsing in tcpdump(8).
227: <li>Make pcap-generated BPF filters work on the tun(4) interface.
228: <li>Import David Maziere's ssh-keyscan(1).
1.712 jason 229: <li><font color=#e00000><strong>SECURITY FIX: Fix buffer overflow in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftpd&sektion=8">ftpd</a>.</strong></font><br>
1.700 jason 230: <a href="errata.html#ftpd">A patch is available</a></strong></font>.<br>
231: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
1.707 jason 232: <li><font color=#e00000><strong>IMPLEMENTATION FIX: Fix fastroute related panic.</strong></font><br>
1.706 jason 233: <a href="errata.html#fastroute">A patch is available</a></strong></font>.<br>
1.703 jason 234: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
1.721 aaron 235: <li>Teach OpenSSH about more version strings to improve interoperability.
236: <li><font color=#e00000><strong>SECURITY FIX: Fix another security problem in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kerberos&sektion=1">KerberosIV</a> code.</strong></font><br>
237: <a href="errata.html#kerberos2">A patch is available</a></strong></font>.<br>
238: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
1.716 deraadt 239: <li><font color=#e00000><strong>SECURITY FIX: Fix two security problems in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kerberos&sektion=1">KerberosIV</a> code.</strong></font><br>
240: <a href="errata.html#kerberos">A patch is available</a></strong></font>.<br>
241: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
1.721 aaron 242: <li>Permit ftpd(8) umask setting via both the command line and through a login class in login.conf(5).
243: <li>Prevent VLAN devices from emitting packets if the parent interface is not up and running.
244: <li>Better error checking in ping6(8).
245: <li>Some stability fixes to isakmpd(8).
246: <li>In ssh(1), disable agent/X11 port forwarding if the hostkey has changed.
247: <li>Fix a coredump in ssh-agent(1).
248: <li>Reset 16-bit PCMCIA during chip initialization in pccbb(4).
249: <li>Correct PCI interrupt setup for TI PCI113X CardBus bridges.
250: <li>Properly powerdown PC cards in pccbb(4) at shutdown time.
251: <li>Add <b>-D</b> option to sshd(8) to cause startup without a daemon.
252: <li>Show both the IP address and hostname when a new key is encountered in ssh(1).
253: <li>Fix a bug in MSChapv2 challenge hashing in ppp(8).
254: <li>More make(1) tweaks.
255: <li>Use <b>-n</b> to test for non-zero variables in <b>/etc/netstart</b>.
256: <li>Be more careful with ARP packets.
1.699 jason 257: <li>Fix deletion of flows in pf_key_v2 handling of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a><br>
258: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
1.721 aaron 259: <li>Prevent setusercontext(3) in ftpd(8) from setting the umask as this conflicts with any command-line umask specification.
260: <li>Clock fixes for the alpha architecture.
261: <li>Print select collisions in vmstat(8) <b>-s</b> output.
262: <li>Implement login_check_expire(3) for libutil.
263: <li>Add <b>-u username</b> support to pwd_mkdb(8).
264: <li>Properly implement errno handling for the threaded libc (libc_r) on powerpc.
265: <li>In adduser(8), get rid of a race condition and use <b>/etc/ptmp</b> as a lock file.
266: <li>Set reasonable defaults for RSA1, RSA, and DSA keys in ssh-keygen(1).
267: <li>Reorder check for illegal ciphers in ssh(1) protocol 1 connection code.
268: <li>Fix pciide(4) support on Alpha 164SX models.
269: <li>Support 16 slices per device on VAX machines.
270: <li>Considerable cleanups to make(1).
271: <li>Improve key repeat logic in wskbd(4).
272: <li>Changes from KAME to make ifm_data available in getifaddrs(3).
273: <li>Fix absolute path handling in crunchgen(1).
274: <li>Shorten <b>/dev/ttyC*</b> device names.
275: <li>Complain about invalid ciphers in ssh(1), falling back to reasonable defaults when necessary.
276: <li>Avoid tty races in wsdisplay(4) when switching virtual terminals.
277: <li>Update isakmpd(8).
278: <li>Repair lun support in umass(4).
279: <li>Zero pw_passwd before freeing its memory in the libc BSD authentication routines.
280: <li>Train makewhatis(8) to handle more special cases.
281: <li>Avoid double fclose(3) in getcap(3).
282: <li>Increase delay in RAM probe for hifn(4).
283: <li>Suffix list fix in make(1).
284: <li>Various bug fixes in ksh(1).
285: <li>When using the tail(1) <b>-f</b> flag on stdin, don't reopen a local file named stdin.
286: <li>Extend kqueue(2) to support kernel events on vnodes.
287: <li>Bring in BSD authentication support for sudo(8).
288: <li>Zap MULOG in inetd(8) to improve code readability.
289: <li>Avoid whacking errno in top(1) signal handlers.
290: <li>Do not include MFS partitions in quot(8) statistics output.
291: <li>Add support for the Acenic Copper and Netgear GA620T Gigabit Ethernet cards.
292: <li>Prevent a type overflow in recno(3).
1.712 jason 293: <li><font color=#e00000><strong>IMPLEMENTATION FIX: Imac DV reports the VGA device improperly.</strong></font><br>
1.707 jason 294: <a href="errata.html#imacdv">A patch is available</a></strong></font>.<br>
295: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
1.721 aaron 296: <li>Import BSD authentication mechanisms from BSDI BSD/OS.
297: <li>Implement pw_dup(3), a function which copies <b>struct passwd</b>.
298: <li>Replace getpass(3) with a more flexible readpassphrase(3) interface.
299: <li>Add strnvis(3), a length-bounded version of the strvis(3) libc function.
300: <li>Better prompting logic in libskey.
301: <li>Resurrect binutils on alpha.
302: <li>Recognize newer Intel audio devices in auich(4).
303: <li>Stop amphy(4) from attaching to network devices it doesn't belong to.
304: <li>Enable support for pciide(4) found in newer Intel chipsets.
305: <li>Correct URL handling in the install scripts.
306: <li>Limit the number of SCSI luns in umass(4).
307: <li>Page size fixes to the alpha port.
308: <li>Import ssh-ask-pass support for X11.
309: <li>Fix a signal race in ypserv(8) SIGHUP handling.
310: <li>Enable uaudio(4) by default in GENERIC/i386.
311: <li>Reserve all-1s addresses in the IPSec code for future policy discovery features.
312: <li>Resolve HMAC nomenclautre issues.
313: <li>Be sure to clear passwords out of memory after use in ppp(8).
314: <li>Support kernel event queues.
315: <li>Add support for USB scanners through the uscanner(4) driver.
316: <li>More fixes to qec(4).
317: <li>Recognize newer AMD CPUs.
318: <li>Repair incorrect buffer size logic in telnetd(8).
319: <li>Add a slew of devices to usbdevs.
320: <li>Do not use perror(3) in sshd(8) after forking a child.
1.698 jason 321: <li><font color=#e00000><strong>RELIABILITY FIX: The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=qec&sektion=4&arch=sparc">qec</a>+<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=qe&sektion=4&arch=sparc">qe</a> ethernet cards should not generate NMIs.</strong></font><br>
1.692 jason 322: <a href="errata.html#qe">A patch is available</a></strong></font>.<br>
323: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
1.721 aaron 324: <li>Add ifmedia(4) support to qec(4), among other improvements.
325: <li>Extra sanity checking in skeyinit(1).
326: <li>Repair timeout computations in atapiscsi(4).
327: <li>Add initial support for DEC Alpha 21264 systems.
328: <li>Bring the alpha port a bit closer to a fully operational console.
329: <li>Support Accton EN2242 MiniPCI Ethernet adapters.
330: <li>Permit O_RDWR on FIFOs to handle legacy applications that depend on it.
331: <li>Add scrollback support to wscons(4) through the vga(4) driver.
332: <li>Color change in wscons(4) vt100 emulation to more closely imitate PCVT.
1.695 jason 333: <li>Repair overriding of pseudo devices in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=config&sektion=8">config(8)</a><br>
334: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
1.721 aaron 335: <li>Accept <b>-inet</b> and <b>-inet6</b> as options for the <b>show</b> command in route(8).
336: <li>Don't reorder keys in ssh-agent(1) upon key removal.
337: <li>Avoid parsing options in ssh(1) if there is an RSA key mismatch.
338: <li>Various cleanups to ftpd(8).
339: <li>In many programs, sync usage() output with their respective man page SYNOPSIS.
340: <li><font color=#e00000><strong>RELIABILITY FIX: The ThunderLAN driver, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tl&sektion=4">tl(4)</a>, should not claim all interrupts.</font><br>
341: <a href="errata.html#tl">A patch is available</a></strong></font>.<br>
342: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
343: <li>In pciide(4), do not map unsafe registers from controllers that require 16-bit I/O space.
344: <li>Import new pckbc(4), pckbd(4), vga(4), pcdisplay(4), and ega(4) drivers for wscons(4).
345: <li>In ftpd(8), assert check_login upon receipt of EPSV/LPSV.
346: <li>Make the aha(4) driver compile without UVM.
347: <li>Enforce non-cacheable device space on real 80386 machines.
348: <li>Add RSA authentication support for SSH2 to OpenSSH.
349: <li>Allow serial mice to work with moused(8) and XFree86 simultaneously.
350: <li>Repair an off-by-one error in ssh-agent(1).
351: <li>Convert some old drivers to the new timeout(9) interface.
1.692 jason 352: <li><font color=#e00000><strong>RELIABILITY FIX: repair AES (rijndael)
1.712 jason 353: kernel support.</strong></font><br>
1.692 jason 354: <a href="errata.html#rijndael">A patch is available</a></strong></font>.<br>
355: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
1.721 aaron 356: <li>Import PCI support for Alpha EB164 machines.
357: <li>Add bus_space_barrier macros for the powerpc.
358: <li>Endian fixes to the USB code.
359: <li>Better command line parsing in encrypt(1).
360: <li>Numbering fixups in pfkeyv2 to match IANA assignments.
361: <li>Crank maximum mbuf size in ppp(8) in order to handle full-sized HDLC frames.
362: <li>Improve handling of IPv6 Node Information Query packets for better specification conformance.
363: <li>Fix a panic induced by assigning <b>lo0</b> an IPv6 alias.
1.684 deraadt 364: <li><font color=#e00000><strong>IMPLEMENTATION FIX: In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>, fix skey support in SSH1 protocol.<br>
365: <a href="errata.html#sshskey">A patch is available</a></strong></font>.<br>
366: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
1.721 aaron 367: <li>Deprecate <b>pltime=0</b> in ifconfig(8).
368: <li>Modifications to the ktrace(2) interface to reduce redundancy.
369: <li>Do not advertise dynamic/cloned routes in route6d(8).
370: <li>Allow ping6(8) to send ICMP6 packets smaller than 8 bytes.
371:
1.684 deraadt 372: <li>Correct free-before-reference bugs in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rshd&sektion=8">rshd(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rlogind&sektion=8">rlogind(8)</a>.
373: <li>Improve queue handling in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gdt&sektion=4">gdt(4)</a>.
374: <li>New Adaptec FSA RAID driver called <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=aac&sektion=4">aac(4)</a>.
1.689 jason 375: <li>Fix DMA error problems in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=adw&sektion=4">adw(4)</a>.<br>
376: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
1.684 deraadt 377: <li>If <b>MANPS</b> environment variable is set, the system will also build and install postscript manual pages into /usr/share/man/ps[1-9]/.
378: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=date&sektion=1">date(1)</a>, fix an off-by-one error which would happen when changing time over DST.
379: <li>Permit <b>-Tps</b> in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nroff&sektion=1">nroff(1)</a>.
1.690 jason 380: <li>Make some pfkeyv2 interfaces conform to RFC 2367 numbering.
1.681 deraadt 381: <li>New timeouts in a couple of network drivers.
382: <li>Prevent <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=nfsd&sektion=8">nfsd(8)</a> from swapping out.
383: <li>Use PHOLD/PRELE in various kernel components.
384: <li>Buffer overflow fix to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=telnet&sektion=1">telnet(1)</a>.
385: <li>Many man page improvements.
386: <li>Permit handling more than 6 arguments in a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hostname.if&sektion=5">hostname.if(5)</a> file.
387: <li>kcore handling in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kvm&sektion=3">kvm(3)</a> for alpha.
388: <li>Update usb code.
389: <li>Update alpha architecture support. A snapshot will come out soon.
390: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pchb&sektion=4">pchb(4)</a>, for Intel random devices, do not busy wait for data.
391: <li>Switch amiga to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uvm&sektion=9">uvm(9)</a>.
392: <li>Fix amiga pmap module submap allocations.
393: <li>Centralized netisr dispatching.
394: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ppp&sektion=8">ppp(8)</a> updated.
395: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=aue&sektion=4">aue(4)</a>, fix multicast filter programming.
1.690 jason 396: <li>Repair an uninitialized variable bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> output.<br>
397: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
1.681 deraadt 398: <li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pcibios&sektion=4">pcibios(4)</a> interrupt setup support for AMD750 chipset.
1.712 jason 399: <li><font color=#e00000><strong>RELIABILITY FIX: In sparc <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=zs&sektion=4">zs(4)</a>, when using serial console, the interrupt routine was unable to distinguish it's own interrupts.</strong></font><br>
400: <a href="errata.html#zsconsole">A patch is available</a></strong></font>.<br>
401: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
1.681 deraadt 402: <li>Generate new hashkey every time a <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a> is brought up.
403: <li>Change <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a> code to use lower spl.
404: <li>Passive FTP support in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lynx&sektion=1">lynx(1)</a>.
405: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>, downgrade to SSH1.3 if server is SSH1.4.
1.683 jufi 406: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>, do not disable rhosts(rsa) if server port greater 1024.
1.681 deraadt 407: <li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> Agent forwarding and <b>-R</b> support for SSH2 protocol.
1.687 jason 408: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsecadm&sektion=8">ipsecadm(8)</a> man page repairs.<br>
409: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
1.686 jason 410: <li>In pfkeyv2, send the message to registered promiscuous listeners.<br>
411: <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
1.681 deraadt 412: <li>Some minor <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4">bridge(4)</a> fixes.
413: <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&sektion=1">ld.so(1)</a> support for the pmax.
414: <li>On powerpc, print out the size of the L2 cache size on G3 and G4 machines.
1.680 deraadt 415: <li>2.8 release builds are running, but some of us are already working on post-release hacking.
1.422 deraadt 416: </ul>
417: <p>
1.203 deraadt 418:
1.95 deraadt 419: This list mentions mostly platform-independent changes. For a list of changes
420: made in a particular platform, please check the page for that platform. If you
421: find them not listed there, the changes are either (1) not being documented or
422: (2) are documented here.<br><br>
1.14 deraadt 423:
424: <hr>
1.424 deraadt 425: <p>
426: <h3>
1.691 jufi 427: <a href="plus20.html">For changes leading up to OpenBSD 2.0, click here</a>.<br>
428: <a href="plus21.html">For changes leading up to OpenBSD 2.1, click here</a>.<br>
429: <a href="plus22.html">For changes leading up to OpenBSD 2.2, click here</a>.<br>
430: <a href="plus23.html">For changes leading up to OpenBSD 2.3, click here</a>.<br>
431: <a href="plus24.html">For changes leading up to OpenBSD 2.4, click here</a>.<br>
432: <a href="plus25.html">For changes leading up to OpenBSD 2.5, click here</a>.<br>
433: <a href="plus26.html">For changes leading up to OpenBSD 2.6, click here</a>.<br>
434: <a href="plus27.html">For changes leading up to OpenBSD 2.7, click here</a>.<br>
435: <a href="plus28.html">For changes leading up to OpenBSD 2.8, click here</a>.<br>
1.424 deraadt 436: <br>
437: </h3>
438:
439: <hr>
1.292 pauls 440: <a href="index.html"><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a>
1.14 deraadt 441: <a href=mailto:www@openbsd.org>www@openbsd.org</a>
1.728 ! horacio 442: <br><small>$OpenBSD: plus.html,v 1.727 2001/02/23 17:33:02 jason Exp $</small>
1.14 deraadt 443:
444: </body>
445: </html>