Return to plus.html CVS log

Up to [local] / www

fixed/updaed plus.html... please check and give feedback, EVERYONE!

<!DOCTYPE HTML PUBLIC  "-//IETF//DTD HTML Strict//EN">
<html>
<head>
<title>OpenBSD changes</title>
<link rev=made href=mailto:www@openbsd.org>
<meta name="resource-type" content="document">
<meta name="description" content="the main OpenBSD page">
<meta name="keywords" content="openbsd,main">
<meta name="distribution" content="global">
<meta name="copyright" content="This document copyright 1996 by OpenBSD, Inc.">
</head>

<body>

<h1>OpenBSD</h1>
<hr>
<h3>Changes Relative to other *BSD's.</h3>

<p>
OpenBSD looks a lot like NetBSD (from which it is derived, following
the 4.4BSD roots), but is now being developed seperately.  Good changes
from other free operating systems will be merged in (of course, depending
on various factors like developer time for example.)  OpenBSD tracks
NetBSD changes very closely; say anywhere between 2 to 10 days
behind the state of NetBSD-current all the time.  Hence you can truly
say that OpenBSD is NetBSD <b>PLUS MORE STUFF</b>.

<p>
Compared to NetBSD, various additions have been made. This is a
partial list of the major machine independent changes (ie. these are the 
changes people ask about most often). Check the page of the specific port
you are interested in for further port-specific details. Note that many ports
have had architecture-specific enhancements.

<ul>
<li>Many many NetBSD PR's fixed (which NetBSD has not yet fixed)
<li>New curses library, including libform, libpanel and libmenu.
<li>a termlib library which understands termcap.db, needed for new curses. 
<li>The FreeBSD ports subsystem was integrated and is usable by you! 
<li>ipfilter for filtering dangerous packets
<li>better ELF support
<li>nlist() that understands ELF, ECOFF, and a.out, allowing non-a.out ports
        to use kvm utilies 
<li>Verbatim integration of the GNU tools (using a wrapper Makefile)
<li>All the pieces needed for cross compilation are in the source tree.
<li>Some LKM support in the tree.
<li>ATAPI support (should work on all ISA busses)
<li>new scsi, md5, pkg_* commands
<li>Numerous security related fixes
<li>Kerberos and other crypto in the source tree that is exportable
<li>Solid YP master, server, and client capabilities.
<li>/dev/*random -- a device driver providing some kinds of random data
<li>In-kernel update(8) with an adaptive algorithm
<li>Some ddb improvements and extensions
<li>Numerous scsi fixes
<li>ncheck utility for ffs
<li>/sbin/init now deals with non-existant ttys, no longer spins gettys madly.
<li>new system calls: rfork(), minherit(), poll().
<li>select() that can handle any amount of file descriptors.
<li>kernfs extensions
<li>ATM support (support for one company's sparc & i386 cards available)
<li>Boot kernels with "-c" to edit/enable/disable device configuration tables
<li>pax as tar, gnutar is toast
<li>using AT&T awk, gawk is toast
<li>Even more security fixes.
<li>Accepts FreeBSD MD5 passwords in password maps, soon will be able to
        generate them too
<li>Linux ext2fs and BSD4.4 LFS support being worked on.
<li>Working ATAPI audio support for multiple architectures.
<li>terminfo database support.
<li>Fortran in the tree.
<li>The most secure rdist support anywhere.
<li>randomized port allocation in bind(), bindresvport(), and rresvport() --
        security via unpredictability.
<li>Protection from the udp spamming and ftp bounce attacks.
<li>Significantly improved ftp daemon.
<li>Numerous more security policy and implimentation improvements (OpenBSD
        defaults to installing in a very secure mode)
<li>zlib (non-GPL'd gzip-compatible library)
<li>Newest version of pppd.
<li>_POSIX_SAVED_IDS behaviour with permitted BSD extensions.
<li>Fixed long-standing vm swap-leak.
<li>FreeBSD malloc() that uses mmap() and is able to free unused memory.
<li>Numerous FreeBSD userland fixes and improvements incorporated.
<li>new rdisc Router Discovery daemon
<li>generic protection against the bind() takeover problem.
<li>at -f security fix.
<li>20 or so more security fixes
<li>install now supports -C, -p, and -S flags.
<li>a real adduser program, which can even be used uninteractively.
<li>POSIX & C2 requirement; lose setuid/setgid bits if owner/group changed
        by chown(). This can be turned off with sysctl.
<li>partial protection against tcp SYN attacks.
<li>added /etc/fbtab support to login & init.
<li>RCS version 5.7
<li>much newer join command (4.4lite2 with other fixes)
<li>scsi subsystem security fix
<li>Kerberos is much more silent if not configured
<li>arc4-based random support in kernel
<li>ncr53cXXX scsi scripts assembler
<li>Numerous ftpd improvements and fixes, including multihomed and skey support.
<li>`lsof'-style features in fstat.
<li>rudimentary support for ISA Plug-and-Play cards
<li>Fixed timeout support in RPC library, and also fixed it to support more
        than FD_SETSIZE file descriptors.
<li>improved locate command
<li>a good start at NETIPX support
<li>vim version 4.5
<li>gcc 2.7.2.1 (to get closer to native alpha support ar gcc
        bugs).
<li>latest version of perl, and a lndir command.
<li>Even more security fixes.
<li>cdio command for using CD audio. 
<li>Kernel warns f /dev/ces not ebooting ated /de<li>libgis gone; our malloc() is better.
<li>FreeBSD pipe() system call; quite a bit faster.
<li>Some serial driver support for /dev/cuaXX devices to support transparent
      out+dial
<li>DDcess symrom LKM es
<li>Say goodbye to dump, restore, and mt security holes: They are no longer
        setuid.
<li>*Hobbit*'s netcat utility. The crackers use it, so should you.
<li>New routed from SGI.
<li>Complete in-tree development for MIPS/Alpha systems (ie. binutils).
<li>ftp command modified for easily scripted ftp & http downloads.
<li>And of course... more security related bugfixes... (ie. dump,
        restore, mt).
<li>vim is replacing nvi, since nvi does not have a pure BSD license, and vim
        also works better.
<li>16 partitions working on sparc and i386 (yipee!)
<li>Nice sample files in /etc
<li>sendmail gecos hole fixed (in a number of ways; other programs in the
	source tree were also vulnerable.)
<li>secure multicast tools against possible security problems.
<li>latest GNU groff, incorporated in a clean wrapperized form.
<li>mopd for networking booting Digital machines
<li>less version 2.90
<li>deal with the SYN bomb problem (denial of service attack) as well known.
<li>Sendmail 8.8.4 with smrsh
<li>Another kerberos security fix.
<li>Almost a hundred more security fixes, including /tmp races because of strncpy.
<li>Compile time option to compile the source tree almost completely dynamic.
<li>A 7% reduction in size of static binaries.
<li>FreeBSD's adduser(8) command. Also an rmuser(8) command.
<li>We have completed security reviews of almost all userland programs and
        libraries except for the gnu stuff (where, based on preliminary
        inspection there is poor handling of temp files).
<li>Working Linux ext2fs.
<li>Added sudo (which is maintained by one of our developers)
<li>CTM is now a supported way of obtaining OpenBSD source code.
<li>The NIST Posix test suite became free. As a result we have been correcting
	numerous problems in the source tree, and expect to be completely
	POSIX compliant very soon.
<li>upgrade to CVS version 1.9.
<li>Added -C option to pax/tar. Also made -z support compressed files too.
<li>Updated md4 and md5 headers to use bittypes so they work on 64-bit machines.
<li>Added secure hashing-- nearing RFC 1938 compliance.
<li>Fix for PCI etherlink3  packet-receive bug.
<li>sleep will "return time unslept" if interrupted.
<li>yp and bootparam warns about security problems. ypserv will not allow operations if not operating on reserved port.
<li>config now supports pmax
<li>pdksh version is now 5.2.11
<li>documentation added/updated for various architectures
<li>/dev/ttyv series is now useable
<li>Security fixes to sysctl, default to prevent users from using mount syscall
<li>Cleaned up Amiga's Makefile's and documentation
<li>Added more ATAPI CD-ROM sipport
<li>Multiple updates for legacy GNU software
<li>Many man pages cleaned up
<li>updates to installation floppy disks for many ports.
<li>fsck now checks for holes in directories.
<li>updated default console drivers on Mac 68k port. Dropping to system debugger from a serial console is now an option, not the default.
<li>ftpd security fix-- will not write passwords if core dumps. ALL suid/root process will dump to a mode 600 file
<li>Stack traceback support added to arc port.
<li>Fixed prevalent poor "C" syntax strcpy() strlen() in many sources
<li>cd fix so that `cp kernel /' works with all shells
<li>SCSI subsystem updates: updated scanner and unknown device routines
<li>lpr/lpd/lp fixes (security, POSIX/ANSI compliance)
<li>IDE Hard Disk driver fix reduces chance of NULL pointers
<li>binutils is now 961112 release from CYGNUS
<li>includes and system dependancies now work on explicit 16- and 32-bit quantities-- not the machine dependent "short" and "long" integer. 
<br><br>

This list only mentions platform-independent changes.  For a list of changes
made in a particular platform, please check the page for that platform.<br><br>

<hr>
<a href="index.html"><img src=back.gif border=0 alt=OpenBSD></a> 
<a href=mailto:www@openbsd.org>www@openbsd.org</a>
<br><small>$OpenBSD: plus.html,v 1.13 1996/12/24 03:04:44 jkatz Exp $</small>

</body>
</html>