File: [local] / www / plus.html (download) (as text)
Revision 1.218, Tue Mar 17 06:28:20 1998 UTC (26 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.217: +3 -1 lines
new
|
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML Strict//EN">
<html>
<head>
<title>OpenBSD changes</title>
<link rev=made href=mailto:www@openbsd.org>
<meta name="resource-type" content="document">
<meta name="description" content="the main OpenBSD page">
<meta name="keywords" content="openbsd,main">
<meta name="distribution" content="global">
<meta name="copyright" content="This document copyright 1996 by OpenBSD.">
</head>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E">
<img alt="[OpenBSD]" SRC="images/smalltitle.gif">
<p>
<h2>Changes made between OpenBSD versions.</h2>
<p>
The OpenBSD project was spawned from NetBSD (a member of the 4.4BSD
family) in the summer of 1996 and is now developed completely
separately. As well as developments by our development group, good
changes from the other free operating systems are evaluated and merged
into OpenBSD. We track bug reports and source tree changes from the
NetBSD and FreeBSD projects fairly closely. Even pieces of code from
the Linux projects have been used.
<p>
In the early days of OpenBSD, it was possible to be able to say
"OpenBSD is NetBSD PLUS MORE STUFF". Now, after the substantial work
the group members have done, OpenBSD is very much is it's own thing.
Too much stuff has been added and fixed to easily compare it to
something else. OpenBSD is OpenBSD.
<p>
This is a partial list of the major machine independent changes
(ie. these are the changes people ask about most often). Port
specific changes have also been made, and are sometimes mentioned
in the pages for the specific <a href=plat.html>ports</a> if you
are interested in for further port-specific details. Many ports
have had architecture-specific enhancements relative to NetBSD,
but when they do not they certainly have plenty of platform-independent
changes, starting with those listed below..
<p>
Note: <font color=#e00000>Problems for which patches exist are marked in red</font>.
<p>
<h3>
<a href=#22>To go straight to the changes since OpenBSD 2.2, click here</a>.
<br>
<a href=#end>To go straight to the end of the list, click here</a>.
</h3>
<hr>
<p>
<h3><font color=#0000e0>Life for the OpenBSD project begins...</font></h3>
<p>
<ul>
<li>Many many NetBSD PR's fixed (which NetBSD has not yet fixed)
<li>New curses library, including libform, libpanel and libmenu.
<li>a termlib library which understands termcap.db, needed for new curses.
<li>The FreeBSD ports subsystem was integrated and is usable by you!
<li>ipfilter for filtering dangerous packets and Network Address Translation
for IP masquerading.
<li>better ELF support
<li>nlist() that understands ELF, ECOFF, and a.out, allowing non-a.out ports
to use kvm utilies
<li>Verbatim integration of the GNU tools (using a wrapper Makefile)
<li>All the pieces needed for cross compilation are in the source tree.
<li>Some LKM support in the tree.
<li>ATAPI support (should work on all ISA busses)
<li>new scsi, md5, pkg_* commands
<li>Numerous security related fixes
<li>Kerberos and other crypto in the source tree that is exportable
<li>Solid YP master, server, and client capabilities.
<li>/dev/*random -- a device driver providing some kinds of random data
<li>In-kernel update(8) with an adaptive algorithm
<li>Some ddb improvements and extensions
<li>Numerous scsi fixes
<li>ncheck utility for ffs
<li>/sbin/init now deals with non-existant ttys, no longer spins gettys madly.
<li>new system calls: rfork(), minherit(), poll().
<li>select() that can handle any amount of file descriptors.
<li>kernfs extensions
<li>ATM support (support for one company's sparc & i386 cards available)
<li>Boot kernels with "-c" to edit/enable/disable device configuration tables
<li>pax as tar, gnutar is toast
<li>using AT&T awk, gawk is toast
<li>Even more security fixes.
<li>Accepts FreeBSD MD5 passwords in password maps, soon will be able to
generate them too
<li>Linux ext2fs and BSD4.4 LFS support being worked on.
<li>Working ATAPI audio support for multiple architectures.
<li>terminfo database support.
<li>Fortran in the tree.
<li>The most secure rdist support anywhere.
<li>randomized port allocation in bind(), bindresvport(), and rresvport() --
security via unpredictability.
<li>Protection from the udp spamming and ftp bounce attacks.
<li>Significantly improved ftp daemon.
<li>Numerous more security policy and implementation improvements (OpenBSD
defaults to installing in a very secure mode)
<li>zlib (non-GPL'd gzip-compatible library)
<li>Newest version of pppd.
<li>_POSIX_SAVED_IDS behaviour with permitted BSD extensions.
<li>Fixed long-standing vm swap-leak.
<li>FreeBSD malloc() that uses mmap() and is able to free unused memory.
<li>Numerous FreeBSD userland fixes and improvements incorporated.
<li>new rdisc Router Discovery daemon
<li>generic protection against the bind() takeover problem.
<li>at -f security fix.
<li>20 or so more security fixes
<li>install now supports -C, -p, and -S flags.
<li>a real adduser program, which can even be used uninteractively.
<li>POSIX & C2 requirement; lose setuid/setgid bits if owner/group changed
by chown(). This can be turned off with sysctl.
<li>partial protection against tcp SYN attacks.
<li>added /etc/fbtab support to login & init.
<li>RCS version 5.7
<li>much newer join command (4.4lite2 with other fixes)
<li>scsi subsystem security fix
<li>Kerberos is much more silent if not configured
<li>arc4-based random support in kernel
<li>ncr53cXXX scsi scripts assembler
<li>Numerous ftpd improvements and fixes, including multihomed and skey support.
<li>`lsof'-style features in fstat.
<li>rudimentary support for ISA Plug-and-Play cards
<li>Fixed timeout support in RPC library, and also fixed it to support more
than FD_SETSIZE file descriptors.
<li>improved locate command
<li>a good start at NETIPX support
<li>vim version 4.5
<li>gcc 2.7.2.1 (to get closer to native alpha support ar gcc
bugs).
<li>latest version of perl, and a lndir command.
<li>Even more security fixes.
<li>cdio command for using CD audio.
<li>Kernel warns if /dev/console does not exist; nice warning for booting with
an unpopulated /dev directory.
<li>libgnumalloc is gone; our malloc() is better.
<li>FreeBSD pipe() system call; quite a bit faster.
<li>Some serial driver support for /dev/cuaXX devices to support transparent
out+dial
<li>DDB can now access symbol tables from LKM modules
<li>Say goodbye to dump, restore, and mt security holes: They are no longer
setuid.
<li>*Hobbit*'s netcat utility. The crackers use it, so should you.
<li>New routed from SGI.
<li>Complete in-tree development for MIPS/Alpha systems (ie. binutils).
<li>ftp command modified for easily scripted ftp & http downloads.
<li>And of course... more security related bugfixes... (ie. dump,
restore, mt).
<li>vim is replacing nvi, since nvi does not have a pure BSD license, and vim
also works better.
<li>16 partitions working on sparc and i386 (yipee!)
<li>Nice sample files in /etc
<li>sendmail gecos hole fixed (in a number of ways; other programs in the
source tree were also vulnerable.)
<li>secure multicast tools against possible security problems.
<li>latest GNU groff, incorporated in a clean wrapperized form.
<li>mopd for networking booting Digital machines
<li>less version 2.90
<li>deal with the SYN bomb problem (denial of service attack) as well known.
<li>Another kerberos security fix.
<li>Almost a hundred more security fixes, including /tmp races because of strncpy.
<li>Compile time option to compile the source tree almost completely dynamic.
<li>A 7% reduction in size of static binaries.
<li>FreeBSD's adduser(8) command. Also an rmuser(8) command.
<li>We have completed security reviews of almost all userland programs and
libraries except for the gnu stuff (where, based on preliminary
inspection there is poor handling of temp files).
<li>Working Linux ext2fs.
<li>Added sudo (which is maintained by one of our developers)
<li>CTM is now a supported way of obtaining OpenBSD source code.
</ul>
<p>
<h3><font color=#0000e0>OpenBSD 2.0 released.</font></h3>
<p>
<ul>
<li>The NIST Posix test suite became free. As a result we have been correcting
numerous problems in the source tree, and expect to be completely
POSIX compliant very soon.
<li>upgrade to CVS version 1.9.
<li>A number of security fixes to the way coredumping works.
<li>The /dev/*random devices are now default on all architectures.
<li>Add stack tracebacks to Arc port's kernel debugger.
<li>Skey revamped into full OTP (RFC1938) support, including sha1 and
md5 support.
<li>GPL i387 emulator added.
<li>Crank kvm space on the i386 port, also limit buffer cache useage
so that 512MB machines may work (untested :-)
<li>Numerous fixes to the lpr suite, including security.
<li>More ftpd raging paranoia security fixes.
<li>The NIST suite showed numerous errors in libraries and the kernel.
Only a few small errors remain now, mostly regarding serial
ports.
<li>In numerous utilities: prefer $LOGNAME, but also accept $USER.
<li>OLF binary type added. This is like ELF, but includes an OS-dependent
tag. elf2olf(1) converts an elf binary to a tagged OLF binary which
the kernel can recognize correctly.
<li>Beware $HOME overflows throughout the source tree.
<li>Integration of the pmax port.
<li>Import of ctm.
<li>Various repairs to the scsi scanner support.
<li>Numerous more difficult-to-exploit-but-possible-if-someone-really-wanted-to
buffer overflows found in system utilities..
<li>Memory leak paranoia in cron.
<li>Make login get more consistantly upset about failed logins, and tell user
about these failures at the next successful login.
<li>pdksh version is now 5.2.11
<li>New bsd.*.mk feature: DEBUG=-g. Try it, you'll like it.
<li>The Arc port family has a new member: The rPC44 works!
<li>lpt driver is now bus-independent.
<li>com driver is now bus-independent.
<li>Numerous small security fixes again...
<li>Use pdksh as our /bin/sh. This provides excellent POSIX compliance.
<li>Prevent generic users from mounting filesystems by default.
<li>Added -C option to pax/tar. Also made -z support compressed files too.
<li>Increased compatibility in the pccons driver with BSDi features.
<li>Imported FreeBSD's calendar.
<li>GNU gdb works on the mips-based platforms.
<li>Add FreeBSD md5 diffs to mtree(8). This can be used to implement a
tripwire-like system.
<li>Some YP and bootparamd security changes.
<li>Hundreds of little fixes all over the place.
<li>Multiple updates for GNU software
<li>Add disklabels to the floppy device drivers.
<li>At boottime, have (*mountroot)() look at the root device's disklabel
to determine which filesystem type is to be mounted.
<li>If disklabel reading code discovers an ISOFS filesystem underlying,
spoof a nice disklabel (enough to fool mountroot).
<li>tcpdump 3.3
<li>Fix information gathering attack in ping(8).
<li>Add NetBSD's "route show" implementation, and at the same time fix
the new buffer overflows that this provided.
<li>Fix a few setgroups() related security holes.
<li>sendmail 8.8.4
<li>texinfo 3.9
<li>f77 0.5.19
<li>Repair some more KerberosIV buffer overflows. Hard to believe this is
supposed to be security software.
<li>Add XCASE/IUCLC/OLCUC/OCRNL/ONOCR/ONLRET tty subsystem flags for
backwards compatibility.
<li>Permit NFS attribute cache to be configured on a per-mount basis.
<li>Properly split fsck, mount, and newfs into multiple pieces. Use
disklabel information if it is available.
<li>Add disklabels to the vnd device driver.
<li>Change the games to be run setgid games, not setuid games. This closes
a whole slew of fascinating security holes.
<li>Import of the powerpc port.
<li>Properly use _POSIX_SAVED_IDS throughout the source tree.
<li>Permit building of kernels without a.out support.
<li>ppp 2.3b3
<li>libcrypt goes away. We do not need this stub library anymore. Do not link
against it on OpenBSD, all the pieces you need are in libc.
<li>new aucat command.
<li>Fix a fairly nasty security hole in all of the games.
<li>Support for the <a href="hp300.html">hp300</a> added.
<li>Upgrade of awk(1), integration of BSD tsort(1), getopt fixes.
<li>Sendmail upgraded to version 8.8.5.
<li>Added lchown(2) for compatibility with SVR4 implementations.
<li>New gnu cpio 2.4.2
<li>Support lchown(2) in dump(8), cp(1), pax(1), cpio(1), chown(8), and
restore(8).
<li>No buffer lengths in fmt(1).
<li>various adjtime() corrections inside the kernel.
<li>Prevent stat() from disclosing inode generation numbers to non-root userland.
<li>pax in tar mode will understand multiple -v options to generate ls-like output.
<li>Repair many uses of the SIOCGIFCONF code for machines with an outrageous
number of network interfaces.
<li>More kerberosIV security patches.
<li>A working fsirand.
<li>Completely in-tree <a href="powerpc.html">PowerPC</a> port for non-Apple
hardware. This port requires nothing outside the in-tree development
environment to build (except mkisofs for building distributions).
<li>Some ypbind(8) tightening up, includes a method to specify a list of
valid servers
<li>Bug fixed that prevented bufpages/nbuf > 1 setups. This allows large
buffer caches even when available kvm space is low, like for i386
& sparc.
<li>Changed netinet IP_HDRINCL option to require ip_len and ip_off in network
byte order. This is a compatibility/portability fix and we expect
other BSD systems to eventually follow suit.
<li>amd (the automounter) is now 64-bit and working on the alpha.
<li>The <a href="alpha.html">Alpha</a> port and all it's utilities now compiles
using in-tree versions of all tools. Yipee!
<li>A SA_SIGINFO implementation for sigaction() and signal handlers. This is a
small part of POSIX 1003.1b and permits the signal handler to figure
out the exact cause of a signal; such as fault address information
for SIGSEGV or more detailed information for SIGFPE.
<li>config.old(8) has been removed from the tree, as the <a href="hp300.html">
hp300</a> port switches to config(8).
<li>/sbin/dump -a saves you from needing to deal with finicky tape length
options (from FreeBSD)
<li>Added RFC-1812 ICMP unreachable codes to ip_icmp.h, traceroute, and ping.
<li>Be more careful if some fool decides to enable source routing ;-)
<li>Support for gzip'd kernels in some bootblocks.
<li>New wgrisc port for Willowglen embedded r3081-based machine with ISA slots.
<li>Add cdev and partition support to the ramdisk driver.
<li>Merge new ftp(1) changes from NetBSD.
<li>Change mktemp(3) and family to generate more random filenames, yet still
as collision free as possible.
<li>Have libc/rpc save you from yourself if you do enable source routing.
<li>The <a href="hp300.html">hp300</a> joins many other ports in supporting
16 disk partitions.
<li>IPF 3.1.7 which includes fully working NAT support (ie. IP masquerading).
<li>Use lots more XXXX characters in calls to the few remaining mktemp() calls
in the source tree. This cuts out a whole class of races.
<li>Improved NFS filehandle creation.
<li>Make dd(1) work fine with our 64-bit off_t types, now you can copy very
large disks using it.
<li>add RPC service name generation to netstat -a
<li>Fix pax & tar to be POSIX compliant.
<li>Fix a few netinet kernel crash problems.
<li>Fix so that stack limits which are not a multiple of the pagesize work.
<li>fix some more memory and file descriptor leaks in libc/rpc
<li>New scalable BLOWFISH-based crypt algorithm for passwd file entries. It
uses a very large strong-random `salt' and the number of rotor
runs is configurable. Hence if you have faster machines you can
slow the crypt routine down and make harder keys.
<li>Add support for /etc/passwd.conf which controls the format and strength
of passwd entries for the next time a user changes their password.
These options can be set per-user.
<li>Working kadmind for kerberosIV.
<li>IPSEC package from John Ioannidis and Angelos D. Keromytis.
<li>cvs 1.9.2
<li>Fix weak symbol support in ld.
<li>libg++ pulls in libcurses automatically.
<li>Replace which(1) with a C program.
<li>newfs(8) now has an inline fsirand(8) with no noticable speed decrease.
<li>settimeofday(2) won't roll back the date if securelevel > 0 (from lite2).
<li>deroff(1) 1.0 from Debian (a Linux).
<li>BIND 4.9.5-P1.
<li>Add support for FreeBSD md5 to /etc/passwd.conf.
<li>Import of the mvme88k kernel port.
<li>Import of libwrap and tcpd (tcp wrappers).
<li>Numerous improvements to pax, including full support for cpio and
a lot of fixes to tar mode.
<li>Let fsck and fsirand automatically work on very large filesystems.
<li>Various fixes to the fsck tools.
<li>ipsecadm as an initial cut at controlling IPSEC sessions.
<li>Fix pcmcia on the i386.
<li>Merged changes from at 2.9 into our own at.
<li>pccon(1) to control the pccons driver.
<li>Bye bye tahoe bits.
<li>noaccesstime option for filesystems (saves batteries on laptops)
<li>Substantial changes and fixes to the scsi scanner support.
<li>Support for "secure" YP password maps.
<li>Various atm fixes.
<li>The NE2000 if_ed driver now works on the alpha, too.
<li>ddb improvements for 64 bit machines.
<li>Fixes to fts(3).
<li>A few ypbind fixes.
<li>sysctl kern.osrevision gives OpenBSD date.
<li>gcc no longer defines -D__NetBSD__, only -D__OpenBSD__ now!
<li>Implement NOFILE_MAX--hard limit on max descriptors per process.
<li>Be more careful about modes of lost+found directories.
<li>New termcap and terminfo database files.
<li>Change mail.local -H behaviour slightly, and convince mail(1) to use it
for correct locking!
<li>64 bit clean in.rarpd.
<li>cvs 1.9.6
<li>16 partition support for the alpha port.
<li>Add ./.message support to ftpd
<li>Numerous more pax/tar fixes.
<li>Add md5 & blowfish passwd support to adduser(8).
<li>Add support for YP v1 to ypserv.
<li>Fixed some more mktemp races (sigh, will this ever end!)
<li>More buffer overflows, but none in sensitive programs.
<li>getnetent() and friends now work a lot more like gethostent().
<li>Use 10 X characters in many remaining mktemp() calls which are
hard to excise.
<li>Solve a few resolver problems after the recent 4.9.5-P1 integration,
not all our fault.
<li>Fix patch to honour Index lines better.
<li>A whole bunch of 64 bit fixes in the source tree (hint: alpha).
<li>Once again, really correct the various source routing pieces of the
userland source tree.
<li>Make real i386 cpu's work again. In case noone noticed, they didn't
work for about 5 months. The bug was very hard to find...
<li>For config(8), if any kernel options get added/deleted/changed since
the previous commit, warn that the compile tree needs 'make clean'.
<li>Use in_addr_t and in_port_t all over the place.
<li>Correct DEV_BSIZE and lp->d_secsize confusion throughout the source
tree. CD9660 is much happier now.
<li>Fix AFS string-to-key handling in kerberos.
<li>NAT now gets started from /etc/netstart.
<li>Various man page fixes.
<li>For the first time ever, an obj@ populated /usr/src tree compiles cleanly
when mounted read-only.
<li>The df(1) utility now has a human-readable "-h" option.
<li>Always skip the first 8KB of all swap partitions (hint: disklabels &
bootblocks)
<li>Repair some bugs in mail(1), especially regarding signal handling.
<li>Support .group entries in /etc/passwd.conf
<li>PCI aic7860 scsi support improved.
<li>Support /etc/rc.shutdown from halt(8).
<li>Support extended partitions in fdisk(8).
<li>Various fixes to the YP utilities.
<li>Signal handling fix to crontab(1).
<li>Unify naming of architecture names between gcc & binutils.
<li>Some more userland 64 bit fixes.
<li>Support for PCI NE2000 clones.
<li>libpthread works on the m68k.
<li>Significantly improved the unpredictability of the DNS packet id's
in the resolver and named.
<li>newfs_msdos(8) can has enough brains to find the partition size itself.
<li>Split rc.local, creating rc.securelevel. (Securelevels look like a worse
and worse idea every month).
<li>A bit more man page cleanup starting to happen...
<li>GNU Groff 1.10 with (improved) Makefile wrapper.
<li>sleep(3) and usleep(3) now call nanosleep(2) for significantly less
overhead.
<li>The vnd(4) device has a new safer mode of operation called svnd
where you can trust a disk-image right after it's unmounted,
i.e. cache-coherency.
<li>Repaired install stuff for most architectures significantly, improving
ftp/http installs, single bootable install floppies, and in some
cases CDROM booting. Most floppies contain vi, too.
<li>Support crunch on arc (for bootable installs).
<li>Added gzip and cdrom support to the sparc and alpha bootblocks.
<li>Fix keyboard and delay timing in i386 bootfloppy bootblocks. Whee!
</ul>
<p>
<a name=2.1release>
<h3><font color=#0000e0>OpenBSD 2.1 released (July 2, 1997).</font></h3>
<p>
<ul>
<li>Few quirky changes to the way ISO9660 disklabel spoofing works in
some ports.
<li>Fix a few more libc functions to generate very large fd_set's properly
for select(2).
<li>Import newer version of vax port.
<li>Newer version of ext2fs that is reliable for read/write operation. This
is essentially FULLY OPERATIONAL.
<li>Make adduser understand /etc/passwd.conf
<li>Support SIGINFO in ping; also add more complete icmp reporting
capabilities.
<li>New named root.cache from Internic.
<li>Lots of man page fixes.
<li>Fix more overflows and other bugs in mail(1).
<li>tail(1) can now notice if the file been replaced or truncated.
<li>getpgid(2) from XPG3(?)
<li>In ar(1), truncate uid & gid if too large.
<li>Add some more malloc options to malloc(3)
<li>tcp wrappers 7.6
<li>Fix lots more NetBSD PR's.
<li>Few more fixes to pax(1).
<li>kill process timers if execve'ing a setuid/setgid executable.
<li>fix sendsmg() credential passing on 64 bit machines.
<li>Kernel now generates random pid values in fork().
<li>A few netinet fixes.
<li>Some more security and robustness changes to traceroute and ping.
<li>Add <strong>-P proto</strong> support to traceroute.
<li>fix SO_SNDTIMEO.
<li>add sysctl net.inet.tcp.{keepidle,keepintvl,slowhz}
<li>fix disklabel support in vnd/svnd.
<li>Ensure TCP RST is within window.
<li>Use /etc/namedb/tmp/ to avoid /var/tmp race conditions.
<li>Use dynamic fd_set allocation in more places, particularly setuid
programs.
<li>tftpd -c flag.
<li>document the ddb hangman.
<li>Move named tmp files to /etc/named/tmp/ to avoid localhost race
attacks.
<li>Addition of readlink(1).
<li>Implement hex/octal offsets in cmp(1), as documented.
<li>Repair many cross-references and other documentation problems in
the section 2 and 3 man pages, and also fix a few minor
other bugs discovered by analysis of recent changes in
FreeBSD's and NetBSD's libc.
<li>Add tsearch(3) and friends to libc, as required by XPG3(?).
<li>Fixed a few netinet bugs as pointed out by TCP/IP Illustrated
Vol.2.
<li>Improved performance in /dev/*random.
<li>Deal with atapi drives that cannot lock their doors.
<li>Fix /tmp races in make(1).
<li>Add tsearch(3) to libc.
<li>In newfs(8), fix -o and -m to work better.
<li>Correct -n behaviour in sort(1).
<li>Better support for unmounted filesystems in df(1).
<li>add per-interface bindings to inetd(8).
<li>Fix some more /tmp races in various programs.
<li>Support "-d dir" in rpc.yppasswdd(8).
<li>Make ifconfig(8) print full information about the full set of
interface aliases.
<li>add -insecure flag to ypbind(8) so that it can bind to very old ypserv's.
<li>More ipsec changes!
<li>Change mount(2) to return EFTYPE for invalid filesystem.
<li>Some NLS improvements, notably some more language catalogs.
<li>Add ELOOP error handling to realpath(3).
<li>More paranoia in procfs.
<li>Slightly improve ftpd log file.
<li>Added automatic power down framework at halt(8) time, currently only
supported on sun4m machines with the <i>power</i> device.
<li>IPF 3.1.11 + Darren's patches + 64-bit cleanup.
<li>Fix a minor problem in popen().
<li>Use O_EXLOCK for passwd locking to avoid a class of localhost denial of
service attacks.
<li>Clip setsockopt SO_SND*/SO_RCV parameters.
<li>Repaired hundreds of long != int problems (in a bunch of programs) that
affect the alpha.
<li>Y2K enhancement to date(1).
<li>Race fix to amd(8).
<li>Support IP option handling in IPSEC packets.
<li>Import of the gnu multi-precision math library, libgmp. This will be
used by an IPSEC key daemon soon.
<li>Modify inetd to accept a "hostname,[hostname,...]:" token to added to the
front of any line in /etc/inetd.conf. This permits services to be
supplied only on certain interfaces.
<li>A few more minor netinet problems fixed.
<li>Import of cvs-1.9.10.
<li>Fix readlink(1).
<li>Permit tftpd to provide files over 32K blocks in size.
<li>New kprop/kpropd man pages.
<li>Make sleep(1) handle fractions of seconds. This is a nice extension.
<li>Move libdes out of the kerberos tree so that it can be used by other
parts of the system too.
<li>Many more 64 bit fixes for the alpha, in about 20 more programs.
<li>libedit update with lots of fixes.
<li>Fixed all(?) Makefile wrappers for GNU software to not build and install
manpages when NOMAN is set.
<li>Fixed highscore handling in battlestar(6).
<li>Repaired nfs handling in tcpdump.
<li>split ifconfig -a into -a/-A: -A prints ifaliases, -a does not.
<li>Fix a number of rtld dynamic loading problems.
<li>More IPSEC changes. IPSEC is almost fully useable now.
<li>Intel EtherExpress Pro/100B PCI driver.
<li>ATAPI devices may now reside in a kernel without wd (disk) devices.
<li>Amended issetugid(2) man page to be quite a bit more clear.
<li>Fix ruptime output for machines up > 99 days.
<li>Maintain process size stats in forkstat struct for "vmstat -f".
<li>make compress(1) do gzip support too.
<li>Make ed(1) work properly on a non-tty.
<li>Fix passive buffer overflow in rusers.
<li>Replace libc sha1 code with another version that is better in some respects.
<li>Repair symbolic link handling during coredumps (correctly, this time).
<li>Lots more IPSEC improvements.
<li>Add sha1 support to md5(1).
<li>Add sha1 digest support to mtree(8).
<li>More mail(1) fixes, particularly regarding long lines.
<li>cua devices, new <strong>MAKEDEV</strong> script in the hp300 port.
<li>Updated <a href="http://www.sendmail.org/">Sendmail</a> to 8.8.6.
<li>man page cleanups.
<li>lpd security fixes.
<li>Add rmd160 hash support throughout the source tree.
<li>Import of the IPSEC photuris daemon.
<li>Add <strong>-d date</strong> support to last(1).
<li>make ctags operate a bit better in the presence of extra spacing.
<li>IPSEC Photuris daemon is integrated into the source tree.
<li>mail(1) behaves correctly when interrupted while getting headers from the user.
<li>mail(1) supports "inc" command.
<li>S/Key keyfile is now readable only by root. skeyinfo(1) and skeyaudit(1)
have been enhanced and rewritten as C programs.
<li>Appletalk networking support.
<li>permit ftp(1) to download http pages without Content-Length.
<li>Some cribbage(6) fixes.
<li>All Makefile.bsd-wrapper files can now strip GNU binaries during install (pr 188.)
<li>Do not use tempnam(3) in mail(1).
<li>make amd(8) use /tmp_mnt by default.
<li>Implement IFF_NOARP handling in netinet.
<li>Fix pax to not need getcwd(3).
<li>Add -T support to last(1).
<li>-d flag for shutdown(8).
<li>Support lpc(8) "all" keyword option.
<li>Support YP map mail.aliases set of maps.
<li>Hardcode a list of reserved ports that random port allocation should not
reuse.
<li>Use sendmail -t instead of other invocation forms inside lots of
programs in the source tree.
<li>mremap(2) support for Linux emulation.
<li>Switch back to nvi; vim has copyright licensing issues.
<li>stime(2) support for SunOS emulation.
<li>More mail(1) fixes.... It's amazing Todd hasn't broken it.
<li>Support -H flag in who(1).
<li>Allocate reserved ports for NFS inside the kernel randomly.
<li>Man page improvements in many areas.
<li>Fix systat manpage.
<li>An ugly identd race fixed.
<li>More buffer overflow fixes in mail(1).
<li>Various fixes and improvements to the 3cXXX ethernet drivers.
<li>routed(8) is now disabled by default.
<li>Support fpx cards with i82555 PHY.
<li>Todd Miller is on a rampage, and making every single buffer inside mail(1)
dynamically allocated...
<li>Radius support in tcpdump.
<li>More fixes to the alpha vga driver. Curses-based programs now work on it.
<li>FSF GNU texinfo 3.11.
<li>Attempt to cleanup identd. A long road left.
<li>Deal nicer with rfork/execve interactions.
<li>Make if_tun to prefix address family as a host byte order u_int32_t instead
of a u_char, so that bpf can deal with the interface.
<li>Fix a kernel bug regarding double m_freem()..
<li>Sendmail 8.8.7.
<li>Fixed getnetbyaddr() 'always tried DNS' resolution problem from 2.1.
<li>Cyclades driver fixed. Works on alpha, too.
<li>More mdoc pages.
<li>save errno in most of the tree's SIGCHLD handlers, just in case.
<li>Make 127.0.0.1 assumed OK if /var/yp/securenet is in use.
<li>Fix pdksh bugs: closed too many fd's on exec, fix handling of (( )) to be
compatible with POSIX sh spec without breaking $((, and explain how
IFS works when splitting text after a substitution.
<li>Fix another race condition in identd.
<li>Work has started to fix the remainder of the signal handlers in the
source tree with respect to errno clobbering.
<li>Seriously rework the identd daemon even further, to avoid even more
input parsing problems and race conditions.
<li>Fix a memory leak in grep(1).
<li>Fix vacation(1) properly.
<li>Make bsd.doc.mk use DOCDIR.
<li>Support -n better in pstat(8).
<li>Change the bounds_check_with_label() API to handle a cpu_disklabel too.
<li>Optional TCP syn cookie support enabled via TCPCOOKIE kernel option.
<li>Import ypserv performance.
<li>Make bad random allocation ports settable via sysctl(8).
<li>Make gzexe(1) use mktemp to avoid races.
<li>Fix pcap_inject(3) in libpcap.
<li>In mountd(8), handle ext2fs specially, like most exported filesystems.
<li>Be even more paranoid (if it can be believed) in mail.local(8).
<li>Add top(1) to the source tree. Fix some problems.
<li>Fix another procfs security hole.
<li>ATAPI quirk for MATSHITA CR-574.
<li>Attempt to deal with archive timestamp and filemode problems in texinfo...
<li>Put hostname in root crontab mailout subjects.
<li>We are starting to pay attention to good things found in the XPG4
standard. We hope to never be compliant, because XPG4 goes way
too far.
<li>More 1003.2 conformance: cal, cksum, sleep, compress, expr, etc.
<li>Support simple add/delete operations on ports in the baddynamic masks
via sysctl(8)
<li>Be more careful about YP groups in getgrouplist().
<li>New PCMCIA Wavelan driver.
<li>More user-friendly error messages from mount_* when the filesystem
is not in the kernel.
<li>Changed realloc(foo,0) semantics to be like malloc(0), not free(foo).
<li>Fixed a bug in cp(1) when the -r option is used and the source dir
ends in a '/'.
<li>Verbose SCSI warnings are now available and on by default.
<li>Added basename(3) and dirname(3) for XPG4. dirname(1) is now trivial.
<li>XPG4 compatibility for ps(1) format options.
<li>Buffer overflow fixes in tip(1).
<li>Fixed err(3)/warn(3) argument usage in the tree.
<li>shutdown(8) now gets its own session as it deserves.
<li>Fixed a bug where the kernel could lie about how many file descriptors
are available and cause a panic.
<li>ash is gone gone gone.
<li>The group vector could end up with duplicates esp. with YP. Now it won't.
<li>Document a64l(3) and l64a(3).
<li>basename(1) and dirname(1) no longer give an error for paths starting
with '-'.
<li>Don't print duplicate fields in ps(1) when called with silly arguments.
<li>Few more 64 bit fixes in userland, in some rarely used system tools.
<li>Various fixes to battlestar(6).
<li>A few fixes to tip(1).
<li>In join(1), require compat options start with '-'.
<li>In dump(8), do not consider tape changing time in the timing estimates.
<li>Correct 'sync' option to dd(1).
<li>Lucent Technologies (formerly AT&T) awk version 970821.
<li>Handle setgid lossage in tip(1).
<li>Fix a crash in systat(8).
<li>Further IPSEC enhancement (but still no man pages for it though).
<li>In calendar(1), support "-t date" to let you see the calendar for other days.
<li>More SysVR4 emulation: sockets, NTP, POSIX time functions, pread(2)/pwrite(2).
<li>Kill "union wait" in a few more places.
<li>Handle SIGCHLD better in rlogin.
<li>Correct some remaining small inetd bugs.
<li>Do permission checking at delivery time for pgid's derived from TIOCSPGRP,
F_SETOWN, or FIOSETOWN.
<li>Some FreeBSD m4(1) fixes.
<li>Fix first directory handling in "find -execdir"
<li>make glob(3) XPG4.2 compliant, which means use GLOB_ABORT.
<li>ppp 2.3.1...
<li>Another tip(1) overflow fix.
<li>New COMPAT_BSDOS binary compatibility subsystem.
<li>Print system call emulation in ps(1) output. Try "ps -axO emul".
<li>Update ftp(1) to new NetBSD changes.
<li>make mail(1) be permissive about <CR><LF> pairs in mailbox files.
<li>Cleaned up verbose scsi error reporting.
<li>make bpfread() return ENXIO for uninitialized descriptors.
<li>Extend buffer lengths in patch(1).
<li>Fix a coredumping problem in tip(1).
<li>Preliminary manual pages for the IPSEC utils.
<li>Fix a long-standing and minor problem with ld.so on m68k.
<li>Ignore trailing spaces on priority in /etc/syslogd.conf.
<li>Make ddb not think 'h' means hangman.
<li>Some setlogin() and getlogin() fixes in the tree.
<li>Fixed small pathname buffer in man(1).
<li>Made indent(1) handle unlimited number of -T options.
<li>Some fsck_msdos(8) fixes.
<li>Make popen(3) safe if vfork(2) does real parent address space borrowing.
<li>Always set the SCSI-1 LUN field correctly in all transfers.
<li>Added ex (EtherExpress Pro/10) driver ported from FreeBSD
<li>Fix a ksh(1) bug.
<li>Permit a longer path buffer in tgetent(3).
<li>Some syslogd fixes.
<li>Fix SA_* sigaction(2) fields in the OS compat code.
<li>Don't error out of MDTM fails.
<li>Add sigaction(2) SA_NOCLDWAIT support.
<li>Add mkisofs(8).
<li>Run calendar -a in the background. (Points to whoever figures out why).
<li>Another important disk-full check in pwd_mkdb(8).
<li>Fix ftime(3).
<li>Fixed various MAKEDEV bugs on lots of architectures.
<li>Deal with some possible buffer overflows in sup.
<li>Make top(1) work better on very small screens.
<li>Fix tar to deal better with one more kind of strange tar file.
<li>Shrink most of the install floppies ;-)
<li>Fix a few small problems in rarpd(8).
<li>Make ls -d sort directories with files.
<li>Do not init pgid in /dev/log's logopen().
<li>Fixed a pstat -s related bug in pcvt.
<li>Ignore SIGPIPE in inetd(8).
<li>In struct sigaction, split sa_handler and the new sa_sigaction function
pointers as is being done on newer POSIX systems. This permits proper
prototyping of signal handlers.
<li>Fix an ifconfig bug related to interfaces that do not exist.
<li>Make execle() use alloca() instead of malloc(); to ensure execle() can be
safely called in a signal hander.
<li>Fix the : and . support in chown so that usernames can have . in them.
<li>Fix a network performance problem introduced with IPSEC.
<li>Add support for FNM_LEADING_DIR, FNM_CASEFOLD, FNM_IGNORECASE to fnmatch(3).
<li>Fix a bug in libform.
<li>Add -f option to readlink which does a realpath(3).
<li>More IPSEC improvements after the Interop ANX bakeoff.
<li>A few pppd fixes.
<li>The random(6) tool (game?) now uses arc4random(3).
<li>Fix prompting code in pw_edit(3)
<li>Ignore bogus hostnames in the /etc/exports file.
<li>Make /etc/security handle blowfish-a passwd entries.
<li>Rewrite of fdisk(8).
<li>Handle a potential crash in the bpf driver.
<li>Quirks for two kinds of hitachi dk515 scsi drives and the
Cipher ST150S tape drive.
<li>Handle creation of /var/tmp/vi.recover more securely.
<li>Implementation of the new disklabel -E mode.
<li>Support 'q' modifier in kernel vsprintf/kprintf
<li>In fmt(1), support backslashed whitespace inside words better.
<li>Make disklabel -E always succeed at writing a label. Now you
can load a fictitious label, edit it, and write it out.
<li>Repair the msdosfs timestamping code so that NT/Win95 do not complain.
<li>Another lpd security fix.
<li>Some minor tftpd bug fixes.
<li>Fix one last little problem case in the fts(3) library routine. This
is a very complicated piece of code...
<li>Fix a memory leak in libdes.
<li>Fix mktemp() to work correctly when specified against non-existant
directories.
<li>Make ac(8) use the correct timestamp if the user specifies a different
wtmp file.
<li>Fix a select/read race in identd(8) which would make it spin wildly.
<li>Make the ncr scsi driver work on big-endian machines too.
<li>Add per-host locking support to supfilesrv.
<li>Make clri(8) mark the filesystem dirty.
<li>Addition of 'kbus' port for the Solbourne Series5 sparc-based machines.
<li><strong>The new afterboot(8) man page. Everyone should look at
this</strong>.
<li>Prevent open(2) with wrong flag modes.
</ul>
<a name=22>
<p>
<h3><font color=#0000e0>OpenBSD 2.2 released (Dec 4, 1997).</font></h3>
<p>
<p>
<h3><font color=#0000e0>Work begins on what will become 2.3....</font></h3>
<p>
<ul>
<li>Add svr4 jioctl() compat interface.
<li>Make kdump(1) handle the newer emulations.
<li>a buffer underrun in ctags(1).
<li>In tftpd(8), permit syslog() to work when running chroot(2)'d.
<li>Add blowfish and cast encryption to IPSEC.
<li>SIGWINCH handling in systat(1).
<li>If a non-existant user logs in and asks for s/key authentication, fake a
proper s/key prompt.
<li>Make disklabel -E deal with multiple partitions which overlap.
<li>Replace kernel printf with Torek's libc printf.
<li>Be more careful with getpwent() information inside rcp(1).
<li>Handle C++ and other languages in yacc(1) far better.
<li>Fix an as(1) parsing bug relating to the .ascii directive.
<li>Fix some memory leaks in the RPC code.
<li>Document how crypt(3) handles blowfish and MD5 passwords.
<li>Truncate large uid and gid values in ranlib(1), in the same way as this
is handled in ar(1).
<li>Fix rpc.rquotad support if the quotas file resides on another filesystem.
<li>makewhatis(8) manpage added.
<li>Fixed ps(1) LIM and STAT columns.
<li>usleep(3) returns int, and add useconds_t type as required by XPG4.2
<li>4.4BSD lite2 vfs integration.
<li>Support execution sections in syslog.conf.
<li>Start named(8) earlier in /etc/rc.
<li>add uu_lock(), uu_unlock() and uu_lockerr() to libutil.
<li>sendmail 8.8.8
<li>double MAX_KMAPENT and MAX_KMAP
<li>Fix tty suspend during <strong>sh -c "less file"</strong>.
<li>Add more things to afterboot(8).
<li>Correct TCP's handling of RST.
<li>Fix EXTPROC in pty code.
<li>Update getNAME(8) and fix makewhatis(8) to use it more optimally.
<li>Some compat_svr4 fixes.
<li>Flesh out compat_freebsd a fair bit more.
<li>Some minor fixes for the libc/db/btree code.
<li>Add getsid(2) system call as mandated by XPG4.2.
<li>Make dumpfs(8) report if soft updates are requested by the superblock.
<li>Make "expr a : /" work.
<li>Support an "object" keyword in config(8).
<li>Support -mmin, -amin, and -cmin in find(1).
<li>Fix a ONLCR + FLUSHO situation in tty.c
<li>Make msync(2) POSIX compliant.
<li>Make the if_de driver support more cards.
<li>Clear CLOCAL mode in pppd if modem is set but modem_chat is not.
<li>Add inetd(8) <strong>-R rate</strong> flag, and crank default rate to 256.
<li>Fix a line continuation bug in sed(1).
<li>Change various system calls to take void * instead of caddr_t.
<li>Range-check the "how" argument for shutdown(2).
<li>Make the <strong>-Ss</strong> flag in rpcgen(1) work right.
<li>Add <strong>SHUT_RD</strong>, <strong>SHUT_WR</strong>, and
<strong>SHUT_RDWR</strong> values for shutdown(2) as
specified by XPG4.2.
<li>in chat(8), replace Mini Getopt from hell with real getopt().
<li>Minor logging feature changes in fingerd(8).
<li>Fix some Y2K problems in the nroff tmac macros.
<li>Added mode rangecheck in chmod(2) and fchmod(2).
<li>Consider only the 0177777 bits of the umask(2) value, as documented.
<li>Implement FIONBIO in ibcs2 emulation code.
<li>Make fstat(2) on AF_UNIX socket return proper st_[acm]time field values.
<li><font color=#e00000><strong>make readlink(1) terminate it's buffer correctly.
<a href=errata.html#all>This affects CDROM builds so a patch is
available for 2.2</a></strong></font>.
<li>Clean /var earlier in the /etc/rc script.
<li>Fix the internals of open(2) when O_TRUNC and either O_SHLOCK or O_EXLOCK
are set. (That was a nasty kernel bug).
<li>Fixed bug in 'systat vm' output.
<li>Update sudo(8).
<li>Import of FreeBSD's ppp(8) program.
<li>Fix a memory leak in the kernel process group manipulation code.
<li>Some man page cleanups.
<li>add <strong>-t</strong> option to disklabel(8).
<li>Fix a mget prompting error in ftp(1).
<li>Update to ncurses 4.1.
<li>Work around stupid linux emulation behaviour involving non-blocking
connect(2).
<li>Massive performance optimization of the ccd device (RAID-like striping
disk driver).
<li>Fix arp(8) ethernet address parsing for the illegal cases.
<li>Fix <strong>-amin</strong> option in find(1).
<li>Moving towards KTH kerberos 4-0.9.7.
<li>Fix /etc/rc scripts to require IPF if NAT is requested.
<li>Add asprintf(3) and vasprintf(3).
<li>Add hosts.equiv(3) and .rhosts(3) man page.
<li>Import perl 5.004_04.
<li>Add some more XPG4.2 *_t types.
<li>Fix SunOS emulation of TIOCGPGRP.
<li>Newer ncr device driver.
<li><font color=#e00000><strong>On the i386, handle the nasty problem with
distinguishing SVR4 and Linux binaries.
<a href=errata.html#i386>A patch is available for 2.2</a></strong></font>.
<li>Update to ncurses-4.1-971129
<li>Fix a deadlock on cd9660.
<li>Fix an overflow in top(1).
<li>Prevent ipf/ipnnat configuration changes when securelevel > 1.
<li>Fix scsi CDIOCREADSUBCHANNEL.
<li>Indicate connect direction for tcp sockets in fstat(1).
<li>In linux compat, handle the CDROM ioctl() calls.
<li>Flesh out scsi(8) a tiny bit more.
<li>Use <strong>cp -R</strong> instead of <strong>cp -r</strong> for local
copies in rcp(1).
<li>Enhance the performance of pwd_mkdb(8) by expanding the db(3) cache based
on input filesize.
<li>Add a <strong>kern.nosuidcoredump</strong> sysctl.
<li>Fix minor numbers for /dev/ch* in the MAKEDEV scripts.
<li><font color=#e00000><strong>A workaround for the Intel P5 F00F lockup problem.
<a href=errata.html#i386>A patch is available for 2.2</a></strong></font>.
<li>Fix numerous problems with new KTH kerberos.
<li>Fix a problem in -current regarding open() of O_TRUNC and O_SHLOCK.
<li>Correct an XPG violation in stdlib.h.
<li>Handle the cdrom ejecting ioctl in linux emulation.
<li>Handle SIOCGIFHWADDR ioctl in linux emulation.
<li>Use recursive vnode locks to solve a page-in panic reported by chuck & chuck.
<li>Handle nanosleep() in linux emulation.
<li>Handle SIOCGIFMETRIC and SIOCGIFMTU in linux emulation.
<li>Handle the controlling tty ioctl in linux emulation.
<li>Repair a number of retry operation problems in the wdc driver that mostly
affected sleeping laptops.
<li><font color=#e00000><strong>Fixed a panic problem in the i386 apm driver.
<a href=errata.html#i386>A patch is available for 2.2</a></strong></font>.
<li>Enable new FreeBSD ppp(8) daemon. There are now two ppp daemons in the
source tree, they have quite different feature sets.
<li>Do not clear the setuid/setgid file mode bits for a call to
{,f,l}chmod(-1, -1).
<li><font color=#e00000><strong>Due to timing constraints, mac68k X11 binaries did
not make it onto the 2.2 CDROM.
<a href=errata.html#mac68k>But it is now available for ftp</a></strong></font>.
<li>Addition of Obtuse smtpd(8) and smtpfwd(8) v2.0.
<li>In ftpd, default to RFC non-conforming behaviour for the PORT command,
but provide a runtime switch for those who like holes.
<li>Make route(8) non-setuid.
<li>Honour TMPDIR in the locate(8) tools.
<li>Update the pkg_* tools a bit.
<li>Support IP_HDRINCL in Linux emulation.
<li>Fix a kernel bug related to "route change ...".
<li>Fix MAKEDEV script regarding /dev/fd/* for some architectures.
<li>In numerous programs, avoid fd_set overflows.
<li>Fix Linux accept/recvmsg if kernel is compiled with other compat options.
<li>Implement fcntl() of F_FREESP in SVR4 emulation. Does this belong
in ibcs2 also?
<li>Provide workaround for the Cyrix 6x86 COMA bug. (A workaround for 2.2
is not available).
<li>Change ftp(1) so that tries to use passive mode, and falls back to active
mode. Provide environment variables to fall back. This is
incredibly cool.
<li>Fail better for over-long usernames.
<li>Check the values of the ftp PORT command even more carefully.
<li>Fix a bug in make(1) regarding SYSV style : substitution on
null variables.
<li>Support fcntl() GETLK,SETLK,UNLK variants in SunOS emulation.
<li>If mountd(8) discovers getfh(2) not supported, it now aborts nicely.
<li>The new KTH KerberosIV integration (and security audit) is almost
complete.
<li>IBCS2 emulation also requires fcntl() F_FREESP support.
<li>Handle DST changeovers automatically in cron.
<li>lockf() implimentation.
<li>Correct exit code of nohup(1).
<li>Swap quit and exit commands in fdisk.
<li>Add sysctl ddb.panic_ddb; indicates whether to drop into ddb on a panic.
<li>Correct an splx botch in the tunnel driver.
<li>Fix some gzip buf oflows.
<li>Make mmap() return void * instead of caddr_t, and add the MAP_FAILED
define required by new standards.
<li>Make {f,}chflags(.., -1) return error EINVAL.
<li>Make md5(1), rmd160(1), and sha1(1) use getopt().
<li>Some slight changes to the PCI device subsystem to make it probe
devices nicer (mostly dmesg printing).
<li>Some more manpage cleanups.
<li>Workaround a problem that happens if a TCP socket is shutdown(2)'d more
than once.
<li>Some fixes to fdisk(8) and disklabel(8).
<li>Add sysctl net.inet.icmp.bmcastecho to block the smurf problem.
<li>Make sure it is clear that so_linger is in seconds.
<li>New rc.conf(7) manpage.
<li>Fix some problems regaring transfer of secure yp maps.
<li>Permit extra / terminators in some path-based system calls.
<li>Do not permit dumping corefiles over symbolic links. (We have wanted
this changed for a long time, but it required Lite2 vfs).
<li>Fix a output error in finger(1).
<li>Fix a vnode creation race.
<li>For scsi tape drives, be silent in the presence of ILI errors.
<li>Support for FAT32 partitions.
<li>Support all kinds of keyboards in pcvt, like pccons does.
<li>In disklabel(8), make IDE drive type handling more obvious and
intuitive.
<li>Bring gethostent() back to life, even though it is a bad interface.
<li>Merge some slight standardization fixes for *printf(3) from
FreeBSD (some unlikely cases get handled better).
<li>sudo version 1.5.4.
<li>Make pkg_install(1) feed a -p option to tar.
<li>In w(1), handle processes that set argv[0] to NULL, by printing p_pcomm.
<li>ncurses 4.1-980103
<li>Handle unparseable ulimit specifications as an error, not as the value 0.
<li>pppd 2.3.3
<li>Support <strong>-h host</strong> flag to ypwhich(1).
<li>Use new ypwhich(1) flag in ypinit(8) script to get maps from the real
master server.
<li>Import of tzcode1998b and tzdata1998b.
<li>Properly ignore whitespace between a conversion and %n in *scanf(3).
<li>Groff 1.11a
<li>Properly error out if yp_match() or yp_first() is asked to lookup
long keys.
<li>Start at bus_dma support.
<li>Much more complete KerberosIV documentation.
<li>Repaired the expansion of the kernel panic string.
<li>If tar(1) extracts as root, preserve uid/gid as is traditional.
<li>Fix argument handling in expand(1).
<li>In termcap databases, map the keyboard backspace key to DEL
instead of BS as that is how it really is.
<li>Fix select(2) use in sudo(8) so that it can handle large fd_set sizes.
<li>More cdrom ioctl's in Linux emulation.
<li>Fix a race in mkdir(1).
<li>IPF 3.2.3. When you upgrade to this version, you <strong>must</strong>
also upgrade the userland utilities (ipf, ipnat, etc.). You also
need to get the latest MAKEDEV and run "sh MAKEDEV ipl" in /dev
to create new device entries.
<li>On binutils platforms, make ldd(1) work on static executables.
<li>Add <strong>-a</strong> flag to which(1).
<li>Check both old and new shells in rpc.yppasswdd(8).
<li>Cleanups in wump(6).
<li>Glob extensions for XPG4.
<li>Require commands started from in /etc/rc to be executable -- not just
readable.
<li>In rc.local, bail on starting cfsd(8) if mountd(8) is not running.
<li>Self-extending kernel maps in the vm subsystem.
<li>Low-memory bug fix in setenv(3).
<li>Some man page fixes so that <strong>man -k</strong> is happier.
<li>Workaround a race condition in syslogd's handling of SIGHUP.
<li>Teach the kernel about newer PCI device types.
<li><font color=#e00000><strong>Be more careful about sourcerouted packets,
including never forwarding them. This is a security
problem in OpenBSD 2.2, and is <a href=errata.html#sourceroute>
described and fixed with a patch</a></strong></font>.
<li><font color=#e00000><strong>Two bugs existed in the the 2.2 pmax release which all users
should be aware of.
<a href=errata.html#pmax>Patches are now available</a></strong></font>.
<li>Fix the __{CTOR,DTOR}_LIST__ declarations in c++rt0.c
<li>Avoid DNS lookup timing effects in ping -R.
<li><font color=#e00000><strong>Buffer overflow fix in the MIPS ld.so. Replacement
binaries for the <a href=errata.html#pmax>pmax</a> and
<a href=errata.html#arc>arc</a> platforms are available</strong></font>.
<li>Add strptime(3).
<li>Add scan_ffs(8), a very useful tool for reconstructing disks.
<li>Create two new sysctl options: <strong>ddb.panic</strong> decides
whether the kernel should enter ddb when it panics, and
<strong>ddb.console</strong> controls if it is possible to enter
ddb from the console via a hot-key.
<li>Fix a free page count bug in the vm system.
<li>Add <strong>/etc/sysctl.conf</strong> which specifies sysctl variables
to change at boottime.
<li>Add <strong>FS_CCD</strong> partition type so that the ccd driver can
ensure it has the right components.
<li><font color=#e00000><strong>In the 2.2 release, the sparc scsi driver caused problems
for the Sun 4/300 machines.
<a href=errata.html#sparc>Patches are now available</a></strong></font>.
<li>Fix /etc/yp/domainname support in ypbind(8).
<li>Fix some bugs in vacation(1).
<li>Emulate that disgusting linux connect() braindamage even better.
<li>smtpd(8) integration spiffied up. Everything you need is now in the
system.
<li>A start at full lint library support.
<li>Fix rarpd(8) to work properly in the presence of massive routing traffic.
<li>New compat_ibcs2(8) manpage.
<li>The web pages now have a new section on <a href=security.html>
security advisories</a>.
<li>Make MIPS ldconfig emulate the <strong>-m</strong> flag better.
<li>Permit restore(8) to work on a filesystem that has a basic blocksize
smaller than the blocksize of the filesystem that was dumped.
<li>New <strong>-a logdev</strong> argument for syslogd(8), useful for
setting up additional /dev/log devices in various chroot spaces.
<li>raise IPPORT_USERRESERVED significantly. Random port numbers will now
look much more random than they did before.
<li><font color=#e00000><strong>Make ruserok() significantly more paranoid when
parsing the .rhosts file. This along with another issue is a
security problem in OpenBSD 2.2, and is <a href=errata.html#ruserok>
described and fixed with a patch</a></strong></font>.
<li>In compress(1), if the st_flags is 0, do not attempt a chflags(2) call.
<li>Make stty(1) recognize STRIPDISC.
<li>Fix a map corruption bug in ypxfr(8).
<li><font color=#e00000><strong>In the sparc 2.2 release, the SS4/SS5 kernel was not
very reliable. <a href=errata.html#sparciommu>A simple reliability
patch is now available</a></strong></font>.
<li>Place seperate so_ruid and so_euid fields in struct socket, so that
in_pcb.c can still do it's job, but also so that identd(8) can
be fast and return the proper uid.
<li>If <strong>link0</strong> is set on a loopback interface (ie. lo1) make
the address/netmask sets on it make supernets instead of subnets.
<li>Various fixes to some of the games, ie. rain, worms, wump.
<li>Fixed "%c" in strftime(3).
<li>Support the WINBOND pci ethernet cards.
<li>Make lpd(8) use keepalives so that it can detect dead network printers.
<li><font color=#e00000><strong>The mac68k 2.2 CD release had a few problems.
These problems have been resolved in the FTP release.
<a href=errata.html#mac68k>For more details...</a></strong></font>
<li>Fix another signal handler bug in mail(1).
<li>New quirk for another Archive VIPER scsi tape drive.
<li>Support <strong>-[width]</strong> option in fmt(1).
<li>Add XPG4 <strong>-r</strong> option to du(1).
<li><a href=ftp://ftp.openbsd.org/pub/OpenBSD/tools/openbsdpower.gif>New
fancy OpenBSD logo for your use</a>.
<li>Change chflags(2) and fchflags(2) to take a u_int for the second
parameter.
<li>Fix two bugs in adduser(8).
<li>Pull in all the NetBSD changes to the old version of gas over the
last year or so.
<li>Remove the ftp(1) `stdout redirection' hack and replace it with a
<strong>-o filename</strong> option (which also understands a
filename of "-" to mean stdout).
<li>On the i386, move XFree86 aperature driver into the kernel. The new
sysctl(8) variable <strong>machdep.allowaperture</strong> decides
if this driver is active or not. (This variable can only be
modified at high securelevel).
<li>Add kerberos kauthd(8).
<li>Rename /etc/nat.rules to /etc/ipnat.rules.
<li><font color=#e00000><strong>Do not permit a read+write mmap() operation on
a read-only file descriptor open on a device. This is a security
problem in OpenBSD 2.2, and is <a href=errata.html#mmap>
described and fixed with a patch</a></strong></font>.
<li>Make the kernel compile properly (with full warnings) under gcc 2.8.
<li>For OLF/ELF binaries, remember the OS tag in execve(), so that emulation
code can reference it later.
<li>CVS version 1.9.24
<li>Support <strong>-rpath dir</strong>, <strong>-shared</strong>,
<strong>-soname</strong>, <strong>--whole-archive</strong>,
and <strong>--no-whole-archive</strong> in the old ld used on
many of our platforms.
<li>Some more repair in the games.
<li>Do not copy from off the end of an nfs boot mbuf.
<li>Support for the ST16650 32-byte FIFO uart.
<li>Add <strong>-p</strong> option to uname(1), to display detailed
CPU information.
<li>In mail.local(8), document how to use quotas on a mail spool.
<li>Convert the xdr(3) and rpc(3) manpages to mandoc format.
<li>Permit the disabling of skey system-wide.
<li>Do not let a user set their password to "s/key".
<li>Do not permit TCP connections to any of the broadcast addresses.
<li>Clarify crypt(3) manpage as to how many characters each transform
actually considers in its calculation.
<li>In the RPC code, ensure that __svc_fdsetsize is always manipulated as
a bitcount.
<li>Add a clarifying statement to all the Kerberos code that explains how
it came to be that this code was released from the USA's crypto
stranglehold.
<li>Add a command to ddb that reports out the extent tables.
<li><font color=#e00000><strong>The 3rd revision of the patch for the mmap()
security problem is available, and <a href=errata.html#mmap>has been
placed on top of the 2nd revision</a></strong></font>.
<li>Fix some bugs in the 3c[59]xx device driver.
<li>Make <strong>netstat -r</strong> report better information about
non-standard netmasks.
<li>In libpcap and tcpdump, use our system ethers(5) parsing routines.
<li>Fix a configuration file parsing bug in ipf(8).
<li>In old gas, move to late resolution of symbols because gcc 2.8
will require this.
<li>Add XDM-AUTHORIZATION to X11.
<li>Inside the kernel, change struct file's members f_count and
f_msgcount to longs, and then add checking for overflows as well.
<li>Handle unknown hostnames in mountd(8) better.
<li>Improve blowfish performance by a factor of 2, and hence increase
the rounds by 1 in passwd.conf.
<li>Remove one of the two copies of math.h in the source tree.
<li>Correct behaviour <strong>-x</strong> and <strong>-p</strong> flags
in tar(1) to be traditional.
<li>Make ping(8) work with very large packet sizes on all types
of interfaces.
<li>Upgrade to libg++ 2.8.0
<li>Upgrade to gcc 2.8.0
<li>Fix a few more mktemp(3) problems in f77 libraries, and other assorted
GNU software.
<li>Fix a race bug in mkstemp(3) itself that would make mkstemp(3) have
occasionally fail strangely.
<li>New photurisd(8) that complies with
<strong>draft-simpson-photuris-18.txt</strong>.
<li>Add support for <strong>TIOCM*</strong> family of ioctl(2) values to
the sparc serial driver.
<li>Fix syslog(3) sockaddr initialization.
<li>Spend almost a week finding and fixing minor goobers discovered by
gcc 2.8 throughout the source tree.
<li>Use a p_os field to sub-divide operating system emulation capabilities
(like for SVR4 binaries).
<li>Add another missing ntohl() in ipnat(8).
<li>XFree86 3.3.2 is now in our X11 source tree.
<li>Add many new machine-dependent man4 man pages.
<li>Improve IPSEC performance.
<li>Rename 2.2 to 2.3 tree-wide, for the upcoming release.
<li>Upgrade to gcc 2.8.1
<li>Significant efforts made at fleshing out the device driver man page
tree better.
<li>Fix passwd(1) so that YP passwords do not get edited in the
local password file.
<li>On the sparc, print hotfix information at the right place in the
dmesg log.
<li>On the sparc, support 128KB lebuffer devices.
<li>Fix KerberosIV password changing.
<li>Change the configuration of man(1) so that man4 is read much later;
this makes it easier to see pages in man8 with similar names.
<li>Add support for <strong>-s section</strong> and <strong>-S subsection</strong>
to man(1).
<li>Add <strong>-s</strong> and <strong>-c</strong> options to last(1).
<li>Fix a crash case in compress(1).
<li>Fix vnd and ccd drivers to work properly with soft updates.
<li>Fix tmpfile(3) to fchown() the file after unlink() (taking umask() into
consideration, too). This is required by standards.
<li>Add support for 82553 and 82555B PHY in the fxp driver.
<li>Add lynx 2.8 to the system.
<li>Configure cc(1) to pass the <strong>-R</strong> flag on to ld(1).
<li>Fix an interaction bug in inetd(8) due to SIGPIPE blocking; caused a
bad effect in rlogind(8) or other inetd(8) children.
<li>Fix mktemp(3) problems in two more YP tools.
<li>CVS version 1.9.26
<li>Fixes to a few more games.
<li>Fully working KerberosIV encryption in telnet(1) and telnetd(8).
<li>Flesh out the man pages and explain the security problems behind
mktemp(3) and other similar functions, plus explain how to
handle these problems better.
<li>Merge Kirk McKusick's <a href=softupdate.html>soft update</a> code.
This code is still experimental and under a non-commercial
license. It will be included in the next release as an optional
compile flag; we cannot ship it enabled by default.
<li>Fix <strong>%m</strong>, <strong>%I</strong>, <strong>%S</strong>,
<strong>%y</strong>, <strong>%C</strong>, and <strong>%j</strong>
conversions in strptime(3).
<li>Fix a NULL deference bug in make(1) when using the <strong>-j</strong>
flag.
<li>In strptime(3), make <strong>%C</strong> influence <strong>%y</strong>
regardless of ordering.
<li>Add options(4). This manpage describes what all the kernel options
do. If you spot an error in it, notify us immediately.
<li>In get*ent() family of routines in libc, use fgetln(3) instead of
fgets(3) so that parsing of overly long lines is more correct.
<li>Fix support for VFS loadable kernel modules.
<li>Make the functions described in ethers(3) more careful.
</ul>
<p>
<h3><font color=#0000e0>OpenBSD 2.3 will be released in June 1998</font></h3>
<p>
<a name=end>
This list mentions mostly platform-independent changes. For a list of changes
made in a particular platform, please check the page for that platform. If you
find them not listed there, the changes are either (1) not being documented or
(2) are documented here.<br><br>
<hr>
<a href="index.html"><img src=back.gif border=0 alt=OpenBSD></a>
<a href=mailto:www@openbsd.org>www@openbsd.org</a>
<br><small>$OpenBSD: plus.html,v 1.218 1998/03/17 06:28:20 deraadt Exp $</small>
</body>
</html>
![[BACK]](/icons/back.gif){kind=icon}
Return to plus.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www