File: [local] / www / plus.html (download) (as text)
Revision 1.382, Sat Jan 2 02:07:10 1999 UTC (25 years, 5 months ago) by niklas
Branch: MAIN
Changes since 1.381: +3 -1 lines
sendmail & midi
|
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML Strict//EN">
<html>
<head>
<title>OpenBSD changes</title>
<link rev=made href=mailto:www@openbsd.org>
<meta name="resource-type" content="document">
<meta name="description" content="the main OpenBSD page">
<meta name="keywords" content="openbsd,main">
<meta name="distribution" content="global">
<meta name="copyright" content="This document copyright 1996 by OpenBSD.">
</head>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E">
<img alt="[OpenBSD]" height=30 width=141 SRC="images/smalltitle.gif">
<p>
<h2>Changes made between OpenBSD versions.</h2>
<p>
This is a partial list of the major machine independent changes
(ie. these are the changes people ask about most often). Port
specific changes have also been made, and are sometimes mentioned
in the pages for the specific <a href=plat.html>ports</a> if you
are interested in for further port-specific details. Many ports
have had architecture-specific enhancements relative to NetBSD,
but when they do not they certainly have plenty of platform-independent
changes, starting with those listed below..
<p>
Note: <font color=#e00000>Problems for which patches exist are marked in red</font>.
<p>
<h3>
<a href=#20>To go straight to the changes up to OpenBSD 2.0, click here</a>.
<br>
<a href=#21>To go straight to the changes up to OpenBSD 2.1, click here</a>.
<br>
<a href=#22>To go straight to the changes up to OpenBSD 2.2, click here</a>.
<br>
<a href=#23>To go straight to the changes up to OpenBSD 2.3, click here</a>.
<br>
<a href=#24>To go straight to the changes up to OpenBSD 2.4, click here</a>.
<br>
</h3>
<hr>
<p>
<a name=25></a>
<h3><font color=#0000e0>We are working on what will become 2.5...</font></h3><p>
<ul>
<li>Integration of NetBSD's MIDI & sequencer support.
<li>Sendmail 8.9.2
<li>Correct the values of <strong>ip_len</strong>, <strong>ip_off</strong>, <strong>ip_id</strong>, and udp <strong>uh_sum</strong> fields for the embedded ip packet inside an icmp packet. (<strong>ip_sum</strong> is still wrong.)
<li>More locking fixes in the vfs layer.
<li><font color=#e00000><strong>Fix df(1) on NFS v3 filesystems. <a href=errata.html#nfs3>A source code patch is available which solves this problem</a></strong></font>.
<li>Crank PID_MAX to 99999.
<li>Do better pcmcia interrupt allocation.
<li>Make <strong>ip_id</strong> non-repeating random, like DNS id's.
<li>range check signal conversions in the compat layer.
<li>make mount(2) return EOPNOTSUPP for filesystem missing in kernel.
<li>Fix a pcmcia com(4) driver panic.
<li>Many libc_r improvements.
<li>In xl(4), if no MII found, do not panic.
<li>Fix sh(1) and csh(1) builtin kill(1) clones so that they support -SIGXXX.
<li>Activate isakmpd in the build process.
<li>Newer version of isakmpd.
<li>In kgmon(8), let libkvm decide the default kernel name.
<li>Repeat open operations in cdio, in case of slow changers.
<li><font color=#e00000><strong>Even more bootpd paranoia. Updated patches are available for <a href=errata23.html#bootpd>2.3</a> and <a href=errata.html#bootpd>2.4</a></strong></font>.
<li>Make sa(8) 64bit clean.
<li>In install(1), handle sparse files the same way pax(1) does.
<li>Replace raw termcap/terminfo databases with new ones based on a common and shared termtypes database.
<li>Permit csh(1)-builtin printf function to have arguments.
<li>Fix a display problem in hexdump(1).
<li><font color=#e00000><strong>Fix an i386 installboot bug which prevents proper installation when the root partition (or the root partition end) are placed BEYOND the 4GB line. <a href=errata.html#installboot>A source code patch is available which solves this problem</a></strong></font>.
<li>Flesh mktemp(3) manpage out significantly.
<li>Working <a href=mvme88k.html>mvme88k</a> port.
<li>For IPHDRINCL, check <strong>ip_hl</strong> for validity, too.
<li>Fix goal and max parameters in fmt(1).
<li>Do not believe SS20 machines that claim to have BURST64 support.
<li>In sparc le(3), be more careful about media handling and such.
<li>In ftp, if passive connections fail, try active.
<li>Morse decoding in morse(6).
<li>Numerous fixes to calendar(1), in particular it can now calculate Easter correctly.
<li>Various race/deadlock fixes to umount(2).
<li>More man page fixes.
<li>More isapnp devices.
<li>Fix rand(3) bug introduced into 2.4.
<li>Fix [:print:] in tr(1).
<li>Merge make(1) fixes and changes from other projects.
<li>Consider limits in fdavail().
<li>Fix layer in VFS layer function vinvalbuf().
<li>Fix a tl(4) bug which caused a particular IDE controller to look like an ethernet card...
<li>Increase sparc obio le driver memory to 8K, enhances performance.
<li>Remove itrunc3 panic case: It is invalid code.
<li>fast retransmit statistics in netstat(1).
<li>Many new ISA PNP devices.
<li>Make -ltermcap be -lcurses; and -lotermcap be -locurses, via links.
<li>For kerberosIV, install <strong>prot.h</strong> (some things require it).
<li>XFree86 3.3.3
<li><font color=#e00000><strong>Fix a remote exploit problem in bootpd (which noone runs anyways, without filtering, right?). This fixes a security problem. Patches are available for <a href=errata23.html#bootpd>2.3</a> and <a href=errata.html#bootpd>2.4</a></strong></font>.
<li>In cut(1), avoid an infinite loop.
<li>In top(1), skip disabled swap spaces.
<li>Even more man page fixes courtesy of our local man page repair fanatic.
<li>Fix a crash in ps(1).
<li>Make file(1) understand mp3 formats.
<li>Repair a recent bug introduced with the SACK/FACK changes (only affected the alpha).
<li>Add <strong>-C</strong> support to our patch(1).
<li>Numerous IPSEC-related fixes inside the kernel and outside.
<li>Many more man page fixes.
<li>In ipf(8), do not crash for bad config file.
<li>Do not permit tapesize estimate overflows in dump(8).
<li>Fix memory leaks in yacc(1), lex(1).
<li>In nslookup(1), fix an bug in some previous overflow handling.
<li>Permit "Total" bar in "systat swap" to shrink.
<li>Fix /tmp race in ctm(1).
<li>Make /etc/security consistant to /etc/mtree for the /var/backups directory.
<li>Fix a gzip bug.
<li>More careful buffer handling in rpc library.
<li>Handle spaced-out arguments in lorder(1).
<li>Since some drivers occasionally return busted d_secpercyl fields to readdisklabel(), do more checking inside readdisklabel() for those ports that run into this issue.
<li>A couple of missing prototypes added.
<li>More man page fixes.
<li>sudo 1.5.7
<li>New getcat(1) manpage.
<li>Serious improvements to libc_r. This is becoming useable.
<li>More careful mmap handling in various device drivers.
<li>Exponential space growth in v?asprintf(3).
<li>More manpage fixes.
<li>Fix a crash of ksh(1).
<li>Ignore out-of-range environment LINES and COLUMNS in libocurses.
<li>In libcurses in the issetugid(2) case, ignore $TERMINFO.
<li>In libocurses and libcurses in the issetugid(2) case, only ignore $TERMCAP if it is a path.
<li>Support full set of pty devices in the MAKEDEV scripts.
<li>Make rl(4) match the Accton 1207D cards too.
<li>Prototype getpgid(2)
<li>Handle COMMENTS better in pkg_info(8).
<li>64-bit fixes in TCP SACK.
<li>Fix a bunch of strtol() range check errors.
<li>Improve tty permission checking in wall(1).
<li>NEWRENO, SACK, and FACK support in our TCP implementation. SACK and FACK are enabled by default.
<li>Added <i>adw</i>, the AdvanSys Ultra Wide PCI SCSI controller driver.
<li>Make yacc's skeleton file pass gcc -Wall.
<li>ncurses-4.2-981114
<li>Fix pcvt attribute handling
<li>Fix system() buffer mis-handlings in lynx(1)
<li>Use -lcurses in xterm(1)
<li>Preserve errno in a libutil/passwd.c function
<li>In libm, use write(2,...) instead of stdio code.
<li>Fix an IPSEC SPI mishandling bug.
<li>ncurses based tset(1).
<li>Fix an expression handling bug in as(1).
<li>Improve setregid() and setreuid() emulated behaviour.
<li>ftok() is now XPG compliant.
<li>Put userdir support back into httpd(8).
<li>New daemon: isakmpd (ISAKMP/Oakley ipsec daemon).
<li>Move /tmp/bootpd.dump to /var/run to avoid filesystem race.
<li>Fix some manpages
<li>sudo 1.5.6p6
<li><font color=#e00000><strong>Fix a remote lockup problem in the TCP packet decoding code. This fixes a security problem. Patches are available for <a href=errata23.html#tcpfix>2.3</a> and <a href=errata.html#tcpfix>2.4</a></strong></font>.
<li>Fix a deadlock in deadfs VOP_LOCK().
<li>Support -p option in ipmon(8).
<li>Change bpf to support full frame-grabbing for FDDI packets.
<li>Support more ISAPNP devices.
<li><a href=want.html>A new web page contains a list of hardware that the project could use for our development process.</a>
<li>Newer soft updates code.
<li>More manpage fixups.
<li>Driver for rl(4) PCI ethernet cards (rtl8129/8139).
<li>New phy drivers.
<li>Repair a bad strlcpy(3) manpage error.
<li>Support ftpd(8) running out of /etc/rc
<li>Fix fsck_ext2fs(8) for FIFOs.
<li>Detect and handle dma sbus cards in non-dma sbus slots.
<li>Handle scsi devices which terminate inquiry strings with 0xff.
<li>Fix append mode in freopen(3).
<li>Cache and hash hostnames in ipmon(8).
<li>Improvements to up-coming libc_r code.
<li>Minor possible security fix to xlock(1).
<li>Easter and Y2K leap year fix to calendar(1).
<li>Use optimal xfer blocksize in rm(1) instead of assuming 8K.
<li>Fix a bug in libocurses.
<li>curses 4.2-981017
<li>More man page fixes.
<li>Be sure to enable pci cards that the BIOS forgot about.
<li>Support hppa in rbootd(8)
<li>Merge bug fixes from pdksh 5.2.13.4
<li>Various new ppp(8) changes.
<li>Use correct ioctl for flushing in ipmon(8).
<li>Fix various tcp options bugs.
<li>Fix tcp timestamps.
<li><font color=#e00000><strong>Repair sparc kvm dump header problem. <a href=errata24.html#kvm_mkdb>A patch is available</a></strong></font>.
<li>More carefully check /etc/hostname.* file contents before using it.
<li>Fix mktemp() problems in lynx(1).
</ul>
<a name=24></a>
<h3><font color=#0000e0>OpenBSD 2.4 released (Dec 1, 1998).</font></h3><p>
<ul>
<li>Fix a bug in the midway ATM driver.
<li>Update numerous documents for the 2.4 release.
<li>Fix another off-by-one error in pax(1).
<li>Addition of driver for sbus 'qe' 4-port 10mbit ethernet card.
<li>Split X shareable files into a seperate tar file.
<li>Make tset(1) work with libcurses (before it was libocurses only).
<li>Fix an ipsec panic bug.
<li>/etc/rc startup code for afsd.
<li>In default sendmail config, enforce valid Message-Id to help stop spammers.
<li>Fix a rounding up problem in disklabel(8).
<li>apache 1.3.3
<li>Make clustering work fast even beyond 2GB into a file.
<li>Fix a few ipnat bugs.
<li>Support bt878 and bt879 in the bktr(4) driver.
<li>Driver for the Compaq Thunderlan ethernet cards, called tl(4).
<li>Fix null-function running in ksh.
<li>Support the SMC EtherEZ PNP card.
<li>Support 3c905B-FX cards (fast fiber ethernet).
<li>Support Lite-On PNIC tulip clone chips in the de(4) driver.
<li>Fix SIOCGIFCONF code in ipnat(8).
<li>Import SSLeay-0.9.0b <strong>minus the patented algorithms (IDEA and RSA)</strong>. The DSA certificate handling and other cryptography still remains.
<li>Increase datasize in savecore(8) (as was done in fsck(8) a long time ago).
<li>Fix a readlink(2) bug in ls(1).
<li>Add new DIOCGPDINFO ioctl for disklabel(8)'s new <strong>-p</strong> option.
<li>Fix a mathetical formula in photurisd(8).
<li>apache 1.3.2
<li>Fix other spoofed labels to contain more real information.
<li>In i386 wd(4) driver, set d_type properly in spoofed labels.
<li>Import learn(1) -- but still disabled.
<li>Add <strong>file://</strong> support to ftp(1).
<li>Fix media negotiation in the SS5/10 le(4) driver.
<li>Fix mail(1) to deal with the changed lockspool(1) protocol.
<li>In lockspool(1), permit root to lock other spools.
<li>Add the <A HREF="http://www.advansys.com">AdvanSys</A> narrow PCI SCSI driver, adv(4).
<li>Correct vfs_refcount handling.
<li>In cp(1), for <strong>-p</strong> flag also preserve the sticky bit.
<li>In tar(1), fix storage of paths that are exactly 100 characters long.
<li>Add smc91cxx ISA support.
<li>Fix more setmode(3) memory leaks.
<li>Continue integration of AFS.
<li>In i386 bootblocks, clear NT bit in bootblocks whenever switching into prot mode.
<li>Undo gzip nlist(3) support for the 2.4 release, will go back in afterwards.
<li>Add optional support for alternate pid files in newsyslog(8).
<li>Repair the license for boggle(6).
<li>Repair a memory leak in mtree(1).
<li>Fix a writer lock miscount in execve(2)...
<li>Workaround a bug in newer versions of the xl(4) cards.
<li>Repair the license for file(1).
<li>Make tcpdump(8) understand SACK (RFC 2018).
<li>Fix a bug in sed(1).
<li>Media support in the fxp(4) driver.
<li>Replace ed(4) driver with the ne(4), ec(4), and we(4) drivers.
<li>In ftp(1), make the progress meter support ttys that do not have the width set.
<li>Support uids > 32000 in adduser(8).
<li>Make sparc and alpha floppies do dhclient, too.
<li>Fix a few tiny sysctl related changes in route(1).
<li>Add support for SMC EtherPower II 10/100 ethernet cards; tx(4) driver.
<li>Tons more man page cleanups...
<li>More games fixes...
<li>Add a <strong>-1</strong> option to dhclient: if the dhclient request fails, dhclient should exit.
<li>In top(1), fix pid sorting on the alpha.
<li>Make tar(1) print verbose output to stdout, not stderr.
<li>Repair some badly written short write() handling in ftp(1).
<li>In newsyslog.conf, rotate authlog and secure entries after 1 week.
<li>Kill COMPAT_09 and COMPAT_10 options.
<li>Provide a way for ftp(1) to show a progress meter, but create no other noise.
<li>Media support for ep(4) driver.
<li>Move ifaliases setup upwards in /etc/rc; now named(8) can use ifaliases.
<li>In /etc/rc.conf, add a nice toggle for ntpd(8).
<li>Finish media support on sparc le(4) driver.
<li>buf oflows in restore(8).
<li>Support media directives in dhcp-based /etc/hostname.* files.
<li>Make the xfs system call always exist.
<li>i386 option NO_APMPRINT for quieter apm driver.
<li>Move dhclient-script to /sbin where it belongs.
<li>Fix a panic in SOCK_RAW.
<li>ncurses 4.2-980912.
<li>Quite a number of install script improvements.
<li>if_media support in lance driver.
<li>With the -h option, add token reporting support to identd.
<li>HP ScanJet IIp support.
<li>Print OpenBSD copyright at boot-time.
<li>Create the first version of the 2.4 install floppy, which includes dhclient on it.
<li>ipf 3.2.9.
<li>sudo 1.5.6.
<li>Handle early-interrupting wdc drives which voilate the MMC2 specifications.
<li>Fix recvfrom() MSG_PEEK to work with length 0, again.
<li>Free AFS client integrated into the source tree.
<li>Significant man page cleanups.
<li>Add help(1), which is basically "man man".
<li>in fdisk(8), for large disks, clamp CHS values to 0xffffff and then encode data in the LBA fields.
<li>Neomagic support in X11.
<li>libcurses version 20.3.
<li>Restore chat -s and -S flags, they were lost.
<li>Fix curses library to use all the possible ways of getting it's termcap definition.
<li>More games fixes.
<li>A new and improved more capable pcmcia code-base.
<li>Support intel 82365SL pcmcia chipset.
<li>Add aic6360 pcmcia support.
<li>new sm driver -- SMC 91cxx ethernet chip support. Common pcmcia chip.
<li>Fix error handling in bootblock filesystem detection code.
<li>Fix a recently introduced bug in nslookup(1).
<li>Fix mips constructor init/fini operation in ld.so.
<li>Fix a signal race in mail(1).
<li>Nice way of handling dhcp at boot-time.
<li>Fix a bug in RMD160.
<li>Make xl(4) driver work on the alpha.
<li>Make the pci de(4) driver finally work fully on big-endian machines.
<li>Fix a hanging-race in mail(1).
<li>zlib 1.1.3
<li>Fixes to the pkg_install tools.
<li>For i386 pcvt, better keyboard timing code.
<li>Teach fstat(1) AFS.
<li>Add command-line selection of dates other than now to pom(6).
<li>More man page repairs.
<li>Add support for nlist(3) of a gzip'd kernel, only used by savecore(8).
<li>Fix some mis-aligned faults in ppp(8).
<li>Fix a gcc 2.8.1 bug which caused code to be mis-optimized.
<li>if_media support in OpenBSD. Some drivers support it, others do not yet.
<li>Buffer mishandling fixes in nslookup(1) and dig(1).
<li>Make a few programs (time, mkdep, lorder) kill themselves with the signal they trapped, rather than provide an exit code.
<li>Continuing work at integrating the <a href=http://www.stacken.kth.se/projekt/arla>ARLA free-AFS</a> source code directly into OpenBSD.
<li>More games fixes.
<li>Teach libpcap that DLT_LOOP devices have a network byte order header.
<li>Return ENXIO for /dev/mem minor devices which do not exist.
<li>uuencode/uudecode get a new -p option.
<li>ppp version 2.0 (MPP)
<li>Make blowfish character interfaces work on unaligned-access-faulting hardware.
<li>Another fix for i386 ptdi panic, in procfs.
<li>Handle the MediaGXm processor.
<li>Buckets of scanf-style overflows in nslookup(1) and dig(1).
<li>Change protocol argument of pmap_set() to be u_int.
<li>Newer version of Kirk's softdep code.
<li>Fix fxp(4) for the alpha.
<li>In the libc/db sub-library, sanitize memory that is being sent out to db files.
<li>Fix a dlopen() bug in ld.so.
<li>Numerous man page cleanups.
<li>Add big-endian 21040 support to the de(4) driver, so that powerpc can use it.
<li>Fix a premature free() bug in libpcap.
<li>Install dhclient-script(8).
<li>In ttyname(), reinitialize the tty buffer with the "/dev/" prefix each time.
<li>More fixes to rpc.pcnfsd(8).
<li>Fix a crash in csh(1).
<li>Sparc qec/be 100mbit ethernet driver.
<li>Support \e in printf built into csh, and document it too.
<li>Significant progress in the powerpc port.
<li>Fix a panic bug in the routing socket.
<li>Better media support in fxp(4) driver.
<li>In kvm_open(3), try /dev/ksyms before /bsd.
<li>Add /dev/ksyms support the kernel. This emulates a fake a.out which has the kernel's ddb symbol table attached to it.
<li>Change savecore(8) so that it tries /dev/ksyms before /bsd.
<li>cvs version 1.10
<li>More improvements to all the games.
<li>Fix new blowfish functions to work on big-endian unaligned-access-faulting architectures.
<li>Fix a malloc race in all filesystems.
<li>More rpc.pcnfsd(8) changes. Again -- do not use rpc.pcnfsd.
<li>Correct readlink(8) in adosfs.
<li>Newer code for the fxp driver.
<li>Change nlist(3) and kvm_mkdb(8) to work with the upcoming /dev/ksyms.
<li>Fix an encryption-related bug in telnetd.
<li>Support <strong>-o</strong> in top(1).
<li>Add <strong>-q</strong> flag to mtree(1).
<li>In cfmakeraw(3), also clear IMAXBEL.
<li>realloc fixes to X11.
<li>ecoff support in nlist(3).
<li>In the nfs code, repair non-ANSI code that got incorrectly optimized on some of our architectures.
<li>Many more realloc fixes.
<li>More buf oflows in rpc.pcnfsd(8). Noone should use this code.
<li>Fixes to numerous games.
<li>Fix some important kvm_mkdb(8) bugs.
<li>Add apm and dhcp starting chunks to /etc/rc and /etc/rc.conf.
<li>For the i386, save more battery power by halting the cpu during the APM loop. This affects a part of the pctr driver...
<li>In xterm(1), support VSTATUS.
<li>Add *_ptob() and *_ptob() functions to architectures missing those.
<li>Some updates to talk(1).
<li>Add ISC dhcp to the source tree. This urgently needs a security audit.
<li>Fix df -P for zero-sized filesystems (ie. amd(8)).
<li>Fix FFS data-buffer leaking on segfaults during write.
<li>Make i386 registers get saved correctly in a crash dump.
<li>In /etc/security, do not include fifo's in setuid check.
<li>Fix g++/FlexLexer.h support in lex(1).
<li>Numerous more realloc fixes.
<li>Seperate mail.local(8) into two programs: new one is lockspool(8). mail.local is no longer setuid. Ensure that your /etc/sendmail.cf Mlocal line contains an 'S' at the end of the F= field, or local mail delivery will fail.
<li>Add openbsd.m4 OSTYPE to the sendmail cf directories.
<li>Fix numerous incorrect uses of realloc() in the system libraries.
<li>One final fix for the chroot code in named(8).
<li>update to sendmail 8.9.1a.
<li>Fix fdformat(8) exit code.
<li>Fix an incorrect detection problem in aha.c.
<li>buf oflow fix to new rdist (no security effects).
<li>Fix strtod(3) so that it is valid actual C code (ie. and doesn't generate bad code when optimized).
<li>In hexdump(1), detect a format string of all spaces as bad.
<li>Prototype poll().
<li>In gprof, permit <strong>$</strong> in symbol names.
<li>Fix coredump in find when doing <strong>find . !</strong>
<li>Add ECB and CBC encryption for octet streams to blowfish.
<li>Fix base64 encoding in bcrypt(3).
<li>Fix scon(1) to permit -d and -c to work together.
<li>In i386 vt console driver, wait for ACK back from keyboard when setting typematic rate.
<li>update to zlib 1.1.3.
<li>Fix atime and mtime commands in fsdb.
<li>Don't wrap 80 characters in <strong>rup -d</strong>.
<li>Add russian message catalog.
<li>Protect against SIGPIPE in fdisk(1).
<li>Fix interrupt disabling in pms(4) driver.
<li>Remove kill(-1, 0) code from reboot(8) which does not work exactly as intended.
<li>Correct exit code of ls(1).
<li>For dump, futher improve the semantics for "filesystem not in fstab".
<li>More work on big-endian support in the ncr(4) and de(4) drivers.
<li>Support mem-mapped com ports on powerpc.
<li>Support gdb, ptrace, and /proc on the powerpc.
<li>Do not use libiberty version of vasprintf, since it is quite busted.
<li>Make the powerpc install floppy work once more.
<li>Support PAGER environment variable inside disklabel 'M' command.
<li>Repair umapfs.
<li>Repair portalfs.
<li>Repair some kvm man pages glitches.
<li>Genericize some internal vop functions to fix some NULLFS problems.
<li>At attach time, print a single line for the geometry in wd(4).
<li>For sendmsg() and recvmsg(), return EMSGSIZE not EINVAL for msg_iovlen <= 0.
<li>Add the IOV_MAX define as required by XPG.
<li>Fix a few more <strong>resid</strong> issues in the kernel.
<li>Hack SIOCGIFCONF so that ifc_len=0 is a length inquiry, as in Linux.
<li>Install perl .ph pages in the right directory.
<li>In ftpd(8) manpage, fix the definitions of the high ports since the kernel definitions were changed.
<li>Fix an argument parsing bug in chat(8).
<li>Fix isapnp ym(4) audio driver.
<li>Update to ncurses-4.2-980801.
<li>Use SO_REUSEADDR in lpd(8) in case it is restarted by hand.
<li>Crank tun(4) MTU to 16K.
<li><font color=#e00000><strong>Set the close-on-exec flag in two descriptors owned by chpass(8). This fixes a security problem. <a href=errata23.html#chpass>A patch which solves the problem is available</a></strong></font>.
<li>Improve ipsecadm(8).
<li>Fix some ipsec bugs related to IP-in-IP.
<li>Fix some disklabel(8) bugs.
<li>Fix some lint(1) bugs.
<li>Make dump(8) work against filesystems not listed in fstab(5).
<li>Rename libtelnet functions getent and getstr to avoid curses conflicts.
<li>Disable all ISA PNP devices before doing the ISA scan. This works around BIOS's which pre-map ISA PNP devices into known locations.
<li>Correct panics and EINVAL returning cases in iovec using code. <a href=errata23.html#resid>A patch for this problem exists.</a>
<li>Fix battery remaining support in i386 apm.
<li>Add i386 apm(4) manpage.
<li>Fix mkstemp() calling code in libc/db/hash.
<li>update to ncurses-4.2-980725.
<li>Use a single-char buffer in snprintf() for the size==0 case.
<li>Fix some problems in <strong>disklabel -E</strong>.
<li>Fix bugs in pom(6), atc(6), quiz(6), hack(6), adventure(6).
<li>Add tic, captoinfo, and infotocap from ncurses-4.2-980718.
<li>Place a timezone file in the named chroot jail.
<li>ncurses-4.2-980718 with our termlib library integrated. The seperate termlib library no longer exists (although for a time libtermlib is a link to libcurses).
<li>New libform, libmenu, and libpanel from ncurses-4.2-980718.
<li>Change latencies permitted for certain scsi tape commands.
<li>Make <strong>mt status</strong> show more information on scsi tape drives.
<li>bt848 driver for the i386.
<li>Fix <strong>MKD</strong> command in ftpd to properly show the path created.
<li>Build mpool(3) manpage.
<li>Support 8.4GB+ IDE drives.
<li>Fix a serious TZ calculation error in the CD9660 filesystem which caused CD filesystem timestamps to be completely wrong.
<li>Document LD_PRELOAD in ld.so(1) manpage.
<li>Sparc cua support in the <strong>zs</strong> driver.
<li>Add CAST encryption to libc.
<li>More verbosity changes to apmd(8).
<li>Make /var/backups mode 700.
<li>Fix a crash in asa(1).
<li>Fix usage messages in sort(1).
<li>Fix sparc installer to deal with a dirty dmesg buffer.
<li>Make SEM_R and SEM_A accessable to userland in sys/sem.h.
<li>Do not permit uppercase login names in adduser(8); that's a bad default.
<li>Fix a bug in less that prevented keypad keys from working on some terminals.
<li>In the man(1) manpage, document -k and -f.
<li>Rename curs_terminfo(3) man page to terminfo(3).
<li>Make the ramdisk driver not force single-user if it is the root device.
<li>Quieten the i386 apm driver.
<li>Fix /tmp race in a man page example. (Sigh).
<li>isa_intr_establish() will never panic. It can return NULL for failure.
<li>Split sparc <strong>hme</strong> driver into chip and board specific; <strong>be</strong> driver should not be far away now.
<li>rpc.yppasswd(8) has no log file; fix docs.
<li>Update to Lite2 getenv(), which returns NULL for getenv(NULL).
<li>Fix a problem with the PCI ncr(4) driver if many scsi devices were in use.
<li>Improve db cache sizing heuristic in pwd_mkdb(8).
<li><font color=#e00000><strong>Close a file descriptor leak in inetd(8). <a href=errata23.html#inetd>A patch which solves the problem is available</a></strong></font>.
<li>Fix dump(8) to return exit code 1 for startup failures, as documented.
<li>Improve performance of getpwent(3) in a YP environment.
<li>Improve performance of pwd_mkdb(8).
<li>More buffer overflow fixes in libpcap and such.
<li>Fix "mount /mnt /mnt" so that it does not panic the machine.
<li>cvs 1.9.28.
<li>Fix locking code in unionfs. This fixes a serious problem in unionfs. <a href=errata23.html#unionfs>A patch is available</a>.
<li>In ftpd, handle non-existant users as login now does -- sleep a while.
<li>In the S3 audio driver, map additional registers at open() time instead of attach() time.
<li>Use SEEK_SET and friends instead of L_SET and such, throughout the tree.
<li>In the scsi cd driver, permit CDs to have up to 99 tracks in their TOC.
<li>For the pmax, get the <strong>ld.script</strong> file from the right place when building kernels.
<li>For the i386, fix a timing problem that affected keyboard controllers on PII/400 and such machines.
<li>Fix a failure printing message in passwd(8).
<li>Sendmail 8.9.1.
<li>Disable debugging code in crontab(1).
<li>In reboot(8), put more effort into killing processes before taking the machine down.
<li>Fix some problems in sparc national keyboard handling.
<li>Add a no-escape mode to tip which disables the ~ escape.
<li>Fix the <strong>bhlcr</strong> shift values in the pci code.
<li>Run kernel ppp code at splimp more often.
<li>When pppd(8) is doing connects, cause kernel ppp code to drop packets so that mbuf starvation doesn't happen.
<li>Cleanup more cosmetic uglies in the cd/acd disklabel spoofing code.
<li>Do various cleanups of the various boot(8) pages.
<li>In traceroute(1), change default TTL to be 64.
<li>Fix makewhatis(8) to handle long NAME sections with multiple hyphens.
<li>Provide TMP_MAX in <limits.h>, per XPG.
<li>In /etc/security, improve the checks for "." in paths.
<li>Ensure the acd drivers always return TOC contents in big-endian format.
<li>Keep the "login myname" hack from clearing ut_host in utmp.
<li>sparc <strong>hme</strong> 100Mbit ethernet driver.
<li>Avoid buffer overflows in quota(1).
<li>Do not call syslog(3) with "\n" at the end of the string.
<li>Permit long names for months in at(1).
<li>Fix various places where hostname buffers were not MAXHOSTNAMELEN long.
<li>In rexecd(8), open stderr port after authentication has happened.
<li>In cdio(1), permit playing CDs with over 100 tracks.
<li>Fix i386 support for PCI mode 1.
<li>A fix for the <strong>play</strong> command in cdio(1).
<li>On the i386, if securelevels are in use, do not permit <strong>PSL_IOPL</strong> modification (well... except if the aperture driver is enabled).
<li>Cleanup many gethostname(3) calls in the tree, which passed short buffers, long buffers, mangled buffers, etc.
<li>Fix scorefile handling in robots(6).
<li>In install scripts, treat sets selection of "all" just like "*".
<li>In tcpdump(1), length check bp_file in bootp packets.
<li>For the setuid /dev/null thing in execve(), open fd 1 and 2 as writeable.
<li>In most setgid kmem utilities, revoke privs completely after calling kvm_openfiles(3) (this does not look like any gain in security, however).
<li>Fix a vfork()-style bug in vacation(1).
<li>Fix an off_t bug in quot(1).
<li>In talkd(8), force NUL termination of strings received from client.
<li>New S3 SonicVibes driver.
<li>Make "ndc start" use rc.conf.
<li>Fix ethernet/FDDI IPX support for big-endian machines.
<li>Remove kpasswdd(8) -- use kadmind(8) instead.
<li>KTH Kerberos 0.9.9
<li>Remove mk_cmds(1), e2fsprogs, and libss -- no longer used.
<li>Change gethostname(3) and getdomainname(3) to handle small buffers correctly.
<li>Fix chrtoblk() for out-of-range device numbers.
<li>If strftime(3) runs into the end of the buffer, terminate it nicely anyways.
<li>Support wdc on isapnp.
<li>Profiling support for powerpc.
<li>Enable variable number of rounds for encrypted crypt, as BSDI does. This can now be controlled in /etc/passwd.conf.
<li>Further reduce reliance on DNS in /etc/netstart.
<li>Emulate Linux mremap().
<li>On the i386, add a nop in the 2nd instruction slot because this fools some BIOSs that do virus checking. Pretty clever of them, eh.
<li>On the i386, Fix assembly of the cmov* instructions.
<li>Fix "cp b/ a" for the case when "a" is a directory.
<li>Fix a buggy endian conversion which caused multicast vif statistics to be incorrect.
<li>Add MI mtio(4) manpage.
<li>Using username hashing and a host secret file, improve quality of users' spoofed skey challenges.
<li>Fix a free-before-use bug in fts(3).
<li>Fix <strong>fxp</strong> driver so that it works on buggy cards.
<li>In make(1), fix bug for targets that began with "." and underwent suffix conversion.
<li>Fix "mv b/ a" for the case when "a" is a directory.
<li><font color=#e00000><strong>Ensure setuid and setgid processes are not started with fd slots 0, 1, or 2 empty. The previous behaviour has security consequences. <a href=errata23.html#fdalloc>A patch which solves the problem is available</a></strong></font>.
<li>In man(1), when a man page cannot be found in a specified section, indicate which section the failure happened in.
<li>Add new strlcpy(3) and strlcat(3) interfaces for simple bounded string copies.
<li>Add new mkstemps(3) interface which is basically mkstemp(3) but with suffix support.
<li>Fix LED update lockup bugs in the i386 console driver (pcvt). <a href=errata23.html#pcvt>A patch is available which fixes this problem</a></strong></font>.
<li>Further improvements to photurisd(8).
<li>Fix kvm_read(3) return values.
<li>Overflow fix in ksh(1).
<li>Add isa_intr_check() to lots of isa architectures. Fixes PMS irq 12 bug.
<li>gnu bc 1.05a.
<li>In ppp(8), numerous 64 bit fixes. Requires testing on alpha, please.
<li>On the powerpc, run ofw drivers under better interrupt masks.
<li>In sudo(8), require a password before telling the user whether or not the command exists.
<li>Fix a panic in ipnat(4).
<li>Remove most recent procfs patches relating to securelevels.
<li>Disallow TCP connect() to multicast addresses.
<li>update to rdist 6.1.4 (plus our many patches).
<li>In pcap(3), permit single-character hostnames.
<li>Convert all DLT_LOOP interfaces to have a network byte order u_int32_t header containing the protocol.
<li><font color=#e00000><strong>Fix a buffer overflow bug in the resolver. The previous behaviour has security consequences. <a href=errata23.html#resolver>A patch which solves the problem is available</a></strong></font>.
<li>Fix select() on bpf descriptors.
<li>Update the rc(8) manpage, and companion pages.
<li>Fix at(1) to handle "now" as a valid time.
<li>No luns on RICOH scanners.
<li>Add CISCO netflow protocol to tcpdump(8).
<li>Upgraded sh/ksh to pdksh-5.2.13.
<li>In pstat(1) and top(1), handle the case of no swap partition.
<li>Disable SORT_RESPONSE in named(8).
<li>Support ISOFS in fstat(1).
<li>Correct numerous uses of snprintf(3) throughout the source tree.
<li>In xargs(1), use sysconf(3) to get ARG_MAX
<li>Fix transarc AFS string-to-key functionality again.
<li>Correct status bargraph in fdformat(8).
<li>Fix vm bargraph in systat(8).
<li>Fix some signal bugs in mail(1).
<li>Properly truncate files in mail(1).
<li>Change <sys/ipc.h> to use uid_t, gid_t, and mode_t for types. Provide emulation system calls for the old ushort-based structures.
<li>Fix an mbuf chain corruption bug that affected large amounts of data flowing through ipsec(4).
<li>Fix spelling and grammar in numerous man pages.
<li>Fix a minor bug in mail(1).
<li>Fix a bug in atalk(4).
<li>In tcpdump(8), support <strong>DLT_ENC</strong> packets.
<li>Make decoded IPSEC(4) packets available to bpf(4) via enc0, using linktype <strong>DLT_ENC</strong>.
<li>Fix a minor bug in pwd_mkdb(8).
<li>Make the 4th argument of semctl(2) optional.
<li>Add new <strong>TCPCTL_IDENT</strong> sysctl for identd(8) to use, instead of kmem snooping. Significant performance improvement too.
<li>Add DLT_LOOP to bpf; to handle 4-byte proto headers on some interfaces.
<li>In the kill(2) patch, also permit SIGUSR1 and SIGUSR2.
<li>buf oflow fix in libc/rpc.
<li>In ftpd(8), also permit ftpchroot users to be multihomed.
<li>Various fixes to ftp(1).
<li>Make getty(8) default to 8 bit mode.
<li>Autodetect ATAPI cdrom drives that do not support ATAPI_READ_CD_CAPACITY.
<li>The following patch was deleted later, ignore it: <font color=#e00000><strong>If a process is being ptraced, do not permit execution of an immutable binary, also, if a process is running an immutable binary, do not permit ptrace. This can be a security issue. <a href=errata23.html#ptrace>A patch is available which fixes this problem</a></strong></font>.
<li><font color=#e00000><strong>Various fixes to the i386 pctr(4) driver -- previously any user could crash most non-Intel processors.<a href=errata23.html#pctr>Fixes for 2.2 and 2.3 are detailed here</a></strong></font>.
<li>Various new smtpd(8) fixes.
<li>Change all modifications of struct sigaction's sa_mask field to use sigsetops(3).
<li>Teach adduser(8) about the /sbin/nologin shell.
<li>Ensoniq AudioPCI driver.
<li>isapnp joystick driver (not tested).
<li>Move named into a chroot space by default.
<li>Fix the RMD160 code once again.
<li>Fix a possible panic due to ktrace(2).
<li>New fixes to the bpp support in the sparc magma driver.
<li>Fix root password setting code in install script.
<li>terminfo/termcap 10.2.3
<li>Fix xdm(8) to close an excess file descriptor it left around.
<li>Permit kill(2) to send signal 0 to processes that are setuid, as long as the existing uid check succeeds.
<li>Change uudecode(1) to accept spaces in the filename.
<li>Move temporary file used by chfn(1) to /var/tmp.
<li>Add support for pcvt to kbd(1).
<li>in chfn(1), unlink the temp file after finished using it.
<li>Fix /tmp use in yacc.
<li>On the i386, grow i386 kernel malloc area by 2MB.
<li>In chfn(1), permit gecos sub-fields to be empty.
<li>Fix sysctl net.inet.icmp.bmcastecho.
<li>Fix an nfs crash.
<li>Tweak IPSEC so that it supports VPNs trivially. A new vpn(8) manpage describes how to use this.
<li>Integrate rt(8) and rtdelete(8) directly into ipsecadm(8).
<li>Make named(8) run in a chroot space.
<li>Integrate XFree86 3.3.2 patch 2.
<li>Fix multi-address support in telnet(1).
<li>Made i386 pctr driver compatible with all cpu vendors.
<li>Added "feature bits" display to i386 cpu detection, and added more AMD and Cyrix processor models.
<li>Modified named to stash its argument vector in pid file like sendmail does and modified ndc to use it. This means "ndc restart" will now restart named with the correct arguments.
<li>bind 4.9.7, with the <strong>-u</strong>, <strong>-g</strong> and <strong>-t</strong> options from 8.1.2.
<li>Handle constant numeric U and LL extensions.
<li>Stop info gathering in uucpd(8).
<li>Various TCP RPC fixes to deal with data streams that could cause lockups inside the library.
<li>Add sparc magma serial device driver.
<li>Install sendmail configuration goo in /usr/share/sendmail.
<li>Fix two cases of incorrect timeout handling in the RPC library.
<li>Add the required setsockopt(2) interface for IPSEC, update photurisd(8) to accept notify messages from the kernel.
<li>Fix numerous uses of MAXHOSTNAMELEN+1 instead of MAXHOSTNAMELEN, and also do the same for other similar cpp variables.
<li>Fix numerous source tree uses of readlink() with an incorrect length parameter.
<li>Install gdb(1) info pages.
<li>New distribution install notes that use m4 instead of cpp for formatting.
<li>In gdb, do not use 4.3 compatibility tty ioctl() calls.
<li><font color=#e00000><strong>Constrain how kill(2) operates against target processes that are running setuid. The previous unrestricted behaviour may have had security consequences. <a href=errata23.html#kill>The 4th revision of a patch which solves the problem is available</a></strong></font>.
<li>Fix a free() related bug in csh(1).
<li>Fix a memory trashing bug in the IPSEC SPI chain delete function.
<li>Fix acct(2) to work with append-only files.
<li>Fix buffer overflows in getNAME(1).
<li>In mount_nfs(8), contact the portmapper about the correct protocol (tcp or udp).
<li>Correct 64 bit timeval storage in ping(8) packets; also put the time in network byte order.
<li>Start cron at the end of /etc/rc to avoid some security issues.
<li>Compile the system with <strong>-O2</strong> instead of <strong>-O</strong>.
<li>Fix a bunch of scanf related buffer overflows.
<li>Improve XR16C850 support.
<li>Fix less <strong>-d</strong> option.
<li>Fix i386 divide overflows traps which were possible in the NTP code.
<li>Remove some more incorrect uses of long in kerberos code.
<li>Add a man page for ndbm(3).
<li>As described a few lines above, support even more commands in make(1).
<li>Make the csh(1) command <strong>kill</strong> more standards compliant.
<li>Improve documentation about how to properly enable YP client databases.
<li>Emulate <strong>umask</strong> and <strong>exit</strong> script commands inside make(1) directly, to get closer to the expected behaviour. Later on we may want to emulate more commands, like gnumake does...
<li>Make perl(1) support calls to lockf(3) now that we have it.
<li>Disable dynamic loading in the mips version of perl(1).
<li>Make size(1) work on files created via <strong>ld -Z</strong>.
<li><font color=#e00000><strong>A possible new security problem exists if you rely on securelevels and immutable or append-only files or character devices. The fix does not permit mmap'ing of immutable or append-only files which are otherwise writeable, as the VM system will bypass the meaning of the file flags when writes happen to the file. <a href=errata23.html#immutable>A patch exists which solves the problem</a></strong></font>.
<li>Niklas is taking a shot at making our cross compiler toolset sufficient for a full cross compile of the vax port.
<li>Fix a file parsing overflow in kdb_util(8).
<li>Make config(8) store the first free unit number in its tables so that pcmcia device re-insertion can come back to the same unit number.
<li><strong>const</strong> the parameters to a few more system calls.
<li>Fix 'z' command in mail(1).
<li>Fix short read() and write() operation in the RFC1413 handling code in httpd(1).
<li>Fix some bad uses of sscanf problems in the source tree.
<li>Fix i386 copyoutstr().
<li>Support 16 partitions in the pmax port.
<li>Correct handling of escaped % correctly in crontab lines.
<li>Make the AD1848 and Yamaha OPL3-SA3 sound drivers work.
<li>pppd 2.3.5
<li>Fix localtime(3) support inside perl(1).
<li>Fix a number of disklabel issues in the hp300 and pmax ports.
<li>Enable <strong>#pragma pack</strong> and <strong>#pragma weak</strong> support in gcc.
<li>Fix at least one remotely activated buffer overflow in lynx(1).
<li>Add information about more deviant scsi devices.
<li><font color=#e00000><strong>A security issue exists in 2.2 and 2.3. A lacking test for invalid padding length in IPSEC packets can cause a remote attack possibility if IPSEC is in use. <a href=errata23.html#ipsec>A patch exists which solves the problem</a>. <a href=errata22.html#ipsec>(A similar patch exists for OpenBSD 2.2)</a></strong></font>.
<li>Fix a select(3) bug in syslogd(8).
<li>In the hp300 port, use actual code to determine how fast the 68040 cpu is running.
<li>Add libossaudio(3) to the source tree.
<li>In mail(1), do not attempt to remove a mail spool since directory write permission may not exist. Instead, simply truncate it.
<li><font color=#e00000><strong>xterm(1) and libXaw contain security issues due to buffer mismanagement. <a href=errata23.html#xterm-xaw>A patch exists which solves the problem</a>. <a href=errata22.html#xterm-xaw>(A similar patch which solves the problem for OpenBSD 2.2 also exists)</a></strong></font>.
<li>Permit relative adjustments in mixerctl(1) using +/- prefixes.
<li>msdosfs in FAT32 mode would hang during a write.
<li>Fix ZIP drive use on the hp300.
<li>Fix a timeout bug in ping(8). (What a troublesome program it is...)
<li>Use inet_ntoa() in a diagnostic in rwhod(8).
<li>Our c++ compiler is called c++, not g++.
<li>Fix iommu flushing on the sparc Microsparc-1 based machines.
<li>Make 'y' command in sed(1) 8-bit clean.
<li>Make ctype macros dealing with unsigned characters properly index into their respective tables.
<li>For 3c9xx drivers, fix a bug where bpf attach caused a change to 10Mb mode.
<li>Fix a bug in h2ph(1).
<li>talk(1) cannot distinguish the host a reply comes from. If it is suspicious, it now prints that hostname in the connection banner.
<li>In oldrdist(8), avoid attempting to create hardlinks between devices.
<li>Permit socketpair(2) to accept <strong>PF_LOCAL</strong>.
<li>Add audioctl(1) and mixerctl(1).
<li>Merge OSS-like audio code into i386, sparc, amiga, and other architectures.
<li>Teach dump(8) that ENOSPC on remote or local media means end of tape.
<li>Change ld(1) to accept the first matching shared library it finds.
<li>Fix a coredumping problem in oldrdist(1).
<li>Delete old gdb; we use modern binutils everywhere now.
<li>Make ps(1) look at the kernel physmem variable instead of the far uglier thing it did before this change.
<li>Correct utimes(2) emulation in Linux compat.
<li>64 bit cleanups to the uucp subsystem.
<li>Fix a very strange bug in backgammon by using -ltermlib instead of -ltermcap.
<li>Make hp300 use new m68k kcore format.
<li>Completely rewritten fmt(1) with more features.
<li>Run rc.shutdown even if -h or -r was not specified.
<li>Fix the i386 versions of libm's scalb*() functions.
<li>Make strptime(3) handling of month and weekday names case insensitive.
<li>Change 3rd parameter to be size_t as required by XPG.
<li>Let fdisk(8) and disklabel(8) compile if NOMAN= is defined.
<li>Handle truncated reads in dumpfs(8).
<li>Add <strong>/var/run/rarpd.pid</strong> and syslogging support to rarpd(8).
<li>Fix gcc on the m68k to correctly invalidate cached condition codes when only a-registers are involved.
<li>Fix relative tags in vi(1).
<li>Use mkdtemp(3) in pkg_add(8) and friends.
<li>Add <strong>dev</strong> command to cdio(1) so that user can change device.
<li>Change tset(1) and /root/.cshrc behaviour so that ^C at the prompt does not result in noglob remaining set.
<li>Improve numerous manpages.
<li>Make last(1) report on the year.
<li>Set <strong>d_bbsize</strong> and <strong>d_sbsize</strong> to defaults in the disk drivers.
<li>Do not do gethostbyname(3) on "*" in pppd(8).
<li>Ignore SIGPIPE in reboot(8).
</ul><p>
<a name=23></a>
<h3><font color=#0000e0>OpenBSD 2.3 released (May 19, 1998).</font></h3><p>
<ul>
<li><font color=#e00000><strong>A security problem due to buffer mismanagement exists in lprm(1). <a href=errata22.html#rmjob>A patch exists</a></strong></font>.
<li><font color=#e00000><strong>A security problem due to a buffer overflow exists in uucpd(8) (which is not enabled by default in our releases). <a href=errata22.html#uucpd>A patch exists</a></strong></font>.
<li>On the i386, fix installboot(8) so it works reliably on various filesystem layouts that did not work before.
<li>Support lots of file descriptors in named(8), for when many virtual interfaces exist.
<li>Fix installboot(8) on the sparc Sun4 models.
<li>In disklabel(8)'s <strong>-E</strong> mode, set the bootblock sizes so that the hp300 install does not freak out.
<li>In mktemp(3), repair a bug in the filename incrementing loop.
<li>Various other install script fixes.
<li>Fix /etc/fbtab handling in init(8).
<li>Make disklabel(8) mentions IDE (which is an alias for ESDI).
<li>For the i386, have the install procedure ask if the xf86 driver should be enabled by default.
<li>Make install procedure prompt & set the initial root password.
<li>When root logs in for the first time, let him find that he has an interesting piece of mail about how the system works.
<li>Fix ipsec encap notifies.
<li>Configure xdm(8) and the fwvm window manager sensibly enough for default users to not feel utterly lost.
<li>Fix 'u'ndo support in disklabel(8)'s <strong>-E</strong> mode, and also add a new 'r' command.
<li>Repair the pkg_add(1) sufficiently for the 2.3 release...
<li>Fix a race condition in unmount(2).
<li>Add support for the XR16850 serial chip (128 byte fifos).
<li>mkisofs 1.11.2
<li>Disable console ddb by default. sysctl can re-enable it.
<li>Fix backtraces in gdb on m68k platforms.
<li>Support 3c905B (well, actually, our support falls over. We need a card to do further work).
<li>Modify i386 PS/2 driver to be read/write; this permits new XFree86 source to put mice into advanced modes of operation.
<li>Remove KTH Kerberos "eavesdropping" message from telnet(1) and telnetd(8).
<li>Fix bug oflow in ping(8) <strong>-R</strong> option.
<li>In tar(1), only preserve the uid/gid if the <strong>-p</strong> flag is given.
<li>sudo version 1.5.5
<li>Do not prepend /usr/local/bin to the PATH in zdiff(1), zforce(1), zgrep(1), zmore(1), znew(1), or rcsfreeze(1).
<li>Fix DNS fake-iquery bug.
<li>In the <strong>le</strong> ethernet driver, if the detected ethernet address is ff:ff:ff:ff:ff ... fail.
<li>Fixes for various (minor) Y2K problems.
<li>Switch a.out ports in the tree (sparc, m68k, i386) to use the newer version of gdb that is part of the binutils tree.
<li>Significantly improve the system install scripts.
<li>Add disklabel spoofing to the hp300 port.
<li>Add xlockmore(1) to the X11 tree.
<li>Fix <strong>ru_majflt</strong> counting in the VM system.
<li>Add AFS token fetching capability to various parts of the source tree.
<li>In login(1), handle cleanup of environment variables correctly.
<li>In ftp(1), for HTTP requests pass the hostname so that virtual hosts work.
<li>In utimes(2) and futimes(2), handle <strong>tv_sec</strong> values of -1 more carefully, as they are really illegal cases.
<li>Import <strong>kx</strong> into our X11 source tree.
<li>Add a <strong>SIOCGIFDATA</strong> ifreq-style ioctl which will get the ifdata informational structure attached to each interface.
<li>Add httpd(8) to the OpenBSD tree. It is apache 1.2.6.
<li>Import <strong>xpm</strong> into our X11 source tree.
<li>Support QLogic PCI scsi controllers (at least on the i386).
<li>Fix rmd160(3) (and also the IPSEC algorithm) to properly handle data beyond it's block boundary.
<li>Emulate SunOS <strong>otimes(2)</strong> system call so that Netscape doesn't explode.
<li>Fix rarpd(8) interaction with routed(8); too much routing information would pile up un-read on the AF_ROUTE socket and rarpd(8) would get too grumpy.
<li>Remove libtelnet.so.* from the distribution. People compiling kerberos into their system were generating significantly different shared libraries; thus it is wrong to make this a shared library.
<li>Make edquota(8) handle numeric names as uid's only after checking that an account named so does not exist.
<li>Add UID_MAX and GID_MAX to <machine/limits.h> on each architecture.
<li>Fix ch(4) operation on ncr(4) scsi controllers.
<li>On the sparc, switch to an alternate font if the console is < 800*600 resolution.
<li>Add ISAPNP driver for the 3c509 cards.
<li>Change <strong>SIOCGIFNETMASK</strong>, <strong>SIOCGIFDSTADDR</strong>, and <strong>SIOCGIFBRDADDR</strong> to return information for named/addressed mappings rather than simply named mappings, so that these calls can work on interface aliases.
<li>Add (complete?) support for KerberosIV to our X11R6.
<li>In mktemp(1), document why this should be used for temporary filename generation.
<li>In telnet(1), fix connecting to IP addresses; this was recently broken by the new KTH kerberos telnet integration.
<li>Make <strong>-R path</strong> work a well as <strong>-Rpath</strong> in cc(1).
<li>In the ksh(1) manpage, clarify the behaviour of the <strong>CDPATH</strong> variable.
<li>Add support for more PCI NE2000 cards.
<li>Make <strong>%Y</strong> override an earlier <strong>%y</strong> in strptime(3).
<li>Add support for <strong>atalk</strong> to ifconfig(8).
<li>Make the functions described in ethers(3) more careful.
<li>Fix support for VFS loadable kernel modules.
<li>In get*ent() family of routines in libc, use fgetln(3) instead of fgets(3) so that parsing of overly long lines is more correct.
<li>Add options(4). This manpage describes what all the kernel options do. If you spot an error in it, notify us immediately.
<li>In strptime(3), make <strong>%C</strong> influence <strong>%y</strong> regardless of ordering.
<li>Fix a NULL deference bug in make(1) when using the <strong>-j</strong> flag.
<li>Fix <strong>%m</strong>, <strong>%I</strong>, <strong>%S</strong>, <strong>%y</strong>, <strong>%C</strong>, and <strong>%j</strong> conversions in strptime(3).
<li>Merge Kirk McKusick's <a href=softupdate.html>soft update</a> code. This code is still experimental and under a non-commercial license. It will be included in the next release as an optional compile flag; we cannot ship it enabled by default.
<li>Flesh out the man pages and explain the security problems behind mktemp(3) and other similar functions, plus explain how to handle these problems better.
<li>Fully working KerberosIV encryption in telnet(1) and telnetd(8).
<li>Fixes to a few more games.
<li>CVS version 1.9.26
<li>Fix mktemp(3) problems in two more YP tools.
<li>Fix an interaction bug in inetd(8) due to SIGPIPE blocking; caused a bad effect in rlogind(8) or other inetd(8) children.
<li>Configure cc(1) to pass the <strong>-R</strong> flag on to ld(1).
<li>Add lynx 2.8 to the system.
<li>Add support for 82553 and 82555B PHY in the fxp driver.
<li>Fix tmpfile(3) to fchown() the file after unlink() (taking umask() into consideration, too). This is required by standards.
<li>Fix vnd and ccd drivers to work properly with soft updates.
<li>Fix a crash case in compress(1).
<li>Add <strong>-s</strong> and <strong>-c</strong> options to last(1).
<li>Add support for <strong>-s section</strong> and <strong>-S subsection</strong> to man(1).
<li>Change the configuration of man(1) so that man4 is read much later; this makes it easier to see pages in man8 with similar names.
<li>Fix KerberosIV password changing.
<li>On the sparc, support 128KB lebuffer devices.
<li>On the sparc, print hotfix information at the right place in the dmesg log.
<li>Fix passwd(1) so that YP passwords do not get edited in the local password file.
<li>Significant efforts made at fleshing out the device driver man page tree better.
<li>Upgrade to gcc 2.8.1
<li>Rename 2.2 to 2.3 tree-wide, for the upcoming release.
<li>Improve IPSEC performance.
<li>Add many new machine-dependent man4 man pages.
<li>XFree86 3.3.2 is now in our X11 source tree.
<li>Add another missing ntohl() in ipnat(8).
<li>Use a p_os field to sub-divide operating system emulation capabilities (like for SVR4 binaries).
<li>Spend almost a week finding and fixing minor goobers discovered by gcc 2.8 throughout the source tree.
<li>Fix syslog(3) sockaddr initialization.
<li>Add support for <strong>TIOCM*</strong> family of ioctl(2) values to the sparc serial driver.
<li>New photurisd(8) that complies with <strong>draft-simpson-photuris-18.txt</strong>.
<li>Fix a race bug in mkstemp(3) itself that would make mkstemp(3) have occasionally fail strangely.
<li>Fix a few more mktemp(3) problems in f77 libraries, and other assorted GNU software.
<li>Upgrade to gcc 2.8.0
<li>Upgrade to libg++ 2.8.0
<li>Make ping(8) work with very large packet sizes on all types of interfaces.
<li>Correct behaviour <strong>-x</strong> and <strong>-p</strong> flags in tar(1) to be traditional.
<li>Remove one of the two copies of math.h in the source tree.
<li>Improve blowfish performance by a factor of 2, and hence increase the rounds by 1 in passwd.conf.
<li>Handle unknown hostnames in mountd(8) better.
<li>Inside the kernel, change struct file's members f_count and f_msgcount to longs, and then add checking for overflows as well.
<li>Add XDM-AUTHORIZATION to X11.
<li>In old gas, move to late resolution of symbols because gcc 2.8 will require this.
<li>Fix a configuration file parsing bug in ipf(8).
<li>In libpcap and tcpdump, use our system ethers(5) parsing routines.
<li>Make <strong>netstat -r</strong> report better information about non-standard netmasks.
<li>Fix some bugs in the 3c[59]xx device driver.
<li><font color=#e00000><strong>The 3rd revision of the patch for the mmap() security problem is available, and <a href=errata22.html#mmap>has been placed on top of the 2nd revision</a></strong></font>.
<li>Add a command to ddb that reports out the extent tables.
<li>Add a clarifying statement to all the Kerberos code that explains how it came to be that this code was released from the USA's crypto stranglehold.
<li>In the RPC code, ensure that __svc_fdsetsize is always manipulated as a bitcount.
<li>Clarify crypt(3) manpage as to how many characters each transform actually considers in its calculation.
<li>Do not permit TCP connections to any of the broadcast addresses.
<li>Do not let a user set their password to "s/key".
<li>Permit the disabling of skey system-wide.
<li>Convert the xdr(3) and rpc(3) manpages to mandoc format.
<li>In mail.local(8), document how to use quotas on a mail spool.
<li>Add <strong>-p</strong> option to uname(1), to display detailed CPU information.
<li>Support for the ST16650 32-byte FIFO uart.
<li>Do not copy from off the end of an nfs boot mbuf.
<li>Some more repair in the games.
<li>Support <strong>-rpath dir</strong>, <strong>-shared</strong>, <strong>-soname</strong>, <strong>--whole-archive</strong>, and <strong>--no-whole-archive</strong> in the old ld used on many of our platforms.
<li>CVS version 1.9.24
<li>For OLF/ELF binaries, remember the OS tag in execve(), so that emulation code can reference it later.
<li>Make the kernel compile properly (with full warnings) under gcc 2.8.
<li><font color=#e00000><strong>Do not permit a read+write mmap() operation on a read-only file descriptor open on a device. This is a security problem in OpenBSD 2.2, and is <a href=errata22.html#mmap> described and fixed with a patch</a></strong></font>.
<li>Rename /etc/nat.rules to /etc/ipnat.rules.
<li>Add kerberos kauthd(8).
<li>On the i386, move XFree86 aperature driver into the kernel. The new sysctl(8) variable <strong>machdep.allowaperture</strong> decides if this driver is active or not. (This variable can only be modified at high securelevel).
<li>Remove the ftp(1) `stdout redirection' hack and replace it with a <strong>-o filename</strong> option (which also understands a filename of "-" to mean stdout).
<li>Pull in all the NetBSD changes to the old version of gas over the last year or so.
<li>Fix two bugs in adduser(8).
<li>Change chflags(2) and fchflags(2) to take a u_int for the second parameter.
<li><a href=ftp://ftp.openbsd.org/pub/OpenBSD/tools/openbsdpower.gif>New fancy OpenBSD logo for your use</a>.
<li>Add XPG4 <strong>-r</strong> option to du(1).
<li>Support <strong>-[width]</strong> option in fmt(1).
<li>New quirk for another Archive VIPER scsi tape drive.
<li>Fix another signal handler bug in mail(1).
<li><font color=#e00000><strong>The mac68k 2.2 CD release had a few problems. These problems have been resolved in the FTP release. <a href=errata22.html#mac68k>For more details...</a></strong></font>
<li>Make lpd(8) use keepalives so that it can detect dead network printers.
<li>Support the WINBOND pci ethernet cards.
<li>Fixed "%c" in strftime(3).
<li>Various fixes to some of the games, ie. rain, worms, wump.
<li>If <strong>link0</strong> is set on a loopback interface (ie. lo1) make the address/netmask sets on it make supernets instead of subnets.
<li>Place seperate so_ruid and so_euid fields in struct socket, so that in_pcb.c can still do it's job, but also so that identd(8) can be fast and return the proper uid.
<li><font color=#e00000><strong>In the sparc 2.2 release, the SS4/SS5 kernel was not very reliable. <a href=errata22.html#sparciommu>A simple reliability patch is now available</a></strong></font>.
<li>Fix a map corruption bug in ypxfr(8).
<li>Make stty(1) recognize STRIPDISC.
<li>In compress(1), if the st_flags is 0, do not attempt a chflags(2) call.
<li><font color=#e00000><strong>Make ruserok() significantly more paranoid when parsing the .rhosts file. This along with another issue is a security problem in OpenBSD 2.2, and is <a href=errata22.html#ruserok> described and fixed with a patch</a></strong></font>.
<li>raise IPPORT_USERRESERVED significantly. Random port numbers will now look much more random than they did before.
<li>New <strong>-a logdev</strong> argument for syslogd(8), useful for setting up additional /dev/log devices in various chroot spaces.
<li>Permit restore(8) to work on a filesystem that has a basic blocksize smaller than the blocksize of the filesystem that was dumped.
<li>Make MIPS ldconfig emulate the <strong>-m</strong> flag better.
<li>The web pages now have a new section on <a href=security.html> security advisories</a>.
<li>New compat_ibcs2(8) manpage.
<li>Fix rarpd(8) to work properly in the presence of massive routing traffic.
<li>A start at full lint library support.
<li>smtpd(8) integration spiffied up. Everything you need is now in the system.
<li>Emulate that disgusting linux connect() braindamage even better.
<li>Fix some bugs in vacation(1).
<li>Fix /etc/yp/domainname support in ypbind(8).
<li><font color=#e00000><strong>In the 2.2 release, the sparc scsi driver caused problems for the Sun 4/300 machines. <a href=errata22.html#sparc>Patches are now available</a></strong></font>.
<li>Add <strong>FS_CCD</strong> partition type so that the ccd driver can ensure it has the right components.
<li>Add <strong>/etc/sysctl.conf</strong> which specifies sysctl variables to change at boottime.
<li>Fix a free page count bug in the vm system.
<li>Create two new sysctl options: <strong>ddb.panic</strong> decides whether the kernel should enter ddb when it panics, and <strong>ddb.console</strong> controls if it is possible to enter ddb from the console via a hot-key.
<li>Add scan_ffs(8), a very useful tool for reconstructing disks.
<li>Add strptime(3).
<li><font color=#e00000><strong>Buffer overflow fix in the MIPS ld.so. Replacement binaries for the <a href=errata22.html#pmax>pmax</a> and <a href=errata22.html#arc>arc</a> platforms are available</strong></font>.
<li>Avoid DNS lookup timing effects in ping -R.
<li>Fix the __{CTOR,DTOR}_LIST__ declarations in c++rt0.c
<li><font color=#e00000><strong>Two bugs existed in the the 2.2 pmax release which all users should be aware of. <a href=errata22.html#pmax>Patches are now available</a></strong></font>.
<li><font color=#e00000><strong>Be more careful about sourcerouted packets, including never forwarding them. This is a security problem in OpenBSD 2.2, and is <a href=errata22.html#sourceroute> described and fixed with a patch</a></strong></font>.
<li>Teach the kernel about newer PCI device types.
<li>Workaround a race condition in syslogd's handling of SIGHUP.
<li>Some man page fixes so that <strong>man -k</strong> is happier.
<li>Low-memory bug fix in setenv(3).
<li>Self-extending kernel maps in the vm subsystem.
<li>In rc.local, bail on starting cfsd(8) if mountd(8) is not running.
<li>Require commands started from in /etc/rc to be executable -- not just readable.
<li>Glob extensions for XPG4.
<li>Cleanups in wump(6).
<li>Check both old and new shells in rpc.yppasswdd(8).
<li>Add <strong>-a</strong> flag to which(1).
<li>On binutils platforms, make ldd(1) work on static executables.
<li>IPF 3.2.3. When you upgrade to this version, you <strong>must</strong> also upgrade the userland utilities (ipf, ipnat, etc.). You also need to get the latest MAKEDEV and run "sh MAKEDEV ipl" in /dev to create new device entries.
<li>Fix a race in mkdir(1).
<li>More cdrom ioctl's in Linux emulation.
<li>Fix select(2) use in sudo(8) so that it can handle large fd_set sizes.
<li>In termcap databases, map the keyboard backspace key to DEL instead of BS as that is how it really is.
<li>Fix argument handling in expand(1).
<li>If tar(1) extracts as root, preserve uid/gid as is traditional.
<li>Repaired the expansion of the kernel panic string.
<li>Much more complete KerberosIV documentation.
<li>Start at bus_dma support.
<li>Properly error out if yp_match() or yp_first() is asked to lookup long keys.
<li>Groff 1.11a
<li>Properly ignore whitespace between a conversion and %n in *scanf(3).
<li>Import of tzcode1998b and tzdata1998b.
<li>Use new ypwhich(1) flag in ypinit(8) script to get maps from the real master server.
<li>Support <strong>-h host</strong> flag to ypwhich(1).
<li>pppd 2.3.3
<li>Handle unparseable ulimit specifications as an error, not as the value 0.
<li>ncurses 4.1-980103
<li>In w(1), handle processes that set argv[0] to NULL, by printing p_pcomm.
<li>Make pkg_install(1) feed a -p option to tar.
<li>sudo version 1.5.4.
<li>Merge some slight standardization fixes for *printf(3) from FreeBSD (some unlikely cases get handled better).
<li>Bring gethostent() back to life, even though it is a bad interface.
<li>In disklabel(8), make IDE drive type handling more obvious and intuitive.
<li>Support all kinds of keyboards in pcvt, like pccons does.
<li>Support for FAT32 partitions.
<li>For scsi tape drives, be silent in the presence of ILI errors.
<li>Fix a vnode creation race.
<li>Fix a output error in finger(1).
<li>Do not permit dumping corefiles over symbolic links. (We have wanted this changed for a long time, but it required Lite2 vfs).
<li>Permit extra / terminators in some path-based system calls.
<li>Fix some problems regaring transfer of secure yp maps.
<li>New rc.conf(7) manpage.
<li>Make sure it is clear that so_linger is in seconds.
<li>Add sysctl net.inet.icmp.bmcastecho to block the smurf problem.
<li>Some fixes to fdisk(8) and disklabel(8).
<li>Workaround a problem that happens if a TCP socket is shutdown(2)'d more than once.
<li>Some more manpage cleanups.
<li>Some slight changes to the PCI device subsystem to make it probe devices nicer (mostly dmesg printing).
<li>Make md5(1), rmd160(1), and sha1(1) use getopt().
<li>Make {f,}chflags(.., -1) return error EINVAL.
<li>Make mmap() return void * instead of caddr_t, and add the MAP_FAILED define required by new standards.
<li>Fix some gzip buf oflows.
<li>Correct an splx botch in the tunnel driver.
<li>Add sysctl ddb.panic_ddb; indicates whether to drop into ddb on a panic.
<li>Swap quit and exit commands in fdisk.
<li>Correct exit code of nohup(1).
<li>lockf() implimentation.
<li>Handle DST changeovers automatically in cron.
<li>IBCS2 emulation also requires fcntl() F_FREESP support.
<li>The new KTH KerberosIV integration (and security audit) is almost complete.
<li>If mountd(8) discovers getfh(2) not supported, it now aborts nicely.
<li>Support fcntl() GETLK,SETLK,UNLK variants in SunOS emulation.
<li>Fix a bug in make(1) regarding SYSV style : substitution on null variables.
<li>Check the values of the ftp PORT command even more carefully.
<li>Fail better for over-long usernames.
<li>Change ftp(1) so that tries to use passive mode, and falls back to active mode. Provide environment variables to fall back. This is incredibly cool.
<li>Provide workaround for the Cyrix 6x86 COMA bug. (A workaround for 2.2 is not available).
<li>Implement fcntl() of F_FREESP in SVR4 emulation. Does this belong in ibcs2 also?
<li>Fix Linux accept/recvmsg if kernel is compiled with other compat options.
<li>In numerous programs, avoid fd_set overflows.
<li>Fix MAKEDEV script regarding /dev/fd/* for some architectures.
<li>Fix a kernel bug related to "route change ...".
<li>Support IP_HDRINCL in Linux emulation.
<li>Update the pkg_* tools a bit.
<li>Honour TMPDIR in the locate(8) tools.
<li>Make route(8) non-setuid.
<li>In ftpd, default to RFC non-conforming behaviour for the PORT command, but provide a runtime switch for those who like holes.
<li>Addition of Obtuse smtpd(8) and smtpfwd(8) v2.0.
<li><font color=#e00000><strong>Due to timing constraints, mac68k X11 binaries did not make it onto the 2.2 CDROM. <a href=errata22.html#mac68k>But it is now available for ftp</a></strong></font>.
<li>Do not clear the setuid/setgid file mode bits for a call to {,f,l}chmod(-1, -1).
<li>Enable new FreeBSD ppp(8) daemon. There are now two ppp daemons in the source tree, they have quite different feature sets.
<li><font color=#e00000><strong>Fixed a panic problem in the i386 apm driver. <a href=errata22.html#i386>A patch is available for 2.2</a></strong></font>.
<li>Repair a number of retry operation problems in the wdc driver that mostly affected sleeping laptops.
<li>Handle the controlling tty ioctl in linux emulation.
<li>Handle SIOCGIFMETRIC and SIOCGIFMTU in linux emulation.
<li>Handle nanosleep() in linux emulation.
<li>Use recursive vnode locks to solve a page-in panic reported by chuck & chuck.
<li>Handle SIOCGIFHWADDR ioctl in linux emulation.
<li>Handle the cdrom ejecting ioctl in linux emulation.
<li>Correct an XPG violation in stdlib.h.
<li>Fix a problem in -current regarding open() of O_TRUNC and O_SHLOCK.
<li>Fix numerous problems with new KTH kerberos.
<li><font color=#e00000><strong>A workaround for the Intel P5 F00F lockup problem. <a href=errata22.html#i386>A patch is available for 2.2</a></strong></font>.
<li>Fix minor numbers for /dev/ch* in the MAKEDEV scripts.
<li>Add a <strong>kern.nosuidcoredump</strong> sysctl.
<li>Enhance the performance of pwd_mkdb(8) by expanding the db(3) cache based on input filesize.
<li>Use <strong>cp -R</strong> instead of <strong>cp -r</strong> for local copies in rcp(1).
<li>Flesh out scsi(8) a tiny bit more.
<li>In linux compat, handle the CDROM ioctl() calls.
<li>Indicate connect direction for tcp sockets in fstat(1).
<li>Fix scsi CDIOCREADSUBCHANNEL.
<li>Prevent ipf/ipnnat configuration changes when securelevel > 1.
<li>Fix an overflow in top(1).
<li>Fix a deadlock on cd9660.
<li>Update to ncurses-4.1-971129
<li><font color=#e00000><strong>On the i386, handle the nasty problem with distinguishing SVR4 and Linux binaries. <a href=errata22.html#i386>A patch is available for 2.2</a></strong></font>.
<li>Newer ncr device driver.
<li>Fix SunOS emulation of TIOCGPGRP.
<li>Add some more XPG4.2 *_t types.
<li>Import perl 5.004_04.
<li>Add hosts.equiv(3) and .rhosts(3) man page.
<li>Add asprintf(3) and vasprintf(3).
<li>Fix /etc/rc scripts to require IPF if NAT is requested.
<li>Moving towards KTH kerberos 4-0.9.7.
<li>Fix <strong>-amin</strong> option in find(1).
<li>Fix arp(8) ethernet address parsing for the illegal cases.
<li>Massive performance optimization of the ccd device (RAID-like striping disk driver).
<li>Work around stupid linux emulation behaviour involving non-blocking connect(2).
<li>Update to ncurses 4.1.
<li>Fix a mget prompting error in ftp(1).
<li>add <strong>-t</strong> option to disklabel(8).
<li>Some man page cleanups.
<li>Fix a memory leak in the kernel process group manipulation code.
<li>Import of FreeBSD's ppp(8) program.
<li>Update sudo(8).
<li>Fixed bug in 'systat vm' output.
<li>Fix the internals of open(2) when O_TRUNC and either O_SHLOCK or O_EXLOCK are set. (That was a nasty kernel bug).
<li>Clean /var earlier in the /etc/rc script.
<li><font color=#e00000><strong>make readlink(1) terminate it's buffer correctly. <a href=errata22.html#all>This affects CDROM builds so a patch is available for 2.2</a></strong></font>.
<li>Make fstat(2) on AF_UNIX socket return proper st_[acm]time field values.
<li>Implement FIONBIO in ibcs2 emulation code.
<li>Consider only the 0177777 bits of the umask(2) value, as documented.
<li>Added mode rangecheck in chmod(2) and fchmod(2).
<li>Fix some Y2K problems in the nroff tmac macros.
<li>Minor logging feature changes in fingerd(8).
<li>in chat(8), replace Mini Getopt from hell with real getopt().
<li>Add <strong>SHUT_RD</strong>, <strong>SHUT_WR</strong>, and <strong>SHUT_RDWR</strong> values for shutdown(2) as specified by XPG4.2.
<li>Make the <strong>-Ss</strong> flag in rpcgen(1) work right.
<li>Range-check the "how" argument for shutdown(2).
<li>Change various system calls to take void * instead of caddr_t.
<li>Fix a line continuation bug in sed(1).
<li>Add inetd(8) <strong>-R rate</strong> flag, and crank default rate to 256.
<li>Clear CLOCAL mode in pppd if modem is set but modem_chat is not.
<li>Make the if_de driver support more cards.
<li>Make msync(2) POSIX compliant.
<li>Fix a ONLCR + FLUSHO situation in tty.c
<li>Support -mmin, -amin, and -cmin in find(1).
<li>Support an "object" keyword in config(8).
<li>Make "expr a : /" work.
<li>Make dumpfs(8) report if soft updates are requested by the superblock.
<li>Add getsid(2) system call as mandated by XPG4.2.
<li>Some minor fixes for the libc/db/btree code.
<li>Flesh out compat_freebsd a fair bit more.
<li>Some compat_svr4 fixes.
<li>Update getNAME(8) and fix makewhatis(8) to use it more optimally.
<li>Fix EXTPROC in pty code.
<li>Correct TCP's handling of RST.
<li>Add more things to afterboot(8).
<li>Fix tty suspend during <strong>sh -c "less file"</strong>.
<li>double MAX_KMAPENT and MAX_KMAP
<li>sendmail 8.8.8
<li>add uu_lock(), uu_unlock() and uu_lockerr() to libutil.
<li>Start named(8) earlier in /etc/rc.
<li>Support execution sections in syslog.conf.
<li>4.4BSD lite2 vfs integration.
<li>usleep(3) returns int, and add useconds_t type as required by XPG4.2
<li>Fixed ps(1) LIM and STAT columns.
<li>makewhatis(8) manpage added.
<li>Fix rpc.rquotad support if the quotas file resides on another filesystem.
<li>Truncate large uid and gid values in ranlib(1), in the same way as this is handled in ar(1).
<li>Document how crypt(3) handles blowfish and MD5 passwords.
<li>Fix some memory leaks in the RPC code.
<li>Fix an as(1) parsing bug relating to the .ascii directive.
<li>Handle C++ and other languages in yacc(1) far better.
<li>Be more careful with getpwent() information inside rcp(1).
<li>Replace kernel printf with Torek's libc printf.
<li>Make disklabel -E deal with multiple partitions which overlap.
<li>If a non-existant user logs in and asks for s/key authentication, fake a proper s/key prompt.
<li>SIGWINCH handling in systat(1).
<li>Add blowfish and cast encryption to IPSEC.
<li>In tftpd(8), permit syslog() to work when running chroot(2)'d.
<li>a buffer underrun in ctags(1).
<li>Make kdump(1) handle the newer emulations.
<li>Add svr4 jioctl() compat interface.
</ul><p>
<a name=22></a>
<h3><font color=#0000e0>OpenBSD 2.2 released (Dec 4, 1997).</font></h3><p>
<ul>
<li>Prevent open(2) with wrong flag modes.
<li><strong>The new afterboot(8) man page. Everyone should look at this</strong>.
<li>Addition of 'kbus' port for the Solbourne Series5 sparc-based machines.
<li>Make clri(8) mark the filesystem dirty.
<li>Add per-host locking support to supfilesrv.
<li>Make the ncr scsi driver work on big-endian machines too.
<li>Fix a select/read race in identd(8) which would make it spin wildly.
<li>Make ac(8) use the correct timestamp if the user specifies a different wtmp file.
<li>Fix mktemp() to work correctly when specified against non-existant directories.
<li>Fix a memory leak in libdes.
<li>Fix one last little problem case in the fts(3) library routine. This is a very complicated piece of code...
<li>Some minor tftpd bug fixes.
<li>Another lpd security fix.
<li>Repair the msdosfs timestamping code so that NT/Win95 do not complain.
<li>Make disklabel -E always succeed at writing a label. Now you can load a fictitious label, edit it, and write it out.
<li>In fmt(1), support backslashed whitespace inside words better.
<li>Support 'q' modifier in kernel vsprintf/kprintf
<li>Implementation of the new disklabel -E mode.
<li>Handle creation of /var/tmp/vi.recover more securely.
<li>Quirks for two kinds of hitachi dk515 scsi drives and the Cipher ST150S tape drive.
<li>Handle a potential crash in the bpf driver.
<li>Rewrite of fdisk(8).
<li>Make /etc/security handle blowfish-a passwd entries.
<li>Ignore bogus hostnames in the /etc/exports file.
<li>Fix prompting code in pw_edit(3)
<li>The random(6) tool (game?) now uses arc4random(3).
<li>A few pppd fixes.
<li>More IPSEC improvements after the Interop ANX bakeoff.
<li>Add -f option to readlink which does a realpath(3).
<li>Fix a bug in libform.
<li>Add support for FNM_LEADING_DIR, FNM_CASEFOLD, FNM_IGNORECASE to fnmatch(3).
<li>Fix a network performance problem introduced with IPSEC.
<li>Fix the : and . support in chown so that usernames can have . in them.
<li>Make execle() use alloca() instead of malloc(); to ensure execle() can be safely called in a signal hander.
<li>Fix an ifconfig bug related to interfaces that do not exist.
<li>In struct sigaction, split sa_handler and the new sa_sigaction function pointers as is being done on newer POSIX systems. This permits proper prototyping of signal handlers.
<li>Ignore SIGPIPE in inetd(8).
<li>Fixed a pstat -s related bug in pcvt.
<li>Do not init pgid in /dev/log's logopen().
<li>Make ls -d sort directories with files.
<li>Fix a few small problems in rarpd(8).
<li>Shrink most of the install floppies ;-)
<li>Fix tar to deal better with one more kind of strange tar file.
<li>Make top(1) work better on very small screens.
<li>Deal with some possible buffer overflows in sup.
<li>Fixed various MAKEDEV bugs on lots of architectures.
<li>Fix ftime(3).
<li>Another important disk-full check in pwd_mkdb(8).
<li>Run calendar -a in the background. (Points to whoever figures out why).
<li>Add mkisofs(8).
<li>Add sigaction(2) SA_NOCLDWAIT support.
<li>Don't error out of MDTM fails.
<li>Fix SA_* sigaction(2) fields in the OS compat code.
<li>Some syslogd fixes.
<li>Permit a longer path buffer in tgetent(3).
<li>Fix a ksh(1) bug.
<li>Added ex (EtherExpress Pro/10) driver ported from FreeBSD
<li>Always set the SCSI-1 LUN field correctly in all transfers.
<li>Make popen(3) safe if vfork(2) does real parent address space borrowing.
<li>Some fsck_msdos(8) fixes.
<li>Made indent(1) handle unlimited number of -T options.
<li>Fixed small pathname buffer in man(1).
<li>Some setlogin() and getlogin() fixes in the tree.
<li>Make ddb not think 'h' means hangman.
<li>Ignore trailing spaces on priority in /etc/syslogd.conf.
<li>Fix a long-standing and minor problem with ld.so on m68k.
<li>Preliminary manual pages for the IPSEC utils.
<li>Fix a coredumping problem in tip(1).
<li>Extend buffer lengths in patch(1).
<li>make bpfread() return ENXIO for uninitialized descriptors.
<li>Cleaned up verbose scsi error reporting.
<li>make mail(1) be permissive about <CR><LF> pairs in mailbox files.
<li>Update ftp(1) to new NetBSD changes.
<li>Print system call emulation in ps(1) output. Try "ps -axO emul".
<li>New COMPAT_BSDOS binary compatibility subsystem.
<li>Another tip(1) overflow fix.
<li>ppp 2.3.1...
<li>make glob(3) XPG4.2 compliant, which means use GLOB_ABORT.
<li>Fix first directory handling in "find -execdir"
<li>Some FreeBSD m4(1) fixes.
<li>Do permission checking at delivery time for pgid's derived from TIOCSPGRP, F_SETOWN, or FIOSETOWN.
<li>Correct some remaining small inetd bugs.
<li>Handle SIGCHLD better in rlogin.
<li>Kill "union wait" in a few more places.
<li>More SysVR4 emulation: sockets, NTP, POSIX time functions, pread(2)/pwrite(2).
<li>In calendar(1), support "-t date" to let you see the calendar for other days.
<li>Further IPSEC enhancement (but still no man pages for it though).
<li>Fix a crash in systat(8).
<li>Handle setgid lossage in tip(1).
<li>Lucent Technologies (formerly AT&T) awk version 970821.
<li>Correct 'sync' option to dd(1).
<li>In dump(8), do not consider tape changing time in the timing estimates.
<li>In join(1), require compat options start with '-'.
<li>A few fixes to tip(1).
<li>Various fixes to battlestar(6).
<li>Few more 64 bit fixes in userland, in some rarely used system tools.
<li>Don't print duplicate fields in ps(1) when called with silly arguments.
<li>basename(1) and dirname(1) no longer give an error for paths starting with '-'.
<li>Document a64l(3) and l64a(3).
<li>The group vector could end up with duplicates esp. with YP. Now it won't.
<li>ash is gone gone gone.
<li>Fixed a bug where the kernel could lie about how many file descriptors are available and cause a panic.
<li>shutdown(8) now gets its own session as it deserves.
<li>Fixed err(3)/warn(3) argument usage in the tree.
<li>Buffer overflow fixes in tip(1).
<li>XPG4 compatibility for ps(1) format options.
<li>Added basename(3) and dirname(3) for XPG4. dirname(1) is now trivial.
<li>Verbose SCSI warnings are now available and on by default.
<li>Fixed a bug in cp(1) when the -r option is used and the source dir ends in a '/'.
<li>Changed realloc(foo,0) semantics to be like malloc(0), not free(foo).
<li>More user-friendly error messages from mount_* when the filesystem is not in the kernel.
<li>New PCMCIA Wavelan driver.
<li>Be more careful about YP groups in getgrouplist().
<li>Support simple add/delete operations on ports in the baddynamic masks via sysctl(8)
<li>More 1003.2 conformance: cal, cksum, sleep, compress, expr, etc.
<li>We are starting to pay attention to good things found in the XPG4 standard. We hope to never be compliant, because XPG4 goes way too far.
<li>Put hostname in root crontab mailout subjects.
<li>Attempt to deal with archive timestamp and filemode problems in texinfo...
<li>ATAPI quirk for MATSHITA CR-574.
<li>Fix another procfs security hole.
<li>Add top(1) to the source tree. Fix some problems.
<li>Be even more paranoid (if it can be believed) in mail.local(8).
<li>In mountd(8), handle ext2fs specially, like most exported filesystems.
<li>Fix pcap_inject(3) in libpcap.
<li>Make gzexe(1) use mktemp to avoid races.
<li>Make bad random allocation ports settable via sysctl(8).
<li>Import ypserv performance.
<li>Optional TCP syn cookie support enabled via TCPCOOKIE kernel option.
<li>Change the bounds_check_with_label() API to handle a cpu_disklabel too.
<li>Support -n better in pstat(8).
<li>Make bsd.doc.mk use DOCDIR.
<li>Fix vacation(1) properly.
<li>Fix a memory leak in grep(1).
<li>Seriously rework the identd daemon even further, to avoid even more input parsing problems and race conditions.
<li>Work has started to fix the remainder of the signal handlers in the source tree with respect to errno clobbering.
<li>Fix another race condition in identd.
<li>Fix pdksh bugs: closed too many fd's on exec, fix handling of (( )) to be compatible with POSIX sh spec without breaking $((, and explain how IFS works when splitting text after a substitution.
<li>Make 127.0.0.1 assumed OK if /var/yp/securenet is in use.
<li>save errno in most of the tree's SIGCHLD handlers, just in case.
<li>More mdoc pages.
<li>Cyclades driver fixed. Works on alpha, too.
<li>Fixed getnetbyaddr() 'always tried DNS' resolution problem from 2.1.
<li>Sendmail 8.8.7.
<li>Fix a kernel bug regarding double m_freem()..
<li>Make if_tun to prefix address family as a host byte order u_int32_t instead of a u_char, so that bpf can deal with the interface.
<li>Deal nicer with rfork/execve interactions.
<li>Attempt to cleanup identd. A long road left.
<li>FSF GNU texinfo 3.11.
<li>More fixes to the alpha vga driver. Curses-based programs now work on it.
<li>Radius support in tcpdump.
<li>Todd Miller is on a rampage, and making every single buffer inside mail(1) dynamically allocated...
<li>Support fpx cards with i82555 PHY.
<li>routed(8) is now disabled by default.
<li>Various fixes and improvements to the 3cXXX ethernet drivers.
<li>More buffer overflow fixes in mail(1).
<li>An ugly identd race fixed.
<li>Fix systat manpage.
<li>Man page improvements in many areas.
<li>Allocate reserved ports for NFS inside the kernel randomly.
<li>Support -H flag in who(1).
<li>More mail(1) fixes.... It's amazing Todd hasn't broken it.
<li>stime(2) support for SunOS emulation.
<li>Switch back to nvi; vim has copyright licensing issues.
<li>mremap(2) support for Linux emulation.
<li>Use sendmail -t instead of other invocation forms inside lots of programs in the source tree.
<li>Hardcode a list of reserved ports that random port allocation should not reuse.
<li>Support YP map mail.aliases set of maps.
<li>Support lpc(8) "all" keyword option.
<li>-d flag for shutdown(8).
<li>Add -T support to last(1).
<li>Fix pax to not need getcwd(3).
<li>Implement IFF_NOARP handling in netinet.
<li>make amd(8) use /tmp_mnt by default.
<li>Do not use tempnam(3) in mail(1).
<li>All Makefile.bsd-wrapper files can now strip GNU binaries during install (pr 188.)
<li>Some cribbage(6) fixes.
<li>permit ftp(1) to download http pages without Content-Length.
<li>Appletalk networking support.
<li>S/Key keyfile is now readable only by root. skeyinfo(1) and skeyaudit(1) have been enhanced and rewritten as C programs.
<li>mail(1) supports "inc" command.
<li>mail(1) behaves correctly when interrupted while getting headers from the user.
<li>IPSEC Photuris daemon is integrated into the source tree.
<li>make ctags operate a bit better in the presence of extra spacing.
<li>Add <strong>-d date</strong> support to last(1).
<li>Import of the IPSEC photuris daemon.
<li>Add rmd160 hash support throughout the source tree.
<li>lpd security fixes.
<li>man page cleanups.
<li>Updated <a href="http://www.sendmail.org/">Sendmail</a> to 8.8.6.
<li>cua devices, new <strong>MAKEDEV</strong> script in the hp300 port.
<li>More mail(1) fixes, particularly regarding long lines.
<li>Add sha1 digest support to mtree(8).
<li>Add sha1 support to md5(1).
<li>Lots more IPSEC improvements.
<li>Repair symbolic link handling during coredumps (correctly, this time).
<li>Replace libc sha1 code with another version that is better in some respects.
<li>Fix passive buffer overflow in rusers.
<li>Make ed(1) work properly on a non-tty.
<li>make compress(1) do gzip support too.
<li>Maintain process size stats in forkstat struct for "vmstat -f".
<li>Fix ruptime output for machines up > 99 days.
<li>Amended issetugid(2) man page to be quite a bit more clear.
<li>ATAPI devices may now reside in a kernel without wd (disk) devices.
<li>Intel EtherExpress Pro/100B PCI driver.
<li>More IPSEC changes. IPSEC is almost fully useable now.
<li>Fix a number of rtld dynamic loading problems.
<li>split ifconfig -a into -a/-A: -A prints ifaliases, -a does not.
<li>Repaired nfs handling in tcpdump.
<li>Fixed highscore handling in battlestar(6).
<li>Fixed all(?) Makefile wrappers for GNU software to not build and install manpages when NOMAN is set.
<li>libedit update with lots of fixes.
<li>Many more 64 bit fixes for the alpha, in about 20 more programs.
<li>Move libdes out of the kerberos tree so that it can be used by other parts of the system too.
<li>Make sleep(1) handle fractions of seconds. This is a nice extension.
<li>New kprop/kpropd man pages.
<li>Permit tftpd to provide files over 32K blocks in size.
<li>Fix readlink(1).
<li>Import of cvs-1.9.10.
<li>A few more minor netinet problems fixed.
<li>Modify inetd to accept a "hostname,[hostname,...]:" token to added to the front of any line in /etc/inetd.conf. This permits services to be supplied only on certain interfaces.
<li>Import of the gnu multi-precision math library, libgmp. This will be used by an IPSEC key daemon soon.
<li>Support IP option handling in IPSEC packets.
<li>Race fix to amd(8).
<li>Y2K enhancement to date(1).
<li>Repaired hundreds of long != int problems (in a bunch of programs) that affect the alpha.
<li>Clip setsockopt SO_SND*/SO_RCV parameters.
<li>Use O_EXLOCK for passwd locking to avoid a class of localhost denial of service attacks.
<li>Fix a minor problem in popen().
<li>IPF 3.1.11 + Darren's patches + 64-bit cleanup.
<li>Added automatic power down framework at halt(8) time, currently only supported on sun4m machines with the <i>power</i> device.
<li>Slightly improve ftpd log file.
<li>More paranoia in procfs.
<li>Add ELOOP error handling to realpath(3).
<li>Some NLS improvements, notably some more language catalogs.
<li>Change mount(2) to return EFTYPE for invalid filesystem.
<li>More ipsec changes!
<li>add -insecure flag to ypbind(8) so that it can bind to very old ypserv's.
<li>Make ifconfig(8) print full information about the full set of interface aliases.
<li>Support "-d dir" in rpc.yppasswdd(8).
<li>Fix some more /tmp races in various programs.
<li>add per-interface bindings to inetd(8).
<li>Better support for unmounted filesystems in df(1).
<li>Correct -n behaviour in sort(1).
<li>In newfs(8), fix -o and -m to work better.
<li>Add tsearch(3) to libc.
<li>Fix /tmp races in make(1).
<li>Deal with atapi drives that cannot lock their doors.
<li>Improved performance in /dev/*random.
<li>Fixed a few netinet bugs as pointed out by TCP/IP Illustrated Vol.2.
<li>Add tsearch(3) and friends to libc, as required by XPG3(?).
<li>Repair many cross-references and other documentation problems in the section 2 and 3 man pages, and also fix a few minor other bugs discovered by analysis of recent changes in FreeBSD's and NetBSD's libc.
<li>Implement hex/octal offsets in cmp(1), as documented.
<li>Addition of readlink(1).
<li>Move named tmp files to /etc/named/tmp/ to avoid localhost race attacks.
<li>document the ddb hangman.
<li>tftpd -c flag.
<li>Use dynamic fd_set allocation in more places, particularly setuid programs.
<li>Use /etc/namedb/tmp/ to avoid /var/tmp race conditions.
<li>Ensure TCP RST is within window.
<li>fix disklabel support in vnd/svnd.
<li>add sysctl net.inet.tcp.{keepidle,keepintvl,slowhz}
<li>fix SO_SNDTIMEO.
<li>Add <strong>-P proto</strong> support to traceroute.
<li>Some more security and robustness changes to traceroute and ping.
<li>A few netinet fixes.
<li>Kernel now generates random pid values in fork().
<li>fix sendsmg() credential passing on 64 bit machines.
<li>kill process timers if execve'ing a setuid/setgid executable.
<li>Few more fixes to pax(1).
<li>Fix lots more NetBSD PR's.
<li>tcp wrappers 7.6
<li>Add some more malloc options to malloc(3)
<li>In ar(1), truncate uid & gid if too large.
<li>getpgid(2) from XPG3(?)
<li>tail(1) can now notice if the file been replaced or truncated.
<li>Fix more overflows and other bugs in mail(1).
<li>Lots of man page fixes.
<li>New named root.cache from Internic.
<li>Support SIGINFO in ping; also add more complete icmp reporting capabilities.
<li>Make adduser understand /etc/passwd.conf
<li>Newer version of ext2fs that is reliable for read/write operation. This is essentially FULLY OPERATIONAL.
<li>Import newer version of vax port.
<li>Fix a few more libc functions to generate very large fd_set's properly for select(2).
<li>Few quirky changes to the way ISO9660 disklabel spoofing works in some ports.
</ul><p>
<a name=21></a>
<h3><font color=#0000e0>OpenBSD 2.1 released (July 2, 1997).</font></h3><p>
<ul>
<li>Fix keyboard and delay timing in i386 bootfloppy bootblocks. Whee!
<li>Added gzip and cdrom support to the sparc and alpha bootblocks.
<li>Support crunch on arc (for bootable installs).
<li>Repaired install stuff for most architectures significantly, improving ftp/http installs, single bootable install floppies, and in some cases CDROM booting. Most floppies contain vi, too.
<li>The vnd(4) device has a new safer mode of operation called svnd where you can trust a disk-image right after it's unmounted, i.e. cache-coherency.
<li>sleep(3) and usleep(3) now call nanosleep(2) for significantly less overhead.
<li>GNU Groff 1.10 with (improved) Makefile wrapper.
<li>A bit more man page cleanup starting to happen...
<li>Split rc.local, creating rc.securelevel. (Securelevels look like a worse and worse idea every month).
<li>newfs_msdos(8) can has enough brains to find the partition size itself.
<li>Significantly improved the unpredictability of the DNS packet id's in the resolver and named.
<li>libpthread works on the m68k.
<li>Support for PCI NE2000 clones.
<li>Some more userland 64 bit fixes.
<li>Unify naming of architecture names between gcc & binutils.
<li>Signal handling fix to crontab(1).
<li>Various fixes to the YP utilities.
<li>Support extended partitions in fdisk(8).
<li>Support /etc/rc.shutdown from halt(8).
<li>PCI aic7860 scsi support improved.
<li>Support .group entries in /etc/passwd.conf
<li>Repair some bugs in mail(1), especially regarding signal handling.
<li>Always skip the first 8KB of all swap partitions (hint: disklabels & bootblocks)
<li>The df(1) utility now has a human-readable "-h" option.
<li>For the first time ever, an obj@ populated /usr/src tree compiles cleanly when mounted read-only.
<li>Various man page fixes.
<li>NAT now gets started from /etc/netstart.
<li>Fix AFS string-to-key handling in kerberos.
<li>Correct DEV_BSIZE and lp->d_secsize confusion throughout the source tree. CD9660 is much happier now.
<li>Use in_addr_t and in_port_t all over the place.
<li>For config(8), if any kernel options get added/deleted/changed since the previous commit, warn that the compile tree needs 'make clean'.
<li>Make real i386 cpu's work again. In case noone noticed, they didn't work for about 5 months. The bug was very hard to find...
<li>Once again, really correct the various source routing pieces of the userland source tree.
<li>A whole bunch of 64 bit fixes in the source tree (hint: alpha).
<li>Fix patch to honour Index lines better.
<li>Solve a few resolver problems after the recent 4.9.5-P1 integration, not all our fault.
<li>Use 10 X characters in many remaining mktemp() calls which are hard to excise.
<li>getnetent() and friends now work a lot more like gethostent().
<li>More buffer overflows, but none in sensitive programs.
<li>Fixed some more mktemp races (sigh, will this ever end!)
<li>Add support for YP v1 to ypserv.
<li>Add md5 & blowfish passwd support to adduser(8).
<li>Numerous more pax/tar fixes.
<li>Add ./.message support to ftpd
<li>16 partition support for the alpha port.
<li>cvs 1.9.6
<li>64 bit clean in.rarpd.
<li>Change mail.local -H behaviour slightly, and convince mail(1) to use it for correct locking!
<li>New termcap and terminfo database files.
<li>Be more careful about modes of lost+found directories.
<li>Implement NOFILE_MAX--hard limit on max descriptors per process.
<li>gcc no longer defines -D__NetBSD__, only -D__OpenBSD__ now!
<li>sysctl kern.osrevision gives OpenBSD date.
<li>A few ypbind fixes.
<li>Fixes to fts(3).
<li>ddb improvements for 64 bit machines.
<li>The NE2000 if_ed driver now works on the alpha, too.
<li>Various atm fixes.
<li>Support for "secure" YP password maps.
<li>Substantial changes and fixes to the scsi scanner support.
<li>noaccesstime option for filesystems (saves batteries on laptops)
<li>Bye bye tahoe bits.
<li>pccon(1) to control the pccons driver.
<li>Merged changes from at 2.9 into our own at.
<li>Fix pcmcia on the i386.
<li>ipsecadm as an initial cut at controlling IPSEC sessions.
<li>Various fixes to the fsck tools.
<li>Let fsck and fsirand automatically work on very large filesystems.
<li>Numerous improvements to pax, including full support for cpio and a lot of fixes to tar mode.
<li>Import of libwrap and tcpd (tcp wrappers).
<li>Import of the mvme88k kernel port.
<li>Add support for FreeBSD md5 to /etc/passwd.conf.
<li>BIND 4.9.5-P1.
<li>deroff(1) 1.0 from Debian (a Linux).
<li>settimeofday(2) won't roll back the date if securelevel > 0 (from lite2).
<li>newfs(8) now has an inline fsirand(8) with no noticable speed decrease.
<li>Replace which(1) with a C program.
<li>libg++ pulls in libcurses automatically.
<li>Fix weak symbol support in ld.
<li>cvs 1.9.2
<li>IPSEC package from John Ioannidis and Angelos D. Keromytis.
<li>Working kadmind for kerberosIV.
<li>Add support for /etc/passwd.conf which controls the format and strength of passwd entries for the next time a user changes their password. These options can be set per-user.
<li>New scalable BLOWFISH-based crypt algorithm for passwd file entries. It uses a very large strong-random `salt' and the number of rotor runs is configurable. Hence if you have faster machines you can slow the crypt routine down and make harder keys.
<li>fix some more memory and file descriptor leaks in libc/rpc
<li>Fix so that stack limits which are not a multiple of the pagesize work.
<li>Fix a few netinet kernel crash problems.
<li>Fix pax & tar to be POSIX compliant.
<li>add RPC service name generation to netstat -a
<li>Make dd(1) work fine with our 64-bit off_t types, now you can copy very large disks using it.
<li>Improved NFS filehandle creation.
<li>Use lots more XXXX characters in calls to the few remaining mktemp() calls in the source tree. This cuts out a whole class of races.
<li>IPF 3.1.7 which includes fully working NAT support (ie. IP masquerading).
<li>The <a href="hp300.html">hp300</a> joins many other ports in supporting 16 disk partitions.
<li>Have libc/rpc save you from yourself if you do enable source routing.
<li>Change mktemp(3) and family to generate more random filenames, yet still as collision free as possible.
<li>Merge new ftp(1) changes from NetBSD.
<li>Add cdev and partition support to the ramdisk driver.
<li>New wgrisc port for Willowglen embedded r3081-based machine with ISA slots.
<li>Support for gzip'd kernels in some bootblocks.
<li>Be more careful if some fool decides to enable source routing ;-)
<li>Added RFC-1812 ICMP unreachable codes to ip_icmp.h, traceroute, and ping.
<li>/sbin/dump -a saves you from needing to deal with finicky tape length options (from FreeBSD)
<li>config.old(8) has been removed from the tree, as the <a href="hp300.html"> hp300</a> port switches to config(8).
<li>A SA_SIGINFO implementation for sigaction() and signal handlers. This is a small part of POSIX 1003.1b and permits the signal handler to figure out the exact cause of a signal; such as fault address information for SIGSEGV or more detailed information for SIGFPE.
<li>The <a href="alpha.html">Alpha</a> port and all it's utilities now compiles using in-tree versions of all tools. Yipee!
<li>amd (the automounter) is now 64-bit and working on the alpha.
<li>Changed netinet IP_HDRINCL option to require ip_len and ip_off in network byte order. This is a compatibility/portability fix and we expect other BSD systems to eventually follow suit.
<li>Bug fixed that prevented bufpages/nbuf > 1 setups. This allows large buffer caches even when available kvm space is low, like for i386 & sparc.
<li>Some ypbind(8) tightening up, includes a method to specify a list of valid servers
<li>Completely in-tree <a href="powerpc.html">PowerPC</a> port for non-Apple hardware. This port requires nothing outside the in-tree development environment to build (except mkisofs for building distributions).
<li>A working fsirand.
<li>More kerberosIV security patches.
<li>Repair many uses of the SIOCGIFCONF code for machines with an outrageous number of network interfaces.
<li>pax in tar mode will understand multiple -v options to generate ls-like output.
<li>Prevent stat() from disclosing inode generation numbers to non-root userland.
<li>various adjtime() corrections inside the kernel.
<li>No buffer lengths in fmt(1).
<li>Support lchown(2) in dump(8), cp(1), pax(1), cpio(1), chown(8), and restore(8).
<li>New gnu cpio 2.4.2
<li>Added lchown(2) for compatibility with SVR4 implementations.
<li>Sendmail upgraded to version 8.8.5.
<li>Upgrade of awk(1), integration of BSD tsort(1), getopt fixes.
<li>Support for the <a href="hp300.html">hp300</a> added.
<li>Fix a fairly nasty security hole in all of the games.
<li>new aucat command.
<li>libcrypt goes away. We do not need this stub library anymore. Do not link against it on OpenBSD, all the pieces you need are in libc.
<li>ppp 2.3b3
<li>Permit building of kernels without a.out support.
<li>Properly use _POSIX_SAVED_IDS throughout the source tree.
<li>Import of the powerpc port.
<li>Change the games to be run setgid games, not setuid games. This closes a whole slew of fascinating security holes.
<li>Add disklabels to the vnd device driver.
<li>Properly split fsck, mount, and newfs into multiple pieces. Use disklabel information if it is available.
<li>Permit NFS attribute cache to be configured on a per-mount basis.
<li>Add XCASE/IUCLC/OLCUC/OCRNL/ONOCR/ONLRET tty subsystem flags for backwards compatibility.
<li>Repair some more KerberosIV buffer overflows. Hard to believe this is supposed to be security software.
<li>f77 0.5.19
<li>texinfo 3.9
<li>sendmail 8.8.4
<li>Fix a few setgroups() related security holes.
<li>Add NetBSD's "route show" implementation, and at the same time fix the new buffer overflows that this provided.
<li>Fix information gathering attack in ping(8).
<li>tcpdump 3.3
<li>If disklabel reading code discovers an ISOFS filesystem underlying, spoof a nice disklabel (enough to fool mountroot).
<li>At boottime, have (*mountroot)() look at the root device's disklabel to determine which filesystem type is to be mounted.
<li>Add disklabels to the floppy device drivers.
<li>Multiple updates for GNU software
<li>Hundreds of little fixes all over the place.
<li>Some YP and bootparamd security changes.
<li>Add FreeBSD md5 diffs to mtree(8). This can be used to implement a tripwire-like system.
<li>GNU gdb works on the mips-based platforms.
<li>Imported FreeBSD's calendar.
<li>Increased compatibility in the pccons driver with BSDi features.
<li>Added -C option to pax/tar. Also made -z support compressed files too.
<li>Prevent generic users from mounting filesystems by default.
<li>Use pdksh as our /bin/sh. This provides excellent POSIX compliance.
<li>Numerous small security fixes again...
<li>com driver is now bus-independent.
<li>lpt driver is now bus-independent.
<li>The Arc port family has a new member: The rPC44 works!
<li>New bsd.*.mk feature: DEBUG=-g. Try it, you'll like it.
<li>pdksh version is now 5.2.11
<li>Make login get more consistantly upset about failed logins, and tell user about these failures at the next successful login.
<li>Memory leak paranoia in cron.
<li>Numerous more difficult-to-exploit-but-possible-if-someone-really-wanted-to buffer overflows found in system utilities..
<li>Various repairs to the scsi scanner support.
<li>Import of ctm.
<li>Integration of the pmax port.
<li>Beware $HOME overflows throughout the source tree.
<li>OLF binary type added. This is like ELF, but includes an OS-dependent tag. elf2olf(1) converts an elf binary to a tagged OLF binary which the kernel can recognize correctly.
<li>In numerous utilities: prefer $LOGNAME, but also accept $USER.
<li>The NIST suite showed numerous errors in libraries and the kernel. Only a few small errors remain now, mostly regarding serial ports.
<li>More ftpd raging paranoia security fixes.
<li>Numerous fixes to the lpr suite, including security.
<li>Crank kvm space on the i386 port, also limit buffer cache useage so that 512MB machines may work (untested :-)
<li>GPL i387 emulator added.
<li>Skey revamped into full OTP (RFC1938) support, including sha1 and md5 support.
<li>Add stack tracebacks to Arc port's kernel debugger.
<li>The /dev/*random devices are now default on all architectures.
<li>A number of security fixes to the way coredumping works.
<li>upgrade to CVS version 1.9.
<li>The NIST Posix test suite became free. As a result we have been correcting numerous problems in the source tree, and expect to be completely POSIX compliant very soon.
</ul><p>
<a name=20></a>
<h3><font color=#0000e0>OpenBSD 2.0 released.</font></h3><p>
<ul>
<li>CTM is now a supported way of obtaining OpenBSD source code.
<li>Added sudo (which is maintained by one of our developers)
<li>Working Linux ext2fs.
<li>We have completed security reviews of almost all userland programs and libraries except for the gnu stuff (where, based on preliminary inspection there is poor handling of temp files).
<li>FreeBSD's adduser(8) command. Also an rmuser(8) command.
<li>A 7% reduction in size of static binaries.
<li>Compile time option to compile the source tree almost completely dynamic.
<li>Almost a hundred more security fixes, including /tmp races because of strncpy.
<li>Another kerberos security fix.
<li>deal with the SYN bomb problem (denial of service attack) as well known.
<li>less version 2.90
<li>mopd for networking booting Digital machines
<li>latest GNU groff, incorporated in a clean wrapperized form.
<li>secure multicast tools against possible security problems.
<li>sendmail gecos hole fixed (in a number of ways; other programs in the source tree were also vulnerable.)
<li>Nice sample files in /etc
<li>16 partitions working on sparc and i386 (yipee!)
<li>vim is replacing nvi, since nvi does not have a pure BSD license, and vim also works better.
<li>And of course... more security related bugfixes... (ie. dump, restore, mt).
<li>ftp command modified for easily scripted ftp & http downloads.
<li>Complete in-tree development for MIPS/Alpha systems (ie. binutils).
<li>New routed from SGI.
<li>*Hobbit*'s netcat utility. The crackers use it, so should you.
<li>Say goodbye to dump, restore, and mt security holes: They are no longer setuid.
<li>DDB can now access symbol tables from LKM modules
<li>Some serial driver support for /dev/cuaXX devices to support transparent out+dial
<li>FreeBSD pipe() system call; quite a bit faster.
<li>libgnumalloc is gone; our malloc() is better.
<li>Kernel warns if /dev/console does not exist; nice warning for booting with an unpopulated /dev directory.
<li>cdio command for using CD audio.
<li>Even more security fixes.
<li>latest version of perl, and a lndir command.
<li>gcc 2.7.2.1 (to get closer to native alpha support ar gcc bugs).
<li>vim version 4.5
<li>a good start at NETIPX support
<li>improved locate command
<li>Fixed timeout support in RPC library, and also fixed it to support more than FD_SETSIZE file descriptors.
<li>rudimentary support for ISA Plug-and-Play cards
<li>`lsof'-style features in fstat.
<li>Numerous ftpd improvements and fixes, including multihomed and skey support.
<li>ncr53cXXX scsi scripts assembler
<li>arc4-based random support in kernel
<li>Kerberos is much more silent if not configured
<li>scsi subsystem security fix
<li>much newer join command (4.4lite2 with other fixes)
<li>RCS version 5.7
<li>added /etc/fbtab support to login & init.
<li>partial protection against tcp SYN attacks.
<li>POSIX & C2 requirement; lose setuid/setgid bits if owner/group changed by chown(). This can be turned off with sysctl.
<li>a real adduser program, which can even be used uninteractively.
<li>install now supports -C, -p, and -S flags.
<li>20 or so more security fixes
<li>at -f security fix.
<li>generic protection against the bind() takeover problem.
<li>new rdisc Router Discovery daemon
<li>Numerous FreeBSD userland fixes and improvements incorporated.
<li>FreeBSD malloc() that uses mmap() and is able to free unused memory.
<li>Fixed long-standing vm swap-leak.
<li>_POSIX_SAVED_IDS behaviour with permitted BSD extensions.
<li>Newest version of pppd.
<li>zlib (non-GPL'd gzip-compatible library)
<li>Numerous more security policy and implementation improvements (OpenBSD defaults to installing in a very secure mode)
<li>Significantly improved ftp daemon.
<li>Protection from the udp spamming and ftp bounce attacks.
<li>randomized port allocation in bind(), bindresvport(), and rresvport() -- security via unpredictability.
<li>The most secure rdist support anywhere.
<li>Fortran in the tree.
<li>terminfo database support.
<li>Working ATAPI audio support for multiple architectures.
<li>Linux ext2fs and BSD4.4 LFS support being worked on.
<li>Accepts FreeBSD MD5 passwords in password maps, soon will be able to generate them too
<li>Even more security fixes.
<li>using AT&T awk, gawk is toast
<li>pax as tar, gnutar is toast
<li>Boot kernels with "-c" to edit/enable/disable device configuration tables
<li>ATM support (support for one company's sparc & i386 cards available)
<li>kernfs extensions
<li>select() that can handle any amount of file descriptors.
<li>new system calls: rfork(), minherit(), poll().
<li>/sbin/init now deals with non-existant ttys, no longer spins gettys madly.
<li>ncheck utility for ffs
<li>Numerous scsi fixes
<li>Some ddb improvements and extensions
<li>In-kernel update(8) with an adaptive algorithm
<li>/dev/*random -- a device driver providing some kinds of random data
<li>Solid YP master, server, and client capabilities.
<li>Kerberos and other crypto in the source tree that is exportable
<li>Numerous security related fixes
<li>new scsi, md5, pkg_* commands
<li>ATAPI support (should work on all ISA busses)
<li>Some LKM support in the tree.
<li>All the pieces needed for cross compilation are in the source tree.
<li>Verbatim integration of the GNU tools (using a wrapper Makefile)
<li>nlist() that understands ELF, ECOFF, and a.out, allowing non-a.out ports to use kvm utilies
<li>better ELF support
<li>ipfilter for filtering dangerous packets and Network Address Translation for IP masquerading.
<li>The FreeBSD ports subsystem was integrated and is usable by you!
<li>a termlib library which understands termcap.db, needed for new curses.
<li>New curses library, including libform, libpanel and libmenu.
<li>Many many NetBSD PR's fixed (which NetBSD has not yet fixed)
</ul><p>
This list mentions mostly platform-independent changes. For a list of changes
made in a particular platform, please check the page for that platform. If you
find them not listed there, the changes are either (1) not being documented or
(2) are documented here.<br><br>
<hr>
<a href="index.html"><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a>
<a href=mailto:www@openbsd.org>www@openbsd.org</a>
<br><small>$OpenBSD: plus.html,v 1.382 1999/01/02 02:07:10 niklas Exp $</small>
</body>
</html>
![[BACK]](/icons/back.gif){kind=icon}
Return to plus.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www