File: [local] / www / plus.html (download) (as text)
Revision 1.84, Wed Jul 23 06:24:59 1997 UTC (26 years, 10 months ago) by millert
Branch: MAIN
Changes since 1.83: +3 -1 lines
s/key
|
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML Strict//EN">
<html>
<head>
<title>OpenBSD changes</title>
<link rev=made href=mailto:www@openbsd.org>
<meta name="resource-type" content="document">
<meta name="description" content="the main OpenBSD page">
<meta name="keywords" content="openbsd,main">
<meta name="distribution" content="global">
<meta name="copyright" content="This document copyright 1996 by OpenBSD.">
</head>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E">
<img alt="[OpenBSD]" SRC="images/smalltitle.gif">
<p>
<h3>Changes Relative to other *BSD's.</h3>
<p>
The OpenBSD project was spawned from NetBSD (ie. a member of the
4.4BSD family) and is developed separately. As well as developments
by our development group, good changes from the other free operating
systems are evaluated and merged into OpenBSD (of course, depending on
various factors like developer time for example.) OpenBSD tracks bug
reports and source tree changes from the NetBSD and FreeBSD projects
fairly closely. Even pieces of code from the Linux projects have been
used.
<p>
In the early days of OpenBSD, it was possible to be able to say
"OpenBSD is NetBSD <b>PLUS MORE STUFF</b>" Now, after substantial
work OpenBSD is very much is it's own thing. Too much stuff has been
added and fixed. OpenBSD is OpenBSD.
<p>
This is a partial list of the major machine independent changes
(ie. these are the changes people ask about most often). Port
specific changes have also been made, and are sometimes mentioned
in the pages for the specific <a href=plat.html>ports</a> if you
are interested in for further port-specific details. Many ports
have had architecture-specific enhancements relative to NetBSD,
but when they do not they certainly have plenty of platform-independent
changes, starting with those listed below..
<p>
<h3>Life for the OpenBSD project begins...</h3>
<p>
<ul>
<li>Many many NetBSD PR's fixed (which NetBSD has not yet fixed)
<li>New curses library, including libform, libpanel and libmenu.
<li>a termlib library which understands termcap.db, needed for new curses.
<li>The FreeBSD ports subsystem was integrated and is usable by you!
<li>ipfilter for filtering dangerous packets and Network Address Translation
for IP masquerading.
<li>better ELF support
<li>nlist() that understands ELF, ECOFF, and a.out, allowing non-a.out ports
to use kvm utilies
<li>Verbatim integration of the GNU tools (using a wrapper Makefile)
<li>All the pieces needed for cross compilation are in the source tree.
<li>Some LKM support in the tree.
<li>ATAPI support (should work on all ISA busses)
<li>new scsi, md5, pkg_* commands
<li>Numerous security related fixes
<li>Kerberos and other crypto in the source tree that is exportable
<li>Solid YP master, server, and client capabilities.
<li>/dev/*random -- a device driver providing some kinds of random data
<li>In-kernel update(8) with an adaptive algorithm
<li>Some ddb improvements and extensions
<li>Numerous scsi fixes
<li>ncheck utility for ffs
<li>/sbin/init now deals with non-existant ttys, no longer spins gettys madly.
<li>new system calls: rfork(), minherit(), poll().
<li>select() that can handle any amount of file descriptors.
<li>kernfs extensions
<li>ATM support (support for one company's sparc & i386 cards available)
<li>Boot kernels with "-c" to edit/enable/disable device configuration tables
<li>pax as tar, gnutar is toast
<li>using AT&T awk, gawk is toast
<li>Even more security fixes.
<li>Accepts FreeBSD MD5 passwords in password maps, soon will be able to
generate them too
<li>Linux ext2fs and BSD4.4 LFS support being worked on.
<li>Working ATAPI audio support for multiple architectures.
<li>terminfo database support.
<li>Fortran in the tree.
<li>The most secure rdist support anywhere.
<li>randomized port allocation in bind(), bindresvport(), and rresvport() --
security via unpredictability.
<li>Protection from the udp spamming and ftp bounce attacks.
<li>Significantly improved ftp daemon.
<li>Numerous more security policy and implimentation improvements (OpenBSD
defaults to installing in a very secure mode)
<li>zlib (non-GPL'd gzip-compatible library)
<li>Newest version of pppd.
<li>_POSIX_SAVED_IDS behaviour with permitted BSD extensions.
<li>Fixed long-standing vm swap-leak.
<li>FreeBSD malloc() that uses mmap() and is able to free unused memory.
<li>Numerous FreeBSD userland fixes and improvements incorporated.
<li>new rdisc Router Discovery daemon
<li>generic protection against the bind() takeover problem.
<li>at -f security fix.
<li>20 or so more security fixes
<li>install now supports -C, -p, and -S flags.
<li>a real adduser program, which can even be used uninteractively.
<li>POSIX & C2 requirement; lose setuid/setgid bits if owner/group changed
by chown(). This can be turned off with sysctl.
<li>partial protection against tcp SYN attacks.
<li>added /etc/fbtab support to login & init.
<li>RCS version 5.7
<li>much newer join command (4.4lite2 with other fixes)
<li>scsi subsystem security fix
<li>Kerberos is much more silent if not configured
<li>arc4-based random support in kernel
<li>ncr53cXXX scsi scripts assembler
<li>Numerous ftpd improvements and fixes, including multihomed and skey support.
<li>`lsof'-style features in fstat.
<li>rudimentary support for ISA Plug-and-Play cards
<li>Fixed timeout support in RPC library, and also fixed it to support more
than FD_SETSIZE file descriptors.
<li>improved locate command
<li>a good start at NETIPX support
<li>vim version 4.5
<li>gcc 2.7.2.1 (to get closer to native alpha support ar gcc
bugs).
<li>latest version of perl, and a lndir command.
<li>Even more security fixes.
<li>cdio command for using CD audio.
<li>Kernel warns if /dev/console does not exist; nice warning for booting with
an unpopulated /dev directory.
<li>libgnumalloc is gone; our malloc() is better.
<li>FreeBSD pipe() system call; quite a bit faster.
<li>Some serial driver support for /dev/cuaXX devices to support transparent
out+dial
<li>DDB can now access symbol tables from LKM modules
<li>Say goodbye to dump, restore, and mt security holes: They are no longer
setuid.
<li>*Hobbit*'s netcat utility. The crackers use it, so should you.
<li>New routed from SGI.
<li>Complete in-tree development for MIPS/Alpha systems (ie. binutils).
<li>ftp command modified for easily scripted ftp & http downloads.
<li>And of course... more security related bugfixes... (ie. dump,
restore, mt).
<li>vim is replacing nvi, since nvi does not have a pure BSD license, and vim
also works better.
<li>16 partitions working on sparc and i386 (yipee!)
<li>Nice sample files in /etc
<li>sendmail gecos hole fixed (in a number of ways; other programs in the
source tree were also vulnerable.)
<li>secure multicast tools against possible security problems.
<li>latest GNU groff, incorporated in a clean wrapperized form.
<li>mopd for networking booting Digital machines
<li>less version 2.90
<li>deal with the SYN bomb problem (denial of service attack) as well known.
<li>Another kerberos security fix.
<li>Almost a hundred more security fixes, including /tmp races because of strncpy.
<li>Compile time option to compile the source tree almost completely dynamic.
<li>A 7% reduction in size of static binaries.
<li>FreeBSD's adduser(8) command. Also an rmuser(8) command.
<li>We have completed security reviews of almost all userland programs and
libraries except for the gnu stuff (where, based on preliminary
inspection there is poor handling of temp files).
<li>Working Linux ext2fs.
<li>Added sudo (which is maintained by one of our developers)
<li>CTM is now a supported way of obtaining OpenBSD source code.
</ul>
<p>
<h3>OpenBSD 2.0 released.</h3>
<p>
<ul>
<li>The NIST Posix test suite became free. As a result we have been correcting
numerous problems in the source tree, and expect to be completely
POSIX compliant very soon.
<li>upgrade to CVS version 1.9.
<li>A number of security fixes to the way coredumping works.
<li>The /dev/*random devices are now default on all architectures.
<li>Add stack tracebacks to Arc port's kernel debugger.
<li>Skey revamped into full OTP (RFC1938) support, including sha1 and
md5 support.
<li>GPL i387 emulator added.
<li>Crank kvm space on the i386 port, also limit buffer cache useage
so that 512MB machines may work (untested :-)
<li>Numerous fixes to the lpr suite, including security.
<li>More ftpd raging paranoia security fixes.
<li>The NIST suite showed numerous errors in libraries and the kernel.
Only a few small errors remain now, mostly regarding serial
ports.
<li>In numerous utilities: prefer $LOGNAME, but also accept $USER.
<li>OLF binary type added. This is like ELF, but includes an OS-dependent
tag. elf2olf(1) converts an elf binary to a tagged OLF binary which
the kernel can recognize correctly.
<li>Beware $HOME overflows throughout the source tree.
<li>Integration of the pmax port.
<li>Import of ctm.
<li>Various repairs to the scsi scanner support.
<li>Numerous more difficult-to-exploit-but-possible-if-someone-really-wanted-to
buffer overflows found in system utilities..
<li>Memory leak paranoia in cron.
<li>Make login get more consistantly upset about failed logins, and tell user
about these failures at the next successfull login.
<li>pdksh version is now 5.2.11
<li>New bsd.*.mk feature: DEBUG=-g. Try it, you'll like it.
<li>The Arc port family has a new member: The rPC44 works!
<li>lpt driver is now bus-independent.
<li>com driver is now bus-independent.
<li>Numerous small security fixes again...
<li>Use pdksh as our /bin/sh. This provides excellent POSIX compliance.
<li>Prevent generic users from mounting filesystems by default.
<li>Added -C option to pax/tar. Also made -z support compressed files too.
<li>Increased compatibility in the pccons driver with BSDi features.
<li>Imported FreeBSD's calendar.
<li>GNU gdb works on the mips-based platforms.
<li>Add FreeBSD md5 diffs to mtree(8). This can be used to implement a
tripwire-like system.
<li>Some YP and bootparamd security changes.
<li>Hundreds of little fixes all over the place.
<li>Multiple updates for GNU software
<li>Add disklabels to the floppy device drivers.
<li>At boottime, have (*mountroot)() look at the root device's disklabel
to determine which filesystem type is to be mounted.
<li>If disklabel reading code discovers an ISOFS filesystem underlying,
spoof a nice disklabel (enough to fool mountroot).
<li>tcpdump 3.3
<li>Fix information gathering attack in ping(8).
<li>Add NetBSD's "route show" implementation, and at the samet time fix
the new buffer overflows that this provided.
<li>Fix a few setgroups() related security holes.
<li>sendmail 8.8.4
<li>texinfo 3.9
<li>f77 0.5.19
<li>Repair some more KerberosIV buffer overflows. Hard to believe this is
supposed to be security software.
<li>Add XCASE/IUCLC/OLCUC/OCRNL/ONOCR/ONLRET tty subsystem flags for
backwards compatibility.
<li>Permit NFS attribute cache to be configured on a per-mount basis.
<li>Properly split fsck, mount, and newfs into multiple pieces. Use
disklabel information if it is available.
<li>Add disklabels to the vnd device driver.
<li>Change the games to be run setgid games, not setuid games. This closes
a whole slew of fascinating security holes.
<li>Import of the powerpc port.
<li>Properly use _POSIX_SAVED_IDS throughout the source tree.
<li>Permit building of kernels without a.out support.
<li>ppp 2.3b3
<li>libcrypt goes away. We do not need this stub library anymore. Do not link
against it on OpenBSD, all the pieces you need are in libc.
<li>new aucat command.
<li>Fix a fairly nasty security hole in all of the games.
<li>Support for the <a href="hp300.html">hp300</a> added.
<li>Upgrade of awk(1), integration of BSD tsort(1), getopt fixes.
<li>Sendmail upgraded to version 8.8.5.
<li>Added lchown(2) for compatibility with SVR4 implementations.
<li>New gnu cpio 2.4.2
<li>Support lchown(2) in dump(8), cp(1), pax(1), cpio(1), chown(8), and
restore(8).
<li>No buffer lengths in fmt(1).
<li>various adjtime() corrections inside the kernel.
<li>Prevent stat() from disclosing inode generation numbers to non-root userland.
<li>pax in tar mode will understand multiple -v options to generate ls-like output.
<li>Repair many uses of the SIOCGIFCONF code for machines with an outrageous
number of network interfaces.
<li>More kerberosIV security patches.
<li>A working fsirand.
<li>Completely in-tree <a href="powerpc.html">PowerPC</a> port for non-Apple
hardware. This port requires nothing outside the in-tree development
environment to build (except mkisofs for building distributions).
<li>Some ypbind(8) tightening up, includes a method to specify a list of
valid servers
<li>Bug fixed that prevented bufpages/nbuf > 1 setups. This allows large
buffer caches even when available kvm space is low, like for i386
& sparc.
<li>Changed netinet IP_HDRINCL option to require ip_len and ip_off in network
byte order. This is a compatibility/portability fix and we expect
other BSD systems to eventually follow suit.
<li>amd (the automounter) is now 64-bit and working on the alpha.
<li>The <a href="alpha.html">Alpha</a> port and all it's utilities now compiles
using in-tree versions of all tools. Yipee!
<li>A SA_SIGINFO implementation for sigaction() and signal handlers. This is a
small part of POSIX 1003.1b and permits the signal handler to figure
out the exact cause of a signal; such as fault address information
for SIGSEGV or more detailed information for SIGFPE.
<li>config.old(8) has been removed from the tree, as the <a href="hp300.html">
hp300</a> port switches to config(8).
<li>/sbin/dump -a saves you from needing to deal with finicky tape length
options (from FreeBSD)
<li>Added RFC-1812 ICMP unreachable codes to ip_icmp.h, traceroute, and ping.
<li>Be more careful if some fool decides to enable source routing ;-)
<li>Support for gzip'd kernels in some bootblocks.
<li>New wgrisc port for Willowglen embedded r3081-based machine with ISA slots.
<li>Add cdev and partition support to the ramdisk driver.
<li>Merge new ftp(1) changes from NetBSD.
<li>Change mktemp(3) and family to generate more random filenames, yet still
as collision free as possible.
<li>Have libc/rpc save you from yourself if you do enable source routing.
<li>The <a href="hp300.html">hp300</a> joins many other ports in supporting
16 disk partitions.
<li>IPF 3.1.7 which includes fully working NAT support (ie. IP masquerading).
<li>Use lots more XXXX characters in calls to the few remaining mktemp() calls
in the source tree. This cuts out a whole class of races.
<li>Improved NFS filehandle creation.
<li>Make dd(1) work fine with our 64-bit off_t types, now you can copy very
large disks using it.
<li>add RPC service name generation to netstat -a
<li>Fix pax & tar to be POSIX compliant.
<li>Fix a few netinet kernel crash problems.
<li>Fix so that stack limits which are not a multiple of the pagesize work.
<li>fix some more memory and file descriptor leaks in libc/rpc
<li>New scalable BLOWFISH-based crypt algorithm for passwd file entries. It
uses a very large strong-random `salt' and the number of rotor
runs is configurable. Hence if you have faster machines you can
slow the crypt routine down and make harder keys.
<li>Add support for /etc/passwd.conf which controls the format and strength
of passwd entries for the next time a user changes their password.
These options can be set per-user.
<li>Working kadmind for kerberosIV.
<li>IPSEC package from John Ioannidis and Angelos D. Keromytis.
<li>cvs 1.9.2
<li>Fix weak symbol support in ld.
<li>libg++ pulls in libcurses automatically.
<li>Replace which(1) with a C program.
<li>newfs(8) now has an inline fsirand(8) with no noticable speed decrease.
<li>settimeofday(2) won't roll back the date if securelevel > 0 (from lite2).
<li>deroff(1) 1.0 from Debian (a Linux).
<li>BIND 4.9.5-P1.
<li>Add support for FreeBSD md5 to /etc/passwd.conf.
<li>Import of the mvme88k kernel port.
<li>Import of libwrap and tcpd (tcp wrappers).
<li>Numerous improvements to pax, including full support for cpio and
a lot of fixes to tar mode.
<li>Let fsck and fsirand automatically work on very large filesystems.
<li>Various fixes to the fsck tools.
<li>ipsecadm as an initial cut at controlling IPSEC sessions.
<li>Fix pcmcia on the i386.
<li>Merged changes from at 2.9 into our own at.
<li>pccon(1) to control the pccons driver.
<li>Bye bye tahoe bits.
<li>noaccesstime option for filesystems (saves batteries on laptops)
<li>Substantial changes and fixes to the scsi scanner support.
<li>Support for "secure" YP password maps.
<li>Various atm fixes.
<li>The NE2000 if_ed driver now works on the alpha, too.
<li>ddb improvements for 64 bit machines.
<li>Fixes to fts(3).
<li>A few ypbind fixes.
<li>sysctl kern.osrevision gives OpenBSD date.
<li>gcc no longer defines -D__NetBSD__, only -D__OpenBSD__ now!
<li>Implement NOFILE_MAX--hard limit on max descriptors per proccess.
<li>Be more careful about modes of lost+found directories.
<li>New termcap and terminfo database files.
<li>Change mail.local -H behaviour slightly, and convince mail(1) to use it
for correct locking!
<li>64 bit clean in.rarpd.
<li>cvs 1.9.6
<li>16 partition support for the alpha port.
<li>Add ./.message support to ftpd
<li>Numerous more pax/tar fixes.
<li>Add md5 & blowfish passwd support to adduser(8).
<li>Add support for YP v1 to ypserv.
<li>Fixed some more mktemp races (sigh, will this ever end!)
<li>More buffer overflows, but none in sensitive programs.
<li>getnetent() and friends now work a lot more like gethostent().
<li>Use 10 X characters in many remaining mktemp() calls which are
hard to excise.
<li>Solve a few resolver problems after the recent 4.9.5-P1 integration,
not all our fault.
<li>Fix patch to honour Index lines better.
<li>A whole bunch of 64 bit fixes in the source tree (hint: alpha).
<li>Once again, really correct the various source routing pieces of the
userland source tree.
<li>Make real i386 cpu's work again. In case noone noticed, they didn't
work for about 5 months. The bug was very hard to find...
<li>For config(8), if any kernel options get added/deleted/changed since
the previous commit, warn that the compile tree needs 'make clean'.
<li>Use in_addr_t and in_port_t all over the place.
<li>Correct DEV_BSIZE and lp->d_secsize confusion throughout the source
tree. CD9660 is much happier now.
<li>Fix AFS string-to-key handling in kerberos.
<li>NAT now gets started from /etc/netstart.
<li>Various man page fixes.
<li>For the first time ever, an obj@ populated /usr/src tree compiles cleanly
when mounted read-only.
<li>The df(1) utility now has a human-readable "-h" option.
<li>Always skip the first 8KB of all swap partitions (hint: disklabels &
bootblocks)
<li>Repair some bugs in mail(1), especially regarding signal handling.
<li>Support .group entries in /etc/passwd.conf
<li>PCI aic7860 scsi support improved.
<li>Support /etc/rc.shutdown from halt(8).
<li>Support extended partitions in fdisk(8).
<li>Various fixes to the YP utilities.
<li>Signal handling fix to crontab(1).
<li>Unify naming of archictecture names between gcc & binutils.
<li>Some more userland 64 bit fixes.
<li>Support for PCI NE2000 clones.
<li>libpthread works on the m68k.
<li>Significantly improved the unpredictability of the DNS packet id's
in the resolver and named.
<li>newfs_msdos(8) can has enough brains to find the partition size itself.
<li>Split rc.local, creating rc.securelevel. (Securelevels look like a worse
and worse idea every month).
<li>A bit more man page cleanup starting to happen...
<li>GNU Groff 1.10 with (improved) Makefile wrapper.
<li>sleep(3) and usleep(3) now call nanosleep(2) for significantly less
overhead.
<li>The vnd(4) device has a new safer mode of operation called svnd
where you can trust a disk-image right after it's unmounted,
i.e. cache-coherency.
<li>Repaired install stuff for most architectures significantly, improving
ftp/http installs, single bootable install floppies, and in some
cases CDROM booting. Most floppies contain vi, too.
<li>Support crunch on arc (for bootable installs).
<li>Added gzip and cdrom support to the sparc and alpha bootblocks.
<li>Fix keyboard and delay timing in i386 bootfloppy bootblocks. Whee!
</ul>
<p>
<h3>OpenBSD 2.1 released (July 2, 1997).</h3>
<p>
<ul>
<li>Few quirky changes to the way ISO9660 disklabel spoofing works in
some ports.
<li>Fix a few more libc functions to generate very large fd_set's properly
for select(2).
<li>Import newer version of vax port.
<li>Newer version of ext2fs that is reliable for read/write operation. This
is essentially FULLY OPERATIONAL.
<li>Make adduser understand /etc/passwd.conf
<li>Support SIGINFO in ping; also add more complete icmp reporting
capabilities.
<li>New named root.cache from Internic.
<li>Lots of man page fixes.
<li>Fix more overflows and other bugs in mail(1).
<li>tail(1) can now notice if the file been replaced or truncated.
<li>getpgid(2) from XPG3(?)
<li>In ar(1), truncate uid & gid if too large.
<li>Add some more malloc options to malloc(3)
<li>tcp wrappers 7.6
<li>Fix lots more NetBSD PR's.
<li>Few more fixes to pax(1).
<li>kill process timers if execve'ing a setuid/setgid executable.
<li>fix sendsmg() credential passing on 64 bit machines.
<li>Kernel now generates random pid values in fork().
<li>A few netinet fixes.
<li>Some more security and robustness changes to traceroute and ping.
<li>Add <strong>-P proto</strong> support to traceroute.
<li>fix SO_SNDTIMEO.
<li>add sysctl net.inet.tcp.{keepidle,keepintvl,slowhz}
<li>fix disklabel support in vnd/svnd.
<li>Ensure TCP RST is within window.
<li>Use /etc/namedb/tmp/ to avoid /var/tmp race conditions.
<li>Use dynamic fd_set allocation in more places, particularily setuid
programs.
<li>tftpd -c flag.
<li>document the ddb hangman.
<li>Move named tmp files to /etc/named/tmp/ to avoid localhost race
attacks.
<li>Addition of readlink(1).
<li>Implement hex/octal offsets in cmp(1), as documented.
<li>Repair many cross-references and other documentation problems in
the section 2 and 3 man pages, and also fix a few minor
other bugs discovered by analysis of recent changes in
FreeBSD's and NetBSD's libc.
<li>Add tsearch(3) and friends to libc, as required by XPG3(?).
<li>Fixed a few netinet bugs as pointed out by TCP/IP Illustrated
Vol.2.
<li>Improved performance in /dev/*random.
<li>Deal with atapi drives that cannot lock their doors.
<li>Fix /tmp races in make(1).
<li>Add tsearch(3) to libc.
<li>In newfs(8), fix -o and -m to work better.
<li>Correct -n behaviour in sort(1).
<li>Better support for unmounted filesystems in df(1).
<li>add per-interface bindings to inetd(8).
<li>Fix some more /tmp races in various programs.
<li>Support "-d dir" in rpc.yppasswdd(8).
<li>Make ifconfig(8) print full information about the full set of
interface aliases.
<li>add -insecure flag to ypbind(8) so that it can bind to very old ypserv's.
<li>More ipsec changes!
<li>Change mount(2) to return EFTYPE for invalid filesystem.
<li>Some NLS improvements, noteably some more language catalogs.
<li>Add ELOOP error handling to realpath(3).
<li>More paranoia in procfs.
<li>Slightly improve ftpd log file.
<li>Added automatic power down framework at halt(8) time, currently only
supported on sun4m machines with the <i>power</i> device.
<li>IPF 3.1.11 + Darren's patches + 64-bit cleanup.
<li>Fix a minor problem in popen().
<li>Use O_EXLOCK for passwd locking to avoid a class of localhost denial of
service attacks.
<li>Clip setsockopt SO_SND*/SO_RCV parameters.
<li>Repaired hundreds of long != int problems (in a bunch of programs) that
affect the alpha.
<li>Y2K enhancement to date(1).
<li>Race fix to amd(8).
<li>Support IP option handling in IPSEC packets.
<li>Import of the gnu multi-precision math library, libgmp. This will be
used by an IPSEC key daemon soon.
<li>Modify inetd to accept a "hostname,[hostname,...]:" token to added to the
front of any line in /etc/inetd.conf. This permits services to be
supplied only on certain interfaces.
<li>A few more minor netinet problems fixed.
<li>Import of cvs-1.9.10.
<li>Fix readlink(1).
<li>Permit tftpd to provide files over 32K blocks in size.
<li>New kprop/kpropd man pages.
<li>Make sleep(1) handle fractions of seconds. This is a nice extension.
<li>Move libdes out of the kerberos tree so that it can be used by other
parts of the system too.
<li>Many more 64 bit fixes for the alpha, in about 20 more programs.
<li>libedit update with lots of fixes.
<li>Fixed all(?) Makefile wrappers for GNU software to not build and install
manpages when NOMAN is set.
<li>Fixed highscore handling in battlestar(6).
<li>Repaired nfs handling in tcpdump.
<li>split ifconfig -a into -a/-A: -A prints ifaliases, -a does not.
<li>Fix a number of rtld dynamic loading problems.
<li>More IPSEC changes. IPSEC is almost fully useable now.
<li>Intel EtherExpress Pro/100B PCI driver.
<li>ATAPI devices may now reside in a kernel without wd (disk) devices.
<li>Amended issetugid(2) man page to be quite a bit more clear.
<li>Fix ruptime output for machines up > 99 days.
<li>Maintain process size stats in forkstat struct for "vmstat -f".
<li>make compress(1) do gzip support too.
<li>Make ed(1) work properly on a non-tty.
<li>Fix passive buffer overflow in rusers.
<li>Replace libc sha1 code with another version that is better in some respects.
<li>Repair symbolic link handling during coredumps (correctly, this time).
<li>Lots more IPSEC improvements.
<li>Add sha1 support to md5(1).
<li>Add sha1 digest support to mtree(8).
<li>More mail(1) fixes, particularily regarding long lines.
<li>cua devices, new <strong>MAKEDEV</strong> script in the hp300 port.
<li>Updated <a href="http://www.sendmail.org/">Sendmail</a> to 8.8.6.
<li>man page cleanups.
<li>lpd security fixes.
<li>Add rmd160 hash support throughout the source tree.
<li>Import of the IPSEC photuris daemon.
<li>Add <strong>-d date</strong> support to last(1).
<li>mail(1) behaves correctly when interrupted while getting headers from the user.
<li>S/Key keyfile is now readable only by root. skeyinfo(1) and skeyaudit(1)
have been enhanced and rewritten as C programs.
</ul>
<p>
<h3>Development is rapidly continuing...</h3>
<p>
This list only mentions platform-independent changes. For a list of changes
made in a particular platform, please check the page for that platform.<br><br>
<hr>
<a href="index.html"><img src=back.gif border=0 alt=OpenBSD></a>
<a href=mailto:www@openbsd.org>www@openbsd.org</a>
<br><small>$OpenBSD: plus.html,v 1.84 1997/07/23 06:24:59 millert Exp $</small>
</body>
</html>
![[BACK]](/icons/back.gif){kind=icon}
Return to plus.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www