Annotation of www/plus21.html, Revision 1.1
1.1 ! deraadt 1: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML Strict//EN">
! 2: <html>
! 3: <head>
! 4: <title>OpenBSD 2.1 changes</title>
! 5: <link rev=made href=mailto:www@openbsd.org>
! 6: <meta name="resource-type" content="document">
! 7: <meta name="description" content="the main OpenBSD page">
! 8: <meta name="keywords" content="openbsd,main">
! 9: <meta name="distribution" content="global">
! 10: <meta name="copyright" content="This document copyright 1996 by OpenBSD.">
! 11: </head>
! 12:
! 13: <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E">
! 14:
! 15: <img alt="[OpenBSD]" height=30 width=141 SRC="images/smalltitle.gif">
! 16:
! 17: <p>
! 18: <h2>Changes made between OpenBSD 2.0 and OpenBSD 2.1</h2>
! 19:
! 20: <p>
! 21: This is a partial list of the major machine independent changes
! 22: (ie. these are the changes people ask about most often). Port
! 23: specific changes have also been made, and are sometimes mentioned
! 24: in the pages for the specific <a href=plat.html>ports</a> if you
! 25: are interested in further port-specific details. Many ports
! 26: have had architecture-specific enhancements relative to NetBSD,
! 27: but when they do not they certainly have plenty of platform-independent
! 28: changes, starting with those listed below..
! 29:
! 30: <p>
! 31: Note: <font color=#e00000>Problems for which patches exist are marked in red</font>.
! 32:
! 33: <p>
! 34: <h3>
! 35: <a href=plus20.html>For changes leading up to OpenBSD 2.0, click here</a>.
! 36: <br>
! 37: <a href=plus21.html>For changes leading up to OpenBSD 2.1, click here</a>.
! 38: <br>
! 39: <a href=plus22.html>For changes leading up to OpenBSD 2.2, click here</a>.
! 40: <br>
! 41: <a href=plus23.html>For changes leading up to OpenBSD 2.3, click here</a>.
! 42: <br>
! 43: <a href=plus24.html>For changes leading up to OpenBSD 2.4, click here</a>.
! 44: <br>
! 45: <a href=plus25.html>For changes leading up to OpenBSD 2.5, click here</a>.
! 46: <br>
! 47: <a href=plus.html>For changes in OpenBSD-current, click here</a>.
! 48: <br>
! 49: </h3>
! 50:
! 51: <hr>
! 52:
! 53: <h3><font color=#0000e0>OpenBSD 2.1 released (July 2, 1997).</font></h3><p>
! 54: <ul>
! 55: <li>Fix keyboard and delay timing in i386 bootfloppy bootblocks. Whee!
! 56: <li>Added gzip and cdrom support to the sparc and alpha bootblocks.
! 57: <li>Support crunch on arc (for bootable installs).
! 58: <li>Repaired install stuff for most architectures significantly, improving ftp/http installs, single bootable install floppies, and in some cases CDROM booting. Most floppies contain vi, too.
! 59: <li>The vnd(4) device has a new safer mode of operation called svnd where you can trust a disk-image right after it's unmounted, i.e. cache-coherency.
! 60: <li>sleep(3) and usleep(3) now call nanosleep(2) for significantly less overhead.
! 61: <li>GNU Groff 1.10 with (improved) Makefile wrapper.
! 62: <li>A bit more man page cleanup starting to happen...
! 63: <li>Split rc.local, creating rc.securelevel. (Securelevels look like a worse and worse idea every month).
! 64: <li>newfs_msdos(8) can has enough brains to find the partition size itself.
! 65: <li>Significantly improved the unpredictability of the DNS packet id's in the resolver and named.
! 66: <li>libpthread works on the m68k.
! 67: <li>Support for PCI NE2000 clones.
! 68: <li>Some more userland 64 bit fixes.
! 69: <li>Unify naming of architecture names between gcc & binutils.
! 70: <li>Signal handling fix to crontab(1).
! 71: <li>Various fixes to the YP utilities.
! 72: <li>Support extended partitions in fdisk(8).
! 73: <li>Support /etc/rc.shutdown from halt(8).
! 74: <li>PCI aic7860 scsi support improved.
! 75: <li>Support .group entries in /etc/passwd.conf
! 76: <li>Repair some bugs in mail(1), especially regarding signal handling.
! 77: <li>Always skip the first 8KB of all swap partitions (hint: disklabels & bootblocks)
! 78: <li>The df(1) utility now has a human-readable "-h" option.
! 79: <li>For the first time ever, an obj@ populated /usr/src tree compiles cleanly when mounted read-only.
! 80: <li>Various man page fixes.
! 81: <li>NAT now gets started from /etc/netstart.
! 82: <li>Fix AFS string-to-key handling in kerberos.
! 83: <li>Correct DEV_BSIZE and lp->d_secsize confusion throughout the source tree. CD9660 is much happier now.
! 84: <li>Use in_addr_t and in_port_t all over the place.
! 85: <li>For config(8), if any kernel options get added/deleted/changed since the previous commit, warn that the compile tree needs 'make clean'.
! 86: <li>Make real i386 cpu's work again. In case noone noticed, they didn't work for about 5 months. The bug was very hard to find...
! 87: <li>Once again, really correct the various source routing pieces of the userland source tree.
! 88: <li>A whole bunch of 64 bit fixes in the source tree (hint: alpha).
! 89: <li>Fix patch to honour Index lines better.
! 90: <li>Solve a few resolver problems after the recent 4.9.5-P1 integration, not all our fault.
! 91: <li>Use 10 X characters in many remaining mktemp() calls which are hard to excise.
! 92: <li>getnetent() and friends now work a lot more like gethostent().
! 93: <li>More buffer overflows, but none in sensitive programs.
! 94: <li>Fixed some more mktemp races (sigh, will this ever end!)
! 95: <li>Add support for YP v1 to ypserv.
! 96: <li>Add md5 & blowfish passwd support to adduser(8).
! 97: <li>Numerous more pax/tar fixes.
! 98: <li>Add ./.message support to ftpd
! 99: <li>16 partition support for the alpha port.
! 100: <li>cvs 1.9.6
! 101: <li>64 bit clean in.rarpd.
! 102: <li>Change mail.local -H behaviour slightly, and convince mail(1) to use it for correct locking!
! 103: <li>New termcap and terminfo database files.
! 104: <li>Be more careful about modes of lost+found directories.
! 105: <li>Implement NOFILE_MAX--hard limit on max descriptors per process.
! 106: <li>gcc no longer defines -D__NetBSD__, only -D__OpenBSD__ now!
! 107: <li>sysctl kern.osrevision gives OpenBSD date.
! 108: <li>A few ypbind fixes.
! 109: <li>Fixes to fts(3).
! 110: <li>ddb improvements for 64 bit machines.
! 111: <li>The NE2000 if_ed driver now works on the alpha, too.
! 112: <li>Various atm fixes.
! 113: <li>Support for "secure" YP password maps.
! 114: <li>Substantial changes and fixes to the scsi scanner support.
! 115: <li>noaccesstime option for filesystems (saves batteries on laptops)
! 116: <li>Bye bye tahoe bits.
! 117: <li>pccon(1) to control the pccons driver.
! 118: <li>Merged changes from at 2.9 into our own at.
! 119: <li>Fix pcmcia on the i386.
! 120: <li>ipsecadm as an initial cut at controlling IPSEC sessions.
! 121: <li>Various fixes to the fsck tools.
! 122: <li>Let fsck and fsirand automatically work on very large filesystems.
! 123: <li>Numerous improvements to pax, including full support for cpio and a lot of fixes to tar mode.
! 124: <li>Import of libwrap and tcpd (tcp wrappers).
! 125: <li>Import of the mvme88k kernel port.
! 126: <li>Add support for FreeBSD md5 to /etc/passwd.conf.
! 127: <li>BIND 4.9.5-P1.
! 128: <li>deroff(1) 1.0 from Debian (a Linux).
! 129: <li>settimeofday(2) won't roll back the date if securelevel > 0 (from lite2).
! 130: <li>newfs(8) now has an inline fsirand(8) with no noticable speed decrease.
! 131: <li>Replace which(1) with a C program.
! 132: <li>libg++ pulls in libcurses automatically.
! 133: <li>Fix weak symbol support in ld.
! 134: <li>cvs 1.9.2
! 135: <li>IPSEC package from John Ioannidis and Angelos D. Keromytis.
! 136: <li>Working kadmind for kerberosIV.
! 137: <li>Add support for /etc/passwd.conf which controls the format and strength of passwd entries for the next time a user changes their password. These options can be set per-user.
! 138: <li>New scalable BLOWFISH-based crypt algorithm for passwd file entries. It uses a very large strong-random `salt' and the number of rotor runs is configurable. Hence if you have faster machines you can slow the crypt routine down and make harder keys.
! 139: <li>fix some more memory and file descriptor leaks in libc/rpc
! 140: <li>Fix so that stack limits which are not a multiple of the pagesize work.
! 141: <li>Fix a few netinet kernel crash problems.
! 142: <li>Fix pax & tar to be POSIX compliant.
! 143: <li>add RPC service name generation to netstat -a
! 144: <li>Make dd(1) work fine with our 64-bit off_t types, now you can copy very large disks using it.
! 145: <li>Improved NFS filehandle creation.
! 146: <li>Use lots more XXXX characters in calls to the few remaining mktemp() calls in the source tree. This cuts out a whole class of races.
! 147: <li>IPF 3.1.7 which includes fully working NAT support (ie. IP masquerading).
! 148: <li>The <a href="hp300.html">hp300</a> joins many other ports in supporting 16 disk partitions.
! 149: <li>Have libc/rpc save you from yourself if you do enable source routing.
! 150: <li>Change mktemp(3) and family to generate more random filenames, yet still as collision free as possible.
! 151: <li>Merge new ftp(1) changes from NetBSD.
! 152: <li>Add cdev and partition support to the ramdisk driver.
! 153: <li>New wgrisc port for Willowglen embedded r3081-based machine with ISA slots.
! 154: <li>Support for gzip'd kernels in some bootblocks.
! 155: <li>Be more careful if some fool decides to enable source routing ;-)
! 156: <li>Added RFC-1812 ICMP unreachable codes to ip_icmp.h, traceroute, and ping.
! 157: <li>/sbin/dump -a saves you from needing to deal with finicky tape length options (from FreeBSD)
! 158: <li>config.old(8) has been removed from the tree, as the <a href="hp300.html"> hp300</a> port switches to config(8).
! 159: <li>A SA_SIGINFO implementation for sigaction() and signal handlers. This is a small part of POSIX 1003.1b and permits the signal handler to figure out the exact cause of a signal; such as fault address information for SIGSEGV or more detailed information for SIGFPE.
! 160: <li>The <a href="alpha.html">Alpha</a> port and all it's utilities now compiles using in-tree versions of all tools. Yipee!
! 161: <li>amd (the automounter) is now 64-bit and working on the alpha.
! 162: <li>Changed netinet IP_HDRINCL option to require ip_len and ip_off in network byte order. This is a compatibility/portability fix and we expect other BSD systems to eventually follow suit.
! 163: <li>Bug fixed that prevented bufpages/nbuf > 1 setups. This allows large buffer caches even when available kvm space is low, like for i386 & sparc.
! 164: <li>Some ypbind(8) tightening up, includes a method to specify a list of valid servers
! 165: <li>Completely in-tree <a href="powerpc.html">PowerPC</a> port for non-Apple hardware. This port requires nothing outside the in-tree development environment to build (except mkisofs for building distributions).
! 166: <li>A working fsirand.
! 167: <li>More kerberosIV security patches.
! 168: <li>Repair many uses of the SIOCGIFCONF code for machines with an outrageous number of network interfaces.
! 169: <li>pax in tar mode will understand multiple -v options to generate ls-like output.
! 170: <li>Prevent stat() from disclosing inode generation numbers to non-root userland.
! 171: <li>various adjtime() corrections inside the kernel.
! 172: <li>No buffer lengths in fmt(1).
! 173: <li>Support lchown(2) in dump(8), cp(1), pax(1), cpio(1), chown(8), and restore(8).
! 174: <li>New gnu cpio 2.4.2
! 175: <li>Added lchown(2) for compatibility with SVR4 implementations.
! 176: <li>Sendmail upgraded to version 8.8.5.
! 177: <li>Upgrade of awk(1), integration of BSD tsort(1), getopt fixes.
! 178: <li>Support for the <a href="hp300.html">hp300</a> added.
! 179: <li>Fix a fairly nasty security hole in all of the games.
! 180: <li>new aucat command.
! 181: <li>libcrypt goes away. We do not need this stub library anymore. Do not link against it on OpenBSD, all the pieces you need are in libc.
! 182: <li>ppp 2.3b3
! 183: <li>Permit building of kernels without a.out support.
! 184: <li>Properly use _POSIX_SAVED_IDS throughout the source tree.
! 185: <li>Import of the powerpc port.
! 186: <li>Change the games to be run setgid games, not setuid games. This closes a whole slew of fascinating security holes.
! 187: <li>Add disklabels to the vnd device driver.
! 188: <li>Properly split fsck, mount, and newfs into multiple pieces. Use disklabel information if it is available.
! 189: <li>Permit NFS attribute cache to be configured on a per-mount basis.
! 190: <li>Add XCASE/IUCLC/OLCUC/OCRNL/ONOCR/ONLRET tty subsystem flags for backwards compatibility.
! 191: <li>Repair some more KerberosIV buffer overflows. Hard to believe this is supposed to be security software.
! 192: <li>f77 0.5.19
! 193: <li>texinfo 3.9
! 194: <li>sendmail 8.8.4
! 195: <li>Fix a few setgroups() related security holes.
! 196: <li>Add NetBSD's "route show" implementation, and at the same time fix the new buffer overflows that this provided.
! 197: <li>Fix information gathering attack in ping(8).
! 198: <li>tcpdump 3.3
! 199: <li>If disklabel reading code discovers an ISOFS filesystem underlying, spoof a nice disklabel (enough to fool mountroot).
! 200: <li>At boottime, have (*mountroot)() look at the root device's disklabel to determine which filesystem type is to be mounted.
! 201: <li>Add disklabels to the floppy device drivers.
! 202: <li>Multiple updates for GNU software
! 203: <li>Hundreds of little fixes all over the place.
! 204: <li>Some YP and bootparamd security changes.
! 205: <li>Add FreeBSD md5 diffs to mtree(8). This can be used to implement a tripwire-like system.
! 206: <li>GNU gdb works on the mips-based platforms.
! 207: <li>Imported FreeBSD's calendar.
! 208: <li>Increased compatibility in the pccons driver with BSDi features.
! 209: <li>Added -C option to pax/tar. Also made -z support compressed files too.
! 210: <li>Prevent generic users from mounting filesystems by default.
! 211: <li>Use pdksh as our /bin/sh. This provides excellent POSIX compliance.
! 212: <li>Numerous small security fixes again...
! 213: <li>com driver is now bus-independent.
! 214: <li>lpt driver is now bus-independent.
! 215: <li>The Arc port family has a new member: The rPC44 works!
! 216: <li>New bsd.*.mk feature: DEBUG=-g. Try it, you'll like it.
! 217: <li>pdksh version is now 5.2.11
! 218: <li>Make login get more consistantly upset about failed logins, and tell user about these failures at the next successful login.
! 219: <li>Memory leak paranoia in cron.
! 220: <li>Numerous more difficult-to-exploit-but-possible-if-someone-really-wanted-to buffer overflows found in system utilities..
! 221: <li>Various repairs to the scsi scanner support.
! 222: <li>Import of ctm.
! 223: <li>Integration of the pmax port.
! 224: <li>Beware $HOME overflows throughout the source tree.
! 225: <li>OLF binary type added. This is like ELF, but includes an OS-dependent tag. elf2olf(1) converts an elf binary to a tagged OLF binary which the kernel can recognize correctly.
! 226: <li>In numerous utilities: prefer $LOGNAME, but also accept $USER.
! 227: <li>The NIST suite showed numerous errors in libraries and the kernel. Only a few small errors remain now, mostly regarding serial ports.
! 228: <li>More ftpd raging paranoia security fixes.
! 229: <li>Numerous fixes to the lpr suite, including security.
! 230: <li>Crank kvm space on the i386 port, also limit buffer cache useage so that 512MB machines may work (untested :-)
! 231: <li>GPL i387 emulator added.
! 232: <li>Skey revamped into full OTP (RFC1938) support, including sha1 and md5 support.
! 233: <li>Add stack tracebacks to Arc port's kernel debugger.
! 234: <li>The /dev/*random devices are now default on all architectures.
! 235: <li>A number of security fixes to the way coredumping works.
! 236: <li>upgrade to CVS version 1.9.
! 237: <li>The NIST Posix test suite became free. As a result we have been correcting numerous problems in the source tree, and expect to be completely POSIX compliant very soon.
! 238: </ul>
! 239: <p>
! 240:
! 241: This list mentions mostly platform-independent changes. For a list of changes
! 242: made in a particular platform, please check the page for that platform. If you
! 243: find them not listed there, the changes are either (1) not being documented or
! 244: (2) are documented here.<br><br>
! 245:
! 246: <hr>
! 247: <p>
! 248: <h3>
! 249: <a href=plus20.html>For changes leading up to OpenBSD 2.0, click here</a>.
! 250: <br>
! 251: <a href=plus21.html>For changes leading up to OpenBSD 2.1, click here</a>.
! 252: <br>
! 253: <a href=plus22.html>For changes leading up to OpenBSD 2.2, click here</a>.
! 254: <br>
! 255: <a href=plus23.html>For changes leading up to OpenBSD 2.3, click here</a>.
! 256: <br>
! 257: <a href=plus24.html>For changes leading up to OpenBSD 2.4, click here</a>.
! 258: <br>
! 259: <a href=plus25.html>For changes leading up to OpenBSD 2.5, click here</a>.
! 260: <br>
! 261: <a href=plus.html>For changes in OpenBSD-current, click here</a>.
! 262: <br>
! 263: </h3>
! 264:
! 265: <hr>
! 266: <a href="index.html"><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a>
! 267: <a href=mailto:www@openbsd.org>www@openbsd.org</a>
! 268: <br><small>$OpenBSD: plus.html,v 1.423 1999/04/21 09:09:25 deraadt Exp $</small>
! 269:
! 270: </body>
! 271: </html>