Annotation of www/plus21.html, Revision 1.77
1.65 bentley 1: <!doctype html>
2: <html lang=en id=plus>
3: <meta charset=utf-8>
1.57 tj 4: <title>OpenBSD 2.1 Changelog</title>
1.42 schwarze 5: <meta name="description" content="OpenBSD 2.1 changes">
1.56 deraadt 6: <meta name="viewport" content="width=device-width, initial-scale=1">
7: <link rel="stylesheet" type="text/css" href="openbsd.css">
1.59 tb 8: <link rel="canonical" href="https://www.openbsd.org/plus21.html">
1.65 bentley 9: <style>
10: strong {
11: color: var(--red);
12: }
1.1 deraadt 13:
1.65 bentley 14: h3 {
15: color: var(--blue);
16: }
1.1 deraadt 17:
1.65 bentley 18: p strong {
19: font-weight: normal;
20: }
21: </style>
22:
23: <h2 id=OpenBSD>
1.56 deraadt 24: <a href="index.html">
1.65 bentley 25: <i>Open</i><b>BSD</b></a>
26: 2.1 Changelog
1.57 tj 27: </h2>
1.17 naddy 28: <hr>
1.1 deraadt 29:
30: <p>
31: This is a partial list of the major machine independent changes
1.35 sobrado 32: (i.e., these are the changes people ask about most often). Machine
1.1 deraadt 33: specific changes have also been made, and are sometimes mentioned
1.35 sobrado 34: in the pages for the specific <a href=plat.html>platforms</a> if you
1.1 deraadt 35: are interested in further port-specific details. Many ports
36: have had architecture-specific enhancements relative to NetBSD,
37: but when they do not they certainly have plenty of platform-independent
38: changes, starting with those listed below..
39:
40: <p>
1.65 bentley 41: Note: <strong>Problems for which patches exist are marked in red</strong>.
1.1 deraadt 42:
43: <p>
1.16 deraadt 44: For changes in other releases, click below:<br>
45: <a href="plus20.html">2.0</a>,
46: <a href="plus22.html">2.2</a>,
47: <a href="plus23.html">2.3</a>,
48: <a href="plus24.html">2.4</a>,
49: <a href="plus25.html">2.5</a>,
50: <a href="plus26.html">2.6</a>,
51: <a href="plus27.html">2.7</a>,
52: <a href="plus28.html">2.8</a>,
53: <a href="plus29.html">2.9</a>,
54: <a href="plus30.html">3.0</a>,
55: <a href="plus31.html">3.1</a>,
56: <a href="plus32.html">3.2</a>,
1.18 deraadt 57: <a href="plus33.html">3.3</a>,
1.19 david 58: <a href="plus34.html">3.4</a>,
1.22 deraadt 59: <a href="plus35.html">3.5</a>,
1.23 miod 60: <a href="plus36.html">3.6</a>,
1.48 deraadt 61: <a href="plus37.html">3.7</a>,
1.34 deraadt 62: <br>
1.26 deraadt 63: <a href="plus38.html">3.8</a>,
1.28 deraadt 64: <a href="plus39.html">3.9</a>,
1.29 deraadt 65: <a href="plus40.html">4.0</a>,
1.30 deraadt 66: <a href="plus41.html">4.1</a>,
1.31 deraadt 67: <a href="plus42.html">4.2</a>,
1.33 deraadt 68: <a href="plus43.html">4.3</a>,
1.34 deraadt 69: <a href="plus44.html">4.4</a>,
1.36 deraadt 70: <a href="plus45.html">4.5</a>,
1.37 deraadt 71: <a href="plus46.html">4.6</a>,
1.38 deraadt 72: <a href="plus47.html">4.7</a>,
1.39 deraadt 73: <a href="plus48.html">4.8</a>,
1.40 deraadt 74: <a href="plus49.html">4.9</a>,
1.41 nick 75: <a href="plus50.html">5.0</a>,
1.42 schwarze 76: <a href="plus51.html">5.1</a>,
1.43 nick 77: <a href="plus52.html">5.2</a>,
1.44 deraadt 78: <a href="plus53.html">5.3</a>,
1.45 deraadt 79: <a href="plus54.html">5.4</a>,
1.46 deraadt 80: <br>
1.48 deraadt 81: <a href="plus55.html">5.5</a>,
1.50 brett 82: <a href="plus56.html">5.6</a>,
1.51 deraadt 83: <a href="plus57.html">5.7</a>,
1.54 deraadt 84: <a href="plus58.html">5.8</a>,
1.55 deraadt 85: <a href="plus59.html">5.9</a>,
1.58 deraadt 86: <a href="plus60.html">6.0</a>,
1.60 deraadt 87: <a href="plus61.html">6.1</a>,
1.61 deraadt 88: <a href="plus62.html">6.2</a>,
1.62 deraadt 89: <a href="plus63.html">6.3</a>,
1.63 deraadt 90: <a href="plus64.html">6.4</a>,
1.64 pamela 91: <a href="plus65.html">6.5</a>,
1.67 pamela 92: <a href="plus66.html">6.6</a>,
1.68 deraadt 93: <a href="plus67.html">6.7</a>,
1.70 pamela 94: <a href="plus68.html">6.8</a>,
95: <a href="plus69.html">6.9</a>,
1.71 deraadt 96: <a href="plus70.html">7.0</a>,
1.72 deraadt 97: <a href="plus71.html">7.1</a>,
1.74 deraadt 98: <br>
1.73 deraadt 99: <a href="plus72.html">7.2</a>,
1.75 tj 100: <a href="plus73.html">7.3</a>,
1.76 tj 101: <a href="plus74.html">7.4</a>,
1.77 ! tj 102: <a href="plus75.html">7.5</a>,
1.16 deraadt 103: <a href="plus.html">current</a>.
1.1 deraadt 104: <br>
105:
1.49 deraadt 106: <p>
1.65 bentley 107: <h3>Changes made between OpenBSD 2.0 and 2.1</h3>
1.49 deraadt 108: <p>
1.1 deraadt 109:
110: <ul>
111: <li>Fix keyboard and delay timing in i386 bootfloppy bootblocks. Whee!
112: <li>Added gzip and cdrom support to the sparc and alpha bootblocks.
113: <li>Support crunch on arc (for bootable installs).
114: <li>Repaired install stuff for most architectures significantly, improving ftp/http installs, single bootable install floppies, and in some cases CDROM booting. Most floppies contain vi, too.
115: <li>The vnd(4) device has a new safer mode of operation called svnd where you can trust a disk-image right after it's unmounted, i.e. cache-coherency.
116: <li>sleep(3) and usleep(3) now call nanosleep(2) for significantly less overhead.
117: <li>GNU Groff 1.10 with (improved) Makefile wrapper.
118: <li>A bit more man page cleanup starting to happen...
1.21 deraadt 119: <li>Split rc.local, creating rc.securelevel. (Securelevels look like a worse and worse idea every month.)
1.1 deraadt 120: <li>newfs_msdos(8) can has enough brains to find the partition size itself.
121: <li>Significantly improved the unpredictability of the DNS packet id's in the resolver and named.
122: <li>libpthread works on the m68k.
123: <li>Support for PCI NE2000 clones.
124: <li>Some more userland 64 bit fixes.
1.5 rohee 125: <li>Unify naming of architecture names between gcc & binutils.
1.1 deraadt 126: <li>Signal handling fix to crontab(1).
127: <li>Various fixes to the YP utilities.
128: <li>Support extended partitions in fdisk(8).
129: <li>Support /etc/rc.shutdown from halt(8).
130: <li>PCI aic7860 scsi support improved.
131: <li>Support .group entries in /etc/passwd.conf
132: <li>Repair some bugs in mail(1), especially regarding signal handling.
1.5 rohee 133: <li>Always skip the first 8KB of all swap partitions (hint: disklabels & bootblocks)
1.1 deraadt 134: <li>The df(1) utility now has a human-readable "-h" option.
135: <li>For the first time ever, an obj@ populated /usr/src tree compiles cleanly when mounted read-only.
136: <li>Various man page fixes.
137: <li>NAT now gets started from /etc/netstart.
138: <li>Fix AFS string-to-key handling in kerberos.
139: <li>Correct DEV_BSIZE and lp->d_secsize confusion throughout the source tree. CD9660 is much happier now.
140: <li>Use in_addr_t and in_port_t all over the place.
141: <li>For config(8), if any kernel options get added/deleted/changed since the previous commit, warn that the compile tree needs 'make clean'.
1.25 david 142: <li>Make real i386 CPUs work again. In case no one noticed, they didn't work for about 5 months. The bug was very hard to find...
1.1 deraadt 143: <li>Once again, really correct the various source routing pieces of the userland source tree.
144: <li>A whole bunch of 64 bit fixes in the source tree (hint: alpha).
145: <li>Fix patch to honour Index lines better.
146: <li>Solve a few resolver problems after the recent 4.9.5-P1 integration, not all our fault.
147: <li>Use 10 X characters in many remaining mktemp() calls which are hard to excise.
148: <li>getnetent() and friends now work a lot more like gethostent().
149: <li>More buffer overflows, but none in sensitive programs.
1.66 deraadt 150: <li>Fixed some more mktemp races (sigh, will this ever end!)
1.1 deraadt 151: <li>Add support for YP v1 to ypserv.
1.5 rohee 152: <li>Add md5 & blowfish passwd support to adduser(8).
1.1 deraadt 153: <li>Numerous more pax/tar fixes.
154: <li>Add ./.message support to ftpd
155: <li>16 partition support for the alpha port.
156: <li>cvs 1.9.6
157: <li>64 bit clean in.rarpd.
158: <li>Change mail.local -H behaviour slightly, and convince mail(1) to use it for correct locking!
159: <li>New termcap and terminfo database files.
160: <li>Be more careful about modes of lost+found directories.
161: <li>Implement NOFILE_MAX--hard limit on max descriptors per process.
162: <li>gcc no longer defines -D__NetBSD__, only -D__OpenBSD__ now!
163: <li>sysctl kern.osrevision gives OpenBSD date.
164: <li>A few ypbind fixes.
165: <li>Fixes to fts(3).
166: <li>ddb improvements for 64 bit machines.
167: <li>The NE2000 if_ed driver now works on the alpha, too.
168: <li>Various atm fixes.
169: <li>Support for "secure" YP password maps.
170: <li>Substantial changes and fixes to the scsi scanner support.
171: <li>noaccesstime option for filesystems (saves batteries on laptops)
172: <li>Bye bye tahoe bits.
173: <li>pccon(1) to control the pccons driver.
174: <li>Merged changes from at 2.9 into our own at.
175: <li>Fix pcmcia on the i386.
176: <li>ipsecadm as an initial cut at controlling IPSEC sessions.
177: <li>Various fixes to the fsck tools.
178: <li>Let fsck and fsirand automatically work on very large filesystems.
179: <li>Numerous improvements to pax, including full support for cpio and a lot of fixes to tar mode.
180: <li>Import of libwrap and tcpd (tcp wrappers).
181: <li>Import of the mvme88k kernel port.
182: <li>Add support for FreeBSD md5 to /etc/passwd.conf.
183: <li>BIND 4.9.5-P1.
184: <li>deroff(1) 1.0 from Debian (a Linux).
1.32 tobias 185: <li>settimeofday(2) won't roll back the date if securelevel > 0 (from lite2).
1.1 deraadt 186: <li>newfs(8) now has an inline fsirand(8) with no noticable speed decrease.
187: <li>Replace which(1) with a C program.
188: <li>libg++ pulls in libcurses automatically.
189: <li>Fix weak symbol support in ld.
190: <li>cvs 1.9.2
191: <li>IPSEC package from John Ioannidis and Angelos D. Keromytis.
1.66 deraadt 192: <li>Working kadmind for kerberosIV.
1.1 deraadt 193: <li>Add support for /etc/passwd.conf which controls the format and strength of passwd entries for the next time a user changes their password. These options can be set per-user.
1.65 bentley 194: <li>New scalable BLOWFISH-based crypt algorithm for passwd file entries. It uses a very large strong-random 'salt' and the number of rotor runs is configurable. Hence if you have faster machines you can slow the crypt routine down and make harder keys.
1.1 deraadt 195: <li>fix some more memory and file descriptor leaks in libc/rpc
196: <li>Fix so that stack limits which are not a multiple of the pagesize work.
197: <li>Fix a few netinet kernel crash problems.
1.5 rohee 198: <li>Fix pax & tar to be POSIX compliant.
1.1 deraadt 199: <li>add RPC service name generation to netstat -a
200: <li>Make dd(1) work fine with our 64-bit off_t types, now you can copy very large disks using it.
201: <li>Improved NFS filehandle creation.
1.66 deraadt 202: <li>Use lots more XXXX characters in calls to the few remaining mktemp() calls in the source tree. This cuts out a whole class of races.
1.1 deraadt 203: <li>IPF 3.1.7 which includes fully working NAT support (ie. IP masquerading).
204: <li>The <a href="hp300.html">hp300</a> joins many other ports in supporting 16 disk partitions.
1.66 deraadt 205: <li>Have libc/rpc save you from yourself if you do enable source routing.
1.1 deraadt 206: <li>Change mktemp(3) and family to generate more random filenames, yet still as collision free as possible.
207: <li>Merge new ftp(1) changes from NetBSD.
208: <li>Add cdev and partition support to the ramdisk driver.
209: <li>New wgrisc port for Willowglen embedded r3081-based machine with ISA slots.
210: <li>Support for gzip'd kernels in some bootblocks.
211: <li>Be more careful if some fool decides to enable source routing ;-)
212: <li>Added RFC-1812 ICMP unreachable codes to ip_icmp.h, traceroute, and ping.
213: <li>/sbin/dump -a saves you from needing to deal with finicky tape length options (from FreeBSD)
214: <li>config.old(8) has been removed from the tree, as the <a href="hp300.html"> hp300</a> port switches to config(8).
215: <li>A SA_SIGINFO implementation for sigaction() and signal handlers. This is a small part of POSIX 1003.1b and permits the signal handler to figure out the exact cause of a signal; such as fault address information for SIGSEGV or more detailed information for SIGFPE.
1.2 deraadt 216: <li>The <a href="alpha.html">Alpha</a> port and all its utilities now compiles using in-tree versions of all tools. Yipee!
1.1 deraadt 217: <li>amd (the automounter) is now 64-bit and working on the alpha.
218: <li>Changed netinet IP_HDRINCL option to require ip_len and ip_off in network byte order. This is a compatibility/portability fix and we expect other BSD systems to eventually follow suit.
1.32 tobias 219: <li>Bug fixed that prevented bufpages/nbuf > 1 setups. This allows large buffer caches even when available kvm space is low, like for i386 & sparc.
1.1 deraadt 220: <li>Some ypbind(8) tightening up, includes a method to specify a list of valid servers
1.27 miod 221: <li>Completely in-tree <a href="powerpc.html">PowerPC</a> port for non-Apple hardware. This port requires nothing outside the in-tree development environment to build (except mkisofs for building distributions).
1.1 deraadt 222: <li>A working fsirand.
223: <li>More kerberosIV security patches.
224: <li>Repair many uses of the SIOCGIFCONF code for machines with an outrageous number of network interfaces.
225: <li>pax in tar mode will understand multiple -v options to generate ls-like output.
226: <li>Prevent stat() from disclosing inode generation numbers to non-root userland.
227: <li>various adjtime() corrections inside the kernel.
228: <li>No buffer lengths in fmt(1).
229: <li>Support lchown(2) in dump(8), cp(1), pax(1), cpio(1), chown(8), and restore(8).
230: <li>New gnu cpio 2.4.2
231: <li>Added lchown(2) for compatibility with SVR4 implementations.
232: <li>Sendmail upgraded to version 8.8.5.
233: <li>Upgrade of awk(1), integration of BSD tsort(1), getopt fixes.
234: <li>Support for the <a href="hp300.html">hp300</a> added.
235: <li>Fix a fairly nasty security hole in all of the games.
236: <li>new aucat command.
237: <li>libcrypt goes away. We do not need this stub library anymore. Do not link against it on OpenBSD, all the pieces you need are in libc.
238: <li>ppp 2.3b3
239: <li>Permit building of kernels without a.out support.
240: <li>Properly use _POSIX_SAVED_IDS throughout the source tree.
241: <li>Import of the powerpc port.
242: <li>Change the games to be run setgid games, not setuid games. This closes a whole slew of fascinating security holes.
243: <li>Add disklabels to the vnd device driver.
244: <li>Properly split fsck, mount, and newfs into multiple pieces. Use disklabel information if it is available.
245: <li>Permit NFS attribute cache to be configured on a per-mount basis.
246: <li>Add XCASE/IUCLC/OLCUC/OCRNL/ONOCR/ONLRET tty subsystem flags for backwards compatibility.
247: <li>Repair some more KerberosIV buffer overflows. Hard to believe this is supposed to be security software.
248: <li>f77 0.5.19
249: <li>texinfo 3.9
250: <li>sendmail 8.8.4
251: <li>Fix a few setgroups() related security holes.
252: <li>Add NetBSD's "route show" implementation, and at the same time fix the new buffer overflows that this provided.
253: <li>Fix information gathering attack in ping(8).
254: <li>tcpdump 3.3
255: <li>If disklabel reading code discovers an ISOFS filesystem underlying, spoof a nice disklabel (enough to fool mountroot).
256: <li>At boottime, have (*mountroot)() look at the root device's disklabel to determine which filesystem type is to be mounted.
257: <li>Add disklabels to the floppy device drivers.
258: <li>Multiple updates for GNU software
259: <li>Hundreds of little fixes all over the place.
260: <li>Some YP and bootparamd security changes.
261: <li>Add FreeBSD md5 diffs to mtree(8). This can be used to implement a tripwire-like system.
262: <li>GNU gdb works on the mips-based platforms.
263: <li>Imported FreeBSD's calendar.
264: <li>Increased compatibility in the pccons driver with BSDi features.
265: <li>Added -C option to pax/tar. Also made -z support compressed files too.
266: <li>Prevent generic users from mounting filesystems by default.
267: <li>Use pdksh as our /bin/sh. This provides excellent POSIX compliance.
268: <li>Numerous small security fixes again...
269: <li>com driver is now bus-independent.
270: <li>lpt driver is now bus-independent.
1.66 deraadt 271: <li>The Arc port family has a new member: The rPC44 works!
1.1 deraadt 272: <li>New bsd.*.mk feature: DEBUG=-g. Try it, you'll like it.
273: <li>pdksh version is now 5.2.11
1.10 jsyn 274: <li>Make login get more consistently upset about failed logins, and tell user about these failures at the next successful login.
1.1 deraadt 275: <li>Memory leak paranoia in cron.
276: <li>Numerous more difficult-to-exploit-but-possible-if-someone-really-wanted-to buffer overflows found in system utilities..
277: <li>Various repairs to the scsi scanner support.
278: <li>Import of ctm.
279: <li>Integration of the pmax port.
280: <li>Beware $HOME overflows throughout the source tree.
281: <li>OLF binary type added. This is like ELF, but includes an OS-dependent tag. elf2olf(1) converts an elf binary to a tagged OLF binary which the kernel can recognize correctly.
282: <li>In numerous utilities: prefer $LOGNAME, but also accept $USER.
283: <li>The NIST suite showed numerous errors in libraries and the kernel. Only a few small errors remain now, mostly regarding serial ports.
284: <li>More ftpd raging paranoia security fixes.
285: <li>Numerous fixes to the lpr suite, including security.
1.10 jsyn 286: <li>Crank kvm space on the i386 port, also limit buffer cache usage so that 512MB machines may work (untested :-)
1.1 deraadt 287: <li>GPL i387 emulator added.
288: <li>Skey revamped into full OTP (RFC1938) support, including sha1 and md5 support.
289: <li>Add stack tracebacks to Arc port's kernel debugger.
290: <li>The /dev/*random devices are now default on all architectures.
291: <li>A number of security fixes to the way coredumping works.
292: <li>upgrade to CVS version 1.9.
293: <li>The NIST Posix test suite became free. As a result we have been correcting numerous problems in the source tree, and expect to be completely POSIX compliant very soon.
294: </ul>
![[BACK]](/icons/back.gif){kind=icon}
Return to plus21.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www