Annotation of www/plus23.html, Revision 1.28
1.23 naddy 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1.1 deraadt 2: <html>
3: <head>
4: <title>OpenBSD 2.3 changes</title>
1.23 naddy 5: <link rev=made href="mailto:www@openbsd.org">
1.1 deraadt 6: <meta name="resource-type" content="document">
7: <meta name="description" content="the main OpenBSD page">
8: <meta name="keywords" content="openbsd,main">
9: <meta name="distribution" content="global">
10: <meta name="copyright" content="This document copyright 1996 by OpenBSD.">
11: </head>
12:
1.27 david 13: <body bgcolor="#ffffff" text="#000000" link="#23238E">
1.1 deraadt 14:
1.19 jsyn 15: <a href="index.html"><img alt="[OpenBSD]" height="30" width="141" src="images/smalltitle.gif" border="0"></a>
1.1 deraadt 16: <p>
1.23 naddy 17: <h2><font color="#e00000">Changes made between OpenBSD 2.2 and OpenBSD 2.3</font></h2>
18: <hr>
1.1 deraadt 19:
20: <p>
21: This is a partial list of the major machine independent changes
22: (ie. these are the changes people ask about most often). Port
23: specific changes have also been made, and are sometimes mentioned
24: in the pages for the specific <a href=plat.html>ports</a> if you
25: are interested in further port-specific details. Many ports
26: have had architecture-specific enhancements relative to NetBSD,
27: but when they do not they certainly have plenty of platform-independent
28: changes, starting with those listed below..
29:
30: <p>
1.23 naddy 31: Note: <font color="#e00000">Problems for which patches exist are marked in red</font>.
1.1 deraadt 32:
33: <p>
34: <h3>
1.21 deraadt 35: For changes in other releases, click below:<br>
36: <a href="plus20.html">2.0</a>,
37: <a href="plus21.html">2.1</a>,
38: <a href="plus22.html">2.2</a>,
39: <a href="plus24.html">2.4</a>,
40: <a href="plus25.html">2.5</a>,
41: <a href="plus26.html">2.6</a>,
42: <a href="plus27.html">2.7</a>,
43: <a href="plus28.html">2.8</a>,
44: <a href="plus29.html">2.9</a>,
45: <a href="plus30.html">3.0</a>,
46: <a href="plus31.html">3.1</a>,
47: <a href="plus32.html">3.2</a>,
1.24 deraadt 48: <a href="plus33.html">3.3</a>,
1.26 david 49: <a href="plus34.html">3.4</a>,
1.21 deraadt 50: <a href="plus.html">current</a>.
1.1 deraadt 51: <br>
52: </h3>
53:
54: <hr>
55:
1.23 naddy 56: <h3><font color="#0000e0">OpenBSD 2.3 released (May 19, 1998).</font></h3><p>
1.1 deraadt 57: <ul>
1.23 naddy 58: <li><font color="#e00000"><strong>A security problem due to buffer mismanagement exists in lprm(1). <a href="errata22.html#rmjob">A patch exists</a></strong></font>.
59: <li><font color="#e00000"><strong>A security problem due to a buffer overflow exists in uucpd(8) (which is not enabled by default in our releases). <a href="errata22.html#uucpd">A patch exists</a></strong></font>.
1.1 deraadt 60: <li>On the i386, fix installboot(8) so it works reliably on various filesystem layouts that did not work before.
61: <li>Support lots of file descriptors in named(8), for when many virtual interfaces exist.
62: <li>Fix installboot(8) on the sparc Sun4 models.
63: <li>In disklabel(8)'s <strong>-E</strong> mode, set the bootblock sizes so that the hp300 install does not freak out.
64: <li>In mktemp(3), repair a bug in the filename incrementing loop.
65: <li>Various other install script fixes.
66: <li>Fix /etc/fbtab handling in init(8).
67: <li>Make disklabel(8) mentions IDE (which is an alias for ESDI).
68: <li>For the i386, have the install procedure ask if the xf86 driver should be enabled by default.
1.8 rohee 69: <li>Make install procedure prompt & set the initial root password.
1.1 deraadt 70: <li>When root logs in for the first time, let him find that he has an interesting piece of mail about how the system works.
71: <li>Fix ipsec encap notifies.
1.25 deraadt 72: <li>Configure xdm(1) and the fwvm window manager sensibly enough for default users to not feel utterly lost.
1.1 deraadt 73: <li>Fix 'u'ndo support in disklabel(8)'s <strong>-E</strong> mode, and also add a new 'r' command.
74: <li>Repair the pkg_add(1) sufficiently for the 2.3 release...
75: <li>Fix a race condition in unmount(2).
76: <li>Add support for the XR16850 serial chip (128 byte fifos).
77: <li>mkisofs 1.11.2
78: <li>Disable console ddb by default. sysctl can re-enable it.
79: <li>Fix backtraces in gdb on m68k platforms.
80: <li>Support 3c905B (well, actually, our support falls over. We need a card to do further work).
81: <li>Modify i386 PS/2 driver to be read/write; this permits new XFree86 source to put mice into advanced modes of operation.
82: <li>Remove KTH Kerberos "eavesdropping" message from telnet(1) and telnetd(8).
83: <li>Fix bug oflow in ping(8) <strong>-R</strong> option.
84: <li>In tar(1), only preserve the uid/gid if the <strong>-p</strong> flag is given.
85: <li>sudo version 1.5.5
86: <li>Do not prepend /usr/local/bin to the PATH in zdiff(1), zforce(1), zgrep(1), zmore(1), znew(1), or rcsfreeze(1).
87: <li>Fix DNS fake-iquery bug.
88: <li>In the <strong>le</strong> ethernet driver, if the detected ethernet address is ff:ff:ff:ff:ff ... fail.
89: <li>Fixes for various (minor) Y2K problems.
90: <li>Switch a.out ports in the tree (sparc, m68k, i386) to use the newer version of gdb that is part of the binutils tree.
91: <li>Significantly improve the system install scripts.
92: <li>Add disklabel spoofing to the hp300 port.
93: <li>Add xlockmore(1) to the X11 tree.
94: <li>Fix <strong>ru_majflt</strong> counting in the VM system.
95: <li>Add AFS token fetching capability to various parts of the source tree.
96: <li>In login(1), handle cleanup of environment variables correctly.
97: <li>In ftp(1), for HTTP requests pass the hostname so that virtual hosts work.
98: <li>In utimes(2) and futimes(2), handle <strong>tv_sec</strong> values of -1 more carefully, as they are really illegal cases.
99: <li>Import <strong>kx</strong> into our X11 source tree.
100: <li>Add a <strong>SIOCGIFDATA</strong> ifreq-style ioctl which will get the ifdata informational structure attached to each interface.
101: <li>Add httpd(8) to the OpenBSD tree. It is apache 1.2.6.
102: <li>Import <strong>xpm</strong> into our X11 source tree.
103: <li>Support QLogic PCI scsi controllers (at least on the i386).
1.4 deraadt 104: <li>Fix rmd160(3) (and also the IPSEC algorithm) to properly handle data beyond its block boundary.
1.1 deraadt 105: <li>Emulate SunOS <strong>otimes(2)</strong> system call so that Netscape doesn't explode.
106: <li>Fix rarpd(8) interaction with routed(8); too much routing information would pile up un-read on the AF_ROUTE socket and rarpd(8) would get too grumpy.
107: <li>Remove libtelnet.so.* from the distribution. People compiling kerberos into their system were generating significantly different shared libraries; thus it is wrong to make this a shared library.
1.16 jsyn 108: <li>Make edquota(8) handle numeric names as uids only after checking that an account named so does not exist.
1.1 deraadt 109: <li>Add UID_MAX and GID_MAX to <machine/limits.h> on each architecture.
110: <li>Fix ch(4) operation on ncr(4) scsi controllers.
111: <li>On the sparc, switch to an alternate font if the console is < 800*600 resolution.
112: <li>Add ISAPNP driver for the 3c509 cards.
113: <li>Change <strong>SIOCGIFNETMASK</strong>, <strong>SIOCGIFDSTADDR</strong>, and <strong>SIOCGIFBRDADDR</strong> to return information for named/addressed mappings rather than simply named mappings, so that these calls can work on interface aliases.
114: <li>Add (complete?) support for KerberosIV to our X11R6.
115: <li>In mktemp(1), document why this should be used for temporary filename generation.
116: <li>In telnet(1), fix connecting to IP addresses; this was recently broken by the new KTH kerberos telnet integration.
117: <li>Make <strong>-R path</strong> work a well as <strong>-Rpath</strong> in cc(1).
118: <li>In the ksh(1) manpage, clarify the behaviour of the <strong>CDPATH</strong> variable.
119: <li>Add support for more PCI NE2000 cards.
120: <li>Make <strong>%Y</strong> override an earlier <strong>%y</strong> in strptime(3).
121: <li>Add support for <strong>atalk</strong> to ifconfig(8).
122: <li>Make the functions described in ethers(3) more careful.
123: <li>Fix support for VFS loadable kernel modules.
124: <li>In get*ent() family of routines in libc, use fgetln(3) instead of fgets(3) so that parsing of overly long lines is more correct.
125: <li>Add options(4). This manpage describes what all the kernel options do. If you spot an error in it, notify us immediately.
126: <li>In strptime(3), make <strong>%C</strong> influence <strong>%y</strong> regardless of ordering.
127: <li>Fix a NULL deference bug in make(1) when using the <strong>-j</strong> flag.
128: <li>Fix <strong>%m</strong>, <strong>%I</strong>, <strong>%S</strong>, <strong>%y</strong>, <strong>%C</strong>, and <strong>%j</strong> conversions in strptime(3).
1.9 wvdputte 129: <li>Merge Kirk McKusick's <a href="faq/faq14.html#14.5">soft update</a> code. This code is still experimental and under a non-commercial license. It will be included in the next release as an optional compile flag; we cannot ship it enabled by default.
1.1 deraadt 130: <li>Flesh out the man pages and explain the security problems behind mktemp(3) and other similar functions, plus explain how to handle these problems better.
131: <li>Fully working KerberosIV encryption in telnet(1) and telnetd(8).
132: <li>Fixes to a few more games.
133: <li>CVS version 1.9.26
134: <li>Fix mktemp(3) problems in two more YP tools.
135: <li>Fix an interaction bug in inetd(8) due to SIGPIPE blocking; caused a bad effect in rlogind(8) or other inetd(8) children.
136: <li>Configure cc(1) to pass the <strong>-R</strong> flag on to ld(1).
137: <li>Add lynx 2.8 to the system.
138: <li>Add support for 82553 and 82555B PHY in the fxp driver.
139: <li>Fix tmpfile(3) to fchown() the file after unlink() (taking umask() into consideration, too). This is required by standards.
140: <li>Fix vnd and ccd drivers to work properly with soft updates.
141: <li>Fix a crash case in compress(1).
142: <li>Add <strong>-s</strong> and <strong>-c</strong> options to last(1).
143: <li>Add support for <strong>-s section</strong> and <strong>-S subsection</strong> to man(1).
144: <li>Change the configuration of man(1) so that man4 is read much later; this makes it easier to see pages in man8 with similar names.
145: <li>Fix KerberosIV password changing.
146: <li>On the sparc, support 128KB lebuffer devices.
147: <li>On the sparc, print hotfix information at the right place in the dmesg log.
148: <li>Fix passwd(1) so that YP passwords do not get edited in the local password file.
149: <li>Significant efforts made at fleshing out the device driver man page tree better.
150: <li>Upgrade to gcc 2.8.1
151: <li>Rename 2.2 to 2.3 tree-wide, for the upcoming release.
152: <li>Improve IPSEC performance.
153: <li>Add many new machine-dependent man4 man pages.
154: <li>XFree86 3.3.2 is now in our X11 source tree.
155: <li>Add another missing ntohl() in ipnat(8).
156: <li>Use a p_os field to sub-divide operating system emulation capabilities (like for SVR4 binaries).
157: <li>Spend almost a week finding and fixing minor goobers discovered by gcc 2.8 throughout the source tree.
158: <li>Fix syslog(3) sockaddr initialization.
159: <li>Add support for <strong>TIOCM*</strong> family of ioctl(2) values to the sparc serial driver.
160: <li>New photurisd(8) that complies with <strong>draft-simpson-photuris-18.txt</strong>.
161: <li>Fix a race bug in mkstemp(3) itself that would make mkstemp(3) have occasionally fail strangely.
162: <li>Fix a few more mktemp(3) problems in f77 libraries, and other assorted GNU software.
163: <li>Upgrade to gcc 2.8.0
164: <li>Upgrade to libg++ 2.8.0
165: <li>Make ping(8) work with very large packet sizes on all types of interfaces.
166: <li>Correct behaviour <strong>-x</strong> and <strong>-p</strong> flags in tar(1) to be traditional.
167: <li>Remove one of the two copies of math.h in the source tree.
168: <li>Improve blowfish performance by a factor of 2, and hence increase the rounds by 1 in passwd.conf.
169: <li>Handle unknown hostnames in mountd(8) better.
170: <li>Inside the kernel, change struct file's members f_count and f_msgcount to longs, and then add checking for overflows as well.
171: <li>Add XDM-AUTHORIZATION to X11.
172: <li>In old gas, move to late resolution of symbols because gcc 2.8 will require this.
173: <li>Fix a configuration file parsing bug in ipf(8).
174: <li>In libpcap and tcpdump, use our system ethers(5) parsing routines.
175: <li>Make <strong>netstat -r</strong> report better information about non-standard netmasks.
176: <li>Fix some bugs in the 3c[59]xx device driver.
1.23 naddy 177: <li><font color="#e00000"><strong>The 3rd revision of the patch for the mmap() security problem is available, and <a href="errata22.html#mmap">has been placed on top of the 2nd revision</a></strong></font>.
1.1 deraadt 178: <li>Add a command to ddb that reports out the extent tables.
179: <li>Add a clarifying statement to all the Kerberos code that explains how it came to be that this code was released from the USA's crypto stranglehold.
180: <li>In the RPC code, ensure that __svc_fdsetsize is always manipulated as a bitcount.
181: <li>Clarify crypt(3) manpage as to how many characters each transform actually considers in its calculation.
182: <li>Do not permit TCP connections to any of the broadcast addresses.
183: <li>Do not let a user set their password to "s/key".
184: <li>Permit the disabling of skey system-wide.
185: <li>Convert the xdr(3) and rpc(3) manpages to mandoc format.
186: <li>In mail.local(8), document how to use quotas on a mail spool.
187: <li>Add <strong>-p</strong> option to uname(1), to display detailed CPU information.
188: <li>Support for the ST16650 32-byte FIFO uart.
189: <li>Do not copy from off the end of an nfs boot mbuf.
190: <li>Some more repair in the games.
191: <li>Support <strong>-rpath dir</strong>, <strong>-shared</strong>, <strong>-soname</strong>, <strong>--whole-archive</strong>, and <strong>--no-whole-archive</strong> in the old ld used on many of our platforms.
192: <li>CVS version 1.9.24
193: <li>For OLF/ELF binaries, remember the OS tag in execve(), so that emulation code can reference it later.
194: <li>Make the kernel compile properly (with full warnings) under gcc 2.8.
1.23 naddy 195: <li><font color="#e00000"><strong>Do not permit a read+write mmap() operation on a read-only file descriptor open on a device. This is a security problem in OpenBSD 2.2, and is <a href="errata22.html#mmap"> described and fixed with a patch</a></strong></font>.
1.1 deraadt 196: <li>Rename /etc/nat.rules to /etc/ipnat.rules.
197: <li>Add kerberos kauthd(8).
1.15 pvalchev 198: <li>On the i386, move XFree86 aperture driver into the kernel. The new sysctl(8) variable <strong>machdep.allowaperture</strong> decides if this driver is active or not. (This variable can only be modified at high securelevel).
1.1 deraadt 199: <li>Remove the ftp(1) `stdout redirection' hack and replace it with a <strong>-o filename</strong> option (which also understands a filename of "-" to mean stdout).
200: <li>Pull in all the NetBSD changes to the old version of gas over the last year or so.
201: <li>Fix two bugs in adduser(8).
202: <li>Change chflags(2) and fchflags(2) to take a u_int for the second parameter.
1.23 naddy 203: <li><a href="ftp://ftp.openbsd.org/pub/OpenBSD/tools/openbsdpower.gif">New fancy OpenBSD logo for your use</a>.
1.1 deraadt 204: <li>Add XPG4 <strong>-r</strong> option to du(1).
205: <li>Support <strong>-[width]</strong> option in fmt(1).
206: <li>New quirk for another Archive VIPER scsi tape drive.
207: <li>Fix another signal handler bug in mail(1).
1.23 naddy 208: <li><font color="#e00000"><strong>The mac68k 2.2 CD release had a few problems. These problems have been resolved in the FTP release. <a href="errata22.html#mac68k">For more details...</a></strong></font>
1.1 deraadt 209: <li>Make lpd(8) use keepalives so that it can detect dead network printers.
210: <li>Support the WINBOND pci ethernet cards.
211: <li>Fixed "%c" in strftime(3).
212: <li>Various fixes to some of the games, ie. rain, worms, wump.
213: <li>If <strong>link0</strong> is set on a loopback interface (ie. lo1) make the address/netmask sets on it make supernets instead of subnets.
1.4 deraadt 214: <li>Place separate so_ruid and so_euid fields in struct socket, so that in_pcb.c can still do its job, but also so that identd(8) can be fast and return the proper uid.
1.23 naddy 215: <li><font color="#e00000"><strong>In the sparc 2.2 release, the SS4/SS5 kernel was not very reliable. <a href="errata22.html#sparciommu">A simple reliability patch is now available</a></strong></font>.
1.1 deraadt 216: <li>Fix a map corruption bug in ypxfr(8).
217: <li>Make stty(1) recognize STRIPDISC.
218: <li>In compress(1), if the st_flags is 0, do not attempt a chflags(2) call.
1.23 naddy 219: <li><font color="#e00000"><strong>Make ruserok() significantly more paranoid when parsing the .rhosts file. This along with another issue is a security problem in OpenBSD 2.2, and is <a href="errata22.html#ruserok"> described and fixed with a patch</a></strong></font>.
1.1 deraadt 220: <li>raise IPPORT_USERRESERVED significantly. Random port numbers will now look much more random than they did before.
221: <li>New <strong>-a logdev</strong> argument for syslogd(8), useful for setting up additional /dev/log devices in various chroot spaces.
222: <li>Permit restore(8) to work on a filesystem that has a basic blocksize smaller than the blocksize of the filesystem that was dumped.
223: <li>Make MIPS ldconfig emulate the <strong>-m</strong> flag better.
224: <li>The web pages now have a new section on <a href=security.html> security advisories</a>.
225: <li>New compat_ibcs2(8) manpage.
226: <li>Fix rarpd(8) to work properly in the presence of massive routing traffic.
227: <li>A start at full lint library support.
228: <li>smtpd(8) integration spiffied up. Everything you need is now in the system.
229: <li>Emulate that disgusting linux connect() braindamage even better.
230: <li>Fix some bugs in vacation(1).
231: <li>Fix /etc/yp/domainname support in ypbind(8).
1.23 naddy 232: <li><font color="#e00000"><strong>In the 2.2 release, the sparc scsi driver caused problems for the Sun 4/300 machines. <a href="errata22.html#sparc">Patches are now available</a></strong></font>.
1.1 deraadt 233: <li>Add <strong>FS_CCD</strong> partition type so that the ccd driver can ensure it has the right components.
234: <li>Add <strong>/etc/sysctl.conf</strong> which specifies sysctl variables to change at boottime.
235: <li>Fix a free page count bug in the vm system.
236: <li>Create two new sysctl options: <strong>ddb.panic</strong> decides whether the kernel should enter ddb when it panics, and <strong>ddb.console</strong> controls if it is possible to enter ddb from the console via a hot-key.
237: <li>Add scan_ffs(8), a very useful tool for reconstructing disks.
238: <li>Add strptime(3).
1.23 naddy 239: <li><font color="#e00000"><strong>Buffer overflow fix in the MIPS ld.so. Replacement binaries for the <a href="errata22.html#pmax">pmax</a> and <a href="errata22.html#arc">arc</a> platforms are available</strong></font>.
1.1 deraadt 240: <li>Avoid DNS lookup timing effects in ping -R.
241: <li>Fix the __{CTOR,DTOR}_LIST__ declarations in c++rt0.c
1.23 naddy 242: <li><font color="#e00000"><strong>Two bugs existed in the 2.2 pmax release which all users should be aware of. <a href="errata22.html#pmax">Patches are now available</a></strong></font>.
243: <li><font color="#e00000"><strong>Be more careful about sourcerouted packets, including never forwarding them. This is a security problem in OpenBSD 2.2, and is <a href="errata22.html#sourceroute"> described and fixed with a patch</a></strong></font>.
1.1 deraadt 244: <li>Teach the kernel about newer PCI device types.
245: <li>Workaround a race condition in syslogd's handling of SIGHUP.
246: <li>Some man page fixes so that <strong>man -k</strong> is happier.
247: <li>Low-memory bug fix in setenv(3).
248: <li>Self-extending kernel maps in the vm subsystem.
249: <li>In rc.local, bail on starting cfsd(8) if mountd(8) is not running.
250: <li>Require commands started from in /etc/rc to be executable -- not just readable.
251: <li>Glob extensions for XPG4.
252: <li>Cleanups in wump(6).
253: <li>Check both old and new shells in rpc.yppasswdd(8).
254: <li>Add <strong>-a</strong> flag to which(1).
255: <li>On binutils platforms, make ldd(1) work on static executables.
256: <li>IPF 3.2.3. When you upgrade to this version, you <strong>must</strong> also upgrade the userland utilities (ipf, ipnat, etc.). You also need to get the latest MAKEDEV and run "sh MAKEDEV ipl" in /dev to create new device entries.
257: <li>Fix a race in mkdir(1).
1.16 jsyn 258: <li>More cdrom ioctls in Linux emulation.
1.1 deraadt 259: <li>Fix select(2) use in sudo(8) so that it can handle large fd_set sizes.
260: <li>In termcap databases, map the keyboard backspace key to DEL instead of BS as that is how it really is.
261: <li>Fix argument handling in expand(1).
262: <li>If tar(1) extracts as root, preserve uid/gid as is traditional.
263: <li>Repaired the expansion of the kernel panic string.
264: <li>Much more complete KerberosIV documentation.
265: <li>Start at bus_dma support.
266: <li>Properly error out if yp_match() or yp_first() is asked to lookup long keys.
267: <li>Groff 1.11a
268: <li>Properly ignore whitespace between a conversion and %n in *scanf(3).
269: <li>Import of tzcode1998b and tzdata1998b.
270: <li>Use new ypwhich(1) flag in ypinit(8) script to get maps from the real master server.
271: <li>Support <strong>-h host</strong> flag to ypwhich(1).
272: <li>pppd 2.3.3
273: <li>Handle unparseable ulimit specifications as an error, not as the value 0.
274: <li>ncurses 4.1-980103
275: <li>In w(1), handle processes that set argv[0] to NULL, by printing p_pcomm.
276: <li>Make pkg_install(1) feed a -p option to tar.
277: <li>sudo version 1.5.4.
278: <li>Merge some slight standardization fixes for *printf(3) from FreeBSD (some unlikely cases get handled better).
279: <li>Bring gethostent() back to life, even though it is a bad interface.
280: <li>In disklabel(8), make IDE drive type handling more obvious and intuitive.
281: <li>Support all kinds of keyboards in pcvt, like pccons does.
282: <li>Support for FAT32 partitions.
283: <li>For scsi tape drives, be silent in the presence of ILI errors.
284: <li>Fix a vnode creation race.
285: <li>Fix a output error in finger(1).
1.28 ! deraadt 286: <li>Do not permit dumping corefiles over symbolic links. (We have wanted this changed for a long time, but it required Lite2 vfs.)
1.1 deraadt 287: <li>Permit extra / terminators in some path-based system calls.
1.15 pvalchev 288: <li>Fix some problems regarding transfer of secure yp maps.
1.1 deraadt 289: <li>New rc.conf(7) manpage.
290: <li>Make sure it is clear that so_linger is in seconds.
291: <li>Add sysctl net.inet.icmp.bmcastecho to block the smurf problem.
292: <li>Some fixes to fdisk(8) and disklabel(8).
293: <li>Workaround a problem that happens if a TCP socket is shutdown(2)'d more than once.
294: <li>Some more manpage cleanups.
295: <li>Some slight changes to the PCI device subsystem to make it probe devices nicer (mostly dmesg printing).
296: <li>Make md5(1), rmd160(1), and sha1(1) use getopt().
297: <li>Make {f,}chflags(.., -1) return error EINVAL.
298: <li>Make mmap() return void * instead of caddr_t, and add the MAP_FAILED define required by new standards.
299: <li>Fix some gzip buf oflows.
300: <li>Correct an splx botch in the tunnel driver.
301: <li>Add sysctl ddb.panic_ddb; indicates whether to drop into ddb on a panic.
302: <li>Swap quit and exit commands in fdisk.
303: <li>Correct exit code of nohup(1).
1.11 deraadt 304: <li>lockf() implementation.
1.1 deraadt 305: <li>Handle DST changeovers automatically in cron.
306: <li>IBCS2 emulation also requires fcntl() F_FREESP support.
307: <li>The new KTH KerberosIV integration (and security audit) is almost complete.
308: <li>If mountd(8) discovers getfh(2) not supported, it now aborts nicely.
309: <li>Support fcntl() GETLK,SETLK,UNLK variants in SunOS emulation.
310: <li>Fix a bug in make(1) regarding SYSV style : substitution on null variables.
311: <li>Check the values of the ftp PORT command even more carefully.
312: <li>Fail better for over-long usernames.
313: <li>Change ftp(1) so that tries to use passive mode, and falls back to active mode. Provide environment variables to fall back. This is incredibly cool.
314: <li>Provide workaround for the Cyrix 6x86 COMA bug. (A workaround for 2.2 is not available).
315: <li>Implement fcntl() of F_FREESP in SVR4 emulation. Does this belong in ibcs2 also?
316: <li>Fix Linux accept/recvmsg if kernel is compiled with other compat options.
317: <li>In numerous programs, avoid fd_set overflows.
318: <li>Fix MAKEDEV script regarding /dev/fd/* for some architectures.
319: <li>Fix a kernel bug related to "route change ...".
320: <li>Support IP_HDRINCL in Linux emulation.
321: <li>Update the pkg_* tools a bit.
322: <li>Honour TMPDIR in the locate(8) tools.
323: <li>Make route(8) non-setuid.
324: <li>In ftpd, default to RFC non-conforming behaviour for the PORT command, but provide a runtime switch for those who like holes.
325: <li>Addition of Obtuse smtpd(8) and smtpfwd(8) v2.0.
1.23 naddy 326: <li><font color="#e00000"><strong>Due to timing constraints, mac68k X11 binaries did not make it onto the 2.2 CDROM. <a href="errata22.html#mac68k">But it is now available for ftp</a></strong></font>.
1.1 deraadt 327: <li>Do not clear the setuid/setgid file mode bits for a call to {,f,l}chmod(-1, -1).
328: <li>Enable new FreeBSD ppp(8) daemon. There are now two ppp daemons in the source tree, they have quite different feature sets.
1.23 naddy 329: <li><font color="#e00000"><strong>Fixed a panic problem in the i386 apm driver. <a href="errata22.html#i386">A patch is available for 2.2</a></strong></font>.
1.1 deraadt 330: <li>Repair a number of retry operation problems in the wdc driver that mostly affected sleeping laptops.
331: <li>Handle the controlling tty ioctl in linux emulation.
332: <li>Handle SIOCGIFMETRIC and SIOCGIFMTU in linux emulation.
333: <li>Handle nanosleep() in linux emulation.
1.8 rohee 334: <li>Use recursive vnode locks to solve a page-in panic reported by chuck & chuck.
1.1 deraadt 335: <li>Handle SIOCGIFHWADDR ioctl in linux emulation.
336: <li>Handle the cdrom ejecting ioctl in linux emulation.
337: <li>Correct an XPG violation in stdlib.h.
338: <li>Fix a problem in -current regarding open() of O_TRUNC and O_SHLOCK.
339: <li>Fix numerous problems with new KTH kerberos.
1.23 naddy 340: <li><font color="#e00000"><strong>A workaround for the Intel P5 F00F lockup problem. <a href="errata22.html#i386">A patch is available for 2.2</a></strong></font>.
1.1 deraadt 341: <li>Fix minor numbers for /dev/ch* in the MAKEDEV scripts.
342: <li>Add a <strong>kern.nosuidcoredump</strong> sysctl.
343: <li>Enhance the performance of pwd_mkdb(8) by expanding the db(3) cache based on input filesize.
344: <li>Use <strong>cp -R</strong> instead of <strong>cp -r</strong> for local copies in rcp(1).
345: <li>Flesh out scsi(8) a tiny bit more.
346: <li>In linux compat, handle the CDROM ioctl() calls.
347: <li>Indicate connect direction for tcp sockets in fstat(1).
348: <li>Fix scsi CDIOCREADSUBCHANNEL.
349: <li>Prevent ipf/ipnnat configuration changes when securelevel > 1.
350: <li>Fix an overflow in top(1).
351: <li>Fix a deadlock on cd9660.
352: <li>Update to ncurses-4.1-971129
1.23 naddy 353: <li><font color="#e00000"><strong>On the i386, handle the nasty problem with distinguishing SVR4 and Linux binaries. <a href="errata22.html#i386">A patch is available for 2.2</a></strong></font>.
1.1 deraadt 354: <li>Newer ncr device driver.
355: <li>Fix SunOS emulation of TIOCGPGRP.
356: <li>Add some more XPG4.2 *_t types.
357: <li>Import perl 5.004_04.
358: <li>Add hosts.equiv(3) and .rhosts(3) man page.
359: <li>Add asprintf(3) and vasprintf(3).
360: <li>Fix /etc/rc scripts to require IPF if NAT is requested.
361: <li>Moving towards KTH kerberos 4-0.9.7.
362: <li>Fix <strong>-amin</strong> option in find(1).
363: <li>Fix arp(8) ethernet address parsing for the illegal cases.
364: <li>Massive performance optimization of the ccd device (RAID-like striping disk driver).
365: <li>Work around stupid linux emulation behaviour involving non-blocking connect(2).
366: <li>Update to ncurses 4.1.
367: <li>Fix a mget prompting error in ftp(1).
368: <li>add <strong>-t</strong> option to disklabel(8).
369: <li>Some man page cleanups.
370: <li>Fix a memory leak in the kernel process group manipulation code.
371: <li>Import of FreeBSD's ppp(8) program.
372: <li>Update sudo(8).
373: <li>Fixed bug in 'systat vm' output.
374: <li>Fix the internals of open(2) when O_TRUNC and either O_SHLOCK or O_EXLOCK are set. (That was a nasty kernel bug).
375: <li>Clean /var earlier in the /etc/rc script.
1.23 naddy 376: <li><font color="#e00000"><strong>make readlink(1) terminate its buffer correctly. <a href="errata22.html#all">This affects CDROM builds so a patch is available for 2.2</a></strong></font>.
1.1 deraadt 377: <li>Make fstat(2) on AF_UNIX socket return proper st_[acm]time field values.
378: <li>Implement FIONBIO in ibcs2 emulation code.
379: <li>Consider only the 0177777 bits of the umask(2) value, as documented.
380: <li>Added mode rangecheck in chmod(2) and fchmod(2).
381: <li>Fix some Y2K problems in the nroff tmac macros.
382: <li>Minor logging feature changes in fingerd(8).
383: <li>in chat(8), replace Mini Getopt from hell with real getopt().
384: <li>Add <strong>SHUT_RD</strong>, <strong>SHUT_WR</strong>, and <strong>SHUT_RDWR</strong> values for shutdown(2) as specified by XPG4.2.
385: <li>Make the <strong>-Ss</strong> flag in rpcgen(1) work right.
386: <li>Range-check the "how" argument for shutdown(2).
387: <li>Change various system calls to take void * instead of caddr_t.
388: <li>Fix a line continuation bug in sed(1).
389: <li>Add inetd(8) <strong>-R rate</strong> flag, and crank default rate to 256.
390: <li>Clear CLOCAL mode in pppd if modem is set but modem_chat is not.
391: <li>Make the if_de driver support more cards.
392: <li>Make msync(2) POSIX compliant.
393: <li>Fix a ONLCR + FLUSHO situation in tty.c
394: <li>Support -mmin, -amin, and -cmin in find(1).
395: <li>Support an "object" keyword in config(8).
396: <li>Make "expr a : /" work.
397: <li>Make dumpfs(8) report if soft updates are requested by the superblock.
398: <li>Add getsid(2) system call as mandated by XPG4.2.
399: <li>Some minor fixes for the libc/db/btree code.
400: <li>Flesh out compat_freebsd a fair bit more.
401: <li>Some compat_svr4 fixes.
402: <li>Update getNAME(8) and fix makewhatis(8) to use it more optimally.
403: <li>Fix EXTPROC in pty code.
404: <li>Correct TCP's handling of RST.
405: <li>Add more things to afterboot(8).
406: <li>Fix tty suspend during <strong>sh -c "less file"</strong>.
407: <li>double MAX_KMAPENT and MAX_KMAP
408: <li>sendmail 8.8.8
409: <li>add uu_lock(), uu_unlock() and uu_lockerr() to libutil.
410: <li>Start named(8) earlier in /etc/rc.
411: <li>Support execution sections in syslog.conf.
412: <li>4.4BSD lite2 vfs integration.
413: <li>usleep(3) returns int, and add useconds_t type as required by XPG4.2
414: <li>Fixed ps(1) LIM and STAT columns.
415: <li>makewhatis(8) manpage added.
416: <li>Fix rpc.rquotad support if the quotas file resides on another filesystem.
417: <li>Truncate large uid and gid values in ranlib(1), in the same way as this is handled in ar(1).
418: <li>Document how crypt(3) handles blowfish and MD5 passwords.
419: <li>Fix some memory leaks in the RPC code.
420: <li>Fix an as(1) parsing bug relating to the .ascii directive.
421: <li>Handle C++ and other languages in yacc(1) far better.
422: <li>Be more careful with getpwent() information inside rcp(1).
423: <li>Replace kernel printf with Torek's libc printf.
424: <li>Make disklabel -E deal with multiple partitions which overlap.
1.16 jsyn 425: <li>If a non-existent user logs in and asks for s/key authentication, fake a proper s/key prompt.
1.1 deraadt 426: <li>SIGWINCH handling in systat(1).
427: <li>Add blowfish and cast encryption to IPSEC.
428: <li>In tftpd(8), permit syslog() to work when running chroot(2)'d.
429: <li>a buffer underrun in ctags(1).
430: <li>Make kdump(1) handle the newer emulations.
431: <li>Add svr4 jioctl() compat interface.
432: </ul>
433: <p>
434:
435: This list mentions mostly platform-independent changes. For a list of changes
436: made in a particular platform, please check the page for that platform. If you
437: find them not listed there, the changes are either (1) not being documented or
438: (2) are documented here.<br><br>
439:
440: <hr>
441: <p>
442: <h3>
1.21 deraadt 443: For changes in other releases, click below:<br>
444: <a href="plus20.html">2.0</a>,
445: <a href="plus21.html">2.1</a>,
446: <a href="plus22.html">2.2</a>,
447: <a href="plus24.html">2.4</a>,
448: <a href="plus25.html">2.5</a>,
449: <a href="plus26.html">2.6</a>,
450: <a href="plus27.html">2.7</a>,
451: <a href="plus28.html">2.8</a>,
452: <a href="plus29.html">2.9</a>,
453: <a href="plus30.html">3.0</a>,
454: <a href="plus31.html">3.1</a>,
455: <a href="plus32.html">3.2</a>,
1.24 deraadt 456: <a href="plus33.html">3.3</a>,
1.26 david 457: <a href="plus34.html">3.4</a>,
1.21 deraadt 458: <a href="plus.html">current</a>.
1.1 deraadt 459: <br>
460: </h3>
461:
462: <hr>
463: <a href="index.html"><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a>
1.23 naddy 464: <a href="mailto:www@openbsd.org">www@openbsd.org</a>
1.28 ! deraadt 465: <br><small>$OpenBSD: plus23.html,v 1.27 2004/03/04 06:37:26 david Exp $</small>
1.1 deraadt 466:
467: </body>
468: </html>