version 1.15, 2002/10/17 08:47:58 |
version 1.16, 2003/03/06 16:27:10 |
|
|
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML Strict//EN"> |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> |
<html> |
<html> |
<head> |
<head> |
<title>OpenBSD 2.4 changes</title> |
<title>OpenBSD 2.4 changes</title> |
<link rev=made href=mailto:www@openbsd.org> |
<link rev=made href="mailto:www@openbsd.org"> |
<meta name="resource-type" content="document"> |
<meta name="resource-type" content="document"> |
<meta name="description" content="the main OpenBSD page"> |
<meta name="description" content="the main OpenBSD page"> |
<meta name="keywords" content="openbsd,main"> |
<meta name="keywords" content="openbsd,main"> |
|
|
|
|
<a href="index.html"><img alt="[OpenBSD]" height="30" width="141" src="images/smalltitle.gif" border="0"></a> |
<a href="index.html"><img alt="[OpenBSD]" height="30" width="141" src="images/smalltitle.gif" border="0"></a> |
<p> |
<p> |
<h2><font color=#e00000>Changes made between OpenBSD 2.3 and OpenBSD 2.4</font><hr></h2> |
<h2><font color="#e00000">Changes made between OpenBSD 2.3 and OpenBSD 2.4</font></h2> |
|
<hr> |
|
|
<p> |
<p> |
This is a partial list of the major machine independent changes |
This is a partial list of the major machine independent changes |
|
|
changes, starting with those listed below.. |
changes, starting with those listed below.. |
|
|
<p> |
<p> |
Note: <font color=#e00000>Problems for which patches exist are marked in red</font>. |
Note: <font color="#e00000">Problems for which patches exist are marked in red</font>. |
|
|
<p> |
<p> |
<h3> |
<h3> |
|
|
|
|
<hr> |
<hr> |
|
|
<h3><font color=#0000e0>OpenBSD 2.4 released (Dec 1, 1998).</font></h3><p> |
<h3><font color="#0000e0">OpenBSD 2.4 released (Dec 1, 1998).</font></h3><p> |
<ul> |
<ul> |
|
|
<li>Fix a bug in the midway ATM driver. |
<li>Fix a bug in the midway ATM driver. |
|
|
<li>In i386 wd(4) driver, set d_type properly in spoofed labels. |
<li>In i386 wd(4) driver, set d_type properly in spoofed labels. |
<li>Import learn(1) -- but still disabled. |
<li>Import learn(1) -- but still disabled. |
<li>Add <strong>file://</strong> support to ftp(1). |
<li>Add <strong>file://</strong> support to ftp(1). |
<li><font color=#e00000><strong>The sparc hme(4) and le(4) drivers had bugs in the 2.4 release. <a href=errata24.html#hme>Patches are available</a></strong></font>. |
<li><font color="#e00000"><strong>The sparc hme(4) and le(4) drivers had bugs in the 2.4 release. <a href="errata24.html#hme">Patches are available</a></strong></font>. |
<li>Fix media negotiation in the SS5/10 le(4) driver. |
<li>Fix media negotiation in the SS5/10 le(4) driver. |
<li>Fix mail(1) to deal with the changed lockspool(1) protocol. |
<li>Fix mail(1) to deal with the changed lockspool(1) protocol. |
<li>In lockspool(1), permit root to lock other spools. |
<li>In lockspool(1), permit root to lock other spools. |
|
|
<li>if_media support in OpenBSD. Some drivers support it, others do not yet. |
<li>if_media support in OpenBSD. Some drivers support it, others do not yet. |
<li>Buffer mishandling fixes in nslookup(1) and dig(1). |
<li>Buffer mishandling fixes in nslookup(1) and dig(1). |
<li>Make a few programs (time, mkdep, lorder) kill themselves with the signal they trapped, rather than provide an exit code. |
<li>Make a few programs (time, mkdep, lorder) kill themselves with the signal they trapped, rather than provide an exit code. |
<li>Continuing work at integrating the <a href=http://www.stacken.kth.se/projekt/arla>ARLA free-AFS</a> source code directly into OpenBSD. |
<li>Continuing work at integrating the <a href="http://www.stacken.kth.se/projekt/arla">ARLA free-AFS</a> source code directly into OpenBSD. |
<li>More games fixes. |
<li>More games fixes. |
<li>Teach libpcap that DLT_LOOP devices have a network byte order header. |
<li>Teach libpcap that DLT_LOOP devices have a network byte order header. |
<li>Return ENXIO for /dev/mem minor devices which do not exist. |
<li>Return ENXIO for /dev/mem minor devices which do not exist. |
|
|
<li>Update to ncurses-4.2-980801. |
<li>Update to ncurses-4.2-980801. |
<li>Use SO_REUSEADDR in lpd(8) in case it is restarted by hand. |
<li>Use SO_REUSEADDR in lpd(8) in case it is restarted by hand. |
<li>Crank tun(4) MTU to 16K. |
<li>Crank tun(4) MTU to 16K. |
<li><font color=#e00000><strong>Set the close-on-exec flag in two descriptors owned by chpass(8). This fixes a security problem. <a href=errata23.html#chpass>A patch which solves the problem is available</a></strong></font>. |
<li><font color="#e00000"><strong>Set the close-on-exec flag in two descriptors owned by chpass(8). This fixes a security problem. <a href="errata23.html#chpass">A patch which solves the problem is available</a></strong></font>. |
<li>Improve ipsecadm(8). |
<li>Improve ipsecadm(8). |
<li>Fix some ipsec bugs related to IP-in-IP. |
<li>Fix some ipsec bugs related to IP-in-IP. |
<li>Fix some disklabel(8) bugs. |
<li>Fix some disklabel(8) bugs. |
|
|
<li>Make dump(8) work against filesystems not listed in fstab(5). |
<li>Make dump(8) work against filesystems not listed in fstab(5). |
<li>Rename libtelnet functions getent and getstr to avoid curses conflicts. |
<li>Rename libtelnet functions getent and getstr to avoid curses conflicts. |
<li>Disable all ISA PNP devices before doing the ISA scan. This works around BIOS's which pre-map ISA PNP devices into known locations. |
<li>Disable all ISA PNP devices before doing the ISA scan. This works around BIOS's which pre-map ISA PNP devices into known locations. |
<li>Correct panics and EINVAL returning cases in iovec using code. <a href=errata23.html#resid>A patch for this problem exists.</a> |
<li>Correct panics and EINVAL returning cases in iovec using code. <a href="errata23.html#resid">A patch for this problem exists.</a> |
<li>Fix battery remaining support in i386 apm. |
<li>Fix battery remaining support in i386 apm. |
<li>Add i386 apm(4) manpage. |
<li>Add i386 apm(4) manpage. |
<li>Fix mkstemp() calling code in libc/db/hash. |
<li>Fix mkstemp() calling code in libc/db/hash. |
|
|
<li>Update to Lite2 getenv(), which returns NULL for getenv(NULL). |
<li>Update to Lite2 getenv(), which returns NULL for getenv(NULL). |
<li>Fix a problem with the PCI ncr(4) driver if many scsi devices were in use. |
<li>Fix a problem with the PCI ncr(4) driver if many scsi devices were in use. |
<li>Improve db cache sizing heuristic in pwd_mkdb(8). |
<li>Improve db cache sizing heuristic in pwd_mkdb(8). |
<li><font color=#e00000><strong>Close a file descriptor leak in inetd(8). <a href=errata23.html#inetd>A patch which solves the problem is available</a></strong></font>. |
<li><font color="#e00000"><strong>Close a file descriptor leak in inetd(8). <a href="errata23.html#inetd">A patch which solves the problem is available</a></strong></font>. |
<li>Fix dump(8) to return exit code 1 for startup failures, as documented. |
<li>Fix dump(8) to return exit code 1 for startup failures, as documented. |
<li>Improve performance of getpwent(3) in a YP environment. |
<li>Improve performance of getpwent(3) in a YP environment. |
<li>Improve performance of pwd_mkdb(8). |
<li>Improve performance of pwd_mkdb(8). |
<li>More buffer overflow fixes in libpcap and such. |
<li>More buffer overflow fixes in libpcap and such. |
<li>Fix "mount /mnt /mnt" so that it does not panic the machine. |
<li>Fix "mount /mnt /mnt" so that it does not panic the machine. |
<li>cvs 1.9.28. |
<li>cvs 1.9.28. |
<li>Fix locking code in unionfs. This fixes a serious problem in unionfs. <a href=errata23.html#unionfs>A patch is available</a>. |
<li>Fix locking code in unionfs. This fixes a serious problem in unionfs. <a href="errata23.html#unionfs">A patch is available</a>. |
<li>In ftpd, handle non-existant users as login now does -- sleep a while. |
<li>In ftpd, handle non-existant users as login now does -- sleep a while. |
<li>In the S3 audio driver, map additional registers at open() time instead of attach() time. |
<li>In the S3 audio driver, map additional registers at open() time instead of attach() time. |
<li>Use SEEK_SET and friends instead of L_SET and such, throughout the tree. |
<li>Use SEEK_SET and friends instead of L_SET and such, throughout the tree. |
|
|
<li>Fix <strong>fxp</strong> driver so that it works on buggy cards. |
<li>Fix <strong>fxp</strong> driver so that it works on buggy cards. |
<li>In make(1), fix bug for targets that began with "." and underwent suffix conversion. |
<li>In make(1), fix bug for targets that began with "." and underwent suffix conversion. |
<li>Fix "mv b/ a" for the case when "a" is a directory. |
<li>Fix "mv b/ a" for the case when "a" is a directory. |
<li><font color=#e00000><strong>Ensure setuid and setgid processes are not started with fd slots 0, 1, or 2 empty. The previous behaviour has security consequences. <a href=errata23.html#fdalloc>A patch which solves the problem is available</a></strong></font>. |
<li><font color="#e00000"><strong>Ensure setuid and setgid processes are not started with fd slots 0, 1, or 2 empty. The previous behaviour has security consequences. <a href="errata23.html#fdalloc">A patch which solves the problem is available</a></strong></font>. |
<li>In man(1), when a man page cannot be found in a specified section, indicate which section the failure happened in. |
<li>In man(1), when a man page cannot be found in a specified section, indicate which section the failure happened in. |
<li>Add new strlcpy(3) and strlcat(3) interfaces for simple bounded string copies. |
<li>Add new strlcpy(3) and strlcat(3) interfaces for simple bounded string copies. |
<li>Add new mkstemps(3) interface which is basically mkstemp(3) but with suffix support. |
<li>Add new mkstemps(3) interface which is basically mkstemp(3) but with suffix support. |
<li><font color=#e00000><strong>Fix LED update lockup bugs in the i386 console driver (pcvt). <a href=errata23.html#pcvt>A patch is available which fixes this problem</a></strong></font>. |
<li><font color="#e00000"><strong>Fix LED update lockup bugs in the i386 console driver (pcvt). <a href="errata23.html#pcvt">A patch is available which fixes this problem</a></strong></font>. |
<li>Further improvements to photurisd(8). |
<li>Further improvements to photurisd(8). |
<li>Fix kvm_read(3) return values. |
<li>Fix kvm_read(3) return values. |
<li>Overflow fix in ksh(1). |
<li>Overflow fix in ksh(1). |
|
|
<li>update to rdist 6.1.4 (plus our many patches). |
<li>update to rdist 6.1.4 (plus our many patches). |
<li>In pcap(3), permit single-character hostnames. |
<li>In pcap(3), permit single-character hostnames. |
<li>Convert all DLT_LOOP interfaces to have a network byte order u_int32_t header containing the protocol. |
<li>Convert all DLT_LOOP interfaces to have a network byte order u_int32_t header containing the protocol. |
<li><font color=#e00000><strong>Fix a buffer overflow bug in the resolver. The previous behaviour has security consequences. <a href=errata23.html#resolver>A patch which solves the problem is available</a></strong></font>. |
<li><font color="#e00000"><strong>Fix a buffer overflow bug in the resolver. The previous behaviour has security consequences. <a href="errata23.html#resolver">A patch which solves the problem is available</a></strong></font>. |
<li>Fix select() on bpf descriptors. |
<li>Fix select() on bpf descriptors. |
<li>Update the rc(8) manpage, and companion pages. |
<li>Update the rc(8) manpage, and companion pages. |
<li>Fix at(1) to handle "now" as a valid time. |
<li>Fix at(1) to handle "now" as a valid time. |
|
|
<li>Various fixes to ftp(1). |
<li>Various fixes to ftp(1). |
<li>Make getty(8) default to 8 bit mode. |
<li>Make getty(8) default to 8 bit mode. |
<li>Autodetect ATAPI cdrom drives that do not support ATAPI_READ_CD_CAPACITY. |
<li>Autodetect ATAPI cdrom drives that do not support ATAPI_READ_CD_CAPACITY. |
<li>The following patch was deleted later, ignore it: <font color=#e00000><strong>If a process is being ptraced, do not permit execution of an immutable binary, also, if a process is running an immutable binary, do not permit ptrace. This can be a security issue. <a href=errata23.html#ptrace>A patch is available which fixes this problem</a></strong></font>. |
<li>The following patch was deleted later, ignore it: <font color="#e00000"><strong>If a process is being ptraced, do not permit execution of an immutable binary, also, if a process is running an immutable binary, do not permit ptrace. This can be a security issue. <a href="errata23.html#ptrace">A patch is available which fixes this problem</a></strong></font>. |
<li><font color=#e00000><strong>Various fixes to the i386 pctr(4) driver -- previously any user could crash most non-Intel processors. <a href=errata23.html#pctr>Fixes for 2.2 and 2.3 are detailed here</a></strong></font>. |
<li><font color="#e00000"><strong>Various fixes to the i386 pctr(4) driver -- previously any user could crash most non-Intel processors. <a href="errata23.html#pctr">Fixes for 2.2 and 2.3 are detailed here</a></strong></font>. |
<li>Various new smtpd(8) fixes. |
<li>Various new smtpd(8) fixes. |
<li>Change all modifications of struct sigaction's sa_mask field to use sigsetops(3). |
<li>Change all modifications of struct sigaction's sa_mask field to use sigsetops(3). |
<li>Teach adduser(8) about the /sbin/nologin shell. |
<li>Teach adduser(8) about the /sbin/nologin shell. |
|
|
<li>Install gdb(1) info pages. |
<li>Install gdb(1) info pages. |
<li>New distribution install notes that use m4 instead of cpp for formatting. |
<li>New distribution install notes that use m4 instead of cpp for formatting. |
<li>In gdb, do not use 4.3 compatibility tty ioctl() calls. |
<li>In gdb, do not use 4.3 compatibility tty ioctl() calls. |
<li><font color=#e00000><strong>Constrain how kill(2) operates against target processes that are running setuid. The previous unrestricted behaviour may have had security consequences. <a href=errata23.html#kill>The 4th revision of a patch which solves the problem is available</a></strong></font>. |
<li><font color="#e00000"><strong>Constrain how kill(2) operates against target processes that are running setuid. The previous unrestricted behaviour may have had security consequences. <a href="errata23.html#kill">The 4th revision of a patch which solves the problem is available</a></strong></font>. |
<li>Fix a free() related bug in csh(1). |
<li>Fix a free() related bug in csh(1). |
<li>Fix a memory trashing bug in the IPSEC SPI chain delete function. |
<li>Fix a memory trashing bug in the IPSEC SPI chain delete function. |
<li>Fix acct(2) to work with append-only files. |
<li>Fix acct(2) to work with append-only files. |
|
|
<li>Make perl(1) support calls to lockf(3) now that we have it. |
<li>Make perl(1) support calls to lockf(3) now that we have it. |
<li>Disable dynamic loading in the mips version of perl(1). |
<li>Disable dynamic loading in the mips version of perl(1). |
<li>Make size(1) work on files created via <strong>ld -Z</strong>. |
<li>Make size(1) work on files created via <strong>ld -Z</strong>. |
<li><font color=#e00000><strong>A possible new security problem exists if you rely on securelevels and immutable or append-only files or character devices. The fix does not permit mmap'ing of immutable or append-only files which are otherwise writeable, as the VM system will bypass the meaning of the file flags when writes happen to the file. <a href=errata23.html#immutable>A patch exists which solves the problem</a></strong></font>. |
<li><font color="#e00000"><strong>A possible new security problem exists if you rely on securelevels and immutable or append-only files or character devices. The fix does not permit mmap'ing of immutable or append-only files which are otherwise writeable, as the VM system will bypass the meaning of the file flags when writes happen to the file. <a href="errata23.html#immutable">A patch exists which solves the problem</a></strong></font>. |
<li>Niklas is taking a shot at making our cross compiler toolset sufficient for a full cross compile of the vax port. |
<li>Niklas is taking a shot at making our cross compiler toolset sufficient for a full cross compile of the vax port. |
<li>Fix a file parsing overflow in kdb_util(8). |
<li>Fix a file parsing overflow in kdb_util(8). |
<li>Make config(8) store the first free unit number in its tables so that pcmcia device re-insertion can come back to the same unit number. |
<li>Make config(8) store the first free unit number in its tables so that pcmcia device re-insertion can come back to the same unit number. |
|
|
<li>Enable <strong>#pragma pack</strong> and <strong>#pragma weak</strong> support in gcc. |
<li>Enable <strong>#pragma pack</strong> and <strong>#pragma weak</strong> support in gcc. |
<li>Fix at least one remotely activated buffer overflow in lynx(1). |
<li>Fix at least one remotely activated buffer overflow in lynx(1). |
<li>Add information about more deviant scsi devices. |
<li>Add information about more deviant scsi devices. |
<li><font color=#e00000><strong>A security issue exists in 2.2 and 2.3. A lacking test for invalid padding length in IPSEC packets can cause a remote attack possibility if IPSEC is in use. <a href=errata23.html#ipsec>A patch exists which solves the problem</a>. <a href=errata22.html#ipsec>(A similar patch exists for OpenBSD 2.2)</a></strong></font>. |
<li><font color="#e00000"><strong>A security issue exists in 2.2 and 2.3. A lacking test for invalid padding length in IPSEC packets can cause a remote attack possibility if IPSEC is in use. <a href="errata23.html#ipsec">A patch exists which solves the problem</a>. <a href="errata22.html#ipsec">(A similar patch exists for OpenBSD 2.2)</a></strong></font>. |
<li>Fix a select(3) bug in syslogd(8). |
<li>Fix a select(3) bug in syslogd(8). |
<li>In the hp300 port, use actual code to determine how fast the 68040 cpu is running. |
<li>In the hp300 port, use actual code to determine how fast the 68040 cpu is running. |
<li>Add libossaudio(3) to the source tree. |
<li>Add libossaudio(3) to the source tree. |
<li>In mail(1), do not attempt to remove a mail spool since directory write permission may not exist. Instead, simply truncate it. |
<li>In mail(1), do not attempt to remove a mail spool since directory write permission may not exist. Instead, simply truncate it. |
<li><font color=#e00000><strong>xterm(1) and libXaw contain security issues due to buffer mismanagement. <a href=errata23.html#xterm-xaw>A patch exists which solves the problem</a>. <a href=errata22.html#xterm-xaw>(A similar patch which solves the problem for OpenBSD 2.2 also exists)</a></strong></font>. |
<li><font color="#e00000"><strong>xterm(1) and libXaw contain security issues due to buffer mismanagement. <a href="errata23.html#xterm-xaw">A patch exists which solves the problem</a>. <a href="errata22.html#xterm-xaw">(A similar patch which solves the problem for OpenBSD 2.2 also exists)</a></strong></font>. |
<li>Permit relative adjustments in mixerctl(1) using +/- prefixes. |
<li>Permit relative adjustments in mixerctl(1) using +/- prefixes. |
<li>msdosfs in FAT32 mode would hang during a write. |
<li>msdosfs in FAT32 mode would hang during a write. |
<li>Fix ZIP drive use on the hp300. |
<li>Fix ZIP drive use on the hp300. |
|
|
|
|
<hr> |
<hr> |
<a href="index.html"><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a> |
<a href="index.html"><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a> |
<a href=mailto:www@openbsd.org>www@openbsd.org</a> |
<a href="mailto:www@openbsd.org">www@openbsd.org</a> |
<br><small>$OpenBSD$</small> |
<br><small>$OpenBSD$</small> |
|
|
</body> |
</body> |