www/plus24.html - diff

Return to plus24.html CVS log

Up to [local] / www

Diff for /www/plus24.html between version 1.65 and 1.66

version 1.65, 2019/04/08 16:14:53

version 1.66, 2019/05/27 22:55:22

Line 1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<!doctype html>

<html>

<head>

<title>OpenBSD 2.4 Changelog</title>

</head>

<style>

strong {

color: var(--red);

}

h3 {

color: var(--blue);

}

<h2>

p strong {

font-weight: normal;

}

code {

font-family: serif;

font-weight: bolder;

}

</style>

OpenBSD</a>

OpenBSD</a>

2.4 Changelog

2.4 Changelog

</h2>

<hr>

Line 29

Line 43

changes, starting with those listed below..

Note: Problems for which patches exist are marked in red.

Note: Problems for which patches exist are marked in red.

For changes in other releases, click below:

Line 84

Line 98

<h3>Changes made between OpenBSD 2.3 and 2.4</h3>

<h3>Changes made between OpenBSD 2.3 and 2.4</h3>

<ul>

Line 108

Line 122

<li>Support 3c905B-FX cards (fast fiber ethernet).

<li>Support Lite-On PNIC tulip clone chips in the de(4) driver.

<li>Fix SIOCGIFCONF code in ipnat(8).

<li>Import SSLeay-0.9.0b minus the patented algorithms (IDEA and RSA). The DSA certificate handling and other cryptography still remains.

<li>Import SSLeay-0.9.0b minus the patented algorithms (IDEA and RSA). The DSA certificate handling and other cryptography still remains.

<li>Increase datasize in savecore(8) (as was done in fsck(8) a long time ago).

<li>Fix a readlink(2) bug in ls(1).

<li>Add new DIOCGPDINFO ioctl for disklabel(8)'s new -p option.

<li>Add new DIOCGPDINFO ioctl for disklabel(8)'s new <code>-p</code> option.

<li>Fix a mathematical formula in photurisd(8).

<li>apache 1.3.2

<li>Fix other spoofed labels to contain more real information.

<li>In i386 wd(4) driver, set d_type properly in spoofed labels.

<li>Import learn(1) -- but still disabled.

<li>Add file:// support to ftp(1).

<li>Add <code>file://</code> support to ftp(1).

<li>The sparc hme(4) and le(4) drivers had bugs in the 2.4 release. <a href="errata24.html#hme">Patches are available</a>.

<li>The sparc hme(4) and le(4) drivers had bugs in the 2.4 release. <a href="errata24.html#hme">Patches are available</a>.

<li>Fix media negotiation in the SS5/10 le(4) driver.

<li>Fix mail(1) to deal with the changed lockspool(1) protocol.

<li>In lockspool(1), permit root to lock other spools.

<li>Add the <a href="http://www.advansys.com">AdvanSys</a> narrow PCI SCSI driver, adv(4).

<li>Correct vfs_refcount handling.

<li>In cp(1), for -p flag also preserve the sticky bit.

<li>In cp(1), for <code>-p</code> flag also preserve the sticky bit.

<li>In tar(1), fix storage of paths that are exactly 100 characters long.

<li>Add smc91cxx ISA support.

<li>Fix more setmode(3) memory leaks.

Line 149

Line 163

<li>Add support for SMC EtherPower II 10/100 ethernet cards; tx(4) driver.

<li>Tons more man page cleanups...

<li>More games fixes...

<li>Add a -1 option to dhclient: if the dhclient request fails, dhclient should exit.

<li>Add a <code>-1</code> option to dhclient: if the dhclient request fails, dhclient should exit.

<li>In top(1), fix pid sorting on the alpha.

<li>Make tar(1) print verbose output to stdout, not stderr.

<li>Repair some badly written short write() handling in ftp(1).

Line 250

Line 264

<li>Newer code for the fxp driver.

<li>Change nlist(3) and kvm_mkdb(8) to work with the upcoming /dev/ksyms.

<li>Fix an encryption-related bug in telnetd.

<li>Support -o in top(1).

<li>Support <code>-o</code> in top(1).

<li>Add -q flag to mtree(1).

<li>Add <code>-q</code> flag to mtree(1).

<li>In cfmakeraw(3), also clear IMAXBEL.

<li>realloc fixes to X11.

<li>ecoff support in nlist(3).

Line 283

Line 297

<li>Fix strtod(3) so that it is valid actual C code (ie. and doesn't generate bad code when optimized).

<li>In hexdump(1), detect a format string of all spaces as bad.

<li>Prototype poll().

<li>In gprof, permit $ in symbol names.

<li>In gprof, permit <code>$</code> in symbol names.

<li>Fix coredump in find when doing find . !

<li>Fix coredump in find when doing <code>find . !</code>

<li>Add ECB and CBC encryption for octet streams to blowfish.

<li>Fix base64 encoding in bcrypt(3).

<li>Fix scon(1) to permit -d and -c to work together.

<li>In i386 vt console driver, wait for ACK back from keyboard when setting typematic rate.

<li>update to zlib 1.1.3.

<li>Fix atime and mtime commands in fsdb.

<li>Don't wrap 80 characters in rup -d.

<li>Don't wrap 80 characters in <code>rup -d</code>.

<li>Add russian message catalog.

<li>Protect against SIGPIPE in fdisk(1).

<li>Fix interrupt disabling in pms(4) driver.

Line 309

Line 323

<li>Repair some kvm man pages glitches.

<li>Genericize some internal vop functions to fix some NULLFS problems.

<li>At attach time, print a single line for the geometry in wd(4).

<li>For sendmsg() and recvmsg(), return EMSGSIZE not EINVAL for msg_iovlen <= 0.

<li>Add the IOV_MAX define as required by XPG.

<li>Fix a few more resid issues in the kernel.

<li>Fix a few more <code>resid</code> issues in the kernel.

<li>Hack SIOCGIFCONF so that ifc_len=0 is a length inquiry, as in Linux.

<li>Install perl .ph pages in the right directory.

<li>In ftpd(8) manpage, fix the definitions of the high ports since the kernel definitions were changed.

Line 320

Line 334

<li>Update to ncurses-4.2-980801.

<li>Use SO_REUSEADDR in lpd(8) in case it is restarted by hand.

<li>Crank tun(4) MTU to 16K.

<li>Set the close-on-exec flag in two descriptors owned by chpass(8). This fixes a security problem. <a href="errata23.html#chpass">A patch which solves the problem is available</a>.

<li>Set the close-on-exec flag in two descriptors owned by chpass(8). This fixes a security problem. <a href="errata23.html#chpass">A patch which solves the problem is available</a>.

<li>Improve ipsecadm(8).

<li>Fix some ipsec bugs related to IP-in-IP.

<li>Fix some disklabel(8) bugs.

Line 334

Line 348

<li>Fix mkstemp() calling code in libc/db/hash.

<li>update to ncurses-4.2-980725.

<li>Use a single-char buffer in snprintf() for the size==0 case.

<li>Fix some problems in disklabel -E.

<li>Fix some problems in <code>disklabel -E</code>.

<li>Fix bugs in pom(6), atc(6), quiz(6), hack(6), adventure(6).

<li>Add tic, captoinfo, and infotocap from ncurses-4.2-980718.

<li>Place a timezone file in the named chroot jail.

<li>ncurses-4.2-980718 with our termlib library integrated. The separate termlib library no longer exists (although for a time libtermlib is a link to libcurses).

<li>New libform, libmenu, and libpanel from ncurses-4.2-980718.

<li>Change latencies permitted for certain scsi tape commands.

<li>Make mt status show more information on scsi tape drives.

<li>Make <code>mt status</code> show more information on scsi tape drives.

<li>bt848 driver for the i386.

<li>Fix MKD command in ftpd to properly show the path created.

<li>Fix <code>MKD</code> command in ftpd to properly show the path created.

<li>Build mpool(3) manpage.

<li>Support 8.4GB+ IDE drives.

<li>Fix a serious TZ calculation error in the CD9660 filesystem which caused CD filesystem timestamps to be completely wrong.

<li>Document LD_PRELOAD in ld.so(1) manpage.

<li>Sparc cua support in the zs driver.

<li>Sparc cua support in the <code>zs</code> driver.

<li>Add CAST encryption to libc.

<li>More verbosity changes to apmd(8).

<li>Make /var/backups mode 700.

Line 364

Line 378

<li>Quieten the i386 apm driver.

<li>Fix /tmp race in a man page example. (Sigh.)

<li>isa_intr_establish() will never panic. It can return NULL for failure.

<li>Split sparc hme driver into chip and board specific; be driver should not be far away now.

<li>Split sparc <code>hme</code> driver into chip and board specific; <code>be</code> driver should not be far away now.

<li>rpc.yppasswd(8) has no log file; fix docs.

<li>Update to Lite2 getenv(), which returns NULL for getenv(NULL).

<li>Fix a problem with the PCI ncr(4) driver if many scsi devices were in use.

<li>Improve db cache sizing heuristic in pwd_mkdb(8).

<li>Close a file descriptor leak in inetd(8). <a href="errata23.html#inetd">A patch which solves the problem is available</a>.

<li>Close a file descriptor leak in inetd(8). <a href="errata23.html#inetd">A patch which solves the problem is available</a>.

<li>Fix dump(8) to return exit code 1 for startup failures, as documented.

<li>Improve performance of getpwent(3) in a YP environment.

<li>Improve performance of pwd_mkdb(8).

Line 381

Line 395

<li>In the S3 audio driver, map additional registers at open() time instead of attach() time.

<li>Use SEEK_SET and friends instead of L_SET and such, throughout the tree.

<li>In the scsi cd driver, permit CDs to have up to 99 tracks in their TOC.

<li>For the pmax, get the ld.script file from the right place when building kernels.

<li>For the pmax, get the <code>ld.script</code> file from the right place when building kernels.

<li>For the i386, fix a timing problem that affected keyboard controllers on PII/400 and such machines.

<li>Fix a failure printing message in passwd(8).

<li>Sendmail 8.9.1.

Line 389

Line 403

<li>In reboot(8), put more effort into killing processes before taking the machine down.

<li>Fix some problems in sparc national keyboard handling.

<li>Add a no-escape mode to tip which disables the ~ escape.

<li>Fix the bhlcr shift values in the pci code.

<li>Fix the <code>bhlcr</code> shift values in the pci code.

<li>Run kernel ppp code at splimp more often.

<li>When pppd(8) is doing connects, cause kernel ppp code to drop packets so that mbuf starvation doesn't happen.

<li>Cleanup more cosmetic uglies in the cd/acd disklabel spoofing code.

Line 400

Line 414

<li>In /etc/security, improve the checks for "." in paths.

<li>Ensure the acd drivers always return TOC contents in big-endian format.

<li>Keep the "login myname" hack from clearing ut_host in utmp.

<li>sparc hme 100Mbit ethernet driver.

<li>sparc <code>hme</code> 100Mbit ethernet driver.

<li>Avoid buffer overflows in quota(1).

<li>Do not call syslog(3) with "\n" at the end of the string.

<li>Permit long names for months in at(1).

Line 408

Line 422

<li>In rexecd(8), open stderr port after authentication has happened.

<li>In cdio(1), permit playing CDs with over 100 tracks.

<li>Fix i386 support for PCI mode 1.

<li>A fix for the play command in cdio(1).

<li>A fix for the <code>play</code> command in cdio(1).

<li>On the i386, if securelevels are in use, do not permit PSL_IOPL modification (well... except if the aperture driver is enabled).

<li>On the i386, if securelevels are in use, do not permit <code>PSL_IOPL</code> modification (well... except if the aperture driver is enabled).

<li>Cleanup many gethostname(3) calls in the tree, which passed short buffers, long buffers, mangled buffers, etc.

<li>Fix scorefile handling in robots(6).

<li>In install scripts, treat sets selection of "all" just like "*".

Line 440

Line 454

<li>Add MI mtio(4) manpage.

<li>Using username hashing and a host secret file, improve quality of users' spoofed skey challenges.

<li>Fix a free-before-use bug in fts(3).

<li>Fix fxp driver so that it works on buggy cards.

<li>Fix <code>fxp</code> driver so that it works on buggy cards.

<li>In make(1), fix bug for targets that began with "." and underwent suffix conversion.

<li>Fix "mv b/ a" for the case when "a" is a directory.

<li>Ensure setuid and setgid processes are not started with fd slots 0, 1, or 2 empty. The previous behaviour has security consequences. <a href="errata23.html#fdalloc">A patch which solves the problem is available</a>.

<li>Ensure setuid and setgid processes are not started with fd slots 0, 1, or 2 empty. The previous behaviour has security consequences. <a href="errata23.html#fdalloc">A patch which solves the problem is available</a>.

<li>In man(1), when a man page cannot be found in a specified section, indicate which section the failure happened in.

<li>Add new strlcpy(3) and strlcat(3) interfaces for simple bounded string copies.

<li>Add new mkstemps(3) interface which is basically mkstemp(3) but with suffix support.

<li>Fix LED update lockup bugs in the i386 console driver (pcvt). <a href="errata23.html#pcvt">A patch is available which fixes this problem</a>.

<li>Fix LED update lockup bugs in the i386 console driver (pcvt). <a href="errata23.html#pcvt">A patch is available which fixes this problem</a>.

<li>Further improvements to photurisd(8).

<li>Fix kvm_read(3) return values.

<li>Overflow fix in ksh(1).

Line 462

Line 476

<li>update to rdist 6.1.4 (plus our many patches).

<li>In pcap(3), permit single-character hostnames.

<li>Convert all DLT_LOOP interfaces to have a network byte order u_int32_t header containing the protocol.

<li>Fix a buffer overflow bug in the resolver. The previous behaviour has security consequences. <a href="errata23.html#resolver">A patch which solves the problem is available</a>.

<li>Fix a buffer overflow bug in the resolver. The previous behaviour has security consequences. <a href="errata23.html#resolver">A patch which solves the problem is available</a>.

<li>Fix select() on bpf descriptors.

<li>Update the rc(8) manpage, and companion pages.

<li>Fix at(1) to handle "now" as a valid time.

Line 484

Line 498

<li>Fix spelling and grammar in numerous man pages.

<li>Fix a minor bug in mail(1).

<li>Fix a bug in atalk(4).

<li>In tcpdump(8), support DLT_ENC packets.

<li>In tcpdump(8), support <code>DLT_ENC</code> packets.

<li>Make decoded IPSEC(4) packets available to bpf(4) via enc0, using linktype DLT_ENC.

<li>Make decoded IPSEC(4) packets available to bpf(4) via enc0, using linktype <code>DLT_ENC</code>.

<li>Fix a minor bug in pwd_mkdb(8).

<li>Make the 4th argument of semctl(2) optional.

<li>Add new TCPCTL_IDENT sysctl for identd(8) to use, instead of kmem snooping. Significant performance improvement too.

<li>Add new <code>TCPCTL_IDENT</code> sysctl for identd(8) to use, instead of kmem snooping. Significant performance improvement too.

<li>Add DLT_LOOP to bpf; to handle 4-byte proto headers on some interfaces.

<li>In the kill(2) patch, also permit SIGUSR1 and SIGUSR2.

<li>buf oflow fix in libc/rpc.

Line 496

Line 510

<li>Various fixes to ftp(1).

<li>Make getty(8) default to 8 bit mode.

<li>Autodetect ATAPI cdrom drives that do not support ATAPI_READ_CD_CAPACITY.

<li>The following patch was deleted later, ignore it: If a process is being ptraced, do not permit execution of an immutable binary, also, if a process is running an immutable binary, do not permit ptrace. This can be a security issue. <a href="errata23.html#ptrace">A patch is available which fixes this problem</a>.

<li>The following patch was deleted later, ignore it: If a process is being ptraced, do not permit execution of an immutable binary, also, if a process is running an immutable binary, do not permit ptrace. This can be a security issue. <a href="errata23.html#ptrace">A patch is available which fixes this problem</a>.

<li>Various fixes to the i386 pctr(4) driver -- previously any user could crash most non-Intel processors. <a href="errata23.html#pctr">Fixes for 2.2 and 2.3 are detailed here</a>.

<li>Various fixes to the i386 pctr(4) driver -- previously any user could crash most non-Intel processors. <a href="errata23.html#pctr">Fixes for 2.2 and 2.3 are detailed here</a>.

<li>Various new smtpd(8) fixes.

<li>Change all modifications of struct sigaction's sa_mask field to use sigsetops(3).

<li>Teach adduser(8) about the /sbin/nologin shell.

Line 528

Line 542

<li>Made i386 pctr driver compatible with all CPU vendors.

<li>Added "feature bits" display to i386 CPU detection, and added more AMD and Cyrix processor models.

<li>Modified named to stash its argument vector in pid file like sendmail does and modified ndc to use it. This means "ndc restart" will now restart named with the correct arguments.

<li>bind 4.9.7, with the -u, -g and -t options from 8.1.2.

<li>bind 4.9.7, with the <code>-u</code>, <code>-g</code> and <code>-t</code> options from 8.1.2.

<li>Handle constant numeric U and LL extensions.

<li>Stop info gathering in uucpd(8).

<li>Various TCP RPC fixes to deal with data streams that could cause lockups inside the library.

Line 541

Line 555

<li>Install gdb(1) info pages.

<li>New distribution install notes that use m4 instead of cpp for formatting.

<li>In gdb, do not use 4.3 compatibility tty ioctl() calls.

<li>Constrain how kill(2) operates against target processes that are running setuid. The previous unrestricted behaviour may have had security consequences. <a href="errata23.html#kill">The 4th revision of a patch which solves the problem is available</a>.

<li>Constrain how kill(2) operates against target processes that are running setuid. The previous unrestricted behaviour may have had security consequences. <a href="errata23.html#kill">The 4th revision of a patch which solves the problem is available</a>.

<li>Fix a free() related bug in csh(1).

<li>Fix a memory trashing bug in the IPSEC SPI chain delete function.

<li>Fix acct(2) to work with append-only files.

Line 549

Line 563

<li>In mount_nfs(8), contact the portmapper about the correct protocol (tcp or udp).

<li>Correct 64 bit timeval storage in ping(8) packets; also put the time in network byte order.

<li>Start cron at the end of /etc/rc to avoid some security issues.

<li>Compile the system with -O2 instead of -O.

<li>Compile the system with <code>-O2</code> instead of <code>-O</code>.

<li>Fix a bunch of scanf related buffer overflows.

<li>Improve XR16C850 support.

<li>Fix less -d option.

<li>Fix less <code>-d</code> option.

<li>Fix i386 divide overflows traps which were possible in the NTP code.

<li>Remove some more incorrect uses of long in kerberos code.

<li>Add a man page for ndbm(3).

<li>As described a few lines above, support even more commands in make(1).

<li>Make the csh(1) command kill more standards compliant.

<li>Make the csh(1) command <code>kill</code> more standards compliant.

<li>Improve documentation about how to properly enable YP client databases.

<li>Emulate umask and exit script commands inside make(1) directly, to get closer to the expected behaviour. Later on we may want to emulate more commands, like gnumake does...

<li>Emulate <code>umask</code> and <code>exit</code> script commands inside make(1) directly, to get closer to the expected behaviour. Later on we may want to emulate more commands, like gnumake does...

<li>Make perl(1) support calls to lockf(3) now that we have it.

<li>Disable dynamic loading in the mips version of perl(1).

<li>Make size(1) work on files created via ld -Z.

<li>Make size(1) work on files created via <code>ld -Z</code>.

<li>A possible new security problem exists if you rely on securelevels and immutable or append-only files or character devices. The fix does not permit mmap'ing of immutable or append-only files which are otherwise writeable, as the VM system will bypass the meaning of the file flags when writes happen to the file. <a href="errata23.html#immutable">A patch exists which solves the problem</a>.

<li>A possible new security problem exists if you rely on securelevels and immutable or append-only files or character devices. The fix does not permit mmap'ing of immutable or append-only files which are otherwise writeable, as the VM system will bypass the meaning of the file flags when writes happen to the file. <a href="errata23.html#immutable">A patch exists which solves the problem</a>.

<li>Niklas is taking a shot at making our cross compiler toolset sufficient for a full cross compile of the vax port.

<li>Fix a file parsing overflow in kdb_util(8).

<li>Make config(8) store the first free unit number in its tables so that pcmcia device re-insertion can come back to the same unit number.

<li>const the parameters to a few more system calls.

<li><code>const</code> the parameters to a few more system calls.

<li>Fix 'z' command in mail(1).

<li>Fix short read() and write() operation in the RFC1413 handling code in httpd(1).

<li>Fix some bad uses of sscanf problems in the source tree.

Line 578

Line 592

<li>pppd 2.3.5

<li>Fix localtime(3) support inside perl(1).

<li>Fix a number of disklabel issues in the hp300 and pmax ports.

<li>Enable #pragma pack and #pragma weak support in gcc.

<li>Enable <code>#pragma pack</code> and <code>#pragma weak</code> support in gcc.

<li>Fix at least one remotely activated buffer overflow in lynx(1).

<li>Add information about more deviant scsi devices.

<li>A security issue exists in 2.2 and 2.3. A lacking test for invalid padding length in IPSEC packets can cause a remote attack possibility if IPSEC is in use. <a href="errata23.html#ipsec">A patch exists which solves the problem</a>. <a href="errata22.html#ipsec">(A similar patch exists for OpenBSD 2.2)</a>.

<li>A security issue exists in 2.2 and 2.3. A lacking test for invalid padding length in IPSEC packets can cause a remote attack possibility if IPSEC is in use. <a href="errata23.html#ipsec">A patch exists which solves the problem</a>. <a href="errata22.html#ipsec">(A similar patch exists for OpenBSD 2.2)</a>.

<li>Fix a select(3) bug in syslogd(8).

<li>In the hp300 port, use actual code to determine how fast the 68040 CPU is running.

<li>Add libossaudio(3) to the source tree.

<li>In mail(1), do not attempt to remove a mail spool since directory write permission may not exist. Instead, simply truncate it.

<li>xterm(1) and libXaw contain security issues due to buffer mismanagement. <a href="errata23.html#xterm-xaw">A patch exists which solves the problem</a>. <a href="errata22.html#xterm-xaw">(A similar patch which solves the problem for OpenBSD 2.2 also exists)</a>.

<li>xterm(1) and libXaw contain security issues due to buffer mismanagement. <a href="errata23.html#xterm-xaw">A patch exists which solves the problem</a>. <a href="errata22.html#xterm-xaw">(A similar patch which solves the problem for OpenBSD 2.2 also exists)</a>.

<li>Permit relative adjustments in mixerctl(1) using +/- prefixes.

<li>msdosfs in FAT32 mode would hang during a write.

<li>Fix ZIP drive use on the hp300.

Line 600

Line 614

<li>Fix a bug in h2ph(1).

<li>talk(1) cannot distinguish the host a reply comes from. If it is suspicious, it now prints that hostname in the connection banner.

<li>In oldrdist(8), avoid attempting to create hardlinks between devices.

<li>Permit socketpair(2) to accept PF_LOCAL.

<li>Permit socketpair(2) to accept <code>PF_LOCAL</code>.

<li>Add audioctl(1) and mixerctl(1).

<li>Merge OSS-like audio code into i386, sparc, amiga, and other architectures.

<li>Teach dump(8) that ENOSPC on remote or local media means end of tape.

Line 619

Line 633

<li>Change 3rd parameter to be size_t as required by XPG.

<li>Let fdisk(8) and disklabel(8) compile if NOMAN= is defined.

<li>Handle truncated reads in dumpfs(8).

<li>Add /var/run/rarpd.pid and syslogging support to rarpd(8).

<li>Add <code>/var/run/rarpd.pid</code> and syslogging support to rarpd(8).

<li>Fix gcc on the m68k to correctly invalidate cached condition codes when only a-registers are involved.

<li>Fix relative tags in vi(1).

<li>Use mkdtemp(3) in pkg_add(8) and friends.

<li>Add dev command to cdio(1) so that user can change device.

<li>Add <code>dev</code> command to cdio(1) so that user can change device.

<li>Change tset(1) and /root/.cshrc behaviour so that ^C at the prompt does not result in noglob remaining set.

<li>Improve numerous manpages.

<li>Make last(1) report on the year.

<li>Set d_bbsize and d_sbsize to defaults in the disk drivers.

<li>Set <code>d_bbsize</code> and <code>d_sbsize</code> to defaults in the disk drivers.

<li>Do not do gethostbyname(3) on "*" in pppd(8).

<li>Ignore SIGPIPE in reboot(8).

</ul>

</body>

</html>