Annotation of www/plus25.html, Revision 1.24
1.17 naddy 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1.1 deraadt 2: <html>
3: <head>
4: <title>OpenBSD 2.5 changes</title>
1.17 naddy 5: <link rev=made href="mailto:www@openbsd.org">
1.1 deraadt 6: <meta name="resource-type" content="document">
7: <meta name="description" content="the main OpenBSD page">
8: <meta name="keywords" content="openbsd,main">
9: <meta name="distribution" content="global">
10: <meta name="copyright" content="This document copyright 1996 by OpenBSD.">
11: </head>
12:
1.20 david 13: <body bgcolor="#ffffff" text="#000000" link="#23238E">
1.1 deraadt 14:
1.14 jsyn 15: <a href="index.html"><img alt="[OpenBSD]" height="30" width="141" src="images/smalltitle.gif" border="0"></a>
1.1 deraadt 16: <p>
1.17 naddy 17: <h2><font color="#e00000">Changes made between OpenBSD 2.4 and OpenBSD 2.5</font></h2>
18: <hr>
1.1 deraadt 19:
20: <p>
21: This is a partial list of the major machine independent changes
22: (ie. these are the changes people ask about most often). Port
23: specific changes have also been made, and are sometimes mentioned
24: in the pages for the specific <a href=plat.html>ports</a> if you
25: are interested in further port-specific details. Many ports
26: have had architecture-specific enhancements relative to NetBSD,
27: but when they do not they certainly have plenty of platform-independent
28: changes, starting with those listed below..
29:
30: <p>
1.17 naddy 31: Note: <font color="#e00000">Problems for which patches exist are marked in red</font>.
1.1 deraadt 32:
33: <p>
34: <h3>
1.16 deraadt 35: For changes in other releases, click below:<br>
36: <a href="plus20.html">2.0</a>,
37: <a href="plus21.html">2.1</a>,
38: <a href="plus22.html">2.2</a>,
39: <a href="plus23.html">2.3</a>,
40: <a href="plus24.html">2.4</a>,
41: <a href="plus26.html">2.6</a>,
42: <a href="plus27.html">2.7</a>,
43: <a href="plus28.html">2.8</a>,
44: <a href="plus29.html">2.9</a>,
45: <a href="plus30.html">3.0</a>,
46: <a href="plus31.html">3.1</a>,
47: <a href="plus32.html">3.2</a>,
1.18 deraadt 48: <a href="plus33.html">3.3</a>,
1.19 david 49: <a href="plus34.html">3.4</a>,
1.22 deraadt 50: <a href="plus35.html">3.5</a>,
1.24 ! miod 51: <a href="plus36.html">3.6</a>,
1.16 deraadt 52: <a href="plus.html">current</a>.
1.1 deraadt 53: <br>
54: </h3>
55:
56: <hr>
57:
58: <p>
1.17 naddy 59: <h3><font color="#0000e0">OpenBSD 2.5 released (May 19, 1999).</font></h3><p>
1.1 deraadt 60: <ul>
61:
62: <li>2.5 source tree frozen.
1.17 naddy 63: <li><font color="#e00000"><strong>Fix ln kernel bug in vfs_lookup.c. <a href="errata24.html#lnpanic">A patch is available</a></strong></font>.
1.1 deraadt 64: <li>Fix ipf return-rst panic bug.
65: <li>Add a -q flag to newfs, so that it does not print out information about the superblock backups. This is used by the install process.
66: <li>Do not permit any IPSEC code unless the admin has enabled it using sysctl.
67: <li>More ISAPNP devices.
68: <li>Do not permit local address spoofing using ip4.
69: <li>Do not permit ip4 tunneling unless the admin has enabled it using sysctl.
70: <li>More man page and games fixes.
71: <li>Significant improvements to disklabel(8) and the install procedure.
72: <li>For CD support, if READ_CD_CAPACITY fails as it does on some units, provide nice defaults so that other things do not fail later.
73: <li>Rearrange default interrupt ordering for pcmcia somewhat more.
74: <li>Improve multicast handling in /etc/rc.
75: <li>Silence initgroups(3), it should not spew to stderr on failure.
76: <li>sudo 1.5.9
77: <li>Numerous ipsec changes, further making isakmpd useful, etc. etc.
78: <li>Support hostname.bridge* files.
79: <li>Support some 100Mbit ne2000-like pcmcia cards.
80: <li>Further Qlogic ISP support for PCI and sbus versions..
81: <li>Add ssl log rotation to newsyslog.conf
82:
83: <li>In sun4m trap handler stubs, rd %wim which makes viking cpus much happier.
84: <li>lifetime expiration notifications for the IPSEC stack.
85: <li>PF_KEYv2 support in isakmpd(8).
86: <li>In kvm_mkdb(8), better fallback from /dev/ksyms to /bsd if there are problems with nlist(3).
87: <li>Fix in6 dependence in various netinet header files.
88: <li>Tail anchor search in makewhatis.sed, so that overwritten titles are dealt with right.
89: <li>Fix a problem regarding "\r" translation in talk(1).
90: <li>Some more games fixes.
91: <li>Workaround sun4m STP1020A errata #148494 regarding cache initialization.
92: <li>In ipsend(8), do not crash if no options provided.
93: <li>Various powerpc fixes, including further PIC support, and fix a kernel pmap crash.
1.17 naddy 94: <li><font color="#e00000"><strong>SECURITY ISSUE: In poll(2), constrain the <strong>nfds</strong> parameter better, so that kvm starvation is less likely. <a href="errata24.html#poll">A patch is available</a></strong></font>.
1.1 deraadt 95: <li>Make at(1) easier to use next year (ie. Y2K issue).
1.17 naddy 96: <li><font color="#e00000"><strong>SECURITY ISSUE: Fix TSS fault handling. <a href="errata24.html#tss">A patch is available</a></strong></font>.
1.1 deraadt 97: <li>In the ncr(4) driver, disable tagged queuing by default. Our filesystems and vfs layer is not prepared for this play-it-loose behaviour.
98: <li>Repair <strong>ypwhich -h</strong> support; it was broken when running on non-server machines.
99: <li>Add non-learning and non-discovery modes to the bridging code.
100: <li>Many more man page fixes.
101: <li>Do not allow users to mount umapfs, even if root chooses to permit kern.usermount activity.
102: <li>termtypes database version 10.2.7, with our local modifications.
103: <li>Many more non-standard isapnp devices.
104: <li>On various architectures, more default swapgeneric swap devices.
105: <li>If an MFS IO is successful, set b_resid to 0, so that vnd support works.
106: <li>Add find -W support for white-outs.
107: <li>Brand new version of the isp(4) driver for SBUS and PCI.
1.11 pvalchev 108: <li>Ensure that sb(4) devices have at least one drq; thus not falsely probing one particularly stupid isapnp sb-like device.
1.1 deraadt 109: <li>ncurses-4.2-990316
110: <li>A nice ssl(8) man page.
111: <li>Various changes to the ssl install, so that /etc/ssl contains nicer default files.
112: <li>Various disklabel(8) improvements and bug fixes, so that our 2.5 release will be easier to install.
113: <li>Bug fixes to the tx(4) driver.
114: <li>In /etc/daily, do /tmp pruning with a <strong>find -x</strong> so that sub-mounts do not get trashed.
115: <li>Add a f.startwm function to twm(1), so that it can start other window managers.
116:
117: <li>On sparc cypress cpus, do write-through instead of write-back caching.
118: <li>In netstat(1), print subnets containing 0 octets correctly.
119: <li>Fix an NFS bug which previously caused free()'ing of negative lengths.
120: <li>ncurses-4.2-990314
121: <li>In disklabel(8), permit "delete *".
122: <li>Make <strong>ifa_refcnt</strong> a u_int, because of very large routing tables.
123: <li>Kernel scheduler performance improvement.
124: <li>Numerous more man page repairs.
125: <li>A start at powerpc PIC support.
126: <li>Fix atapi cdrom driver bug where last entry in TOC had seconds and frame zeroed.
127: <li>Fix some more games.
128: <li>Numerous more bridge improvements.
129: <li>ncurses-4.2-990307
130: <li>Turns out the RAMDISK for the 2.4 i386 release had errors for the default NE2000 device driver locations.
131: <li>wb(4) PCI driver for Winbond W89C840F 100mbit cards.
132: <li>Fix some more pcidevs and pnpdevs entries -- a few more new devices work as a result.
133: <li>libpthread goes away, since libc_r now works really well.
134: <li>Many more man page fixups.
135: <li>For open(2) with O_TRUNC, both st_ctime and st_mtime are to be updated.
136: <li>On the P3, disable the processor serial number.
137: <li>Fix make depend in kerberosIV sub-tree.
138: <li>On i386, add support for cpuid level 2, permitting L2 cache size probing.
139: <li>In pkg_info(8), handle unterminated comments.
140: <li>sudo 1.5.8p2.
141: <li>Make sure httpd(8) works when the RSA SSL library is not installed.
142: <li>In mountd(8), fix a parsing error for the file /etc/exports.
143:
144: <li>Man page clarifications for strncpy(3) and strncat(3), which people continue to misuse.
145: <li>Fix another ipsec bug.
146: <li>More bridge(4) tweaks.
1.11 pvalchev 147: <li>Support <strong>--</strong> argument separator in less(1).
1.1 deraadt 148: <li>Merge cap_mkdb(1) and info_mkdb(1).
149: <li>Fix RAMDISK sizing problems on i386, alpha, and sparc.
150: <li>Fix a DNS stall problem in login(1), related to AFS.
151: <li>A couple of ipsec pfkey fixes.
152: <li>Handle bogus priority specifications in renice(1).
153: <li>Improve compress performance in compress(1).
154: <li>Handle cs4232 isapnp cards better.
155: <li>Fix various source-tree Makefile build-twice bugs
156: <li>Fix a bug in cvs(1).
157: <li>In calendar(1), correctly handle yearly events occurring on fixed weekdays in all cases.
158: <li>Make more ethernet drivers bridge-aware.
159: <li>In talk(1), print fatal errors to stderr after curses has terminated.
160: <li>De-inline vnode_if stubs. This saves 120K in kernel size.
161: <li>Fix another coredumping case in Kerberos kadm library.
162: <li>Fix uninitialized variable bug in install(1).
163: <li>Implement RFNOWAIT with the exact same semantics as Plan9.
164: <li>Track SATYPE regs per PFKEY socket.
165: <li>Fix skeyinit(1) <strong>-n</strong> without an argument.
166: <li>Fix some panic cases in raidframe(4).
167: <li>Fix NFS3 NFS3ERR_JUKEBOX panic bug.
168: <li>Some ipsec error return patches.
169: <li>Other man page repairs..
170: <li>Add significant detailed information to select(2) manpage, which will help people not repeat mistakes others have made.
171: <li>Document timer{clear,add,sub,cmp,isset} in the getitimer(2) manpage.
172: <li>isapnp wss(4) support.
173: <li>curses 4.2-990301
174: <li>SIGINFO support in fsck_ffs(8). Try ^T during bootup.
175: <li>Support stand-alone "up" command in /etc/hostname.* files, for bridges and such.
176: <li>led driver support for Sun4 machines.
177: <li>Revamp some bridge(4) ioctls.
178: <li>Add mod_ssl 2.2.3 support to apache 1.3.4.
179: <li>Rename disklabel <strong>-p</strong> flag to <strong>-d</strong>, and document for the first time.
180: <li>apache 1.3.4
181: <li>cvs 1.10.5
182: <li>Incorporate extensive configuration work done on egcs, into our gcc tools.
183: <li>Fix infinite recursion bug in libkafs, which hit during login(8) if DNS was dead.
184: <li>On boot media, if swapon(8) exists on the install floppy, attempt to add swap early during install.
185: <li>Rename OpenBSD 2.4 to OpenBSD 2.5 -- we are moving into `release mode'.
186: <li>Divide by zero bugfix to netstat(1).
187: <li>Some fixes to the pkg_*(8) tools.
188: <li>Add more isapnp card identifiers.
189: <li>Fixes to the rl(4), pn(4), mx(4), xl(4), and tl(4) PCI ethernet drivers.
190: <li>Many ethernet drivers were doing an packet ownership check which prevented bridging from working, and was better done in ether_input().
191: <li>network bridging support. The packets go through ipf(8) on their way to delivery. See bridge(4) and brconfig(8).
192: <li>Some nfsd(8) and nfsiod(8) changes.
193: <li>Support the PNIC2 PCI ethernet controller in pn(4).
194: <li>Many many man page fixes.
195: <li>In ipsecadm(8), warn if DES or skipjack are used.
196: <li>isakmpd(8) update.
197: <li>newhashinit() kernel interface replaces hashinit() interface, and permits non-blocking malloc operation.
198: <li>Begin uvm import.
199: <li>Some man page improvements.
200: <li>Move ls(1) into ftpd(8).. directly.
201: <li>In setproctitle(3), if sysctl(2) fails do not crash.
202: <li>Constify getcap(3) API.
1.17 naddy 203: <li><font color="#e00000"><strong>For the i386, fix /boot argument mapping. <a href="errata24.html#bootargv">A patch is available</a></strong></font>.
1.1 deraadt 204: <li>Put skipjack in libc.
205: <li>Continue squishing new bugs in new ipsec PF_KEY code...
206: <li>Fix autosetting of d_type and _dtypename in wd(4).
1.17 naddy 207: <li><font color="#e00000"><strong>SECURITY ISSUE: Fix the nlink overflow in FFS and EXT2FS. <a href="errata24.html#nlink">A patch is available</a></strong></font>.
1.1 deraadt 208: <li>Add zegrep(1) and zfgrep(1).
209: <li>Change IPSEC stack to support PFKEYv2.
210: <li>PentiumIII detection.
211: <li>Fix two bugs in ifconfig(8); do not configure an address if not specified, and complain if more than src and dst addresses are specified.
212: <li>Fix another ping bug regarding payload alignment.
213: <li>Fix -R option in inetd(8).
214: <li>Fix send file function in cu(1).
215: <li>Some man page fixes.
216: <li>ncurses 4.2-990220
217: <li>NRL netinet6 compiles now.
218: <li>Two new kinds of rl(4) and vr(4) ethernet cards.
219: <li>Better promisc and multicast handling in sparc hme(4).
220: <li>Fix an rdist(8) bug.
221: <li>Handle powered-down xl(4) cards better.
1.17 naddy 222: <li><font color="#e00000"><strong>SECURITY ISSUE: Fix an overflow in ping(8). <a href="errata24.html#ping">A patch is available</a></strong></font>.
1.1 deraadt 223: <li>In fork(2), always spare 5 last processes for root.
224: <li>Better vis(3) support in savecore(8).
225: <li>Quiet apm(4) and add machdep.apmwarn sysctl.
226: <li>Fix endian-bug in the blowfish routines.
227: <li>Various vis(3) related overflows (by one char).
1.11 pvalchev 228: <li>First step at supporting >2G files in less(1).
1.1 deraadt 229: <li>Add -x, -p, and -m options to ls(1).
230: <li>In ld(1) and ld.so(1), do not optimize the search path when dealing with duplicate shared library names (even though both alternatives have problems).
231: <li>Fix an kernel ipf bug relating to out-going icmp.
1.17 naddy 232: <li><font color="#e00000"><strong>SECURITY ISSUE: Fix an ipq race in ipintr(). <a href="errata24.html#ipqrace">A patch is available</a>, which must be applied after the <a href="errata24.html#maxqueue">maxqueue patch</a> has been installed.</strong></font>
1.1 deraadt 233: <li>Allocate u-area early in fork1(), instead of vm_fork().
234: <li>Fix msdosfs bug regarding corrupted FAT32 root directories.
235: <li>Improve vfs lkm interface.
236: <li>sudo 1.5.8
237: <li>Make vm_page_alloc_contig() a standard VM system function.
238: <li>Fix DES weak key checking in libdes (and netinet/libdeslite).
239: <li>Improve the ipsec(4) man page.
240: <li>Fix <strong>netstat -A</strong> header.
1.17 naddy 241: <li><font color="#e00000"><strong>SECURITY ISSUE: Improved fragment flood protection in the IP layer. <a href="errata24.html#maxqueue">A patch is available</a></strong></font>.
1.1 deraadt 242: <li>IPSEC skipjack support (do not bother using this unless you are .gov or .mil).
243: <li>Check sub-regions better in subr_extent.c, which affects pcmcia.
244: <li>Add <strong>-f</strong> option to comm(1) for case folding.
245: <li>Some more man page fixups.
246: <li>In traceroute(1), do not permit normal users to set the source address as non-local.
247: <li>Make quoted strings work in the interactive mode in restore(8).
248: <li>Fix a padding byte in ipsec esp new.
249: <li>Use new pipe code on all architectures.
250: <li>Some man page repairs.
251: <li>Fix SIOCGIFCONF code in ypbind(8).
252: <li>New raidframe code.
253: <li>Improgve promisc/multicast support in a few sparc drivers.
254: <li>Merge changes from db.1.86 (but do not merge new hash code, since it has an incompatible format)
255: <li>Handle kernel malloc() failing, for TCP SACK block allocation.
256: <li>Do more careful system call range-checking and introduce socklen_t.
1.17 naddy 257: <li><font color="#e00000"><strong>Fix a bug we introduced before 2.4 shipped: readv(2) and writev(2) with iov_len == 0 is legal. <a href="errata24.html#uio">A patch is available</a></strong></font>.
1.1 deraadt 258: <li>Fix a pcmcia mapping bug regarding address space allocation.
259: <li>For wds(4) and ex(4) drivers, unmap address space if probing fails.
260: <li>In ipsecadm(8), verify that keys and IVs are specified in hex.
261: <li>Document that MD4 is pretty much broken, and MD5 is looking pretty bad too (so much for quality designs from RSA).
1.17 naddy 262: <li><font color="#e00000"><strong>SECURITY ISSUE: i386 T_TRCTRAP DDB handling could cause a system crash. <a href="errata24.html#trctrap">A patch is available</a></strong></font>.
1.1 deraadt 263: <li>tcpdump(8) out-of-range access in LLC decoding.
264: <li>Flesh out the vpn(8) manpage.
265: <li>Add old dbm-compatible interface code, from db-1.86
266: <li>Support Return-Path: in vacation(1).
267: <li>Network byte order for default lease time in dhclient(8).
268: <li>Uninitialized memory in ktrace(2) system call.
269: <li>Fix 88k support in libgmp.
270: <li>Make types(5) more useful.
271: <li>ncurses-4.2-990206
272: <li>Correct various freebsd/linux emulation issues.
273: <li>Correct directory entry reads for numerous binary emulators.
1.17 naddy 274: <li><font color="#e00000"><strong>SECURITY ISSUE: Better RST handling in tcp input. <a href="errata24.html#rst">A patch is available</a></strong></font>.
1.1 deraadt 275: <li>BeOS/i386 support in fdisk(8).
276: <li>Two more nop instructions in sparc locore.s for greater reliability on Viking CPUs.
277: <li>Pluralization fix in rup(1).
278: <li>Much more mvme88k support. The port is coming alive...
279: <li>In ftp(1), if http fetch returns less than Content-Length, error out.
280: <li>gcc/binutils/ld support for mvme88k.
281: <li>Fix cua device handling in com(4) and pccom(4).
282: <li>Handle MNT_NODEV in nullfs.
283: <li>Correct a tcp ISS bug.
284: <li>Support sparc bootpath handling in qe(4) and be(4).
1.17 naddy 285: <li><font color="#e00000"><strong>hp300 X in the 2.4 release has an installation issue. <a href="errata24.html#hp300X">Further details available</a></strong></font>.
1.1 deraadt 286: <li>Fix isa_check_intr() support on the alpha.
287: <li>Fix breaking support in <strong>fold -s</strong>.
288: <li>Improve long line support in hexdump(1).
289: <li>Improve some ipf-related man pages.
290: <li>Fix a server-side NFS issue for the alpha.
291: <li>Sendmail 8.9.3.
292: <li>ipf 3.2.10.
293: <li>Dynamically allocate some buffers in rdist to reduce memory footprint on directories that contain many hard-linked files.
294: <li>Some other random netinet fixes.
295: <li>Do not count ipsec related "route misses" as routing lookup failures.
296: <li>Support MSG_BCAST and MSG_MCAST in recvmsg(2).
297: <li>Allow higher uids in adduser(8).
298: <li>Make h2ph grok hex constants with suffixes, exponential floats, and the [fF] suffixes.
299: <li>Add '-p pattern' option to split for matching with a regexp.
300: <li>More man page fixes.
301: <li>Increase size of routing statistics variables.
302: <li>More info from rarpd in -d (debug) mode.
303: <li>${CC} and ${COPTS} were not always getting passed in Makefile.bsd-wrapper.
304: <li>tail(1) and wc(1) can now deal with files > 2gig.
305: <li>xterm patchlevel 91.
306: <li>Permit non-root users to mkfifo onto NFS filesystems.
307: <li>Fix AFS on mips.
308: <li>sparc sbus spif driver (serial+parallel card).
309: <li>Update curses to ncurses-4.2-990130 and import infocmp(1).
310: <li>Correct handling of negative fields in <strong>df -h</strong>.
311: <li>Fix i386 __asm clobber control, for egcs.
312: <li>Various fixes to the bt848 driver.
313: <li>Fix a multiple free patch in ipnat.
314: <li>preliminary powerpc PIC support.
315: <li>powerpc destructors were being called twice. Now only call them once.
316: <li>Add support for more pcmcia cards.
317: <li>Fix NEWRENO behaviour, which was buggy.
318: <li>tzdata1999a
319: <li>Add <strong>-b</strong> flag to install(1).
320: <li>For the bootblocks, fix error returns when running in decompressing mode.
321: <li>Disable i386 bootblocks E801 memory probing test.
1.17 naddy 322: <li><font color="#e00000"><strong>SECURITY ISSUE: Fix a select(2)/accept(2) race condition. <a href="errata24.html#accept">A patch is available</a></strong></font>.
1.6 rohee 323: <li>Support & username expansion in sendbug, and fix the /tmp race.
1.1 deraadt 324: <li>Avoid a sendmail DOS regarding huge numbers of header lines.
325: <li>rmdir(".") now returns EBUSY, as XPG2 says.
326: <li>pdksh 5.2.13.7
327: <li>In config(8), order probes according to device attachment, not device declaration.
328: <li>Many more games fixes.
329: <li>More man page fixes.
330: <li>Correct st_blocks for files > 2GB.
331: <li>Fix mktemp(3) behaviour in gcc(1). It now handles files safely! (Took 2 years to get this security issue resolved).
332: <li>Many pid_t fixes to the source tree.
333: <li>PID_MAX has to be at most 32766, due to interactions with sys/compat.
334: <li>texinfo 3.12
335: <li>Addition of raidframe.
336: <li>PNIC ethernet driver.
337: <li>Kernel threads (ie. kthread).
338: <li>Fix a varargs related bug in patch(1).
339: <li>MNT_NOATIME support in msdosfs.
340: <li>VIA Rhine ethernet driver.
1.17 naddy 341: <li><font color="#e00000"><strong>Fix an nfs v3 bug when talking to the pedantic solaris7 server. <a href="errata24.html#nfs3_solaris7">A patch is available</a></strong></font>.
1.1 deraadt 342: <li>Merge other fixes from ksh 5.2.13.6
343: <li>Add RFNOWAIT support to rfork(2).
344: <li>Careful strtol() use in make(1).
345: <li>Fix a vm cache trashing bug.
346: <li>XFree86 3.3.3.1
347: <li>More care in getmntinfo(3).
348: <li>Fix an msdosfs bug.
349: <li>Driver for Macronix 98713, 98713A, 98715 and 98725.
350: <li>Check for more possible divide-by-zero cases in disklabel handling.
351: <li>Fix a display bug in tetris(6).
1.3 deraadt 352: <li>Make lpt accept polled mode when its interrupt is unavailable.
1.1 deraadt 353: <li>uint*_t types from newer POSIX standards.
354: <li>Delay irq allocation for the i82365 pcmcia chipset -- we want better interrupts to be given to pcmcia cards.
355: <li>Import of NRL IPv6.
356: <li>new airports database.
357: <li>Fix an apm bug for <strong>halt -p</strong>.
358: <li>Update CellServDB.
359: <li>In syslogd(8), be careful about <strong>sun_path</strong> termination.
360: <li>Avoid kernel divide-by-zero panics in disklabel handling.
361: <li>newsyslog(8) no longer needs to care about MAX_PID.
1.11 pvalchev 362: <li>In find(1), correct ! handling in parenthesis
1.1 deraadt 363: <li>In strftime(3), document what an ISO 8601 year is. It's not what you think it is..
364: <li>In rdump(8), use TCP_NODELAY for a significant performance enhancement.
365: <li>Fix nsphy(4) MII driver to work on finicky hme(4) driver.
366: <li>Put some named files in the right place (post-2.4 bug).
367: <li>For nfs booting, print addresses using kernel inet_ntoa().
368: <li>range overflow in edquota(8).
369: <li>Provide pcmcia IO bus mapper with a list of regions where it should preferentially map new devices.
370: <li>In patch(1), remove some local functions and use basename(3) and dirname(3) instead.
1.6 rohee 371: <li>Integration of NetBSD's MIDI & sequencer support.
1.1 deraadt 372: <li>Sendmail 8.9.2
373: <li>c++ does not permit a structure to have a member that is called the same name as the structure (ie. <strong>netinet/in.h</strong> had <strong>struct ip_opts</strong> containing a member called <strong>ip_opts[]</strong>. Fix that.
374: <li>Fix ${PIPE} uses throughout the source tree (not kernel compiles though).
375: <li>A few htdocs were missing in our httpd(8) install. Add them.
376: <li>Some pcmcia fixes.
377: <li>Correct nested <strong>ip_sum</strong> in icmp packets.
1.21 deraadt 378: <li>Correct the values of <strong>ip_len</strong>, <strong>ip_off</strong>, <strong>ip_id</strong>, and udp <strong>uh_sum</strong> fields for the embedded ip packet inside an icmp packet. (<strong>ip_sum</strong> is still wrong).
1.1 deraadt 379: <li>More locking fixes in the vfs layer.
1.17 naddy 380: <li><font color="#e00000"><strong>Fix df(1) on NFS v3 filesystems. <a href="errata24.html#nfs3">A source code patch is available which solves this problem</a></strong></font>.
1.1 deraadt 381: <li>Crank PID_MAX to 65535.
382: <li>Do better pcmcia interrupt allocation.
383: <li>Make <strong>ip_id</strong> non-repeating random, like DNS id's.
384: <li>range check signal conversions in the compat layer.
385: <li>make mount(2) return EOPNOTSUPP for filesystem missing in kernel.
386: <li>Fix a pcmcia com(4) driver panic.
387: <li>Many libc_r improvements.
388: <li>In xl(4), if no MII found, do not panic.
389: <li>Fix sh(1) and csh(1) builtin kill(1) clones so that they support -SIGXXX.
390: <li>Activate isakmpd in the build process.
391: <li>Newer version of isakmpd.
392: <li>In kgmon(8), let libkvm decide the default kernel name.
393: <li>Repeat open operations in cdio, in case of slow changers.
1.17 naddy 394: <li><font color="#e00000"><strong>SECURITY ISSUE: Even more bootpd paranoia. Updated patches are available for <a href="errata23.html#bootpd">2.3</a> and <a href="errata24.html#bootpd">2.4</a></strong></font>.
1.1 deraadt 395: <li>Make sa(8) 64bit clean.
396: <li>In install(1), handle sparse files the same way pax(1) does.
1.17 naddy 397: <li><font color="#e00000"><strong>Replace raw termcap/terminfo databases with new ones based on a common and shared termtypes database. <a href="errata24.html#terminfo">Since these databases had problems in the 2.4 release, updated versions are available</a></strong></font>.
1.1 deraadt 398: <li>Permit csh(1)-builtin printf function to have arguments.
399: <li>Fix a display problem in hexdump(1).
1.17 naddy 400: <li><font color="#e00000"><strong>Fix an i386 installboot bug which prevents proper installation when the root partition (or the root partition end) are placed BEYOND the 4GB line. <a href="errata24.html#installboot">A source code patch is available which solves this problem</a></strong></font>.
1.1 deraadt 401: <li>Flesh mktemp(3) manpage out significantly.
402: <li>Working <a href=mvme88k.html>mvme88k</a> port.
403: <li>For IPHDRINCL, check <strong>ip_hl</strong> for validity, too.
404: <li>Fix goal and max parameters in fmt(1).
405: <li>Do not believe SS20 machines that claim to have BURST64 support.
406: <li>In sparc le(3), be more careful about media handling and such.
407: <li>In ftp, if passive connections fail, try active.
408: <li>Morse decoding in morse(6).
409: <li>Numerous fixes to calendar(1), in particular it can now calculate Easter correctly.
410: <li>Various race/deadlock fixes to umount(2).
411: <li>More man page fixes.
412: <li>More isapnp devices.
413: <li>Fix rand(3) bug introduced into 2.4.
414: <li>Fix [:print:] in tr(1).
415: <li>Merge make(1) fixes and changes from other projects.
416: <li>Consider limits in fdavail().
417: <li>Fix layer in VFS layer function vinvalbuf().
418: <li>Fix a tl(4) bug which caused a particular IDE controller to look like an ethernet card...
419: <li>Increase sparc obio le driver memory to 8K, enhances performance.
420: <li>Remove itrunc3 panic case: It is invalid code.
421: <li>fast retransmit statistics in netstat(1).
422: <li>Many new ISA PNP devices.
423: <li>Make -ltermcap be -lcurses; and -lotermcap be -locurses, via links.
424: <li>For kerberosIV, install <strong>prot.h</strong> (some things require it).
425: <li>XFree86 3.3.3
1.17 naddy 426: <li><font color="#e00000"><strong>SECURITY ISSUE: Fix a remote exploit problem in bootpd (which noone runs anyways, without filtering, right?). This fixes a security problem. Patches are available for <a href="errata23.html#bootpd">2.3</a> and <a href="errata24.html#bootpd">2.4</a></strong></font>.
1.1 deraadt 427: <li>In cut(1), avoid an infinite loop.
428: <li>In top(1), skip disabled swap spaces.
429: <li>Even more man page fixes courtesy of our local man page repair fanatic.
430: <li>Fix a crash in ps(1).
431: <li>Make file(1) understand mp3 formats.
432: <li>Repair a recent bug introduced with the SACK/FACK changes (only affected the alpha).
433: <li>Add <strong>-C</strong> support to our patch(1).
434: <li>Numerous IPSEC-related fixes inside the kernel and outside.
435: <li>Many more man page fixes.
436: <li>In ipf(8), do not crash for bad config file.
437: <li>Do not permit tapesize estimate overflows in dump(8).
438: <li>Fix memory leaks in yacc(1), lex(1).
439: <li>In nslookup(1), fix an bug in some previous overflow handling.
440: <li>Permit "Total" bar in "systat swap" to shrink.
441: <li>Fix /tmp race in ctm(1).
442: <li>Make /etc/security consistant to /etc/mtree for the /var/backups directory.
443: <li>Fix a gzip bug.
444: <li>More careful buffer handling in rpc library.
445: <li>Handle spaced-out arguments in lorder(1).
446: <li>Since some drivers occasionally return busted d_secpercyl fields to readdisklabel(), do more checking inside readdisklabel() for those ports that run into this issue.
447: <li>A couple of missing prototypes added.
448: <li>More man page fixes.
449: <li>sudo 1.5.7
450: <li>New getcat(1) manpage.
1.23 pedro 451: <li>Serious improvements to libc_r. This is becoming usable.
1.1 deraadt 452: <li>More careful mmap handling in various device drivers.
453: <li>Exponential space growth in v?asprintf(3).
454: <li>More manpage fixes.
455: <li>Fix a crash of ksh(1).
456: <li>Ignore out-of-range environment LINES and COLUMNS in libocurses.
457: <li>In libcurses in the issetugid(2) case, ignore $TERMINFO.
1.17 naddy 458: <li><font color="#e00000"><strong>SECURITY ISSUE: In libocurses and libcurses in the issetugid(2) case, only ignore $TERMCAP if it is a path. <a href="errata24.html#termcap">A patch is available</a></strong></font>.
1.1 deraadt 459: <li>Support full set of pty devices in the MAKEDEV scripts.
460: <li>Make rl(4) match the Accton 1207D cards too.
461: <li>Prototype getpgid(2)
462: <li>Handle COMMENTS better in pkg_info(8).
463: <li>64-bit fixes in TCP SACK.
464: <li>Fix a bunch of strtol() range check errors.
465: <li>Improve tty permission checking in wall(1).
466: <li>NEWRENO, SACK, and FACK support in our TCP implementation. SACK and FACK are enabled by default.
467: <li>Added <i>adw</i>, the AdvanSys Ultra Wide PCI SCSI controller driver.
468: <li>Make yacc's skeleton file pass gcc -Wall.
469: <li>ncurses-4.2-981114
470: <li>Fix pcvt attribute handling
471: <li>Fix system() buffer mis-handlings in lynx(1)
472: <li>Use -lcurses in xterm(1)
473: <li>Preserve errno in a libutil/passwd.c function
474: <li>In libm, use write(2,...) instead of stdio code.
475: <li>Fix an IPSEC SPI mishandling bug.
476: <li>ncurses based tset(1).
477: <li>Fix an expression handling bug in as(1).
478: <li>Improve setregid() and setreuid() emulated behaviour.
479: <li>ftok() is now XPG compliant.
1.17 naddy 480: <li><font color="#e00000"><strong>Put userdir support back into httpd(8). <a href="errata24.html#userdir">A patch is available</a></strong></font>.
1.1 deraadt 481: <li>Put userdir support back into httpd(8).
482: <li>New daemon: isakmpd (ISAKMP/Oakley ipsec daemon).
483: <li>Move /tmp/bootpd.dump to /var/run to avoid filesystem race.
484: <li>Fix some manpages
485: <li>sudo 1.5.6p6
1.17 naddy 486: <li><font color="#e00000"><strong>Fix a remote lockup problem in the TCP packet decoding code. This fixes a security problem. Patches are available for <a href="errata23.html#tcpfix">2.3</a> and <a href="errata24.html#tcpfix">2.4</a></strong></font>.
1.1 deraadt 487: <li>Fix a deadlock in deadfs VOP_LOCK().
488: <li>Support -p option in ipmon(8).
489: <li>Change bpf to support full frame-grabbing for FDDI packets.
490: <li>Support more ISAPNP devices.
491: <li><a href=want.html>A new web page contains a list of hardware that the project could use for our development process.</a>
492: <li>Newer soft updates code.
493: <li>More manpage fixups.
494: <li>Driver for rl(4) PCI ethernet cards (rtl8129/8139).
495: <li>New phy drivers.
496: <li>Repair a bad strlcpy(3) manpage error.
497: <li>Support ftpd(8) running out of /etc/rc
498: <li>Fix fsck_ext2fs(8) for FIFOs.
499: <li>Detect and handle dma sbus cards in non-dma sbus slots.
500: <li>Handle scsi devices which terminate inquiry strings with 0xff.
501: <li>Fix append mode in freopen(3).
502: <li>Cache and hash hostnames in ipmon(8).
503: <li>Improvements to up-coming libc_r code.
504: <li>Minor possible security fix to xlock(1).
505: <li>Easter and Y2K leap year fix to calendar(1).
506: <li>Use optimal xfer blocksize in rm(1) instead of assuming 8K.
507: <li>Fix a bug in libocurses.
508: <li>curses 4.2-981017
509: <li>More man page fixes.
510: <li>Be sure to enable pci cards that the BIOS forgot about.
511: <li>Support hppa in rbootd(8)
512: <li>Merge bug fixes from pdksh 5.2.13.4
513: <li>Various new ppp(8) changes.
514: <li>Use correct ioctl for flushing in ipmon(8).
515: <li>Fix various tcp options bugs.
516: <li>Fix tcp timestamps.
1.17 naddy 517: <li><font color="#e00000"><strong>Repair sparc kvm dump header problem. <a href="errata24.html#kvm_mkdb">A patch is available</a></strong></font>.
1.1 deraadt 518: <li>More carefully check /etc/hostname.* file contents before using it.
519: <li>Fix mktemp() problems in lynx(1).
520: </ul>
521: <p>
522:
523: This list mentions mostly platform-independent changes. For a list of changes
524: made in a particular platform, please check the page for that platform. If you
525: find them not listed there, the changes are either (1) not being documented or
526: (2) are documented here.<br><br>
527:
528: <hr>
529: <p>
530: <h3>
1.16 deraadt 531: For changes in other releases, click below:<br>
532: <a href="plus20.html">2.0</a>,
533: <a href="plus21.html">2.1</a>,
534: <a href="plus22.html">2.2</a>,
535: <a href="plus23.html">2.3</a>,
536: <a href="plus24.html">2.4</a>,
537: <a href="plus26.html">2.6</a>,
538: <a href="plus27.html">2.7</a>,
539: <a href="plus28.html">2.8</a>,
540: <a href="plus29.html">2.9</a>,
541: <a href="plus30.html">3.0</a>,
542: <a href="plus31.html">3.1</a>,
543: <a href="plus32.html">3.2</a>,
1.18 deraadt 544: <a href="plus33.html">3.3</a>,
1.19 david 545: <a href="plus34.html">3.4</a>,
1.22 deraadt 546: <a href="plus35.html">3.5</a>,
1.24 ! miod 547: <a href="plus36.html">3.6</a>,
1.16 deraadt 548: <a href="plus.html">current</a>.
1.1 deraadt 549: <br>
550: </h3>
551:
552: <hr>
553: <a href="index.html"><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a>
1.17 naddy 554: <a href="mailto:www@openbsd.org">www@openbsd.org</a>
1.24 ! miod 555: <br><small>$OpenBSD: plus25.html,v 1.23 2004/06/18 18:36:13 pedro Exp $</small>
1.1 deraadt 556:
557: </body>
558: </html>