Annotation of www/plus26.html, Revision 1.10
1.1 deraadt 1: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML Strict//EN">
2: <html>
3: <head>
4: <title>OpenBSD 2.6 changes</title>
5: <link rev=made href=mailto:www@openbsd.org>
6: <meta name="resource-type" content="document">
7: <meta name="description" content="the main OpenBSD page">
8: <meta name="keywords" content="openbsd,main">
9: <meta name="distribution" content="global">
10: <meta name="copyright" content="This document copyright 1996 by OpenBSD.">
11: </head>
12:
13: <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E">
14:
15: <img alt="[OpenBSD]" height=30 width=141 SRC="images/smalltitle.gif">
16: <p>
17: <h2><font color=#e00000>Changes made between OpenBSD 2.5 and OpenBSD 2.6</font><hr></h2>
18:
19: <p>
20: This is a partial list of the major machine independent changes
21: (ie. these are the changes people ask about most often). Port
22: specific changes have also been made, and are sometimes mentioned
23: in the pages for the specific <a href=plat.html>ports</a> if you
24: are interested in further port-specific details. Many ports
25: have had architecture-specific enhancements relative to NetBSD,
26: but when they do not they certainly have plenty of platform-independent
27: changes, starting with those listed below..
28:
29: <p>
30: Note: <font color=#e00000>Problems for which patches exist are marked in red</font>.
31:
32: <p>
33: <h3>
34: <a href=plus20.html>For changes leading up to OpenBSD 2.0, click here</a>.<br>
35: <a href=plus21.html>For changes leading up to OpenBSD 2.1, click here</a>.<br>
36: <a href=plus22.html>For changes leading up to OpenBSD 2.2, click here</a>.<br>
37: <a href=plus23.html>For changes leading up to OpenBSD 2.3, click here</a>.<br>
38: <a href=plus24.html>For changes leading up to OpenBSD 2.4, click here</a>.<br>
39: <a href=plus25.html>For changes leading up to OpenBSD 2.5, click here</a>.<br>
1.7 deraadt 40: <a href=plus27.html>For changes leading up to OpenBSD 2.7, click here</a>.<br>
1.8 deraadt 41: <a href=plus28.html>For changes leading up to OpenBSD 2.8, click here</a>.<br>
1.9 deraadt 42: <a href=plus29.html>For changes leading up to OpenBSD 2.9, click here</a>.<br>
1.1 deraadt 43: <a href=plus.html>For changes in OpenBSD-current, click here</a>.
44: <br>
45: </h3>
46:
47: <hr>
48:
49: <p>
1.5 todd 50: <h3><font color=#0000e0>OpenBSD 2.6 released (December 1, 1999).</font></h3><p>
1.1 deraadt 51: <ul>
52: <li>2.6 source tree frozen.
53: <li>Merge in some critical ATAPI fixes.
54: <li>Force FDSCRIPTS.
1.4 deraadt 55: <li><font color=#e00000><strong>RELIABILITY ISSUE: Fix a bug in the brooktree driver which permitted any user to crash some OpenBSD/i386 machines. <a href=errata25.html#brooktree>A patch is available</a></strong></font>.
1.2 espie 56: <li>Separate help(1) command, and a separate help(1) man page.
1.1 deraadt 57: <li>Move wrapper handling to the child process, in sshd(8).
58: <li>Various fixes for the bignum and RSA handling code in sshd(8).
59: <li>ssh 1.5 protocol.
60: <li>isakmpd policy man page.
61: <li>Put gcc-lib in base, because the mac68k installer built-in tar command is stupid, and does not do a mkdir -p type operation internally.
62: <li>In the install script, if the user skips network config and later chooses an option which requires network config, ask for network config to be done then.
63: <li>Make i386 pcvt driver also support the traditional PC display, with 16 colours.
1.2 espie 64: <li>In the install script, support separate international and USA versions of the ssl package.
1.1 deraadt 65: <li>Fix another unmount/mfs race condition.
66: <li>If no sshd_config file, have sshd(8) abort.
67: <li>Fix for the i386 isadmaattach panic.
68: <li>PermitRootLogin in sshd(8).
69: <li>Document how we are dealing with SSL, crypto, and RSA issues in the ssl(8) man page even better.
70: <li>Stir ARC4 after key use in sshd(4).
71: <li>Fix mii tick tock stuff in the fxp(4) driver.
72: <li>Fix connect() race in ssh agent handling.
73: <li>Numerous fixes and improvements to the install scripts.
74: <li>Avoid mbuf corruption in recvmsg(2).
75: <li>Only attempt to read disklabels from CDs with a data track.
76: <li>Fix a bug in newsyslog(8), which caused it to rotate empty log files near first system boot.
77: <li>Do not call VOP_SETATTR on a pipe.
78: <li>SilentDeny option for sshd(8).
79: <li>Avoid an infinite loop in ping(8).
80: <li>Add driver for i82553 phy, used by some fxp(4) cards.
81: <li>Allow root logins in xmd, but provide a nice comment so people can disable it easily.
82: <li>Document -e support in config(8).
83: <li>Use setsid(2) on all connections to sshd(8), since our setlogin(2) is secure and needs that.
84: <li>sshd(8) Allow/Deny Users/Groups features.
85: <li>sshd(8) UseLogin feature.
1.2 espie 86: <li>Use a separate perl-based vi.recover script because sh is a terrible language.
1.1 deraadt 87: <li>Check permissions of directories leading up to ssh authorized_keys file.
1.10 ! pvalchev 88: <li>For AF_UNIX sockets, do not follow symbolic links at creation time, since there is nothing equivalent to O_EXCL.
1.1 deraadt 89: <li>Permit build of system with NFSSERVER but without NFSCLIENT.
90: <li>More keynote man pages.
91: <li>pmax support is back in the tree, various tweaks everywhere.
92: <li>Make eap(4) print it's interrupt at attach time.
93: <li>As well as numerous repairs, now also support "pkg_add *".
94: <li>Many many man page improvements.
95: <li>Support newer model of the fxp(4) card.
96: <li>Further improvements to ATA probing.
97: <li>Support skey in sshd.
98: <li>Use pkg_add -I for the ssl package install, in the install scripts.
99: <li>Repair fd(4) motor off code.
100: <li>Handle most xl(4) devices that lack a PHY.
101: <li>On machines lacking shared libraries, install the ssh utilities with mode 0, so that /etc/rc will run the ones in /usr/local/bin instead.
102: <li>Cluster fixes to ipsec code.
103: <li>implement client NumberOfPasswordPrompts in ssh(1).
104: <li>Support various effect modes on the ym(4) sound cards.
105: <li>Y2K related fixes for some buggy i386 clock chips.
106: <li>Fix various atapi sense detection bugs.
107: <li>Big endian fixes to tcpdump(8).
108: <li>Move sshd auth sockets to a private directory.
109: <li>Various make performance enhancements.
110: <li>Ensonic ES1371 support in the eap(4) driver.
111: <li>Fix a sshd xauth race.
112: <li>Lots of manpage improvements.
113: <li>ssh crc32 compensation attach detection fix from core-sdi.
114: <li>PCI Promise IDE controller support, not perfect yet.
115: <li>Nuke minfd stuff in ssh.
116: <li>config(8) gets -e and -u support.
117: <li>Put sbin and /usr/sbin in the default path.
118: <li>Fix garbled dmesg output on the console in the mvme68k port.
119: <li>DNS spoof checking code in the ssh.
120: <li>Double default shared memory for i386.
121: <li>Various quality of software repairs to sshd, like errno trashing in signal handlers, and other stupid things like that.
122: <li>Fix a missing memory initialization bug in the i386 bootblocks.
123: <li>Avoid use of shutdown(2) in sshd.
124: <li>For fts(3) and find(1), fix various off-by-one errors and some issues with -execdir for multiple relative directories.
125: <li>libwrap support in sshd.
126: <li>Nice setproctitle(3) changes to sshd, so that you can tell which process is which login.
127: <li>Add -q support to whois(1).
128: <li>Remove local blowfish code in ssh.
129: <li>Improve the scp(1) progress meter.
130: <li>Various games fixes.
131: <li>mod_ssl 2.4.5
132: <li>new isakmpd code.
133: <li>Support DSO's in httpd, and build them into the normal tree.
134: <li>sm(4) driver now supports SMC 8020 pcmcia cards.
135: <li>sk(4) driver for SysKonnect 984x gigabit ethernet adapters.
136: <li>add support for external storage to the mbuf layer, managed by external managers.
137: <li>libkeynote 2.0
138: <li>Support more ess(4) sound card models.
139: <li>Numerous other ssh changes...
140: <li>in ssh, use libc md5 code.
141: <li>remove rc4 code from ssh
142: <li>Remove ssh "-c none" code.
143: <li>Improve ftpd's documentation.
144: <li>Improve tcpdump's handling of ISAKMP packages.
145: <li>Make bootblock memory probing work the same as 2.5.
146: <li>More man page repairs and improvements. A day doesn't go by...
147: <li>Some fixes to the games.
148: <li>Many more ssh improvements.
149: <li>Critical ipsec reliability fix for the i386.
150: <li>Run ldconfig before any ssh stuff, because the ssl package now extracts into /usr/local/lib.
151: <li>Apache 1.3.9 + Mod_ssl 2.4.2
152: <li>ssleay(1) goes away, replaced by openssl(1).
153: <li>OpenSSL 0.9.4
154: <li>Fix tun(4) byte counters.
155: <li>To ssh, add X11DisplayOffset, user@host, kerberos4 support, GatewayPorts, ssh -g, etc.
156: <li>Fix rc scripts to start ssh nicely upon first and subsequent boots.
157: <li>Rip all licensed and patented code out of ssh.
158: <li>Support MVME188 and MVME197 models in the mvme88k port.
159: <li>Fixes to the pci wb(4) driver.
160: <li>pkg_add signing capability is being worked on.
161: <li>Put uuencoded install bits for amiga into the tree, so that they can end up in the distribution.
162: <li>Fix hp300 ramdisk.
163: <li>32-bit ie(4) driver for the mvme68k and mvme88k ports.
164: <li>More changes to pcvt scrollback code.
165: <li>More fixes to pci ax(4).
166: <li>In inetd.conf, disable telnet/ftp/login by default.
167: <li>Simplify ssh configuration.
168: <li>New mandoc pages for ssh(1) and friends..
169: <li>Add ssh to the source tree (based on an old version, but all the bugs are fixed, and we are playing RSA license games with libssl/libcrypto and adding all the modern ssh features).
170: <li>Add :L and :U modifiers to make(1).
171: <li>stdbool.h from C9X.
172: <li>Install script changes to support libssl package install. Not nice, but it will be improved.
173: <li>Move towards 2.6-beta.
174: <li>Fix icmp byte-order changes so that ip_forward() aliased packet doesn't bite us.
175: <li>Many man page changes.
176: <li>Some ipsec changes to tcpdump(1).
177: <li>Add atactl(8).
178: <li>Add opendisk(3) API to libutil.
179: <li>Crank some i386 limits, now that kvm is larger.
180: <li>Repair some URL handlings in pkg_install(8).
181: <li>Significant changes to the install scripts.
182: <li>Change makewhatis to accept arguments.
183: <li>AC-97 CODEC support.
1.6 aaron 184: <li>Fix device existence check in hp300 tape support.
1.1 deraadt 185: <li>Grow i386 kvm to 512MB.
186: <li>Merge to tcpdump 3.4.
187: <li>Use writev(3) in libc functions that talk to stderr.
188: <li>Add raw support in tcpdump.
189: <li>In xl(4), Support 3c980c.
190: <li>Fix a FIFO handling bug in xe(4) driver.
191: <li>Fix a caching bug in getpwent(3) seen with setuid binaries and YP.
192: <li>i386 support for "isa0 at pcib?".
193: <li>Upon bootup, permit i386 to modify the rootdev after looking at BIOS disk signatures.
194: <li>Change rc.conf so that sendmail is started with -q30m by default (not -bd).
195: <li>Various speed improvements by using round_page() instead of roundup(foo, NBPG).
196: <li>cvs 1.10.7
197: <li>Import uunencoded binary amiga things which need to be in a release.
198: <li>64bit repair in ls(1)
199: <li>ELF64 support.
200: <li>Some man page improvements.
201: <li>Detach code in the icsphy.
202: <li>Support tadpole sparc microcontroller.
203: <li>Ensure that adduser(8) sends the password to encrypt(1) via stdin, avoid ps(1) snooping.
204: <li>Improved m4(1) extensively.
205: <li>Improved fsck_msdos(8).
206: <li>On i386, expand aperture because XFree86 3.9.15 want to look at the card BIOS.
207: <li>p9100 console support for Tadpole sparc.
208: <li>Scroll-back support for the i386 pcvt driver.
209: <li>Use stathz to calculate CPU time, fixing CPU calculation when stathz is different from hz and profhz (affected i386).
210: <li>Preliminary ATAPI tape drive support.
211: <li>Support "short" mouse protocol for the Tadpole sparc.
212: <li>More queue.h macros.
213: <li>In /etc/rc during vi recovery, ensure vi recovery files are normal.
214: <li>Change /etc/rc.shutdown handling, so that /etc/rc.shutdown is completely admin-editable and does not run if in single-user mode.<br> <strong>NOTE: If you follow current, this means that people need to install a new /etc/rc file.</strong>
215: <li>On sparc, change pagetable pointers using atomic instructions.
216: <li>Change pmap_enter() API.
217: <li>Start doing an atoi(3) audit of the tree; most cases should use strtol() and strtoul().
218: <li>Cleanup handling of signed and unsigned numbers in sysctl(8).
219: <li>Many man page improvements.
220: <li>Print i386 interrupts nicer in vmstat -i.
221: <li>In bridge, do not flush static address when configuring down.
222: <li>Permit bridge control before it is configured up.
223: <li>Cleanup parsing of /etc/hostname.* files, and support new /etc/bridgename.* files.
224: <li>In tcp's input path, for SACK, update the window information correctly.
225: <li>If a patch contains zero patches, have patch(1) error out.
226: <li>Start amd(8) in /etc/amd.
227: <li>Fix buf overflow in amd(8).
228: <li>Support AAA-131CF card in ahc(4) driver.
229: <li>Check SACK hole validity better, and do sequence space arithmetic better.
1.3 deraadt 230: <li><font color=#e00000><strong>SECURITY ISSUE: In cron(8), make sure argv[] is NULL terminated in the fake popen() and run sendmail as the user, not as root. <a href=errata25.html#cron>A patch is available</a></strong></font>.
1.1 deraadt 231: <li>Some fixes to newsyslog(8).
232: <li>Disable SACK for now; some issues remain.
233: <li>Buffer overflow fixes in from(1).
234: <li>Make res_random and ip_random attacks harder by adding a little xor.
235: <li>Improved handling of BIOS memory maps, which should permit apm to work a bit better on some machines.
236: <li>XFree86 3.3.5
237: <li>Allow userland to figure out whether a scsi device is atapi or not; used by some things like tosha.
238: <li>Fix fgets(3) bug in paste(1).
239: <li>gcc 2.95.1
240: <li>ncurses-5.0-990821
241: <li>Disable -fstrict-aliasing by default: It causes gcc to generate very incorrect code when compiling code which isn't perfectly ANSI-conforming.
242: <li>Add MOUSEIOCSCOOKED and MOUSEIOCSRAW ioctl() calls to the lms and mms drivers, so that X can figure out what driver is running.
243: <li>Extend support in kbd(1) for the sparc.
244: <li>Change default group ownership for tty and cua devices, so that locking works better in tip(1) and cu(1).
245: <li>Crank kerberos default expiration date.
246: <li>Teach i386 architecture code about Rise cpu models.
247: <li>Build shared library called libperl.
248: <li>Use new <strong>arch -s</strong> option for building perl.
249: <li>Fix a few possible sparc pmap races.
250: <li>Make ld.so work on mips again.
251: <li>Merge machine(1) and arch(1) commands.
252: <li>Fix a sun4m trap handling bug.
253: <li>Get ready for emulating linux clone(2).
254: <li>Make various forms of rup(1) produce the same formatted output.
255: <li>Many man pages updated.
256: <li>Various tiny fixes.
257: <li>In fortune(6), a fix for a use after free().
258: <li>hp300 CD booting.
259: <li>Fix buglet in fts(3) handling of FTS_NOCHDIR.
260: <li>Various dmesg and space-saving improvements to the pcmcia drivers.
261: <li>Allied Telesis LA-PCM pcmcia ethernet card support.
262: <li>ncurses-5.0-990814
263: <li>Various improvements to the install scripts.
264: <li>Correctly set the type and typename in the wd(4) driver generated label.
265: <li>Support AmbiCom NE2000 pcmcia ethernet.
266: <li>Fix the scheduler problems in the 2.5 release.
267: <li>Driver for ASIX88140A/88141 PCI ethernet, ax(4).
268: <li>In pcmcia ep(4) driver, support 3CXEM556B-INT.
269: <li>Remove useless if_ep shutdown hook.
270: <li>Import USB code.
1.3 deraadt 271: <li><font color=#e00000><strong>SECURITY ISSUE: The procfs and fdescfs filesystems had an overrun in their handling of uio_offset in their readdir() routines. (These filesystems are not enabled by default). <a href=errata25.html#miscfs>A patch is available</a></strong></font>.
1.1 deraadt 272: <li>Repair: probe svr4 emulation before linux once again.
273: <li>Support -M and -N flags in uptime(1).
274: <li>Detect IDT WinChip models.
275: <li>If we fail to match an isapnp device, and it looks like it has the resources a com(4) device would have, try seeing if it in fact is.
276: <li>New i82365 pcmcia irq probing code that tries much harder to allocate a proper interrupt for the pcic.
277: <li>Add DIOCRLDINFO ioctl, used by fdisk(8) to indicate that the MBR has been re-written, and the disklabel should be re-read off disk.
278: <li>Support PChome-PCI LANCE (1Mbit phone wire "ethernet") using le(4).
279: <li>Document "Precedence: list" in vacation man page.
280: <li>In tar, fflush(stderr) at a critical point.
281: <li>Skip hostname.* files if the interface does not exist.
282: <li>Make mbuf panic messages unique.
283: <li>Repair interface walking in rarpd(8).
1.3 deraadt 284: <li><font color=#e00000><strong>SECURITY ISSUE: Stop profiling (see profil(2)) when we execve() a new process. <a href=errata25.html#profil>A patch is available</a></strong></font>.
1.1 deraadt 285: <li>pcmcia device attach/dettachment code, supporting network and serial devices now.
286: <li>vdevgone() internal kernel API.
287: <li>If fread(3) returns EBADF, also set the error flag.
288: <li>Fix a number of uid_t, gid_t and %u changes still broken in the source tree.
289: <li>Split i386 ramdisks up a bit for the next release.
290: <li>Fix sparc interrupt handler to recognize < 0 from an driver interrupt handler means "interrupt may have been for me, but I am not sure".
291: <li>isakmpd(8) updates.
292: <li>Add SADB_FLUSH logic to IPSEC PFKEYv2, and a <strong>ipsecadm flush</strong> subcommand.
293: <li>Update bktr driver.
294: <li>Shrink some device drivers; we're trying to make more fit onto the install floppy.
295: <li>config_defer support in the kernel.
296: <li>Some man page cleanups.
297: <li>Make IDE work again on the alpha.
298: <li>PCI ESS Solo-1 PCI audio card driver, see eso(4).
299: <li>Make poll(2) system call a tiny bit faster for trivial calls.
300: <li>Enable emacs tab completion by default in ksh(1).
301: <li>/tmp race repairs in yacc(1).
302: <li>Propogate TMPDIR better into locate.updatedb(8).
303: <li>Kill gzip sub-processes in pax(1) instead of letting them die from SIGPIPE.
1.3 deraadt 304: <li><font color=#e00000><strong>SECURITY ISSUE: In /etc/rc, use mktemp(1) for motd re-writing and change the find(1) to use -execdir. <a href=errata25.html#rc>A patch is available</a></strong></font>.
1.1 deraadt 305: <li>Support for 3c515 isapnp 100mbit ethernet card, in ef(4).
306: <li>Chown/chmod all of the pty devices.
307: <li>If /etc/fstab is 0-length or not a regular file, have setfsent(3) fail.
308: <li>Import of mailwrapper(8) into the tree.
309: <li>Games updated.
1.3 deraadt 310: <li><font color=#e00000><strong>SECURITY ISSUE: Do not permit regular users to chflags(2) or fchflags(2) character or block devices. <a href=errata25.html#chflags>A patch is available</a></strong></font>.
1.1 deraadt 311: <li>New raidframe code.
312: <li>Make sure install scripts remove async mount conditions before attempting to installboot(8).
313: <li>Have <strong>route flush</strong> skip PF_KEY flows.
314: <li>tcpdump 3.4 merged.
315: <li>Have pkg_create(1) use tar -T.
316: <li>Add -T option to tar(1).
317: <li>Fix fgetln(3) issue in pax(1).
1.3 deraadt 318: <li><font color=#e00000><strong>SECURITY ISSUE: Make nroff(1) call groff(1) with the -S option. <a href=errata25.html#nroff>A patch is available</a></strong></font>.
1.1 deraadt 319: <li>If src file does not exist, have <strong>mv -i</strong> complain immediately.
320: <li>Bug fix to pkg_add(8).
321: <li>More man page cleanups.
322: <li>Clean dmesg output from various drivers.
323: <li>Make rc.shutdown work from single-user mode too.
324: <li>PCI Tigon I and Tigon II driver, ti(4).
325: <li>Disable DMA on Acer Labs PCI IDE chipset, for now.
326: <li>Switch to new ATA/ATAPISCSI code for most architectures.
327: <li>Make the i386 dkcsum stuff be quieter for empty removeable media devices.
328: <li>Do installs faster by mounting the filesystems async.
329: <li>Fix various bugs in bridging support, especially SIOCBRDGRTS.
330: <li>Make tun(4) return EMSGSIZE for zero-length writes.
331: <li>Fix a field count bug in join(1).
332: <li>In ipnat(8), fix -n to work with -v.
333: <li>Missing newline in id(1).
334: <li>New drivers for the force CPU-5V (vme, sys config, D/A board driver, flash).
335: <li>Handle _POSIX_VDISABLE better in telnet(1).
336: <li>Run i386 audio at higher IPL.
337: <li>Take greater care in head(1).
338: <li>Less dmesg verbosity from media routines.
339: <li>Various atapi/scsi/ide changes being worked on (LS-120 works).
340: <li>powerpc ieeefp library routines.
341: <li>insque is no longer in libiberty.
342: <li>egcs-990718.
343: <li>Bring back TCP_SIGNATURE support.
344: <li>1000baseXX media support.
345: <li>For isapnp drivers, we can do more resource checking in the xxmatch() function, and less in the xxattach() function.
346: <li>Add fparseln(3).
347: <li>new swap16_multi() macro in sys/endian.h.
348: <li>More man pages.
349: <li>wdc(4) on isapnp(4).
350: <li>inetd(8)-started daemons should syslog(3) on startup failure.
351: <li>wdc(4) on pcmcia(4).
352: <li>More sparc keyboards in kbd(1).
353: <li>rc.shutdown(8) manpage.
354: <li>Add fpuparseln(3) to -lutil.
355: <li>First cut at isapnp mpu, and ym mpu.
356: <li>Document and complete skey(1) support in telnet(1).
357: <li>Correct os_mask handling in OLF execve code.
358: <li>Accomodations in the vm system for backward growing stack architectures.
359: <li>Do not cache page tables on microsparc1 either.
360: <li>Many more man page fixes.
361: <li>Support floating accent and compose in sparc kbd driver.
362: <li>libpcap 0.4 changes brought in.
363: <li>In pcap library, fix pcap_open_offline() to handle snaplengths of -1.
364: <li>Fix a memory mishandling in mixerctl(1).
365: <li>Further fixes for some strange wss isapnp variants.
366: <li>Create /var/db/host.random at install time.
367: <li>Complete /etc/rc.shutdown support in reboot(8) and shutdown(8).
368: <li>Lock ARP entries to an interface, and provide more diagnostics.
369: <li>Import of PCI ATA/IDE stuff from NetBSD.
370: <li>Retire libm_i387.
371: <li>Remove some shared libraries that are better used in static form.
372: <li>Support non-US sparc keyboards using kbd(8) command.
373: <li>At execve() time, clear the P_NOCLDWAIT flag.
374: <li>egcs 990629
375: <li>Finer timing interval and standard deviation additions to ping(8).
376: <li>Add pci_mapreg*() interfaces.
377: <li>Implement more linux compat ioctl's.
378: <li>Undo recent tcp_input changes which caused crashes.
379: <li>Fix panic bug in readdisklabel() on several architectures.
380: <li>Improve IPSEC SA hashing function.
381: <li>New mii code that does async negotiation.
382: <li>Default ksh(1) and sh(1) to emacs editing mode.
383: <li>Generalize bc wrapper program.
384: <li>Move /etc/host.random to /var/db.
385: <li>In ipsec, demand keying for PF_KEY.
386: <li>In disklabel(8), put in check for architectures that require partition a to start at sector 0.
387: <li>For sparc svr4 emulation, put sun4X cpu class into SVR4_SI_PLATFORM.
388: <li>pdksh-5.2.14
389: <li>Introduce fdremove() kernel API; makes fdalloc() faster by making sure fd_freefile is correct.
390: <li>Some small improvements to adduser(8) and rmuser(8).
391: <li>pcmcia wavelan driver, wi(4).
392: <li>Extend pcmcia IO space.
393: <li>ncurses-990710
394: <li>Fix a SIGSEGV in vi(1).
395: <li>Many man page improvements.
396: <li>Newer version of isakmpd(8).
397: <li>Support PAGER properly in pkg_install(8).
1.3 deraadt 398: <li><font color=#e00000><strong>SECURITY ISSUE: Fix an ipsec_in_use out-of-sync condition. <a href=errata25.html#ipsec_in_use>A patch is available</a></strong></font>.
1.1 deraadt 399: <li>Add support for TCP MD5 (RFC 2385) option called TCP_SIGNATURE used for authenticating BGP sessions.
400: <li>Support SIGUSR1 in init(8), used by i386 keyboard halt code, and make init(8) smart enough to run /etc/rc.shutdown
401: <li>On i386 pcvt console, have CTRL-ALT-DEL sent a SIGUSR1 to init.
402: <li>Improve ipf.conf file parsing in ipf(8).
403: <li>New -q option for tar(1).
404: <li>ncurses-5.0-990703
405: <li>For identd(8) token support, constrain characters in the tokens more.
406: <li>Have the resolver ignore SIGs in the answer section for now.
407: <li>Many more man page tweaks.
408: <li>Use getprotobynumber(3) in fstat(8)
409: <li>SVR4 emulation fixes to systeminfo() system call.
410: <li>m_apply() function permits a function to be run on an mbuf.
411: <li>lmc(4) T1/T3 driver.
412: <li>tzcode 1999d.
413: <li>Support nullfs in fstat(1).
414: <li>More man page improvements.
415: <li>Fix a bug in savecore(8).
416: <li>Add joliet support to the iso9660 filesystem.
417: <li>Improve libm man pages.
418: <li>Split out more crypto algorithm knowledge from the actual IPSEC engine.
419: <li>Fix bpf attachment of bridges.
1.10 ! pvalchev 420: <li>Fix arc4random(3) to still work correctly inside a chroot space, by adding a sysctl somewhat equivalent to /dev/arandom.
1.1 deraadt 421: <li>Permit tcpdump(8) of address-less interfaces.
422: <li>ncurses version of tput, finally.
423: <li>More man page improvements.
424: <li>Improvements to many pci ethernet drivers.
425: <li>ncurses-5.0-990626
426: <li>Add net_addrcmp(3) to libc.
427: <li>Add getaddrinfo(3), getnameinfo(3), if_indextoname(3), if_nameindex(3), and if_nametoindex(3) to libc.
428: <li>In ksh(1), avoid reusing fd 0-2 even moreso than before, since ksh caches
429: open files.
430: <li>Improved SYSV shared memory support.
431: <li>ESS audio driver.
432: <li>Move sparc bootblocks in memory, because possible kernel sizes have gone up.
433: <li>rangelan2 wireless network pcmcia driver.
434: <li>Split out ipsec crypto transform handling.
435: <li>egcs 990608
436: <li>Return to UDP NFS until TCP NFS is properly fixed.
437: <li>Fix breakpoint continues on the sparc.
438: <li>Constrain strlcat(3) from walking past the specified length.
439: <li>Fixed overflow issue in edquota(8).
440: <li>Fix PIC label handling code in i386 as(1).
441: <li>ncurses-5.0-990614
442: <li>Handle multicast packets in ipf, too.
443: <li>pdksh 5.2.13.7
444: <li>Improvements to units(1).
445: <li>In c++ mode, define NULL to be __null for better type checking.
446: <li>Remove TCPCOOKIE stuff, which never worked in differentially SYN-filtering environments.
447: <li>In various programs, handle PAGER environment variable according XPG.
448: <li>Some large partition fixes in scan_ffs(8).
449: <li>Bump maximum number of sockets in X server to 128.
450: <li>Return ICMP_UNREACH_PROTOCOL for unimplemented protocols.
451: <li>Fix an ipsec tdb_delete() bug.
452: <li>Replace pipe() in libc and kernel with new version which does the data copy in kernel, making EFAULT possible.
453: <li>Do not leak file descriptors in socketpair(2).
454: <li>Propagate more build variables in the gnu sub-tree.
455: <li>Add struct sockaddr_storage per RFC2553.
456: <li>Drop a volatile into the ncr(4) driver; who knows how it worked before.
457: <li>Crank sparc DFLDSIZ to 24MB.
458: <li>Make adjtime(2) return an EFAULT for a bad olddelta ptr.
459: <li>Permit non-broadcast replies in dhclient(8).
460: <li>ncurses-4.2-990605
461: <li>In sed(1), make 'G' create a newline if the hold buffer is empty.
462: <li>Add dot_quad_addr_new() API to libwrap, which uses inet_aton(3) instead of inet_addr(3), and hence can handle masks of 255.255.255.255.
463: <li>Sparc cs4231 audio support (SS5 audio).
464: <li>Use inet_aton(3) instead of inet_addr(3) in many programs.
465: <li>Use mkstemp(3) in httpd(8).
466: <li>In the resolver, permit '/' in CNAMES to PTRs, same as forward references permit.
467: <li>Use __builtin_next_arg() for va_start(), on i386 and m68k, to handle unaligned stdarg processing.
468: <li>Support subject inclusion in vacation(1).
469: <li>In ipnat, decode interface aliaseses before hostnames.
470: <li>Handle misaligned file struct's coming out of the KERN_FILE sysctl(3) call.
471: <li>More isakmpd(8) improvements.
472: <li>Use auto mode by default in ukphy.
473: <li>Avoid gcc fixinc (We do not want to run it, and even 1 second of machine time skew would screw up the previous avoidance tactic).
474: <li>Another memory leak fix in the ipsec kernel code.
475: <li>Change struct statfs use in the kernel, so that mount(8) can print more info.
476: <li>For NFSv3, prefer TCP connections.
477: <li>Fix a few more mkstemp(3) checks.
478: <li>Make install(1) compare work for files > 8G in size.
479: <li>Tons of man page improvements.
480: <li>For crontab(1) and vipw(8), check file size change as well as mtime to detect change.
481: <li>Better headphone/speaker handling in am7930 driver on sparc.
482: <li>Implement DLT_RAW, DLT_SLIP, and DLT_PPP in bpf
483: <li>egcs replaces gcc
484: <li>Some improvements to the libc_r threading code.
485: <li>Further keynote documentation improvements.
486: <li>Move bsd.port.mk and friends into the ports tree.
487: <li>On hp300, handle hil configuration more robustly.
488: <li>Numerous -mandoc man page upgrades.
489: <li>Permit mixed PIC/pic relocations on the sparc.
490: <li>Change bridge code to use a NETISR. Significant performance improvement.
491: <li>Set close-on-exec flag in vi, on files that are opened.
492: <li>*NULL dereference in wall(1).
493: <li>Permit threading using libutil/pty.c
494: <li>Fix exit code in sa(8).
495: <li>Dynamically allocate memory in sort(1), so that -k has no limit.
496: <li>Correct handling of out-of-window SYNs in our TCP code.
497: <li>Fix poll(2) return value.
498: <li>Add Keynote trust management system.
499: <li>Support mac68k Classic II video.
500: <li>swapctl(8) and the neccessary kernel support.
501: <li>Longer delay in the i386 pms(4) probe routine, for Thinkpads.
502: <li>Correct some DTR handling in pccom(4).
503: <li>Add <strong>-p</strong> flag to encrypt(1).
504: <li>Newer version of bktr(4) driver.
505: <li>ncurses-4.2-990516
1.3 deraadt 506: <li><font color=#e00000><strong>Correct some realloc(3) misuses in the fts(3) routines. <a href=errata25.html#fts>A patch is available</a></strong></font>.
1.1 deraadt 507: <li>Add xe(4) xircom ethernet driver.
508: <li>Add support for static arp entries that cannot be overwritten.
509: <li>Many man page fixes.
510: <li>Numerous performance and reliability fixes to isakmpd(8) and IPSEC.
511: <li>Some more pthreads fixes.
512: <li>Fix blowfish CBC mode.
513: <li>Fix some more ipsec and tcp interaction bugs.
514: <li>In vmstat(8), increase width of -i field.
515: <li>Final unicast check ethernet driver fixes for bridging.
516: <li>Fix bounds control in msgs(1).
517: <li>Fix 'X' check in gcc printf format checker.
518: <li>Fix divide by zero in libcurses.
1.3 deraadt 519: <li><font color=#e00000><strong>A reliability patch for TCP over IPSEC ESP tunnels. <a href=errata25.html#ipsec1>A patch is available</a></strong></font>.
1.1 deraadt 520: <li>Improvements to the ss(4) driver.
521: <li>Fix various endian related problems in nm(1), ranlib(1), strip(1), and size(1).
522: <li>Do not rotate kerberos logs using newsyslog.conf
523: <li>Fix xxsize() routines so that they do not call xxopen() and xxclose().
524: <li>On i386, handle apm segments in low memory.
525: <li>Add libcurses++.
526: <li>ncurses-4.2-990424
527: <li>More improvements to isakmpd(8), and ppp(8).
528: <li>In sparc cgsix(4) driver, turn off sync so that monitors will go into standby.
529: <li>Various improvements to the xl(4) driver.
530: <li>Repair TIOCFLUSH use in telnet(1).
531: <li>Fix an unlink related bug in cp(1).
532: <li>For sparc, delay in cpu-forced power-down, so that serial port output does not get garbled.
533: <li>Move perl lib files to /usr/libdata/perl5.
534: <li>For make(1), permit embedded : or ! in target names.
535: <li>Better range checking in inet_addr(3) functions.
536: <li>gzip 1.2.4a
537: <li>Support Vadem pcmcia controllers.
538: <li>Add 3p man page sub-tree for perl pages.
539: <li>In ls(1), defer conversion for non-printables till after symbolic link lookup.
540: <li>For msdosfs, do not require the boot signatures in a filesystem.
541: <li>Add support for new pipes to fstat(8).
542: <li>Newer version of AFS code.
543: <li>perl5.005_03
544: <li>Y2K improvement in shutdown(8).
545: <li>solve blocking daemon problem in ftpd(8).
546: <li>Check for failure of strdup(3) in pax(1).
547: <li>Greater care in tail(1), when going backwards.
548: <li>Add wdt(4) driver for Industrial Computer Source PCI-WDT50x watchdog timers.
549: <li>Implement <strong>-U username</strong> in ps(1).
550: <li>Add "verbose" command to boot_config(8).
551: <li>Check correct argument in sliplogin(8).
552: <li>New kernel hashinit().
553: <li>More ppp(8) improvements and bug fixes.
554: <li>More isakmpd(8) improvements and bug fixes.
555: <li>In calendar(1), fix offset bug for yearly events.
1.3 deraadt 556: <li><font color=#e00000><strong>A reliability patch for ext2fs. <a href=errata25.html#bmap_trap>A patch is available</a></strong></font>.
1.1 deraadt 557: <li>Repair a mis-handling of non-terminated utmp strings in w(1).
558: <li>m68k optimized asm version of strlcpy(3).
559: <li>Do not accept incoming packets on a down interface.
560: <li>More strict isapnp detection for the isa ep(8) cards.
561: <li>kcore handling for the m68k ports.
1.3 deraadt 562: <li><font color=#e00000><strong>A serious reliability patch for the powerpc port, regarding traps and signals. <a href=errata25.html#powerpc_trap>Patches are available</a></strong></font>.
1.1 deraadt 563: <li>Support power-down mode in the mac68k port.
564: <li>Fix a retransmission problem in tcp_newreno.
565: <li>Fix a sequence wraparound bug in very large tcp transfers.
566: <li>Greater care with arguments in pwd_mkdb(8).
567: <li>Support the -susv2 macro in nroff tmac doc-syms.
568: <li>Save a copy of the dmesg(8) output in /var/run/dmesg.boot.
569: <li>Improve ddb ps output.
570: <li>Repair filesystem mounting failure message in mount_msdos(8).
571: <li>Merge IP-in-IP tunnel code so that both MROUTING and IPSEC versions work together, properly.
572: <li>Do not let calendar(1) assume that it is run as root.
573: <li>Fix /tmp cleanup code in lynx(1).
574: <li>Move ipfstat(8) output files to /var/run to avoid a race.
575: <li>Reenable TCP_SACK and TCP_FACK, so that development cycle can test them sufficiently.
576: <li>Various man page fixes.
577: <li>Various isakmpd(8) fixes and improvements.
578: <li>Fix probing of ISA ex(4) cards.
579: <li>More amiga keymaps.
580: <li>Add yyfix(1), from 4.4BSD.
581: <li>Merge mkfifo into mknod, so that mknod ends up having support for the <strong>-p</strong> option.
582: <li>Fix a output buffer overflow in msgrcv(2).
583: <li>Fix odbm support and permit opening a zero-length hash file.
584: <li>new true awk, April 16 release.
585: <li>Support sparc xbox sbus expansion box.
586: <li>Bug fixes to sparc spif(4), hme(4), be(4) drivers.
587: <li>Updated distrib/notes which shipped with the 2.5 release.
588: </ul>
589: <p>
590:
591: This list mentions mostly platform-independent changes. For a list of changes
592: made in a particular platform, please check the page for that platform. If you
593: find them not listed there, the changes are either (1) not being documented or
594: (2) are documented here.<br><br>
595:
596: <hr>
597: <p>
598: <h3>
599: <a href=plus20.html>For changes leading up to OpenBSD 2.0, click here</a>.<br>
600: <a href=plus21.html>For changes leading up to OpenBSD 2.1, click here</a>.<br>
601: <a href=plus22.html>For changes leading up to OpenBSD 2.2, click here</a>.<br>
602: <a href=plus23.html>For changes leading up to OpenBSD 2.3, click here</a>.<br>
603: <a href=plus24.html>For changes leading up to OpenBSD 2.4, click here</a>.<br>
604: <a href=plus25.html>For changes leading up to OpenBSD 2.5, click here</a>.<br>
1.7 deraadt 605: <a href=plus27.html>For changes leading up to OpenBSD 2.7, click here</a>.<br>
1.8 deraadt 606: <a href=plus28.html>For changes leading up to OpenBSD 2.8, click here</a>.<br>
1.9 deraadt 607: <a href=plus29.html>For changes leading up to OpenBSD 2.9, click here</a>.<br>
1.1 deraadt 608: <a href=plus.html>For changes in OpenBSD-current, click here</a>.
609: <br>
610: </h3>
611:
612: <hr>
613: <a href="index.html"><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a>
614: <a href=mailto:www@openbsd.org>www@openbsd.org</a>
1.10 ! pvalchev 615: <br><small>$OpenBSD: plus26.html,v 1.9 2001/04/24 06:59:18 deraadt Exp $</small>
1.1 deraadt 616:
617: </body>
618: </html>