Changes made between OpenBSD 2.7 and OpenBSD-current
This is a partial list of the major machine independent changes
(i.e., these are the changes people ask about most often). Port
specific changes have also been made, and are sometimes mentioned
in the pages for the specific ports if you
are interested in further port-specific details. Many ports
have had architecture-specific enhancements relative to NetBSD,
but when they do not they certainly have plenty of platform-independent
changes, starting with those listed below.
Note: Problems for which patches exist are marked in red.
OpenBSD 2.7 released (June 15, 2000).
We are working on OpenBSD-current.
- Repair ntpd/ntpdate handlings in /etc/rc.
- Various improvements and fixes to ppp(8).
- Correctly handle ip_off in a corner case of IPSEC.
[Applied to stable]
- i386 now has another install floppy: floppyC27 contains cardbus support.
- In ssh(1), disable FallBackToRsh by default.
- In TCP, compute correct window scale when recvpipe option is set in route.
- KTH Kerberos4 1.0.2
- In sshd(8), fix MaxStartups code to work with -d.
- RE-RELEASE: Re-release pmax release after dmesg(8) and /kern/msgbuf was fixed.
A patch is available.
[Applied to stable]
- Fix simpleroot support.
- ncurses 5.1
- Do not default to empty passwords in adduser(8), simply because it's stupid.
- Use strsep(3) instead of strtok(3) in ssh(1) and sshd(8).
- Add -flags option to find(1).
- In inetd(8), handle IPv6 addresses in hostname specifiers.
- In systat(1), correct layout of the io page.
- Support Intel 440MX Ultra/33 controller in pciide(4).
- Handle Promise Ultra/100, deal with D2 AMD K7 controllers, and various other tweaks to pciide(4).
- New release(8) page describes how to build a distribution.
- Fix an spinning select(2) loop in nc(1).
- For select(2) and poll(2), if we are awakened by a collision the timeout must be recalculated.
- On powerpc, handle late configuration of the interrupt controller.
- Fix port and X11 forwarding in sshd(8).
- Change fingerd(8) back to using fgets(3) instead of fgetln(3), to reduce denial of service attacks.
- Change Linux compat so that it logs and returns ENOSYS rathern than deliver SIGSYS for unimplimented system calls.
- Add ucomm(4) support to MAKEDEV.
- Delay slightly longer after reset in xl(4) for some configurations.
- Add support for National Semiconductor DP83815 fast ethernet to sis(4).
- Ensure PCIBIOS32 does not panic if the BIOS lies.
- Add support for 82801AA_LPC in PCIBIOS32.
- Add spllowersoftclock() on all architectures, and correct splsoftclock() to avoid races.
- Fix pmap activation on mvme68k.
- Support ddb(4) entry from cl(4) on mvme68k.
- In user(8), ensure that we do not generate passwd lines longer than 1023 characters.
[Applied to stable]
- Latest wx(4) driver, works better with more switches.
- Improve support for Ricoh cardbus bridges.
- Cardbus and PCIBIOS32 support enabled by default in i386 GENERIC kernel.
- Update isp(4) driver.
- Add a timeout structure per scsi transfer, so that controllers can do timeouts easier.
- Fixed numerous cases of printf(3)-style functions being called with their first argument being user controlled, where it should be %s
- More careful handling of IPV6 mapped addresses in the IPV6 code.
- Repair X11 forwarding in ssh(1).
- Make dmesg(8) once again work on the alpha.
- setproctitle(3) misuse in faithd(8).
- SECURITY ISSUE: remote hole via setproctitle(3) misuses in ftpd(8).
A patch is available.
[Applied to stable]
- In /etc/rc, start sendmail(8) in the background.
- Prepare ddb(4) internals for KGDB support.
- Fix spl usage in sparc magma(4).
- Stop kernel sleeps from returning up to a tick early by fixing hzto(9).
- Latest version of the pcvt(4) scrolling region patch...
A patch is available.
[Applied to stable]
- Make getaddrinfo(3) return EAI_NODATA for name resolution errors.
- Greater care of rlimit handling in sbrk(2).
[Applied to stable]
- Cleanup spl handling on the sparc.
- Fix dmesg(8) and /kern/msgbuf on the pmax.
- Support bigendian hardware in ahc(4).
- Fix tail queue leakage in the crypto queue support.
- New wscons on the alpha.
- More carefully reset pcic registers when testing for working pcmcia(4) interrupts.
- Plug two memory leaks in brconfig(8).
- Various gcc(1) fixes for the vax.
- SECURITY ISSUE: Buffer oflows in mopd(8).
A patch is available.
[Applied to stable]
- More fixes in the games.
- Make ipnat(4) detaching work with pcmcia(4).
- Correct interrupt sharing types in pcmcia(4).
- Change to 16 partitions in sun3 port.
- Dynamically size the m4(1) internal machine stack.
- Faster C version of ffs(3).
- In vr(4), support VIA vt6102.
- Import wsconsctl(8), wsconscfg(8), and wsfontload(8).
- In fdisk(8), be more verbose about partition layout errors.
- To aucat(1), add -f option for specifying audio device.
- More regression tests for m4(1).
- In xl(4), add support for 3CCFE575BT and 3CCFEM656C.
- Import a regression suite for m4(1).
- In make(1), recognize +cmd as a command that should still execute in make -n mode.
- Correct giftunnel handling in ifconfig(8).
- New fix for the pcvt(4) scrolling region bug.
A patch is available.
[Applied to stable]
- mod_ssl 2.6.4
- clcs(4) driver for the cs4280 Crystal Clear audio hardware found in some laptops.
- Make UVM work on the powerpc.
- Convert much kernel code to the new timeout API.
- Fix multicast hashing problem in xl(4).
A patch is available.
[Applied to stable]
- Fix numerous more bugs in the games.
- Fix MAC address matching in pcap(3).
- Make the ep(4) driver more friendly during detach.
- Fix bpf code in ray(4).
- For the err(3) family of calls and syslog(3), ensure that dynamic content never appears as the second argument -- use at least %s.
- Update adw(4) driver.
- Add creat64 and mmap64 system calls to svr4 emulation.
- Handle strtol(3) instead of atoi(3) in the kill implementation in csh(1) and ksh(1).
- Fix COPTS vs CFLAGS issues in the source tree.
- Fix panic message from i386 in_cksum.
- Fix path to kerberos master key file.
[Applied to stable]
- SECURITY ISSUE: Stop libedit from opening the .editrc file in the current directory.
A patch is available.
[Applied to stable]
- Fix an infinite loop in fsck_msdos(8).
- Fix some racy interaction between pcmcia(4) insertion and suspends.
- Add -U option to ldconfig(8).
- Fix a stupid bug in m4(1) argument handling.
[Applied to stable]
- Repair stupid bugs in ste(4), which prevented it from working in 2.7 release.
A patch is available.
[Applied to stable]
- Connection limitation code for sshd(8).
- Allow svnd(4) to work on sparse files.
- In pciide(4), support CMD 648/649 UDMA66 controllers, and also fix the Promise UDMA66 cable check code.
- ncurses 2000/6/10 update to termtypes.master.
- In ne(4), re-fix Linksys Combo PCMCIA EthernetCard (EC2T) after AX88190 broke it.
- Disable automatic crash(8) dumps for swap encryption.
- SECURITY ISSUE: Be much more careful about dhclient(8)'s handling of external variables.
A patch is available.
[Applied to stable]
- Implement svr4 emulation for getdents64, lstat64 and stat64.
- Do not start snmpd by default if it is installed.
- Implement sort(1) as a shell function on the boot floppies, to save a lot of space.
- Ensure sshd(8) does not misbehave if the skey key file is missing.
- Cleanups to tail(1).
- Significant performance improvements to make(1).
- Numerous more fixes to an(4), regarding bridging, ipv6, bpf logic, and pcmcia detach.
- Newer ppp(8) code.
- Change dhcpd(8) so that it is not as susceptible to abandoning addresses.
[Applied to stable]
- For crypted vnd(4), zero the key on unconfig.
- Kill the legacy vtrace(2) system call.
- Avoid using 3c905b-specific multicast hash code, it is buggy.
[Applied to stable]
- IPv6 support in the resolver. The nameserver line can now take ipv6 addresses.
- Soft updates is now free.
- Add epsv4 command to ftp(1), to disable epsv negotiations on IPv4 connections.
- Fix various bugs in ip gatewaying that angelos introduced.
- Sync with newed ndp(8).
- Allow vnconfig(8) to turn on encryption for vnd(4).
- Fix bpf mishandlings in an(4).
- Avoid using IO port 0x370 on laptops for pcmcia(4), since some sound cards sometimes land there.
- On i386, if only one cpu family is specified, pass flags to the optimizer.
- Merge in new isakmpd(8) changes.
- Funnel crypto completion events via crypto_done(), not directly to the caller.
- Closer towards making some more sm(4) pcmcia(4) cards work.
- More verbose information for pppoe(8) in tcpdump(8).
- Teach ipv6 AH & ip-over-ip code to deal with ipv6 scoped addresses better.
- Initialize mtu/hlim for enc(4) so that IPv6 icmp reflect works properly.
- Do not double-log ipf information into /var/log/messages.
- Repair bridging issues in an(4) and tl(4).
- Fix ipv6 ipsec AH length checks.
- ncurses-5.0-20000617.
- ipv6 ipsec(4) outbound direction code.
- De-#ifdef bpf(4) code.
- Start at fixing ubsec(4) AH support.
- isakmpd(8) update.
- Honor scopeid in inetd(8).
- Fix sun3 pmap, MAKEDEV, and disktab(5) bugs.
- Make ssh(1) userauth+pubkey interoperate with ssh.com-2.2.0.
- More bugs in an(4) and wi(4). Anyone see a trend?
[Applied to stable]
- Kill /etc/ifaliases in favor of the functionality in hostname.if(5).
- Fix more pesky buffer overflows in ancontrol(8).
- Import tcfs userland tools: tcfsuse(1) and tcfsmng(8).
- Fix pesky buffer overflows in ancontrol(8) and wicontrol(8).
- Fix many more things in tcfs.
- Parse ${local_rcconf} in /etc/rc.conf instead of /etc/netstart.
- More fixes to an(4).
[Applied to stable]
- Modify vmstat(8)'s -f option to show kernel threads as yet another kind of process.
- Modify ps(1) to hide system processes unless -k is given.
- Mark kernel threads as system processes.
- Cleanup some things in sparc hme(4) and qe(4).
- Numerous other IPV6 kernel changes.
Too many for me to list in detail, but Itojun is busy in the other room hunched over a laptop screen with Angelos, and we are sure more are coming.
- Do not mess with non-blocking mode on ttys in ssh(1).
- Repair some multicast problems with IPV6.
[Applied to stable]
- Fake FIONBIO and FIOASYNC in random(4).
- Support i82559ER in fxp(4).
- Improve handling of RIP in tcpdump(8).
- Add Rijndael support to ipsec(4).
- Import pppoe(8).
- Fix some bugs in the IPSEC getsockopt(2)/setsockopt(2) API regarding sizeof(int) vs sizeof(u_char).
- Support IPV6 in identd(8).
- Move IPV6 mbuf alignment requirements into input routine, removing the last performance critical one in loopback.
- ubsec(4) fixes to queue requests to the hardware properly. The device can now do ipsec with itself over loopback or the network, but something is still mangled about the actual ipsec packets.
- SECURITY ISSUE: Two localhost denial of service problems in the an(4) Aironet Communications 4500/4800 IEEE 802.11DS driver. One bug prevents ancontrol(8) from working correctly, instead causing a panic, while the other allows unauthorized users to change settings.
A patch is available.
[Applied to stable]
- crypto(9) kernel thread permits hardware crypto devices to run at any spl they prefer.
- Initial OpenSSH support for ssh.com's 2.2.0.
- For setsockopt(2) and getsockopt(2), do not assume non-PF_INET6 address family to be PF_INET.
- In sshd(8), implement bug compatibility with ssh-2.0.13.
- In ssh(1), include = in WHITESPACE, permitting commands like ssh -o keyword=argument.
- Enable IPV6 support in sendmail(8).
- Change ipsec processing sequence to handle inner and outer layers much better.
- Add support for SSH2 subsystems in sshd(8).
- On ifconfig(8) down & up operations, mark all radix tree routes down or up for the specified interface.
- In mount_ffs(8), permit the -f command to mount dirty file systems. This is dangerous, but makes more sense now that we are moving towards soft update file systems, where the inherent danger is much less.
- In ftpd(8), make -u block the chmod client command.
- Allow extended server banners in sshd(8).
- In mount(8), -o force is not a negative option.
- Add support for AMD 53c974 scsi chipset.
- Import of tcfs into the kernel, a file content crypto file system.
- Remove traffic-time debugging messages in ssh(1).
- Repair small list-based errors and uglinesses in make(1).
- Commonalize MIN() and MAX() macros inside the kernel.
- Use memcmp(3) in bridge(4) to fix a hashing algorithm error.
[Applied to stable]
- memcmp(3) in the kernel as well, since implementing it in terms of bcmp(3) is very wrong.
- Update vnode flag printing in pstat(8).
- Do not whack directory in user(8).
[Applied to stable]
- Hardware random number generator in i840 also works, like i810.
- Fix an ESP status message in netstat(1).
- Put RSA into our ssl(3) tree. Since our next release is not till after the patent expires, it's OK.
- Split sysctl information for swapencrypt into an tree, and add more gunk.
- In ftpd(8) correct STAT command output for LPSV output.
- Correct an ipsec esp bug.
- In ftp(1) make both ls and dir send a LIST command.
- Minor bug fixes and optimizations in /etc/rc.
- Update of ppp(8).
- Put an upper bound on transaction queue of the ubsec(4).
- Correct source length calculation in hifn(4).
[Applied to stable]
- Initial import of ELF ld.so, for powerpc initially.
- Correct secondary mbuf setup in hifn(4).
- Broadcom Bluesteel 5x0x ubsec(4) crypto cards now supports ESP 3DES modes properly. No AH or MAC stuff yet.
- Make flags field in newsyslog(8) files optional.
- Modifications to traceroute6(8)
- Fix ADMtek identity crisis in dc(4).
- In ftpd(8) make sure that -h does high port binding in EPSV.
- Correct ENI_SALEN case in getnameinfo(3).
- Correct getnameinfo(3) behaviour against invalid sockaddr.
[Applied to stable]
- Better fix for the pcvt(4) scrolling region problem.
- Grok Plan9 file systems in fdisk(8).
- Merge newer ppp(8) code.
- Do not add empty lines to history in ftp(1).
- Grok QNX file systems in fdisk(8).
- Fix about 10 bugs in ubsec(4), which can now move a few packets before dying.
- Support multiple pid files in newsyslog(8).
[Applied to stable]
- On-going cleanup to make(1).
- Add pci(4) routines for dealing with Cypress 82c693 chips.
- Minor cleanup to pax(1).
- Merge chgrp(1) and chown(8) into chmod(1), and provide backwards compat hard and soft links.
- In xl(4), add support for 3c656, which is just the 3c575 + 56k modem.
- SECURITY ISSUE: A serious bug in isakmpd(8) policy handling wherein policy verification could be completely bypassed in isakmpd.
A patch is available.
[Applied to stable]
- Merge to new isakmpd(8).
- OpenSSH is now at version 2.1.1
[Applied to stable]
- RELIABILITY FIX: Avoid extra vrele in msdosfs, which would lead to a panic in some operations.
A patch is available.
[Applied to stable]
- RELIABILITY FIX: Permit NFS export of CDs without panicing the system.
A patch is available.
[Applied to stable]
- Fix ping6(8) -w option.
- Let flags in kernel config(8) specify apm protocol version and other operation modes for apm(4), for machines apm fails on.
- Change amiga ports loadbsd command to act more like other bsd loaders.
- Add -iname support to find(1).
- Sort option list in find(1); oops, "-and" was broken.
- Catch a malloc(3) failure in paste(1).
- Fix linux_compat(8) [gs]etrlimit emulation.
[Applied to stable]
- Update ti(4) to support newer cards with more memory.
- Kernel malloc(9) debug code.
- Make quot(1) work when passed mount points.
- Fix stack mishandling bugs in i387 libm, in particular, in exp(3) and friends.
- Be more careful about tuples in pcmcia(4).
- gcc 2.95.3 (pre-release)
- Busify eg(4), to avoid conflict with ne2000 at 0x300.
- SECURITY ISSUE: Do not use the (non-default) UseLogin option in OpenSSH 2.1.*, it has a hole on other operating systems and does not work right in OpenBSD.
Update to OpenSSH 2.1.1 or later, or simply avoid using UseLogin.
[Applied to stable]
- sudo 1.6.3p4
- Fix a kernel race in _exit(2).
- In cut(1) deal with last input line not containing a newline
- One byte overflow in systat(8).
- Add D and z commands to disklabel(8) to use the default partition or zero it.
- A SIGCHLD fix in cron(8).
- More work on ubsec(4).
- Bug fixes to spif(4).
- Bridge packets before vlan'ing them.
- Fix a subtle bug in xe(4) which had a number of side effects.
- In sshd(8), fix login count failures in SSH2 support.
- Whack packet m_recvif field on bridged packets, permitting ipnat to work with the bridge.
- More visible /tmp file (and failure removal) in makewhatis(8).
- Be more careful reading panic string from core in savecore(8).
[Applied to stable]
- Many other changes to ssh(1).
- Fix short malloc in faithd(8).
- In ssh(1), permit logins if temporary file systems are full.
- ich(4) audio driver onboard the Intel 810/820/440MX-based machines.
- Support ax88190 in ne(4).
- In apm(4) the time is kept in hours, not minutes.
- Add -A support to ssh(1).
- Support for 3c574 and 3CCFEM556BI pcmcia(4) in ep(4).
- A start at documenting what goes on inside config(8) files.
- Enable mg(1).
- Space treatment in ipcs(1).
- Do not treat bind(2) with IPv4 mapped address in a special way.
- Creation of 2.7-stable release, see our page describing it.
- Convert amiga port to UVM.
- Arrange to have ahc(4) support Adaptec 2930CU.
- SECURITY ISSUE: It was possible to bypass the learning flag on a bridge.
A patch is available.
[Applied to stable]
- In ftp(1), do not attach Host: directive if we are using the proxy.
- Make almost all manual pages machine independent.
- DRIVER FIX: The isapnp(4) ef(4) driver failed to configure properly.
A patch is available.
[Applied to stable]
- Helper script cleanup in httpd(8).
- SECURITY ISSUE: Update to ipf 3.3.16.
A patch is available.
[Applied to stable]
- On i386, place extra byte at end of pcb so that the iomap works for last 8 ports.
- Fix some key parsing routines in ssh(1).
- Permit detach of audio devices.
- Properly configure multicast table in wi(4).
- Handle 64 bit architectures in pstat(8) -f.
- Update rtadvd(8).
- Remove nfsiod(8) and replace it with an in-kernel thread based implementation.
- Make ssh(1) X11 forwarding work on localhost.
- Crank vnode use counts to 32 bits.
- Correct ifconfig(8) printing of gif physical address on non-IPV6 kernel.
- RELIABILITY FIX: Repair a routing table panic.
A patch is available.
[Applied to stable]
- Make ancontrol(8) act like our changed wicontrol(8) semantics.
- Use getifaddrs(3) in libc rpc code.
- For boot_config(8) code, save enable command in the history for config(8)'s -eu updating.
- Update multicasting support for IPV6.
- Fix usage printing in passwd(1).
- By default, do not vsync blank sparc cgsix(4) monitors, but provide a sysctl to do so.
- Start at a BlueSteel (Broadcom) 5[56]01 crypto accelerator driver.
- Accept empty shell specifications in sshd(8).
- In ssh(1), do non-blocking on ssh1 protocol sockets too.
- In makewhatis(8), do not stop if the directory does not exist.
[Applied to stable]
- Some additions to keynote(3).
- Crank rt_refcnt to 32 bits.
- Supply entropy from i386 mouse drivers to the kernel random number generator.
- Correct p2p interface address handling and various other bugs in route6d(8).
- Few more tweaks to pcvt termcap definition.
- Ensure SIOCSETVLAN gets a valid vlan tag.
- After ftp(1) finishes downloading, change progress meter to show the total elapsed time.
- Handle 0-size files in ftp(1)'s progress meter.
- Parse RFC2732 ftp URLs in ftp(1).
- In IPV6, perform NUD on p2p link, only if the destination/gateway is real neighbor.
- In getaddrinfo(3), translate DNS error code into getaddrinfo error code (EAI_xxx).
[Applied to stable]
- RELIABILITY FIX: Parse IPv4 options more carefully.
A patch is available.
[Applied to stable]
- Translate DNS error codes in getaddrinfo(3).
- cardbus(4) com(4) driver.
- Support debugging libraries via DEBUGLIBS in /etc/mk.conf.
- Driver for tcic(4) style pcmcia adapters.
- Fix ipsec(4) ESP sanity checks that caused really short packets to be dropped. Only icmp was affected.
This list mentions mostly platform-independent changes. For a list of changes
made in a particular platform, please check the page for that platform. If you
find them not listed there, the changes are either (1) not being documented or
(2) are documented here.
www@openbsd.org
$OpenBSD: plus.html,v 1.629 2000/07/12 20:40:03 jason Exp $