Changes made between OpenBSD 3.0 and OpenBSD-current
This is a partial list of the major machine independent changes
(i.e., these are the changes people ask about most often). Port
specific changes have also been made, and are sometimes mentioned
in the pages for the specific platforms.
Changes to the ports collection are documented
here.
Note: Problems for which patches exist are marked in red.
This file is not currently maintained, because the people who can edit
and maintain it are WAY too busy to keep it updated. Eventually we hope
to catch up. Really.
We are working on OpenBSD-current.
- Correctly print the payload string of tcp(4) RST segments when tcpdump(8) is verbose.
- Implement a scalable timeout(9) mechanism with constant-time add and delete.
- Let mvme68k systems lacking a configured pcc device compile.
- Don't default to generate rsa1 keys in ssh-keygen(1), and try all standard key files when invoked without arguments.
- Have crontab(1) send SIGUSR1 to cron(8) when a crontab file has changed, making changes take effect sooner.
- Send failing packet sequence number when sshd(8) is responding with an SSH_MSG_UNIMPLEMENTED.
- Ensure that user and system times increase monotonically.
- Add powerhook support to yds(4) to handle apm(8) resumes correctly.
- Repair memory leak in pcap(3) associated with compiled bpf(4) programs.
- Support span ports so that one can snoop a bridge from another interface/machine/network.
- Disestablish the xl(4) powerhook on detach.
- Add a -u flag to fdisk(8) which updates the MBR code but leaves the partition table intact.
- Big isp(4) overhaul.
- Improve signal handling in cron(8) so that processes run by cron(8) can't zombify until cron(8) wakes up.
- Add a pf(2) DIOCADDSTATE ioctl(2) that adds state entries.
- Support primitive stateful pf(4) filtering for other non-TCP/UDP/ICMP protocols.
- Fix icmp6(4) MIB counter.
- Better signal handling in login_skey(8) to avoid a possible race condition.
- Update signal handlers in passwd(1) to complement new catching getpass(3) call.
- Allow vnd(4) to create things larger than 2G.
- Perform a sanity check on the inner IP header of IP-in-IP encapsulated packets.
- Support -o for sshd(8), like ssh(1).
- Catch -- don't block -- SIGINT and SIGTSTP in readpassphrase(3) and getpass(3).
- Enable rootdev auto-configuration by device drivers during boot and add support for raid devices.
- Parse hex numbers in pf(4) correctly.
- Curtail the use of regex(3) in ssh(1).
- Make NKMEMPAGES dynamic based on memory size, deprecating NKMEMCLUSTERS in favour of NKMEMPAGES, NKMEMPAGES_MIN, and NKMEMPAGES_MAX.
- Forbid the coupling of different address families in pf(4) nat, binat, and rdr rules.
- Release the right descriptors when pipe(2) fails.
- Use pidfile(3) throughout the tree instead of hand-rolled imitations.
- Don't let sshd(8) pass user-defined variables to login(1).
- Nuke smartkey(1).
- Remove pipe based interface to photurisd(8), leaving only PF_KEY.
- Issue a "failed" message instead of a 2nd challenge if sshd(8) sees the same key in authorized_keys twice.
- Let the sshd(8) fake X11 server listen on localhost by default.
- Use ip6(4) in sendmail(1) when possible.
- Fix an alignment bug on alpha by using getifaddrs(3) instead of various ioctl(2) calls in named(8).
- Conform to historic behaviour in fmt(1); don't format lines that start with a dot.
- Avoid a "thundering herd" problem in accept(2), and fix an infinite loop on 64-bit systems.
- Use pool(9) for socket allocations.
- Correctly signal an error condition in newsyslog(8) so we don't send a signal to PID 0.
- Repair an error in uipc_socket that could make a transient error permanent.
- Perform a pf_route() before logging in case the logging created a bogus rule, avoiding a panic.
- Have socket connection queues use a tailq queue(3).
- Add fastroute option to pf(4).
- Support pasting characters with codes above 127 using the mouse via wscons(4).
- Handle PID files terminated with newlines correctly in newsyslog(8).
- Among other improvements, don't leak memory in ppp(8).
- During installation, preserve blank space in responses.
- Centralize the mount list, unifying locking, and add vfs_isbusy to help verify that a mount point is locked.
- Strengthen the mbuf traversal code in pf(4), avoiding potential crashes on ip6(4) packets with options.
- Make dummies for aclocal and the auto* family in cvs(1), hopefully mitigating upgrade hassles.
- Don't allow the pf(4) CHANGEBINAT ioctl(2) when securelevel > 1.
- Include stub dl* function definitions in libc on ELF, making libdl unneeded.
- Enhance network handling during installations.
- Block signals in find(1) when running fts_read().
- Move NFS creds out of the standard buf structure and into the nfs node, and use pool(9) for NFS node allocation.
- Fix the password length check in user(8).
- Use lockmgr in procfs (mount_procfs(8)) instead of a home-made version.
- Correctly mark items on the syncer worklist with VBIOONSYNCLIST, ensuring items not on the list don't have this mark.
- Convert to using the vn_marktext() function instead of VTEXT to mark a vnode as executing a text image.
- Enable the NI_WITHSCOPEID getnameinfo(3) flag by default.
- sendmail(8) should listen on port 587 for ip(6), like ip4(6).
- Add sanity to the apmd(8) battery alert when the battery is charging.
- Let chdir(2) errors in rwhod(8) be seen.
- SECURITY FIX: update ssh to OpenSSH-3.0.1.
A source code patch is available.
[Applied to stable]
- Repair ipx frame-type handling in ifconfig(8).
- SECURITY FIX: don't let pf wander off the end of ipv6 icmp packets.
A source code patch is available.
[Applied to stable]
- Fix a recursive mutex problem in pthreads(3).
- RELIABILITY FIX: quiet bogus interrupt messages on sparc64 pciide cdroms.
A source code patch is available.
[Applied to stable]
- Support the "S" command in interactive mode in top(1) to toggle display of system processes.
- Prepare for UBC by adding a daemon that processes async I/O and repairing some other things.
- Don't memset(3) too much memory in ssh(1) or sshd(8).
- Be much more sure that software cannot be used in crypto(9) stuff.
- Fix behaviour of system(3) in phtreads(3) so it doesn't hang forever.
- Use select(2) instead of unsafe SIGIO method for handling wscons(4) events in X11.
- Increase buffer sizes in tcpd(8) and ssh(1) so they can hold a full hostname.
- Add uscanner(4) device node to i386 and macppc.
- SECURITY FIX: be more careful with file permissions in vi.recover
A source code patch is available.
[Applied to stable]
- RELIABILITY FIX: provide illegal instruction trap handling for Altivec instructions on macppc.
A source code patch is available.
[Applied to stable]
- Take advantage of the bus_dmamap_sync API.
- RELIABILITY FIX: finally address the PCI abort problem on hifn7751.
A source code patch is available.
[Applied to stable]
- Move accounting disk space watcher into a kernel thread, fixing accounting on NFS.
- Fix many signal handlers throughout the tree.
- Avoid overruning mbuf length in ip6(4) handling.
- Big rusers(1) update, including protocol version 3 support, avoidance of duplicate issues on multihomed machines, and timeout tweaking.
- Support mmap(2) past 4GB offsets.
- Repair creation of the hosts(5) file during installation.
- Size mprotect(2) allocations from malloc(3) to 0 bytes, resulting in a fault on access.
- Handle autorepeat delays better in wskbd(4).
- Send the User-Agent header when using ftp(1) to WWW servers and proxies.
- Overhaul some fd(4) handling within the kernel.
- Ensure isakmpd(8) dies promptly on reciept of the SIGTERM signal(3).
- Fix a problem with bsd_auth(3) and passwords containing colons.
- Make -h and -L in pax(4) and tar(1) follow symlinks on extraction of directories.
- Support ddb(4) entry with usb keyboards using uskbd(4).
- Enhance handling of console keyboard attaches and deattaches.
- Allow the SCSI cd(4) driver to eject empty drives.
- Repair backgrounding (~&) in ssh(1) for v1 and add support for v2.
- Spiff up the isp(4) driver; protect against deranged fabric name servers and correctly handle the ISP_QUEUES_FULL status.
- Cleanup wx(4), getting rid of a bogus pullup on small mbufs and setting a txint delay.
- Polish wsconsctl(8): better usage output, print nice output when changing display.* settings, and prefer warn(3) over err(3).
- Handle standard file handles better in cron(8), and change an unsafe vfork(2) call to fork(2).
- Import xc-mit to build XhpBSD for hp300.
- Don't let tcpdump(8) segfault on some radius traffic.
- Fix some bugs in ppp(8), including a PASV bug, a set reconnect bug, and allowing for looser MRU handling.
- Use a more specific error message when pfctl(8) is given a bad interface name.
- Correct printing of RDR rules in pfctl(8) when using ! with destination rules.
- Reset state counter when clearing states in pf(4).
- Ignore SIGPIPE early in ssh(1), allowing operation to continue even if the agent dies.
- Implement syslog_r(3).
- Support the Creative Labs SB Live! sound card with emu(4).
- Repair __PSEUDO_NOERROR on hppa.
This list mentions mostly platform-independent changes. For a list of changes
made in a particular platform, please check the page for that platform. If you
find them not listed there, the changes are either (1) not being documented or
(2) are documented here.
www@openbsd.org
$OpenBSD: plus.html,v 1.807 2001/12/30 16:44:16 deraadt Exp $