Changes made between OpenBSD 3.0 and OpenBSD-current
This is a partial list of the major machine independent changes
(i.e., these are the changes people ask about most often). Port
specific changes have also been made, and are sometimes mentioned
in the pages for the specific platforms.
Changes to the ports collection are documented
here.
Note: Problems for which patches exist are marked in red.
This file is not currently maintained, because the people who can edit
and maintain it are WAY too busy to keep it updated. Eventually we hope
to catch up. Really.
We are working on OpenBSD-current.
- Upgrade to XFree86 4.2.0
- In mixerctl(1), only open the mixer with RDWR when really needed.
- Enforce sane port ranges in the pfctl(8) rule parsing logic.
- Obey POSIX and don't update the modification time of the file if a write(2) is done with a length of zero bytes.
- Allow pf(4) rules to be identified by arbitrary labels.
- Support the HiFn 7811 in the hifn(4) driver.
- Add ELF support to modload(8), among other improvements.
- Support flags for savecore(8) in rc(8).
- Recognize a "no" keyword in the nat/rdr/binat syntax of
at.conf(5) to avoid translation.
- Allow a cvs(1) tagname to be expanded during checkout, export, and
update to be specified on the command line.
- Repair behaviour of ip(4) over ip6(4) tunneling when using gif(4).
- Clean up the lkm(4) subsystem.
- Consistently use SIG_DFL instead of SIG_IGN to disable a SIGCHLD signal(3) handler.
- Do not allow root to login(1) via an insecure tty even if the auth method does not use plaintext passwords.
- Don't let root change its password via login_chpass(8) and
login_lchpass(8).
- Add usbtablet(4), input support in XF4 for usb(3) devices.
- Avoid hanging x11 channels in ssh(1) with rejected cookies.
- ssh(1) protocol 2 HostKey default becomes /etc/ssh_host_rsa_key and /etc/ssh_host_dsa_key.
- Enable usb(3) devices for sparc64.
- Add a new m4(1) based makedev(8) generation system.
- Have fdisk(8) remove references to the NT serial number when writing to the MBR.
- Handle truncation to the middle of a file hole in FFS.
- Update sudo(8) to 1.6.4.
- Add more commands to ddb(4).
- Fix PT_{READ,WRITE}_{I,D} on sparc64.
- Migrate regression tests to a new, unified framework.
- Ensure correct alignment in some bridge(4) code.
- Many pthreads(3) fixes: only poll file descriptors when needed
use scheduling ticks for better timing, and avoid a polling related overflow.
- Only require write permission in pf(4) and pfctl(8) when modifying.
- Various od(1) and hexdump(1) fixes and POSIXification.
- Rename libusb to libusbhid.
- Enable RAIDFrame auto-configuration.
- Ignore the RSH environment variable in rdist(1) if it is empty.
- Correctly retain yp(8) bindings in ypbind(8) when using more than two domains.
- Plug a memory leak in the EPRT command of ftpd(8).
- Repair hex mode output in skey(1).
- Default to using the non-blocking behaviour on new accept(2) sockets.
- Repair tty(1) related panics caused by the session pointer code.
- Have ssh(1) and family exit on openssl(1) allocation failures.
- Only require the -t option when using ssh-keygen(1) to generate keys.
- Don't examine the tcp(4) header of non-tcp packets in PPP.
- Strengthen permissions on ppp.conf.sample.
- Use constant bitmasks as opposed to bitfields in the mmu segment and page table structure for mvme88k.
- Correctly print the payload string of tcp(4) RST segments when tcpdump(8) is verbose.
- Implement a scalable timeout(9) mechanism with constant-time add and delete.
- Let mvme68k systems lacking a configured pcc device compile.
- Don't default to generate rsa1 keys in ssh-keygen(1), and try all standard key files when invoked without arguments.
- Have crontab(1) send SIGUSR1 to cron(8) when a crontab file has changed, making changes take effect sooner.
- Send failing packet sequence number when sshd(8) is responding with an SSH_MSG_UNIMPLEMENTED.
- Ensure that user and system times increase monotonically.
- Add powerhook support to yds(4) to handle apm(8) resumes correctly.
- Repair memory leak in pcap(3) associated with compiled bpf(4) programs.
- Support span ports so that one can snoop a bridge from another interface/machine/network.
- Disestablish the xl(4) powerhook on detach.
- Add a -u flag to fdisk(8) which updates the MBR code but leaves the partition table intact.
- Big isp(4) overhaul.
- Improve signal handling in cron(8) so that processes run by cron(8) can't zombify until cron(8) wakes up.
- Add a pf(2) DIOCADDSTATE ioctl(2) that adds state entries.
- Support primitive stateful pf(4) filtering for other non-TCP/UDP/ICMP protocols.
- Fix icmp6(4) MIB counter.
- Better signal handling in login_skey(8) to avoid a possible race condition.
- Update signal handlers in passwd(1) to complement new catching getpass(3) call.
- Allow vnd(4) to create things larger than 2G.
- Perform a sanity check on the inner IP header of IP-in-IP encapsulated packets.
- Support -o for sshd(8), like ssh(1).
- Catch -- don't block -- SIGINT and SIGTSTP in readpassphrase(3) and getpass(3).
- Enable rootdev auto-configuration by device drivers during boot and add support for raid devices.
- Parse hex numbers in pf(4) correctly.
- Curtail the use of regex(3) in ssh(1).
- Make NKMEMPAGES dynamic based on memory size, deprecating NKMEMCLUSTERS in favour of NKMEMPAGES, NKMEMPAGES_MIN, and NKMEMPAGES_MAX.
- Forbid the coupling of different address families in pf(4) nat, binat, and rdr rules.
- Release the right descriptors when pipe(2) fails.
- Use pidfile(3) throughout the tree instead of hand-rolled imitations.
- Don't let sshd(8) pass user-defined variables to login(1).
- Nuke smartkey(1).
- Remove pipe based interface to photurisd(8), leaving only PF_KEY.
- Issue a "failed" message instead of a 2nd challenge if sshd(8) sees the same key in authorized_keys twice.
- Let the sshd(8) fake X11 server listen on localhost by default.
- Use ip6(4) in sendmail(1) when possible.
- Fix an alignment bug on alpha by using getifaddrs(3) instead of various ioctl(2) calls in named(8).
- Conform to historic behaviour in fmt(1); don't format lines that start with a dot.
- Avoid a "thundering herd" problem in accept(2), and fix an infinite loop on 64-bit systems.
- Use pool(9) for socket allocations.
- Correctly signal an error condition in newsyslog(8) so we don't send a signal to PID 0.
- Repair an error in uipc_socket that could make a transient error permanent.
- Perform a pf_route() before logging in case the logging created a bogus rule, avoiding a panic.
- Have socket connection queues use a tailq queue(3).
- Add fastroute option to pf(4).
- Support pasting characters with codes above 127 using the mouse via wscons(4).
- Handle PID files terminated with newlines correctly in newsyslog(8).
- Among other improvements, don't leak memory in ppp(8).
- During installation, preserve blank space in responses.
- Centralize the mount list, unifying locking, and add vfs_isbusy to help verify that a mount point is locked.
- Strengthen the mbuf traversal code in pf(4), avoiding potential crashes on ip6(4) packets with options.
- Make dummies for aclocal and the auto* family in cvs(1), hopefully mitigating upgrade hassles.
- Don't allow the pf(4) CHANGEBINAT ioctl(2) when securelevel > 1.
- Include stub dl* function definitions in libc on ELF, making libdl unneeded.
- Enhance network handling during installations.
- Block signals in find(1) when running fts_read().
- Move NFS creds out of the standard buf structure and into the nfs node, and use pool(9) for NFS node allocation.
- Fix the password length check in user(8).
- Use lockmgr in procfs (mount_procfs(8)) instead of a home-made version.
- Correctly mark items on the syncer worklist with VBIOONSYNCLIST, ensuring items not on the list don't have this mark.
- Convert to using the vn_marktext() function instead of VTEXT to mark a vnode as executing a text image.
- Enable the NI_WITHSCOPEID getnameinfo(3) flag by default.
- sendmail(8) should listen on port 587 for ip(6), like ip4(6).
- Add sanity to the apmd(8) battery alert when the battery is charging.
- Let chdir(2) errors in rwhod(8) be seen.
- SECURITY FIX: update ssh to OpenSSH-3.0.1.
A source code patch is available.
[Applied to stable]
- Repair ipx frame-type handling in ifconfig(8).
- SECURITY FIX: don't let pf wander off the end of ipv6 icmp packets.
A source code patch is available.
[Applied to stable]
- Fix a recursive mutex problem in pthreads(3).
- RELIABILITY FIX: quiet bogus interrupt messages on sparc64 pciide cdroms.
A source code patch is available.
[Applied to stable]
- Support the "S" command in interactive mode in top(1) to toggle display of system processes.
- Prepare for UBC by adding a daemon that processes async I/O and repairing some other things.
- Don't memset(3) too much memory in ssh(1) or sshd(8).
- Be much more sure that software cannot be used in crypto(9) stuff.
- Fix behaviour of system(3) in phtreads(3) so it doesn't hang forever.
- Use select(2) instead of unsafe SIGIO method for handling wscons(4) events in X11.
- Increase buffer sizes in tcpd(8) and ssh(1) so they can hold a full hostname.
- Add uscanner(4) device node to i386 and macppc.
- SECURITY FIX: be more careful with file permissions in vi.recover
A source code patch is available.
[Applied to stable]
- RELIABILITY FIX: provide illegal instruction trap handling for Altivec instructions on macppc.
A source code patch is available.
[Applied to stable]
- Take advantage of the bus_dmamap_sync API.
- RELIABILITY FIX: finally address the PCI abort problem on hifn7751.
A source code patch is available.
[Applied to stable]
- Move accounting disk space watcher into a kernel thread, fixing accounting on NFS.
- Fix many signal handlers throughout the tree.
- Avoid overruning mbuf length in ip6(4) handling.
- Big rusers(1) update, including protocol version 3 support, avoidance of duplicate issues on multihomed machines, and timeout tweaking.
- Support mmap(2) past 4GB offsets.
- Repair creation of the hosts(5) file during installation.
- Size mprotect(2) allocations from malloc(3) to 0 bytes, resulting in a fault on access.
- Handle autorepeat delays better in wskbd(4).
- Send the User-Agent header when using ftp(1) to WWW servers and proxies.
- Overhaul some fd(4) handling within the kernel.
- Ensure isakmpd(8) dies promptly on reciept of the SIGTERM signal(3).
- Fix a problem with bsd_auth(3) and passwords containing colons.
- Make -h and -L in pax(4) and tar(1) follow symlinks on extraction of directories.
- Support ddb(4) entry with usb keyboards using uskbd(4).
- Enhance handling of console keyboard attaches and deattaches.
- Allow the SCSI cd(4) driver to eject empty drives.
- Repair backgrounding (~&) in ssh(1) for v1 and add support for v2.
- Spiff up the isp(4) driver; protect against deranged fabric name servers and correctly handle the ISP_QUEUES_FULL status.
- Cleanup wx(4), getting rid of a bogus pullup on small mbufs and setting a txint delay.
- Polish wsconsctl(8): better usage output, print nice output when changing display.* settings, and prefer warn(3) over err(3).
- Handle standard file handles better in cron(8), and change an unsafe vfork(2) call to fork(2).
- Import xc-mit to build XhpBSD for hp300.
- Don't let tcpdump(8) segfault on some radius traffic.
- Fix some bugs in ppp(8), including a PASV bug, a set reconnect bug, and allowing for looser MRU handling.
- Use a more specific error message when pfctl(8) is given a bad interface name.
- Correct printing of RDR rules in pfctl(8) when using ! with destination rules.
- Reset state counter when clearing states in pf(4).
- Ignore SIGPIPE early in ssh(1), allowing operation to continue even if the agent dies.
- Implement syslog_r(3).
- Support the Creative Labs SB Live! sound card with emu(4).
- Repair __PSEUDO_NOERROR on hppa.
This list mentions mostly platform-independent changes. For a list of changes
made in a particular platform, please check the page for that platform. If you
find them not listed there, the changes are either (1) not being documented or
(2) are documented here.
www@openbsd.org
$OpenBSD: plus.html,v 1.811 2002/02/01 20:42:46 horacio Exp $