Changes made between OpenBSD 3.2 and OpenBSD-current
This is a partial list of the major machine-independent changes
(i.e., these are the changes people ask about most often). Port
specific changes have also been made, and are sometimes mentioned
in the pages for the specific platforms.
Changes to the ports collection are documented
here.
Note: Problems for which patches exist are marked in red.
We are working on OpenBSD-current.
The following list sums up (almost) all the changes made up to October 17.
- Improved media support and a boundary check fix for wi(4).
- Have route(8) correctly interpret -prefixlen 32 (or 128 for IPv6) network as a host route.
- Enable uvm_tree_sanity() check #ifdef DEBUG.
- Fix a potential null deref in route(8)'s arguments parser.
- Renumber ch(4) CHIO* ioctls. Old definitions renamed to OCHIO*, binary backwards compatibility will be left in intact until post-3.3.
- Teach kdump(1) to print AUDIO_* ioctls, and add a few missing syscall defines.
- Support fxp(4) on big-endian architectures.
- pf(4) allows protocols to be specified by a (valid) protocol number.
- Add a missing free() in pflogd(8).
- Treat manually- and auto-configured IPv6 address prefixes the same way.
- For positively POSIX reasons, implement isfdtype(3).
- Bring pax(1)'s date handling code back into sync with that in date(1). Four digit years parse now.
- Start to break out machine-dependent parts of MAKEDEV(8) into separate files.
- Send ksh.kshrc label() and ilable() output to /dev/tty insted of stdout, so command output streams doesn't get messed up.
- systrace(1) supports system call-granularity privilege elevation!
- Correct a typo in systrace(1) that was causing group predicates to be evaluated incorrectly.
- Range-check values given to atactl(8).
- Better mask comparision for pf(4) binat.
- Remove the setuid bit from login(1). If run with a non-root euid, it invokes su(1) with the new -L flag.
- Add '-L' flag to su(1) to make it work like login(1).
- Enable the META key in ksh(1) for 7-bit locales.
- Make sure some varargs end-of-list sentinel NULLs are pointer-width.
- Fix a subtle dangling pointer bug in BSD auth.
- Sync Brazil's Daylight Savings Time handling with new reality.
[Applied to stable]
- Stop makewhatis(8) grumbling about having Perl 5.8.x instead of 5.6.x.
- In the X server, work around problems caused by certain MTRR configurations whose details are only available under NDA.
- Kernel tweaks and hacks in preparation for GCC 3.x (kern/subr_prf.c)
- Some fixes in pool(9).
- pf(4) can now binat a whole netblock with one rule.
- Remove a potential null pointer deref in BSD authentication code.
- Fix a bad printf format string in ftpd(8). Non-critical because it's only ever fed by parts of the authentication system which sanitise the input first.
- Do some more unsigned checks to system call parameters, as with the setitimer(2) erratum.
[Applied to stable]
- Prepare the GNU floating-point emulation code on i386 for ELF.
- Update stable to OpenSSH 3.5.
- Catch some endianness nits and add zero-padding of keys in wi(4).
- Teach ALTQ CBQ the pf(4) API. The old API remains for now.
- Fix memory corruption that could cause panics in bridge(4)d systems with scrub enabled.
- Fix a bug in m_tag_copy_chain().
- Hush up noisy IPv6 neighbor discovery. Can be made loud again using sysctl net.inet6.icmp6.nd6_debug.
- In Sendmail, fix a potential bypass of smrsh(8) (see the Sendmail.org advisory.)
- Make predicates part of systrace(1)'s grammar.
- Start work on a merge of altq(9) and pf(4) functionality. Oh yes.
- Add a missing htons() in talkd(8).
- In pmdb, fix a crash that occurred when an attempt to set a breakpoint failed.
- Support SA_RESETHAND support to libc_r, in preparation for SA_SIGINFO support.
- Merge in Apache 1.3.27 and mod_ssl 2.8.11.
- New block-policy option to set the default response to a block rule.
- More rulebase reduction: "block return ..." now does The Right Thing, RST for TCP, ICMP for UDP, silent block otherwise.
- pf(4) support for icmpv6 returns in response to block rules.
- New reply-to rule option for pf(4), works like route-to but applies to reply packets in a stateful connection.
- httpd(8) restarts work even when srm.conf is not present.
- Have the X server complain less about unknown scancodes.
- Initialise the uvm_pglistalloc result list in the function, instead of requiring the caller to do it.
- syslog(3) and syslog_r(3) now take the new __syslog__ format attribute.
- Make the default httpd(8) config files use php4 instead of php3.
- pfctl(8) expands lists left-to-right instead of right-to-left.
- Teach pf(4) how to filter on the IP TOS field.
- Fix list handling problem in ALTQ CBQ that showed up with three or more CBQ instances.
- smtpd(8) has left the building.
- By default, add the -H option to the sort(1) invoked by locate.updatedb(8).
- Give window(1) the stdarg treatment.
- When routing via pf(4), use the outgoing interface as decided by the normal routing code, not the interface to which the rule applies.
- Fix cross-site scripting vulnerability (CAN-2002-0840) in the default error page of httpd(8). Only applies under specific (and non-OpenBSD default) conditions.
- In kernel IP processing, block interrupts with splsoftnet(9) around interface address routing table manipulations.
- Make sure wi(4) doesn't accept out-of-range TX keys.
- Stop ami(4) matching I2O-configured devices.
- 3.2 -> 3.2-current.
This list mentions mostly platform-independent changes. For a list of changes
made in a particular platform, please check the page for that platform. If you
find them not listed there, the changes are either (1) not being documented or
(2) are documented here.
www@openbsd.org
$OpenBSD: plus.html,v 1.848 2002/10/18 21:19:55 deraadt Exp $