Changes made between OpenBSD 3.2 and OpenBSD-current
This is a partial list of the major machine-independent changes
(i.e., these are the changes people ask about most often). Port
specific changes have also been made, and are sometimes mentioned
in the pages for the specific platforms.
Changes to the ports collection are documented
here.
Note: Problems for which patches exist are marked in red.
We are working on OpenBSD-current.
The following list sums up (almost) all the changes made up to November 2.
- Do a better job when comparing dynamic addresses in pf(4).
- In pf(4) AF macros, operate on the whole address (all 128 bits) unless AF_INET is set.
- Fix perl(1)'s MakeMaker so manpages get installed the way we like.
- Plug a memory leak in IPv6 (ip6_output.c)
- Make sure processes aren't added to the process list until they're completely initialised.
- Implement some 4.3BSD emulation functions in terms of setresuid() etc.
- Use the new setresuid() etc. calls for FreeBSD, HP-UX and Linux emulation of the same calls.
- Implement [gs]etres[gu]id(2) system calls. Minor version bump for libc and libc_r.
- Many fixes to signal and fd handing under threads.
- Fix pf(4) interface expansion.
- Better GRE output from tcpdump(8).
- New -U option to chroot(8) that sets the uid, gid and group vector from the password database.
- To a chorus of approval, add the 'set require-order [yes|no]' option to pf.conf(5).
- Remove a bogus test in dd(1) that stopped a perfectly legal seek on a character device.
- Merge OpenSSL 2.2.18, fixing a cross-site scripting bug and two off-by-ones.
- Add a missing break statement in systrace(1)'s arguments parsing code.
- Add getdents64() support under Linux emulation.
- Merge in Perl 5.8.0.
- Have pool elements' sizes rounded up to the alignment passed to pool_init(9) instead of relying on the architecture's ALIGNBYTES value.
- wi(4) can now do pointless-but-common WEP encryption in software for Prism and Symbol cards. Useful if your card doesn't do weak IV avoidance (or if you trust your BSD more than your hardware manufacturer,) and also serves as a framework for better wireless crypto protocols.
- The installer unpacks siteXX.{tgz,tar.gz} files last so that site-specific tarballs always overwrite standard files.
- Remove the error-prone and robustness-principle-defying 'flags X' (as opposed to 'flags X/Y') syntax from pf(4)
- Be a little less 32-bit-centric in libcrypto.
- Have route6d(8) and rtsold(8) use poll(2) instead of select(2) as well.
- Change atoi(3) to strtoul(3) in route6d(8).
- Change a number of header files so NULL is now defined as 0L instead of 0, and so is the same size as a pointer.
- Add to chroot(8) the ability to set the uid, gid and group vector after doing the chroot(2) call.
- Some additional paranoia added to authpf(8).
- Have pf(4) test rule labels as well when comparing rules.
- Fix a few instances where %ul was used instead of %lu.
- Use poll(2) instead of select(2) in ping6(8)
- More picky argument parsing in traceroute6(8) and ping6(8).
- A couple of tmpnam(3)s become mkstemp(3) in httpd(8).
- Lots of int -> u_long in traceroute6(8).
- Correct an off-by-one in wi(4).
- Fix a printf format string typo in pfctl(8).
- Make pfctl(8) apply the netmask to addresses right away, so bogus netmasks show up as munges network numbers in -v output.
- Correct a couple of typos in pf(4)'s ioctl() code.
- Fix a null deref in libc_r.
- Make sure the user process tally is right when kernel stack space can't be allocated for the new proc.
- Correctly count the total number of processes in the system.
- Fix a remotely exploitable buffer overflow in kadmind(8).
[Applied to stable]
- Add partial support for the 21145 chip to dc(4).
- Have xconsole(1) get a pseudoterminal using openpty(3) instead of going all #ifdef.
- More NULL -> (void *)NULL, this time in XFree, to make sure varargs sentinel is pointer-width.
- pax(1) now honours @LongLink, and has a new option to stop the next volume prompt.
- Improved media support and a boundary check fix for wi(4).
- Have route(8) correctly interpret -prefixlen 32 (or 128 for IPv6) network as a host route.
- Enable uvm_tree_sanity() check #ifdef DEBUG.
- Fix a potential null deref in route(8)'s arguments parser.
- Renumber ch(4) CHIO* ioctls. Old definitions renamed to OCHIO*, binary backwards compatibility will be left in intact until post-3.3.
- Teach kdump(1) to print AUDIO_* ioctls, and add a few missing syscall defines.
- Support fxp(4) on big-endian architectures.
- pf(4) allows protocols to be specified by a (valid) protocol number.
- Add a missing free() in pflogd(8).
- Treat manually- and auto-configured IPv6 address prefixes the same way.
- For positively POSIX reasons, implement isfdtype(3).
- Bring pax(1)'s date handling code back into sync with that in date(1). Four digit years parse now.
- Start to break out machine-dependent parts of MAKEDEV(8) into separate files.
- Send ksh.kshrc label() and ilabel() output to /dev/tty insted of stdout, so command output streams doesn't get messed up.
- systrace(1) supports system call-granularity privilege elevation!
- Correct a typo in systrace(1) that was causing group predicates to be evaluated incorrectly.
- Range-check values given to atactl(8).
- Better mask comparison for pf(4) binat.
- Remove the setuid bit from login(1). If run with a non-root euid, it invokes su(1) with the new -L flag.
- Add '-L' flag to su(1) to make it work like login(1).
- Enable the META key in ksh(1) for 7-bit locales.
- Make sure some varargs end-of-list sentinel NULLs are pointer-width.
- Fix a subtle dangling pointer bug in BSD auth.
- Sync Brazil's Daylight Savings Time handling with new reality.
[Applied to stable]
- Stop makewhatis(8) grumbling about having Perl 5.8.x instead of 5.6.x.
- In the X server, work around problems caused by certain MTRR configurations whose details are only available under NDA.
- Kernel tweaks and hacks in preparation for GCC 3.x (kern/subr_prf.c)
- Some fixes in pool(9).
- pf(4) can now binat a whole netblock with one rule.
- Remove a potential null pointer deref in BSD authentication code.
- Fix a bad printf format string in ftpd(8). Non-critical because it's only ever fed by parts of the authentication system which sanitise the input first.
- Do some more unsigned checks to system call parameters, as with the setitimer(2) erratum.
[Applied to stable]
- Prepare the GNU floating-point emulation code on i386 for ELF.
- Update stable to OpenSSH 3.5.
- Catch some endianness nits and add zero-padding of keys in wi(4).
- Teach ALTQ CBQ the pf(4) API. The old API remains for now.
- Fix memory corruption that could cause panics in bridge(4)d systems with scrub enabled.
- Fix a bug in m_tag_copy_chain().
- Hush up noisy IPv6 neighbor discovery. Can be made loud again using sysctl net.inet6.icmp6.nd6_debug.
- In Sendmail, fix a potential bypass of smrsh(8) (see the Sendmail.org advisory.)
- Make predicates part of systrace(1)'s grammar.
- Start work on a merge of altq(9) and pf(4) functionality. Oh yes.
- Add a missing htons() in talkd(8).
- In pmdb, fix a crash that occurred when an attempt to set a breakpoint failed.
- Support SA_RESETHAND support to libc_r, in preparation for SA_SIGINFO support.
- Merge in Apache 1.3.27 and mod_ssl 2.8.11.
- New block-policy option to set the default response to a block rule.
- More rulebase reduction: "block return ..." now does The Right Thing, RST for TCP, ICMP for UDP, silent block otherwise.
- pf(4) support for icmpv6 returns in response to block rules.
- New reply-to rule option for pf(4), works like route-to but applies to reply packets in a stateful connection.
- httpd(8) restarts work even when srm.conf is not present.
- Have the X server complain less about unknown scancodes.
- Initialise the uvm_pglistalloc result list in the function, instead of requiring the caller to do it.
- syslog(3) and syslog_r(3) now take the new __syslog__ format attribute.
- Make the default httpd(8) config files use php4 instead of php3.
- pfctl(8) expands lists left-to-right instead of right-to-left.
- Teach pf(4) how to filter on the IP TOS field.
- Fix list handling problem in ALTQ CBQ that showed up with three or more CBQ instances.
- smtpd(8) has left the building.
- By default, add the -H option to the sort(1) invoked by locate.updatedb(8).
- Give window(1) the stdarg treatment.
- When routing via pf(4), use the outgoing interface as decided by the normal routing code, not the interface to which the rule applies.
- Fix cross-site scripting vulnerability (CAN-2002-0840) in the default error page of httpd(8). Only applies under specific (and non-OpenBSD default) conditions.
- In kernel IP processing, block interrupts with splsoftnet(9) around interface address routing table manipulations.
- Make sure wi(4) doesn't accept out-of-range TX keys.
- Stop ami(4) matching I2O-configured devices.
- 3.2 -> 3.2-current.
This list mentions mostly platform-independent changes. For a list of changes
made in a particular platform, please check the page for that platform. If you
find them not listed there, the changes are either (1) not being documented or
(2) are documented here.
www@openbsd.org
$OpenBSD: plus.html,v 1.849 2002/11/13 21:26:19 deraadt Exp $