Changes made between OpenBSD 3.3 and OpenBSD-current
This is a partial list of the major machine-independent changes
(i.e., these are the changes people ask about most often). Port
specific changes have also been made, and are sometimes mentioned
in the pages for the specific platforms.
Changes to the ports collection are documented
here.
Note: Problems for which patches exist are marked in red.
We are working on OpenBSD-current.
The following list sums up (almost) all the changes made up to May 10.
- Merge in Heimdal Kerberos V 0.6rc1.
- Since mfs doesn't try to force an unmount on receipt of a signal, there's no need to try to fix up processes' working dirs - the unmount(2) will fail.
- Fix isakmpd(8)'s handling of the IPV6_ADDR ID-type.
- Remove an unnecessary ntohs(3) in pfctl(8), unbreaking 'nat ... -> $if port n' rules.
- The pf(4) return keyword now generates an ICMP unreachable message for all protocols other than TCP (rather than just UDP and ICMP.)
- Have the compiler generate warnings if unsafe string functions are used in the kernel.
- Back out libreadline string fixes until static build works.
- Consign swapon(2) to COMPAT_25 in favour of swapctl(2).
- Clear unused and/or invalid globals in authpf(8) to prevent confusion.
- Update authpf(8) to spot (and reject) the new 'load...from' syntax.
- Support loading of anchors from the main pf(4) ruleset with new syntax 'load anchorname:rulesetname from filename'.
- Allow for the null-terminator when calling strlcpy(3) in gcvt(3).
- Remove a number of unnecessary executable mappings in the kernel, e.g. framebuffers and page tables don't really need to be x.
- Add sha2(3) digest support to libc.
- Clear libc digest buffers allocated on the stack with memset(3) before returning.
- Move setrgid(3) and setruid(3) from libc to libcompat.
- Move insque(3) and lsearch(3) and remque(3) from libcompat to libc, since they are now POSIX functions.
- Don't leak socket fds in pfctl(8) queue code, otherwise we can hit the file limit if many queues are defined.
- Fix a number of readlink(2) calls that forgot to leave space for the null-terminator that needs to be added manually.
- Update sudo(8) to 1.6.7p5.
- Add support for the userland portions of XFree86 DRI. Not yet enabled by default.
- In csh(1), null-terminate the string returned by readlink(2) before passing it on.
- Fix mmap(2)'ing of the dynamic linker hints file when the file size exceeds one page.
- Stop gcc(1) from inlining strcpy(3) so it can be more easily spotted in object files.
- Add missing device name parameter when printing a nofn(4) RNG underflow error.
- Fix a bad sizeof() in xedit(1).
- Fix some sscanf(3) off-by-ones in makepsres(1).
- Remove a string memory leak in ld(1).
- Change xclock(1)'s default behaviour back to -norender.
- Fix a few instances of sizeof(pointer instead of object) in expand(1), lbxproxy(1), skeyinit(1) and in the Kerberos IV and BIND libraries.
- Plug a memory leak in the kernel ELF loader.
- In the installer, give the -h option to tar(1) so symlinks on the existing system are honoured.
- Make lynx(1) try active FTP if passive mode fails. This was missed out in the recent upgrade.
- Have rdist(1) use POSIX regex(3).
- Update rdist(1) to cope with rcmdsh(3)'s new ability to handle command line options.
- Make pf(4) rdr and binat rules work again on protocols other than TCP, UDP and ICMP.
- After a forced unmount, try to change process back into real directories now that namei() won't do lookups under the old mountpoint.
- Stop namei() doing lookups on unmounted volumes, prevents crashes with forced unmounts. From NetBSD.
- Don't use M_WAITOK to sleep on failures when allocating hashtables for IP protocols (in_pcbinit()). Fail and panic.
- Pretty up sysctl(8) display units for hw.sensors.
- Only do setusercontext(3) in skeyaudit(1) when running as root.
- Don't use string functions on non-strings in sd(4).
- Kill a small asprintf(3) memory leak in mg(1).
- In skeyinfo(1), convert the username to seven-bit before doing the skeylookup(3).
- Make the fsirand(8) functionality built into newfs(8) non-optional.
- Allow command-line arguments in rshprog passed to rcmdsh(3).
- Add backquote to the list of characters escaped in ksh(1)'s vi-{esc,tab}complete mode.
- Fix a couple of sscanf(3) off-by-ones in afs and makeinfo(1).
- Write the correct amount of data when disconnecting tip(1) on biz22.
- Another memory layout change on i386 to allow a larger MAXDSIZ (see the tech@ archive for details.)
- Add a mail mode to mg(1) that does proper line wrapping, and add the '-f' command line option to set the mode.
- Properly restore the syncer vnode if unmount(2) fails.
- Use the right buffer size for getcwd(3) to avoid unnecessary truncation in at(1).
- Replace local (and wrong) basename logic in ln(1) with a call to the real basename(3).
- Don't leak an mbuf when dropping non-ARPHRD_ETHER arp packets.
- Compatibility improvements to ossaudio(3), mostly from NetBSD.
- Ditch newfs(8)/mount_mfs(8)'s homespun malloc() in favour of mmap(2).
- Prevent a couple of use-after-frees in pfctl(8).
- Defensively zero the m_flags field in mbuf(9) structures allocated on the stack.
- Make what(1) more POSIX-compliant.
- Stop skeyaudit(1) leaking file descriptors in -a mode, and be more paranoid about stdin, stdout and stderr.
- Add Doug Gwyn's portable alloca(3) on platforms for which no assembler version yet exists, and use instead of gcc(1)'s alloca().
- Greatly improved SIS chipset support in pciide(4).
- Make eso(4) work on sparc64 and (probably) macppc.
- A number of vnode(9) fixes and additions. See the checkin comment for details.
- Update lynx(1) to 2.8.4release, patchset 1d, including IPv6 support.
- Allow pf(4) antispoof rules to have labels.
- Keep trying to unbreak apachectl(8) restarts for shared modules when running under the chroot.
- Improve forward compatiblity of fsck_ffs(8) by comparing only what we understand instead of trying to ignore what we don't.
- Make the newly deprecated omsync() work under NetBSD emulation.
- Several strvis(3) -> strnvis(3) changes, all part of the continuing Battle for Safe String Functions.
- Fix some pthreads signal bugs that were causing MySQL to crash (PR#3178, PR#3238.)
- Allow pf(4) tables to be loaded into anchors. pfctl(8) table options except show and flush now honour -a.
- Have the dynamic linker stub functions in libc return -1 if called from a statically linked program.
- Only build shared libXv if the target arch supports shared libraries.
- Consign the omsync() system call to COMPAT_25 obscurity.
- Fix parsing of the noac option to mount_nfs(8).
- In netinet/tcp_input.c, correct a long-standing typo made when applying a deadlock-avoidance bug fix (TCP/IP Illustrated volume 2 fig. 28.30.)
- Fix a crasher in lkm(4), tripped when loading a module twice.
- Make ELF dlfcn(3) calls thread-safe.
- Add /usr/local/lib/X11/fonts to fontconfig(3)'s search list, to help ports.
- Add some missing X server key definitions.
- Re-introduce the mquery(2)-has-mmap(2)'s-signature change, once again renaming the old syscall to omquery().
- Only close the keyfile once in skeyaudit(1) -a mode.
- Do a return from main() instead of an exit(3) in md5(1) and spamd-setup(8),
- Fix some more unbounded sscanf(3) calls in KerberosIV, still more to come.
- Lock earlier when doing vnode ops in procfs to avoid a possible race condition.
- Remove a potential double-free in the XFree wsfb driver.
- Prepare pf(4) table structures for anchor support.
- Much string cleanup in sys/dev.
- Fix the isakmpd(8) fifo 'C set' command (PR#3148.)
- Use strdup(3) and asprintf(3) to eliminate some string length guesswork in rpcgen(1).
- Allocate enough space for a *printf() %u in rpc.yppasswdd(8).
- Correct libXp's shared library dependencies
- Fix fat32 filesystem corruption when renaming directories.
- New lm(4) (National Semiconductor LM78, LM79 and compatible) and viaenv(4) (VT82C686A South Bridge) hardware monitor drivers, adapted from NetBSD to use the new sysctl hw.sensor interface.
- Make funopen(3)'s declaration match its prototype (PR#3236.)
- Back out the recent mquery(2)-uses-mmap() API change.
- Add new sysctl(3) node hw.sensors for, er, hardware monitoring sensors.
- Don't assume that asprintf(3) failures won't clobber the tempfile name in mktemp(1).
- In the IPv4 case of inet_net_pton(3), infer the netmask the same way for all address classes (i.e. don't assume multicast networks are always */4.)
- Be more portable and check the asprintf(3) return value against -1 in pfctl(8).
- Add size bounds to sscanf(3) strings in edquota(8) and tn3270(1).
- Match mquery(2)'s function signature to that of mmap(2).
- Fix pf(4) nat proxy port allocation for manually specified ranges.
- If one is given, properly copy the second port of a nat proxy spec in pfctl(8).
- Fix a bad strlcpy(3) bound in the AFS library (PR#3228.)
- Use asprintf(3) to fix some buffer length problems in pdisk(8/MAC68K)
- When handling the packet size option in traceroute(8), bounds check the right variable.
- Properly detect EOF when generating policy interactively.
- Stop pflogd(8) generating syslog messages on startup.
- Swap a strchr(3) for a strrchr(3) in md5(1).
- When upgrading, treat the /altroot filesystem like a 'noauto' filesystem and omit it from the upgrade fstab.
- Do a proper bounds check when reading in the lynx(1) news server name from a file.
- less(1)'s glob now does tilde and brace expansion as well.
- On gre(4) IP input, use m_pullup(9) instead of assuming the header is in the first mbuf's data region.
- Have make(1) stop parsing command line arguments after a '--'.
- Better bounds checks when expanding curly braces in make(1).
- In ld.so(1), don't set the object load_size field to a negative value because this is likely to be wrong.
- Copy the null at the end of the name when adding a realm in Kerberos V.
- Make authpf(8) die the way it should when authpf.conf is missing (PR#3217.)
- Fix ubsec(4) output statistics.
- Sync sudo(8) with its CVS and bump the version to 1.6.7p4.
- Some typedef perfectionism in libwrap.
- String cleanup and extra paranoia in rd(4) and vnd(4).
- The string cleanup drive continues.
- Add support for the Davicom DM9009 chip to dc(4).
- Help ld.so(1) further by making mquery(2) return EINVAL (instead of ENOMEM) if MAP_FIXED was requested but is unavailable.
- New -x option for mount_msdos(8) to automagically make directories executable if they're readable.
- Unbreak Emacs 21 by fixing a problem with the new mquery(2) part of ld.so(1).
- Make tun(4) work when only IPv6 endpoints are specified.
- Add 4.3BSD's more command for use on some floppies instead of less(1). More is less.
- Change some return values in config(8) and cron(8) from char to int.
- Changes to support the new i386 W^X scheme.
- Move i386 to ELF, a binary upgrade is required for now.
- Use the new mquery(2) syscall in ld.so(1), i386 only for now.
- Avoid teeth-gnashing delays by making the installer use 'route -n show' instead of 'route show'.
- In the kernel ELF loader, use the uvm(9) to make sure that ld.so(1) doesn't overwrite an area that's already in use.
- Fix a buffer overflow that was causing a crash in mg(1) (PR#3090.)
- apachectl(8) now honours $httpd_flags from rc.conf(8).
- Remove a race condition in mount_mfs(8).
- Fix some allocation bugs in mg(1).
- In the kernel's standalone ISO9660 driver, collapse extra slashes in the pathname. This allows files to be loaded from the root of a cd.
- Uncomment the line that unloads httpd(8) shared modules on a server shutdown or restart.
- Many string fixes to named(8), more to come.
- pfctl(8) can now display basic HFSC stats.
- Much cleanup in elf2ecoff(1) (not installed by default.)
- Allocate the right getaddrinfo(3) buffer size in rip6query(8) and route6d(8).
- In audioctl(1), size(1) and spamd(8), don't use snprintf(3)'s return value for pointer arithmetic.
- Back out the 'long ATAPI detection delay' fix due to problems with some devices.
- Add a missing globfree(3) in sftp(1).
- Correct a number of short space allocations for *printf() integer-to-string conversions.
- Fix some problems with the xdm(1) OpenBSD logo, caused by the XFree86 4.3.0 merge.
- Don't increment the ping(8) sequence number until we know the packet has been successfully queued for sending.
- Include the at(1) job number in the process title.
- Put less(1)'s help text back into a separate file, and allow a reduced-size build for the boot floppies.
- Stop using hardcoded SOCK_* types when creating sockets in ssh(1), to facilitate ssh-over-sctp.
- Have isakmpd(8) unlink its fifo and pid file on a clean shutdown (PR#3199.)
- Allow ping(8) to send zero-length packets with the -s0 option.
- Some snprintf(3) buffer length fixes in isakmpd(8).
- Add new mquery(2) system call, to provide hints (especially to ld.so(1)) on where to put memory mappings.
- Make sure systrace(1) leaves space for the trailing null when displaying open(2) flags.
- Fix bad format strings in extattrctl(8) and mopd(8).
- Prevent timeout_add(9) from wrapping around on machines with a long uptime.
- Fix some bogus size_t values in grops(1) and mg(1).
- Update less(1) to version 381.
- Have spamd(8) set file descriptor limits with setrlimit(2).
- Relax the license on strlcat(3) and strlcpy(3) to encourage their bundling with other programs.
- Initial support for HFSC queueing, pf(4)-style.
- Back out recent 'X looks like a package' stuff.
- Merge in expat-1.95.4 from XFree86-current.
- Fix long delays when detecting ATAPI devices.
- sudo(8)'s Makefile now honours the LDSTATIC flag.
- Move queue ID assignment into the kernel and away from pfctl(8), solving a bunch of problems.
- Back out the earlier fix for PR#2230, which is a no-op since zombies aren't on the allproc list being scanned.
- De-allocate bus space on wi(4) device failures.
- Only print the less(1) -d prompt if there's enough space left on the status line (PR#3189.)
- When fixing up process root and working directories after a filesystem mount, leave zombies well alone. (PR#2230.)
- Fix an off-by-one in kernel malloc(9) diagnostic code.
- Correctly initialise xkb memory in the X server.
- Plug some file descriptor leaks in xman(1) (PR#3186.)
- Fix a broken sizeof() in gcc(1) when allocating a new sentinel_info.
- Demote the isakmpd(8) 'missing CRL dir' moan to a debug message.
- The kernel pf_state structure now points to both a rule and an anchor, so states created on anchors can use rule options properly.
- Create the /etc/isakmpd/crls directory from 4.4BSD.dist to stop isakmpd(8) complaining about its absence.
- Strip trailing whitespace before parsing ssh(1) options (OpenSSH bug 528.)
- Disable ssh(1)'s Kerberos IV support.
- Fix spamd(8)'s select(2) error handling.
- mg(1) now remembers the previous 'M-x compile' command.
- Add a missing free() in httpd(8)'s dbm processing.
- More fixes to osiop(4).
- Change some old-style chown(8)s (user.group) to POSIX user:group style.
- Fix a null deref in savecore(8).
- Add some missing NetBSD copyright information to ftp(1).
- Make ktutil(8) work properly over the network.
- Improvements to string handling (not str[ln]* for once) in adventure(6).
- Add fake package information so ports can check for XF4 installation.
- Use ksh(1) instead of csh(1) for XFree distrib scripts.
- Make pfctl(8) reject invalid ICMP types (>40) and codes (>255.)
- Fix a typo in the new ssh(1) rekeying code that was causing the wrong packet state counter to be fetched.
- Update sudo(8) to 1.6.7p3.
- Handle buffer length for strlcpy(3) properly in kvm_mkdb(8).
- Many fixes to osiop(4).
- Improve (as part of string function fixes) sort(1)'s handling of old-style + and - format specifiers.
- Don't treat disklabel fields d_packname and d_typename as null-terminated fields when they're not.
- Fix a bounds-check off-by-one in lam(1).
- Simplify pfctl(8)'s parsing of CIDR masks.
- Add 'queue foo on $i_bar' syntax to allow pf(4) queue specs to apply only to specified interfaces.
- Add 230400 to the list of speeds supported by termios under compat_linux(8).
- Use the default rule when a packet passes due to the implicit 'pass all' at the top of the rulebase, eliminating many NULL tests.
- Add a `default' pf(4) rule and use it to store the default timeouts.
- Add some shared library version updates missed in the XFree86 4.3.0 merge.
- Many string function fixes all over the tree.
- Fix a bad bounds check in OpenSSL's ASN.1 parser.
- Back out the earlier realloc() change to tcpdump(8).
- Update sectok_fmt_fid(3) to take a string length parameter, and crank libsectok's major version for the new API.
- With the XFree86 4.3.0 merge, add an additional definition so that ports libs end up in /usr/local/lib/X11.
- Update sudo(8) to 1.6.7p2.
- Fix user(8)'s empty group test (PR#3178.)
- Improve PRIQ queue id assignment, so same-priority queues on different interfaces work properly.
- Use realloc(3) instead of leaking memory in tcpdump(8).
- Some cleanup in ipcomp(4) and ipsec(4).
- Add a missing initialisation in ssh(1) (OpenSSH bug #526.)
- When an interface doesn't support altq(9), have pfctl(8) print the interface name in the error message.
- Add automatic ssh(1) rekeying in accordance with the current secsh newmodes draft, and fix some rekeying bugs.
- Fix kqueue(2) notification of immediate-mode bpf(4) events (PR#3175.)
- Merge in XFree86 4.3.0.
- Update sudo(8) to version 1.6.7p1, to fix some overzealous paranoia.
- Bump OpenSSH version to 3.6.1.
[Applied to stable]
- Fix an mbuf leak in icmp6.
- Have ftp(1) treat empty environment variables as if they were unset.
- Fix some use-after-FREE when handling crypto errors in ipcomp(4) and ipsec(4).
- Add a missing splx() in ipcomp(4).
- Clean up and additional paranoia in setusercontext(3).
- Only remove a kernel pf(4) rule structure when no states refer to it.
- Helpfully, allow netinet/tcp_debug.c to compile when TCP_DEBUG is defined.
- Fix ahc(4)'s probe of dual-channel 7899 cards.
- Use snprintf to construct device names in the kernel, instead of hand-rolling.
- Give a more consistent message when passwd(1) is aborted one way or another by the user.
- Begin the process of eradicating the remaining strcpy, sprintf, and strcat calls from the tree.
- Fix logging bustage in spamd(8).
- Update sendmail(8) to 8.12.9 to fix a buffer overflow in address parsing. Note that this fix went onto the OpenBSD 3.3 CDs and so is not a 3.3 erratum.
- More fixes to iha(4).
- Stop pmdb dumping core on stripped executables.
- Show in log output the list against which spamd(8) matched.
- Have spamd(8) report exactly how much of the filthy spammer's time was wasted.
- Add a missing strdup(3) error check in pwd_mkdb(8).
- Change login_passwd(8) from setuid(root) to setuid(_shadow).
- Remove OCHIO* binary compatability hacks from ch(4).
- When retrieving the size of a ccd(4) device, check the device is initialised before attempting to open it.
- Add USER_LDT to the list of kernel options(4) controllable via sysctl(3).
- Sync the SMP branch to 3.3.
- Improve iha(4)'s REQUEST_SENSE handling based on hard-won experience with osiop(4).
- Actually look for the lpr(1) -q option when calling getopt(3).
- Fix handling of -f and -h options to lpr(1).
- Improve error handling for invalid pf(4) cbq and priq flags.
- 3.3 -> 3.3-current.
This list mentions mostly platform-independent changes. For a list of changes
made in a particular platform, please check the page for that platform. If you
find them not listed there, the changes are either (1) not being documented or
(2) are documented here.
www@openbsd.org
$OpenBSD: plus.html,v 1.877 2003/05/11 18:24:58 deraadt Exp $