Changes made between OpenBSD 3.4 and OpenBSD-current
This is a partial list of the major machine-independent changes
(i.e., these are the changes people ask about most often). Port
specific changes have also been made, and are sometimes mentioned
in the pages for the specific platforms.
Changes to the ports collection are documented
here.
Note: Problems for which patches exist are marked in red.
We are working on OpenBSD-current.
The following list sums up (almost) all the changes made up to December 8.
- In patch(1), get a private mapping from mmap(2) instead of a default (file) mapping.
- Fix a crash in troff(1).
- Don't drop the newest TCP connection when doing SYN flood avoidance when we meant to drop the oldest.
- In pf(4), make IPv6 redirects to loopback work the same way as for IPv4 and not require an additional route-to line.
- Fix a too-low spl(9) in the nfs client code.
- New ifconfig(8) option -C (and supporting ioctl(2) SIOCIFGCLONERS) that lists all cloning-capable devices.
- New mbuf_tags(9) type ...PF_TRANSLATE_LOCALHOST, used so that pf(4) redirection to localhost doesn't defeat the ability of programs like portmap(8) to tell localhost connections from remote connections.
- Add cloning support to ppp(4) and sl(4).
- Fix regex(3) handling of non-ASCII characters (PR#3594.) Fix from FreeBSD.
- Fix grep(1)'s handling of certain patterns containing multiple dots (PR#3597.)
- Make ifconfig destroy work on tun(4).
- Fix an endianness bug that was causing wicontrol(8) to crash.
- Set madvise(2) flag MADV_RANDOM for mfs(8) filesystems.
- Validate the SPIs presented in DELETE messages when doing an isakmpd(8) informational exchange.
- Have the installer ask whether sshd(8) should be enabled at first boot. The default is to enable it.
- Enable multicast reception for em(4).
- Do a screen split when more than one file is opened on mg(1)'s command line.
- Unbreak mg(1)'s META key support.
- Fix a sign comparison bug in semop(2).
- Add cloning support to bridge(4), carp(4), faith(4), gif(4), gre(4), lo(4), tun(4) and vlan(4).
- Support for interface 'cloning,' accessed by ifconfig(8) commands create and destroy. E.g. 'ifconfig vlan100 create'
- Add a dmesg command to ddb(4).
- Don't allow too many network interfaces (>65535) to be attached.
- Merge Perl 5.8.2.
- Add an hppa target to gcc3.
- Add support for UDP encapsulation of ESP in transport mode (see draft-ietf-ipsec-udp-encaps-XX.txt,) enabled via new sysctl(3) toggle net.inet.esp.udpencap.
- Use a consistent, high listen backlog for sshd(8), ssh-agent(1) and forwarding sockets.
- Fix an off-by-one in dc(1).
- Cosmetic improvements to ssh(1)'s progress meter.
- Let bc(1) compile programs with more than 10,000 lines.
- Add support for long variable names to bc(1), another non-portable extension.
- Add kqueue(2) support to tun(4).
- Use now instead of the epoch as the timebase for compat_linux(8) function alarm().
- Avoid a null-deref in uvm_swap_markbad().
- Check signedness before dereferencing in kernel descriptor management code.
- Fix csh(1) variable substitution when shortening strings (PR#3591.)
- In aliases(5), direct mail for most fake users (e.g. _syslogd) to /dev/null instead of spamming root.
- Add an amd64 target to gcc3.
- Add extended register support in dc(1) (-x option,) ready for long variable names support coming to bc(1) soon.
- Cleanup of mopd(8).
- Add OpenBSD-specific options to gcc3.
- Import (but do not yet enable) GCC 3.3.2, without the ADA frontend for space reasons.
- New ':' (inclusive range) operator for pf(4), works anywhere in pf.conf(5) that '><' (exclusive range) works.
- Fix the regex in security(8) that tests for valid group names.
- More fixes to pf(4) stats gathering.
- Fix NFS-over-TCP speed when OpenBSD is serving Linux clients (PR#3561.)
- Allow systrace(1) to accept usernames ending in '$'.
- Fix missing printf(3) arguments in eeprom(8), elf2aout and elf2ecoff.
- Discard the first 256 bytes of the arc4random(3) keystream as recommended by the "Weaknesses in the Key Scheduling Algorithm of RC4" paper.
- Fix a core dump in dc(1) when reading uninitialised array locations.
- Some gcc3 compatibility cleanup.
- Fix SIOCGIFHWADDR under compat_linux(8).
- Build more components of libiberty in preparation for gcc3.
- Sync libiberty with the version from GCC 3.3.2.
- Sync libedit with that of NetBSD on 8 Nov 2003.
- Move libiberty into src/gnu/lib/libiberty, removing it from the egcs directory. The new library is a sync'd to "somewhere between binutils-2.10 and 2.11" with some local changes.
- Avoid a double-free in pcap_setfilter(3).
- Have the kernel's MD5 code use the per-architecture optimised bcopy() instead of its own implementation (PR#3549.)
- New meaning for the ssh(1) -k option, it's now equivalent to GSSAPIDelegateCredentials=no.
- In ssh-keyscan(1), use sysconf(3) to get the maximum fd limit instead of returning an arbitrary number.
- Fix an out-of-bounds access typo in the implementation of sysctl(3) KERN_VNODE.
- Another getpass(3) return value check, this time in encrypt(1).
- Fix a sign overflow in compat_svr4(8) streams code.
- Make usernames containing underscores work in systrace(1).
- While we're fixing diff(1) return values, fix that of the -q option which got broken when -i was fixed.
- Stop the install(1) madvise() change breaking 'make release'.
- Stop pfctl(8) allowing an antispoof for an interface without an IP address, since that amounts to blocking all on every other interface. Bad.
- Add a few more pkg_create(1) packing list sanity checks.
- Also give cmp(1) and patch(1) the madvise(2) sequential treatment.
- Speed up install(1) by using madvise(2) with the MADV_SEQUENTIAL flag.
- Fix httpd(8) mod_access IP address tests on sparc64.
- New -o option to kvm_mkdb(8), to put the database somewhere other than /var/db.
- Fix return code from diff(1) when the -i option is in use.
- Build ftp(1) statically linked, to help out when things go wrong.
- RELIABILITY FIX: An improper bounds check makes it possible for a local user to cause a crash by passing the semctl(2) and semop(2) functions certain arguments.
A source code patch is available.
[Applied to stable]
- RELIABILITY FIX: It is possible for a local user to cause a crash via sysctl(3) with certain arguments.
A source code patch is available.
[Applied to stable]
- Add gcc(1) flags -fnobuiltin-{log,print} for kernel builds on some architectures, the others to be done as test results are collected.
- Re-enable build of named(8)'s DNSSEC programs.
- More wdc(4) probe fixes, sync'ing with NetBSD.
- Fix timed(8) breakage caused by the change from select(2) to poll(2).
- Add rc(8) startup for sensorsd(8).
- Merge in BIND v9.2.3.
- In crypto(3), enable assembler BN functions on vax, and assembler for most things on i386.
- Fix password blinding for non-existent users in sshd(8).
- Add new lightweight kernel reader/writer lock code, not used for anything yet.
- Performance improvements to pool(9).
- In sshd(8), fix the test for a valid authentication context when processing -R port forwards.
- Fix unnecessary delays in wdc(4)'s device probe. From NetBSD.
- Fix a missing initialisation in libkvm.
- Don't expose the contents of named(8)'s rndc.key file when diff'd by security(8).
- Merge in Apache 1.3.29 and mod_ssl 2.8.16.
- Add a missing bounds check and fix an int overflow in compat_ibcs2(8) (not enabled by default.)
[Applied to stable]
- Two more non-portable extensions to bc(1): Add new boolean operators, and allow relational operators to appear anywhere.
- Add drop operator 'R' to dc(1).
- Replace ssh(1) authentication mechanism 'gssapi' with 'gssapi-with-mic'.
- pf(4) stateful connections for generic protocols now work for IPv6 as well as IPv4.
- Pull in a patch from XFree86 4.3, preventing a crash on Riva128 cards.
- Remove win32 support files from the BIND tree.
- Set the atime, ctime and mtime of the kernfs boottime file to, uh, the boot time. Useful for find(1).
- Fix savecore(8) on big-endian 64-bit architectures.
- More fine-grained CPU type detection on i386.
- Test for a NULL return from getpass(3) in bdes(1), pppctl(8) and tn3270(1).
- Fix bogus read(2) error check in mg(1) when writing a backup file.
- Let compress(1) inflate multiple concatenated files just like GNU gzip.
- Support in dc(1) for boolean operations soon to appear in bc(1).
- Allow the pfctl(8) debug level to be set from pf.conf(5) with 'set debug'.
- Some fixes in the ssh(1) GSSAPI client code.
- Don't include the KAME interface index (used for IPv6 link-local addresses) in the carp(4) HMAC value.
- Strip out some slightly pointless tests in wdc(4) for an 8-bit value < n, where n > 255.
- Fix a bug in bc(1)'s print statement that left garbage on dc(1)'s stack.
- Make bc(1)'s exponentiation operator '^' right- instead of left-associative.
- Fix a potential DoS in ftpd(8) where an attacker could tie up the data port for long periods. From FreeBSD.
[Applied to stable]
- New behaviour for ssh(1) option VerifyHostKeyDNS, allowing implicit trust for DNSSEC-verified SSHFP records.
- Have scp(1) pass through the -q flag to its underlying ssh(1) process, suppressing SSH2 banners.
- Merge in OpenSSL 0.9.7c.
- Some nonportable syntactic sugar for dc(1) and bc(1).
- free(9)ing stack variables is a bad idea, don't do it in ubsa(4).
- Don't leak memory from ld.so(1) if the library name is invalid.
- Better parsing of library version numbers in ld.so(1), so 'libpython2.1.so.0.0' and 'libpython2.2.so.0.0' can coexist in peace.
- New 'print' statement for bc(1), a non-portable extension.
- Fix ksh(1)'s handling of redirection of a file to the same file, e.g. '2>&2'.
- Add more privacy flags to sendmail(8) cf/openbsd-proto.mc, requiring HELO/EHLO and disabling EXPN/VRFY.
- Add a classic paper on password security in /usr/share/doc/smm/17.password.
- Send diff(1) output 'no newline at end of file' to stderr instead of stdout, for compatibility.
- Stop pkg_add(1) considering as errors attempts to add an already-added package.
- Keep track of errors when adding multiple packages with pkg_add(1), and set a useful error code on return.
- Remove the automatic setting of packing-list prefix from the first @cwd.
- Restore printing of vlan(4) information in ifconfig(8), accidentally broken when carp(4) was added.
- Really fix mg(1) insert-file.
- Safer region handling in mg(1).
- Restore the terminal correctly when aborting out of mg(1).
- Undo the mg(1) insert-file operation properly.
- Unbreak the anchor rule number returned by pfsync(4).
- Avoid a race condition when swapping in a process.
- On i386, fix a crash that occurred with a large number (>1500) of processes (PR#3528.)
- New 'no sync' state option to prevent state transitions for a particular rule appearing on the pfsync(4) interface.
- Check that carp(4) packets are received on a carp-enabled interface.
- Fix setting of the interface index for IPv6 link-local multicast joins.
- Stop carp(4) responding to ARPs when the interface is down.
- Fix a buffer overflow in sed(1) when doing regex substitutions. From FreeBSD.
- Add non-portable extensions to dc(1): '#' (comment), 'n' (print without newline) and 'a' (byte to char).
- Better pkg_add(1) dependency resolution.
- Don't call the post-install script of packages that didn't fully install, and allow such packages to be fully removed.
- Let pkg_add(1) install packages coming from stdin.
- pkg_delete(1) allows the path to an installed package on the command line, so e.g. 'pkg_delete /var/db/pkg/zsh-*' now works.
- The package tools now automatically use the target of the first @cwd in the packing list as the prefix.
- Temporarily back out the recent reordering of interface capability tests and pf_test(). pf(4) rdr rules are now generating some bogus checksums.
- In isakmpd(8), require encrypted messages are soon as we have the keystate for it, require DELETE payloads to be accompanied by HASHes, and add validation for HASH payloads without active exchanges.
- Allow pf(4) tags to use the same macros as labels (see pf.conf(5).)
- Teach gdb(1) about SIGINFO (PR#3173.)
- Add commented-out LoadModule config lines, along with a short description, for each httpd(8) module in the standard build.
- In newfs(8) don't write the magic to the superblock until filesystem creation is completed.
- Fix netstat(1)'s display of IPv6 link-local multicast addresses.
- Redo the wdc(4) drive reset changes, more cautious this time.
- Make tcpdump(8)'s -x flag work for pfsync(4) devices.
- Use hash tables where possible for listen socket lookup as well.
- Add a route when we're the carp(4) master host, so the local machine can use the common address.
- Have pkg_create(1) spot duplicate packaging list entries and die noisily when it does so.
- Stop carp(4) pretending that everything it sends to bpf(4) comes from AF_INET6.
- Add GNU-compatible 'r' operator (swaps the top two stack items) to dc(1).
- Kill an IPv4 pasto in carp(4) IPv6 support when setting the interface address.
- RELIABILITY FIX: It is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header.
A source code patch is available.
[Applied to stable]
- Make pkg_delete(1) handle dependencies properly when using package name stems.
- Don't try to free a static string when checking ssh(1) host keys.
- In regular (non-pf(4)) IP output code, defer the interface tests for hardware IPsec and checksum capability until after pf_test(), since pf might drop the packet, or send it to a different interface.
- Make pf(4)-routed packets check the target interface for hardware IPsec and checksum capability.
- Fix a memory leak when carp(4) fails to put the interface into promiscuous mode.
- Add a missing check in IPv6 carp(4) for an interface on its way down.
- Preserve the debug flag when enabling pf(4).
- In top(1), check for signals at the right time and handle stdin failures better.
- Have patch(1) determine the filename in same manner as GNU patch.
- New --posix option for patch(1) for, uh, strict POSIX conformance.
- Set pkgpath in the correct order in pkg_add(1) etc.
- Re-add the SATA mode detection and reset-pause-IDENTIFY fixes to wdc(4). Drive reset fixes need further testing.
- Allocate the right number of elements in hashinit(9) (PR#3537.)
- Look up the groupname (not the username) when getting the gid from a tarfile in pkg_add(1) and friends. Also set file ownership before the mode.
- Add IPv6 support to carp(4).
- Sync libedit to NetBSD as of 2003-10-01, with some local string cleaning and history bug fixes. There are some api changes as a result of this update.
- New port, OPENBSD/pegasos.
- Fix insufficient length check in route6d(8) (KAME PR#507.)
- Try to deal with strdup(3) failures in init(8).
- More detective work from the spelling police, double-word branch.
- Fix lc(4) multicast filter initialisation.
- Backout recent wdc(4) reset, identify and mode detection changes, they are breaking things.
- Fix pf(4) binat for incoming connections when a netblock (not just a single address) is used as the rule source (PR#3535.)
[Applied to stable]
- RELIABILITY FIX: A user with write permission to httpd.conf or a .htaccess file can crash httpd(8) or potentially run arbitrary code as the user www (although it is believed that ProPolice will prevent code execution.)
A source code patch is available.
[Applied to stable]
- Do a better job of finding the proper partition in growfs(8).
- Evaluate dependencies earlier in pkg_delete(1), and if the check fails just give a list of the required removals and quit.
- Don't die if getsockopt(..., TCP_NODELAY, ...) fails in ssh(1).
- In wdc(4), add a pause between a drive reset and an IDENTIFY command, to allow for units that are sick just after a reset.
- Don't do ATA mode detection for SATA drives, some drives really don't like it.
- Set the skew properly when rescheduling carp(4) advertisements.
- Fix an mg(1) startup crash.
- Don't schedule a carp(4) advertisement if the interface is on its way down and we run out of mbufs.
- Really stop sending advertisements if the carp(4) interface is downed.
- Set the maximum value for sysctl(3) kern.stackgap_random maximum to 256MB.
- Remove artificial limit on the number of partitions that may be stretched by growfs(8).
- Early support in wi(4) for PRISM 2.5/3 USB adapters. Very limited for now.
- Make wdc(4) reset code more like that in FreeBSD and NetBSD, fixing slave device detection when the master behaves strangely.
- Reorganise pf(4) state searches for a 30% memory saving.
- Don't leak mbufs on carp_output() failures.
- Replace a linked list with a hash table for local IP port lookup, dramatically reducing the lookup time (in_pcblookup()) when there are many sockets.
- Precompute as much of the carp(4) sha1 hash as possible.
- Prevent occasional syslogd(8) hangs on receipt of a SIGHUP with a modified syslog.conf file.
- Remove a few comparisons of an int to NULL.
- Do initgroups(3) before chrooting httpd(8) instead of after, since /etc/group may be of use.
- Stop the new bpf(4) write filter blocking everything when no filter is set, and so unbreak DHCP.
- Only try to remove a dependent package once in pkg_delete(1).
- In carp(4), stir in the full inner hash instead of just sizeof(pointer) bytes of it.
- Finally, stop the long long pause for i386 laptop users with disconnected floppy drives.
- Make pkg_info(1) do the right thing with multiple packages sharing a common stem, e.g. multiple responses for 'pkg_info autoconf'.
- Allow pkg_delete(1) to work with package name stems. Oh yes.
- Another missing strdup(3) error check, this time in tn3270(1).
- Reduce the amount of logging spamd(8) does by default. The new -v option does verbose logging.
- Have privilege-separated syslogd(8) call setgroups when changing dropping privileges, in line with the same change in newly-separated pflogd(8).
- Fix a panic when traversing a corrupt msdos filesystem. From NetBSD.
[Applied to stable]
- Implement privilege separation in pflogd(8). Requires creation of _pflogd user and group.
- Add locking and write-filtering to bpf(4), so programs running as non-root can hold bpf descriptors without being able to write whatever they like at the link layer or issue dangerous ioctl(2)s.
- Fix dc(1)'s J operator with the new extended comparisons.
- Switch carp(4) from keyed sha1 to hmac-sha1.
- Implement extended comparison operators in dc(1), to allow for an if ... else construct in bc(1).
- Make un-getting a character from a string work the same as from a file in dc(1).
- Fix a kqueue(2) file descriptor leak under libpthread.
- In libpthread, don't bother resetting O_NONBLOCK on descriptors that are not flagged to survive the imminent execve(2).
- Add missing strdup(3) error check in tic(1).
- In mg(1), make undo work per-window instead of per-buffer.
- Fix late definition of enum XML_Status in <expat.h>. From expat CVS.
- A huge number of comment spelling fixes all over the tree.
- Make ssh(1) choke on too-short GSSAPI OIDs.
- Switch over to the new package tools.
- In netstart(8), don't try to initialise carp(4) interfaces until after physical interfaces are configured.
- Fix an endianness bug in carp(4) sha1 code.
- realloc(3) cleanup in ppp(8).
- Stop all carp(4) hosts advertising master status when preempt is disabled.
- When doing carp(4), Only give an error in ifconfig(8) when the user tries to set both of advbase and advskew to zero.
- Correct a missing strdup(3) return value check in nc(1).
- Fix numfds==0 case in pthreads-optimised select(2).
- Add functions to find package name 'stems' (package names without the version number) and use them in the soon-to-be-enabled new pkg_info(1).
- Add direct support in named(8) for SSHFP resource records.
- Fix bc(1)'s assignment operators (+=, -= etc.)
- Add J(jump) and M(mark) operators in dc(1), and use them to implement the continue statement in bc(1).
- Fix out-of-bounds reads in make(1), libfreetype and xterm(1).
- Make the recent vnd(4) numbering change work the way it should.
- Enter carp(4), OpenBSD's Common Address Redundancy Protocol for IP high availability and load balancing.
- Unbreak httpd(8) SHA1 code on 64-bit architectures.
- Make sure the inode generation number (obtained using arc4random()) is positive.
- pciide(4) DMA reliability fixes. From NetBSD.
- strlcpy(3) -> memcpy(3) for non-string buffers in vi(1), along with some extra paranoia.
- Check for signals earlier in mountd(8), so they can be handled before we select(2) until a mount request comes in.
- Import new package management tools under src/usr.sbin/pkg_add. Not built by default yet.
- New 'G' malloc.conf option to add a guard page after pagesize-or-larger chunks, and to return less-than-pagesize chunks in random order.
- Better SATA support in wdc(4).
- Fix faithd(8) args to poll(2).
- Fix a out-of-bounds read in libcurses.
- Have tip(1) return the terminal to a sensible state on fatal errors.
- Change malloc(3) so that it aborts the process on any error other than running out of memory. This is different to the 'A' malloc.conf switch that aborts on any error.
- More randomness for temporary directories created by ssh-agent(1) and sshd(8).
- Switch on the ssh(1) DNS fingerprint (sshfp) lookup code, previously not build by default. Still needs switched on in the config file.
- Make e.g. 'MAKEDEV tty08 - tty7f' work.
- Only endian-flip the fragment offset once on IPv6 input.
- Do a hardware receive checksum in sk(4) too, working around the fact that sometimes the hardware gets it wrong.
- On em(4) devices that support it, offload receive checksum calculation to the hardware. From FreeBSD.
- Update timezone files again, this time to tzcode2003d.
- Bring bge(4) and brgphy(4) more in line with updates in FreeBSD and NetBSD, both bug fixes and additional device support.
- Remember the filename given when using ^X^W in mg(1).
- Make shmat(2) under Linux compat work as expected.
- Fix a buffer overflow in timedc(8). Found by FreeBSD, fixed differently here.
- Add division and modulus operator '~' to dc(1).
- Remove GNU bc and dc from the tree.
- Merge in expat 1.95.6 from XFree86 4.3.99.14.
- Search for keys in the ssh(1) agent in reverse order to solve duplicate key problems (OpenSSH bug #684.)
- ssh(1) option ForwardX11 now has xauth(1) generate untrusted keys by default. Option ForwardX11Trusted restores the old behaviour.
- Change vnd(4) major/minor numbering to allow more devices. Requires a MAKEDEV.
- Do nfs-specific 'test -x' stuff in the right order in ksh(1) (PR#3465.)
- More work on vr(4).
- Have the linker generate a warning when using 43compat's getwd(3).
- Better calibration code for auich(4). From FreeBSD/NetBSD.
- Re-enable the random increment on the return value of uvm_map_hint() (called by uvm_map(9).)
- Install a sample config file for sensorsd(8).
- Prevent symlink races in systrace(1).
- Have GSSAPI default to off in the ssh(1) client as well as the server.
- Unbreak pf(4) on 64-bit architectures.
- Hack httpd(8) so digest authentication works with IE, Safari, etc. From FreeBSD.
- Fix potential signedness bug in fgets(3) (PR#1709.)
- Correct __bounded__ attributes for {MD4,MD5,RMD160,SHA1}DATA functions (PR#3505.)
- Allow newfs(8) to build small filesystems again by making sure ncyls >= 2.
[Applied to stable]
- Plug a memory leak in netstat(1).
- Add nfs attribute cache tuning parameters to mount_nfs(8) (Inspired by PR#2567.)
- Kill a null deref in make(1).
- Allow a semicolon to terminate label strings in sed(1), so one-liners with labels can work.
- A few string and memory fixes in rup(1).
- Stability fixes for vr(4). From FreeBSD.
- Add arc4 support to the kernel, and have wi(4) use it instead of rolling its own.
- Unbreak sftp(1)'s handling of quotes in pathnames.
- More propolice fixes and improvements.
- Remove httpd(8) addon-breaking newsyslog.conf(5) sample lines.
- Install sensorsd(8) by default.
- Really really give xfs a poll(2) backend.
- Fix a badly broken gcc(1) optimisation when calculating structure offsets under certain conditions. See the commit log for details.
- Unbreak lge(4) compile.
- Update timezone info files to tzcode2003c.
- Stop em(4) stripping 802.1q headers from packets in a bridge(4).
- Add vlan(4) support to em(4).
- Avoid a division-by-zero panic when benchmarking the pchb(4) RNG device.
- A couple of read-from-device fixes to an(4). From FreeBSD.
- Remove non-free licensed xlock(1) bitmaps.
- Properly free resources when ffs_mountroot() fails.
- Stop isakmpd(8) crashing when the value for LIFE_DURATION is missing.
- Back out the new environment variable load in ld.so(1) due to sparc breakage.
- Unbreak the new xfs poll backend.
- Fix a long-standing memory leak in kernel libz (PR#2886.) From NetBSD.
- Print a more useful error message when a bad port number is given to whois(1).
- Fix broken time parsing in kadmin(8) (PR#3292.)
- Initialise environment variables in ld.so(1) before calling constructors and atexit(3) functions
- Have inetd(8) exit if no config file is found.
- In sendmail(8) submit.mc/cf, bind the msp to 127.0.0.1 instead of localhost just in case localhost doesn't resolve correctly.
- Teach netstat(1) how to deal with KAME embedded scope IDs for -f encap route dumps.
- Use arc4random(3) to generate cookies in the XSecurity extension.
- Fix a few off-by-ones in gethostbyname(3) and friends.
- Allow multiple RCPTs in spamd(8), and stop looping on invalid commands.
- Bring in a number of pipe(2) stability fixes from FreeBSD.
- Fix httpd(8)'s handling of SSLCertificateChainFile under the chroot.
- sshd(8) usage output now dumps the OpenSSL version too.
- Don't try to send incomplete IPv4 fragments in the ENOBUFS case. Note that this is a behaviour change from 4.4BSD and applies to output from bridge(4) and pf(4) as well as vanilla IP output.
- A couple of endianness fixes when setting the IPv4 output fragment offset.
- A couple of minor malloc(3) fixes related to recursive calls and debugging.
- Clean up IPv6 flowlabel handling.
- New IPv6 ID and flowlabel generation code using arc4random(9).
- Remove a bad m_cat(9) call when fragmenting outbound IPv6 packets.
- Add a missing initialisation in pflog(4) that allowed kernel stack garbage to leak into .pcap files.
- Have the libc stack protector code use the kernel __sysctl() call directly instead of using the libc sysctl(3) interface.
- Stop reading ~/.signature to pre-fill the Organisation: field in sendbug(1) (PR#3499.)
- Fixes to event(3) poll code.
- Have ftpd(8) listen on both IPv4 and IPv6 ports by default.
- Fix an out-of-bounds memory access in kernel compat_ibcs2(8) code.
- Add missing check for strdup(3) error in talk(1).
- Correct a couple of off-by-ones in banner(1) and ssl(3) (src/ssl/ssl_ciph.c.)
- Fix the code that grows ifindex2ifnet in sys/net/if.c.
- Add a stack of missing switch break statements needed after the _dl_errno changes to ld.so(1).
- Teach size(1) how to read ELF objects.
- POSIX and interoperability fixes for bc(1) and dc(1),
- SECURITY FIX: The use of certain ASN.1 encodings or malformed public keys may allow an attacker to mount a denial of service attack against applications linked with ssl(3). This does not affect OpenSSH.
A source code patch is available.
[Applied to stable]
- Properly free resources on fxp(4) attach failures.
- Some reliability fixes in ahc(4) and siop(4).
- Allow sensorsd(8) to daemon(3)ize itself.
- Fix an unchecked strdup(3) in getnetgrent(3).
- Fix several kernel networking off-by-ones w.r.t. PRC_NCMDS.
- Better error checking for new bc(1) and dc(1).
- Make new bc(1) compile on sparc64.
- Further realloc(3) cleanup.
- Fix bogus getutmp() error check in battlestar(6).
- Change the xfs backend from select to poll.
- Introduce 64-bit byteorder(3) macros.
- strdup -> strlcpy in apmd(8), and make sure the socket gets unlinked at exit.
- Better malloc(3), realloc(3) and strdup(3) error checks in config(8).
- Stop pflogd(8) shouting 'Reopened logfile' at syslog.
- Add a number of missing checks for strdup(3) failure.
- Add an sscanf(3) bounds check to the neighbour cache file code in ndp(8).
- Reorder the pf(4) statistics counter code and fix some miscount bugs.
- In isakmpd(8), don't listen on INADDR_ANY if the Listen-on option is specified.
- Fix an off-by-one and a bad string bounds length in atc(6).
- Don't set sshd(8)'s listen socket to non-blocking mode.
- Build the new BSD bc(1) and dc(1) in favour of the GNU versions.
- Drop authpf(8)'s 15-character username restriction, it's no longer necessary (PR#3491.)
- Allocate a buffer large enough to store a full IPX address in ipx_ntoa(3).
- Unbreak netstat(1) -i display columns for interfaces with no address.
- Stop spamd(8) dying unceremoniously on accept(2) failures.
- Make talk(1) retry if accept(2) returns ECONNABORTED (the same as it does for EINTR.)
- realloc(3) fixes in brconfig(8), dhclient(8), lpd(8), pppd(8) and rwhod(8).
- Add a 'recipe' datafile to fortune(6), starting with some barbecue recipes from the hackathon.
- Use arc4random(3) instead of srand(3) to generate a more random salt for htpasswd(1).
- Start removing unnecessary null checks before doing free(3) on a possibly null pointer.
- Fix scrambled display when resuming a suspended less(1) process.
- Use strlcpy(3) instead of bcopy(3) to avoid overflowing the nodename and netname in an(4).
- Fix a couple of off-by-ones in adventure(6).
- Fix an out-of-bounds write in the isakmpd(8) privsep monitor code.
- Make dlerror(3) clear _dl_errno as expected (PR#3441.)
- Correct a couple of off-by-ones in libc.
- Fix overflows in the X font server overflow fix. Sigh.
- Add a missing free in cvs(1).
- New, BSD-licensed version of bc(1).
- Fix an off-by-one in csh(1) (PR#3163.)
- More realloc(3) fixes.
- Fix a bad bounds check that could crash sort(1).
- More paranoid privsep parent/child communication in syslogd(8).
- SECURITY FIX: It is possible for a local user to cause a system panic by flooding it with spoofed ARP requests.
A source code patch is available.
[Applied to stable]
- A number of realloc(3) fixes (removing instances of the bad idiom described in the manpage) in several programs.
- New program sensorsd(8) to monitor hardware sensors as exposed by the hw.sensors sysctl. Not installed yet.
- Unbreak tftp(1) put command.
- Remove and re-add SHA2 support in isakmpd(8), minus OpenSSL EVP-related fd leaks.
- Fix some realloc bugs in pfctl(8) tables code.
- Initial HIFN 7955/7956 crypto accelerator support.
- Increase spamd(8) maximum connections from 200 to 800.
- Install a more complete set of sendmail(8) empty config files under /etc/mail.
- Throttle 'proc: table is full' messages to once every ten seconds. From NetBSD.
- Further improvements to ssh(1)'s fatal exit handling.
- Use the much simpler getifaddrs(3) instead of sysctl(3) in rtadvd(8).
- Use getaddrinfo(3) for name-to-address resolution in isakmpd(8).
- Replace kernel select(2) backends with poll(2) backends. This allows for more complete poll() functionality. From NetBSD.
- In mtrace(8) only do mask checks for AF_INET.
- Add poll(2) support for event(3).
- Fix a few suspect strlcpy(3) calls in ifconfig(8).
- Allow getopt_long(3) to accept an optional argument separated by whitespace, unlike GNU getopt_long.
- Stop tsort(1) reading past the end of its buffer.
- Plug a realloc memory leak in mg(1).
- Off-by-one fixes in nc(1), pmdb(1), ppp(8), libssl, libpthread and a few in the kernel.
- Sync up named(8) with BIND 9.2.2-P3, with support for new zone type 'delegation-only'.
- In the new dc(1), Make all registers contain zero initially for compatibility.
- Fix, clean up and simplify the installer's handling of yes/no responses from the user.
- Use poll(2) instead of select(2) in skey_authenticate(3).
- Plug a memory leak in rtadvd(8).
- Stop extraneous 'no disk label' warnings in the installer.
- Implement hardwareflow (hf) option for tip(1). Off by default.
- Fix an out-of-order free() in rpc(3).
- Don't leak memory if memory allocation fails in libc rpc(3) code.
- Change the ld(1) script to make contructors and destructors in dynamic binaries non-writable.
- Completely new BSD-licensed version of dc(1) using the OpenSSL bn(3) routines.
- Have scp(1) check for an error code in remote->remote mode.
- When chrooting httpd(8), use initgroups(3) so that supplementary group IDs are initialised as well.
- Temporarily disable soft interrupts support in usb(4) for stability reasons.
[Applied to stable]
- Several abnormal exit handler fixes to ssh(1).
- Better disk device probe on i386.
- Correct the signal number validity check in csh(1)'s kill command.
- Make grep(1)'s binary file test work for gzipped files the same as for other files, testing against isspace(3) as well as isprint(3).
- Make sure whois(1) can't zap straight past the beginning of the buffer when removing spaces from line endings.
- Stop pfctl(8) checking for a netmask if the address type being examined is a table.
- Fix a subtle use-after-free in modload(8).
- Some int -> u_int paranoia in ssh(1).
- More ssh(1) buffer management fixes (CAN-2003-0682.)
- Further EDD detection improvements on i386.
- Properly flush the ssh(1) RSA1 public key from memory when its output file cannot be opened (OpenSSH PR#662.)
- Correct a double-free in the ssh(1) buffer management code (OpenSSH PR#660.)
- Fix the ssh(1) ConnectTimeout option (OpenSSH PR#656.)
- On i386, try harder to boot from removable media by allowing for their removal and insertion.
- Updated and better-commented openbsd-proto.mc for sendmail(8).
- Upgrade sendmail(8) to version 8.12.10. The address parsing security fix went into 3.4 and -stable, but not the full version update.
- 3.4 -> 3.4-current.
This list mentions mostly platform-independent changes. For a list of changes
made in a particular platform, please check the page for that platform. If you
find them not listed there, the changes are either (1) not being documented or
(2) are documented here.
www@openbsd.org
$OpenBSD: plus.html,v 1.895 2003/12/09 21:13:27 deraadt Exp $