Changes made between OpenBSD 3.5 and OpenBSD-current
This is a partial list of the major machine-independent changes
(i.e., these are the changes people ask about most often). Port
specific changes have also been made, and are sometimes mentioned
in the pages for the specific platforms.
Changes to the ports collection are documented
here.
Note: Problems for which patches exist are marked in red.
We are working on OpenBSD-current.
The following list sums up (almost) all the changes made up to April 16.
- Have pf(4) block unconditionally when the input queue congestion flag is set, instead of doing CPU-intensive rule tests.
- If an interface input queue becomes full, set a new congestion flag in the queue structure. Since a full queue usually indicates processing overload, this flag can be used to allow other subsystems to cooperate in easing the situation.
- Make netstat(1) show the number of mbuf clusters in use rather than the number of pages.
- Fix a ufs directory-related panic (PR#3672). Fix from FreeBSD.
- Have the cvs(1) server check for attempts by a client to walk up the directory tree illegally.
- Perform some additional checks on the paths fed to the cvs(1) client by the remote server.
- Some address family agnosticism in bgpd(8).
- Let bgpctl(8) show IPv6 peer addresses in neighbour view.
- Now that dhcpd(8) doesn't need to continuously reopen the leases file for writing, have it chroot(2) to /var/empty and drop privileges after starting up.
- Only open the dhcpd(8) leases file once instead of every time it needs to be written.
- Set up new dhcpd(8)'s bpf(4) listen filter for the right port.
- Have mopd(8) do a chroot(2) to /var/empty and drop its privileges.
- Massive style(9) application to isakmpd(8).
- Stop another instance of syslogd(8) from unlinking a socket that's in use.
- TCP packets are now allowed to have IPv4 options.
- Begin work of separating binary emulation type from the executable file format.
- New user and group _mopd, for some obscure reason related to mopd(8).
- Enable all supported USB devices in the i386 GENERIC config.
- Pass the jobname to lpd(8)'s input filter via the -j option, some filters need it.
- When the syncache aborts a connection, don't set an ACK in the RST packet.
- Add entries for all supported USB devices to the GENERIC config on sparc64.
- In crypto(9), add cases for sha2 algorithms in swcr_authcompute().
- Fix systat(1) screen updates after resuming from a ^Z.
- Make pf(4) antispoof rules work with dynamic interfaces.
- Match on all characters of the interface name in the pfctl(8) parser.
- Make sure privsep tcpdump(8) transitions into STATE_RUN even when writing to stdout with '-w -'.
- Implement AI_NUMERICSERV (from RFC3493) in getaddrinfo(3).
- Since the UDP checksum in mandatory in IPv6, drop any input packets where it's absent and make sure it's set even for error output.
- dhcpd(8) cleanup:
- Use getopt(3).
- Remove pidfile code.
- Steal some already-sanitised code from dhclient(8).
- Remove code to handle network access methods we don't care about, only bpf(4) is necessary here.
- Break out dhcpd(8) into usr.sbin/dhcpd and begin The Process.
- Have lpd(8) treat 'o' format files (PostScript) from MacOS 10.1 the same as 'l', not 'f', since PostScript can contain binary data. From FreeBSD.
- Parse and handle RFC 2858 Multiprotocol Extensions in bgpd(8).
- Allow restore(8) to recover files larger than 4GB by using size_t instead of long.
- Have dhclient(8) retry up to ten times after a second's delay for interfaces showing no link.
- More careful IKE payload parsing in tcpdump(8).
- New _PATH_DEVFD and _PATH_VAREMPTY constants in <paths.h>.
- Fix a null deref in syslogd(8).
- Have new dhcrelay(8) do a chroot(2) to /var/empty and drop privileges.
- In libpthread, update curthread immediately after a thread switch.
- New _dhcp user and group for, funnily enough, the DHCP programs.
- Refactor the installer's network initialisation code into IPv4-specific sections in preparation for IPv6.
- Start surgery on dhcrelay(8):
- Move to /usr/src/usr.sbin/dhcrelay.
- Kill pidfile code.
- Use daemon(3) and getopt(3) instead of DIY.
- Huge cleanup of mopd(8).
- Implement a rate limit for TCP ACKs of 100pps, and use this more general mechanism for in-window SYN handling too.
- Safely handle aborts in malloc(3) etc. without tripping the recursive call handler by mistake.
- Fix reliability problems with bge(4) and gdt(4).
- Fix an accidental busy-wait in sensorsd(8).
- Increase the maximum number of pty(4) devices to 992. See the Upgrading Mini-FAQ item 3.5.1 for upgrade instructions.
- Fix a typo in kern/tty_pty.c when generating pty(4) device filenames, soon to be exposed by changes to pty.
- Compatiblity fixes to mpt(4).
- Change snprintf(3)'s handling with size==0, in line with a vsnprintf(3) change (rev. 1.5) from years ago.
- Fix a segmentation fault in Xlib when a .Xauthority file contains IPv6 XDM-AUTHORIZATION-1 data (NetBSD PR xsrc/25098).
- Rearrange the GENERIC config file so clonable interfaces are together, and without the now-unnecessary device count.
- When libpthread is poll(2)ing for read- or writability of an fd on behalf of a thread, check the ERR, HUP and NVAL flags as well as the read or write flags.
- Sync uudecode(1) with FreeBSD, including base64 support.
- Stop a number of network interfaces moaning about a failed mbuf(9) allocations, the complaint uses mbufs and just makes things worse.
- Pass SIGINT and SIGQUIT through to syslogd(8)'s privsep child.
- Move the pf(4) altq, OS fingerprint and table pool(9)s from the default (interrupt context) kmem allocator to the much-larger nointr allocator.
- If newsyslog.conf(5) doesn't list a user or group, create new files with the uid or gid from the existing file.
- Force cvs(1) to use the libc getopt(3) implementation instead of its own.
- Have pfctl(8) check that the file it's trying to open isn't really a directory.
- More gcc(1) optimiser fixes for mvme88k
- Swap the last two parameters to TAILQ_FOREACH_REVERSE(3) in line with FreeBSD and NetBSD.
- Use a more efficient realloc(3) size when displaying long lines in less(1). Speeds things up when, for example, your system crashes in the middle of a build leaving a pile of linefeedless binary crap in the typescript file.
- After going to the trouble of saving errno before it gets overwritten, use the saved value in pflogd(8)'s error output.
- Don't try to close invalid file descriptors in the tcpdump(8) privsep code.
- Have isakmpd(8) set the timezone before privsep so the child has the right zone settings.
- Within dhclient(8)'s new lease file naming scheme, allow for the -l filename override.
- On sparc and sparc64, don't compare a RAMDISK kernel's root filesystem time with the system time, they're unlikely to have much in common.
- Zero out the key data pointer for unknown isakmpd(8) key types.
- Merge in Perl 5.8.3 and OpenSSL 0.9.7d. No lame new licenses for a change.
- Now that dhclient(8) needs an instance per interface, having a single lease file won't do so use /var/db/dhclient.leases.<ifname>.
- Make sure the list dereference when deleting all SAs in isakmpd(8) comes before the delete operation that free(3)s the list node.
- Fix /etc/rc.local(8)'s handling of ntpd_flags.
- Unbreak pxeboot(8/i386, 8/amd64) build under gcc3.
- Allow dhclient(8) to work on more than the first physical interface found.
- In several programs, fix getopt(3) calls containing option letters for which there's no corresponding case handler.
- ISO C function declarations for make(1).
- Fix a sizeof(pointer) bug in tcpdump(8)'s IPv6 options parser.
- Fix some misplaced braces in route(8), making 'route add' a bit more -q.
- Enable /dev/crypto(4) and hifn(4) on cats machines.
- Make newsyslog(8)'s file renaming and copying operations set the same permissions in all cases.
- Fix double call of the ktrace(2) signal trap handler.
- Add missing prototypes (in <pwd.h>) for bcrypt(3) and md5crypt(3).
- Fix some gcc(1) optimisation bugs on mvme88k.
- Fix a sizeof(wrongthing) bug in afsd(8) that was breaking 64-bit machines.
- Have tcpdump(8) print IKE DELETE payload contents.
- Remove the installer's special-case upgrade of the OpenSSL /usr/include symlinks.
- Fix a double-free in libpthread (PR#3730).
- Reenable libm compiler optimisation on sparc64, since it works properly with gcc3.
- sscanf(3) -> strtol(3) in newsyslog(8).
- Don't initialise ncurses(3) until after options processing in backgammon(6).
- Plug the new-and-improved dhclient(8) into the standard build.
- Fix a sizeof(pointer) bugs in afsd(8), sup(1) and visudo(8).
- Make pf(4)'s cache of m_tag_get() results actually work.
- Check for fdopen(3) failure in vacation(1).
- 3.5 -> 3.5-current.
- Change wskbd(4)'s AltGr key handling so shift-altgr-other has the same effect as altgr-shift-other.
- Never allow pf(4) states propogated via pfsync(4) to overwrite newer states held locally. If an overwrite is attempted, broadcast the newer version to the network to speed resynchronisation.
- Under Linux emulation, pass madvise(2) straight through to the native syscall.
- On receipt of an in-window TCP SYN (Stevens vol.II p.964), return a 100pps rate-limited ACK instead of blindly RST'ing the connection.
- Don't try to recreate the xfs(1) logfile after dropping privileges.
- Don't abort xfs(1) gracelessly when handling an unimplemented protocol request.
- Many manual page fixes.
- In a number of programs, don't close files that are known to be not open.
- Fix a missing initialisation in tcpdump(8)'s privsep code.
- Make spamd(8)'s -v logging option do something useful.
- Fix line breaks in spamd(8)'s log output.
- Allow non-GNU ANSI compilers (e.g. TenDRA) to build again by changing 'static inline' to 'static __inline'.
- Don't close descriptors we know aren't open in syslogd(8).
- Drop arc4random_8() api from the kernel.
- Change rfork(2) so the RFMEM flag gives complete vmspace sharing including the stack, in line with other implementations.
- Add --line-buffered option to grep(1) etc.
- Remove some unbounded recursions in the libc regex engine, found with certain expressions containing backreferences.
- Fix ls(1)' column alignment when using the -h option.
- New axe(4) USB Ethernet driver.
- Fix an off-by-one in procmap(1).
- Better bounds checking in the ramdisk's strategy() routine.
- Limit the trust between local and remote instances of the rcp(1) and scp(1) programs.
- Change netstat(1)'s -p option so that, when used without -s, it shows a list of sockets for the given protocol.
- Let rcmdsh(3) work on hosts without an IPv4 address.
- Initialise the kqueue(2) subsystem in kernel main() instead of on first use.
- Add IPv6 support to openssl(1)'s s_client command, complete with the usual '-4' and '-6' switches.
- Reorder checks in ssh(1) so that the IP options check isn't skipped just because UseDNS=no.
- Make /usr/src/Makefile's cross-tools target work again.
- Have inetd(8) properly use the exec'd program's basename as argv[0] if no arguments are specified.
- Fix includes search order in GNU ld(1) to help cross-ld builds.
- Don't byte-swap a variable we'll need later in its original order in GNU ld(1).
- On an msdos filesystem with long filenames support enabled, fix some false-positive name matches when an integer multiple of 13 characters match. From NetBSD.
- Some portability fixups in isakmpd(8).
- tcpmd5 changes for bgpd(8):
- Allow either the source or destination to be a wildcard in SA lookups (netinet/ip_ipsp.c:gettdbbysrcdst()).
- Add support for the wildcard to pfkeyv2.
- Use the new pfkeyv2 wildcard support in bgpd(8) and remove the local address requirement for md5sig.
- Unbreak libc's regex engine compilation with -DREDEBUG.
- Change /etc/rc(8) so that a spamd(8) banner (configured via $spamd_flags) may contain spaces (PR#3720).
- Teach pax(1) how to expand GNU tar long links. From NetBSD.
- Change systrace(1)'s handling of filename-too-long errors so it just fails the syscall instead of stopping the process. Fixes PR#3140.
- Some ELF name translation fixes in nm(1).
- Add /etc/rc.conf.local to /etc/mtree/special.
- Lots more activity on the SMP branch.
- Wrap pkg_add(1) installation operations in perl(1) eval{} blocks so it's possible to at least register what did work.
- Unknown entry types in a packing list now result in an error.
This list mentions mostly platform-independent changes. For a list of changes
made in a particular platform, please check the page for that platform. If you
find them not listed there, the changes are either (1) not being documented or
(2) are documented here.
www@openbsd.org
$OpenBSD: plus.html,v 1.920 2004/04/19 01:35:22 deraadt Exp $