Changes made between OpenBSD 2.7 and OpenBSD-current
This is a partial list of the major machine independent changes
(ie. these are the changes people ask about most often). Port
specific changes have also been made, and are sometimes mentioned
in the pages for the specific ports if you
are interested in further port-specific details. Many ports
have had architecture-specific enhancements relative to NetBSD,
but when they do not they certainly have plenty of platform-independent
changes, starting with those listed below.
Note: Problems for which patches exist are marked in red.
OpenBSD 2.7 to be released June 15, 2000.
We are working on OpenBSD-current.
- In sshd(8), implement bug compatibility with ssh-2.0.13.
- In ssh(1), include = in WHITESPACE, permitting commands like ssh -o keyword=argument.
- Enable IPv6 support in sendmail(8).
- Change ipsec processing sequence to handle inner and outer layers much better.
- Add support for SSH2 subsystems in sshd(8).
- On ifconfig down & up operations, mark all radix tree routes down or up for the specified interface.
- In mount_ffs(8), permit the -f command to mount dirty file systems. This is dangerous, but makes more sense now that we are moving towards soft update file systems, where the inherent danger is much less.
- In ftpd(8), make -u block the chmod client command.
- Allow extended server banners in sshd(8).
- In mount(8), -o force is not a negative option.
- Add support for AMD 53c974 scsi chipset.
- Import of tcfs into the kernel, a file content crypto file system.
- Remove traffic-time debugging messages in ssh(1).
- Repair small list-based errors and uglinesses in make(1).
- Commonalize MIN() and MAX() macros inside the kernel.
- Use memcmp(3) in bridge(4) to fix a hashing algorithm error.
[Will be applied to stable]
- memcmp(3) in the kernel as well, since implementing it in terms of bcmp(3) is very wrong.
- Update vnode flag printing in pstat(8).
- Do not whack directory in user(8).
[Will be applied to stable]
- Hardware random number generator in i840 also works, like i810.
- Fix an ESP status message in netstat(1).
- Put RSA into our ssl(3) tree. Since our next release is not till after the patent expires, it's OK.
- Split sysctl information for swapencrypt into an tree, and add more gunk.
- In ftpd(8) correct STAT command output for LPSV output.
- Correct an ipsec esp bug.
- In ftp(1) make both ls and dir send a LIST command.
- Minor bug fixes and optimizations in /etc/rc.
- Update of ppp(8).
- Put an upper bound on transaction queue of the ubsec(4).
- Correct source length calculation in hifn(4).
- Initial import of ELF ld.so, for powerpc initially.
- Correct secondary mbuf setup in hifn(4).
- Broadcom Bluesteel 5x0x ubsec(4) crypto cards now supports ESP 3DES modes properly. No AH or MAC stuff yet.
- Make flags field in newsyslog(8) files optional.
- Modifications to traceroute6(8)
- Fix ADMtek identity crisis in dc(4).
- In ftpd(8) make sure that -h does high port binding in EPSV.
- Correct ENI_SALEN case in getnameinfo(3).
- Correct getnameinfo(3) behaviour against invalid sockaddr.
[Applied to stable]
- Better fix for the pcvt(4) scrolling region problem.
- Grok Plan9 file systems in fdisk(8).
- Merge newer ppp(8) code.
- Do not add empty lines to history in ftp(1).
- Grok QNX file systems in fdisk(8).
- Fix about 10 bugs in ubsec(4), which can now move a few packets before dying.
- Support multiple pid files in newsyslog(8).
[Applied to stable]
- On-going cleanup to make(1).
- Add pci(4) routines for dealing with Cypress 82c693 chips.
- Minor cleanup to pax(1).
- Merge chgrp(1) and chown(8) into chmod(1), and provide backwards compat hard and soft links.
- In xl(4), add support for 3c656, which is just the 3c575 + 56k modem.
- SECURITY ISSUE: A serious bug in isakmpd(8) policy handling wherein policy verification could be completely bypassed in isakmpd.
A patch is available.
[Applied to stable]
- Merge to new isakmpd(8).
- OpenSSH is now at version 2.1.1
[Applied to stable]
- RELIABILITY FIX: Avoid extra vrele in msdosfs, which would lead to a panic in some operations.
A patch is available.
[Applied to stable]
- RELIABILITY FIX: Permit NFS export of CDs without panicing the system.
A patch is available.
[Applied to stable]
- Fix ping6(8) -w option.
- Let flags in kernel config(8) specify apm protocol version and other operation modes for apm(4), for machines apm fails on.
- Change amiga ports loadbsd command to act more like other bsd loaders.
- Add -iname support to find(1).
- Sort option list in find(1); oops, "-and" was broken.
- Catch a malloc(3) failure in paste(1).
- Fix linux_compat(8) [gs]etrlimit emulation.
- Update ti(4) to support newer cards with more memory.
- Kernel malloc(9) debug code.
- Make quot(1) work when passed mount points.
- Fix stack mishandling bugs in i387 libm, in particular, in exp(3) and friends.
- Be more careful about tuples in pcmcia(4).
- gcc 2.95.3 (pre-release)
- Busify eg(4), to avoid conflict with ne2000 at 0x300.
- SECURITY ISSUE: Do not use the (non-default) UseLogin option in OpenSSH 2.1.*, it has a hole on other operating systems and does not work right in OpenBSD.
Update to OpenSSH 2.1.1 or later, or simply avoid using UseLogin.
[Applied to stable]
- sudo 1.6.3p4
- Fix a kernel race in exit(2).
- In cut(1) deal with last input line not containing a newline
- One byte overflow in systat(8).
- Add D and z commands to disklabel(8) to use the default partition or zero it.
- A SIGCHLD fix in cron(8).
- More work on ubsec(4).
- Bug fixes to spif(4).
- Bridge packets before vlan'ing them.
- Fix a subtle bug in xe(4) which had a number of side effects.
- In sshd(8), fix login count failures in SSH2 support.
- Whack packet m_recvif field on bridged packets, permitting ipnat to work with the bridge.
- More visible /tmp file (and failure removal) in makewhatis(8).
- Be more careful reading panic string from core in savecore(8).
- Many other changes to ssh(1).
- Fix short malloc in faithd(8).
- In ssh(1), permit logins if temporary file systems are full.
- ich(4) audio driver onboard the Intel 810/820/440MX-based machines.
- Support ax88190 in ne(4).
- In apm(4) the time is kept in hours, not minutes.
- Add -A support to ssh(1).
- Support for 3c574 and 3CCFEM556BI pcmcia(4) in ep(4).
- A start at documenting what goes on inside config(8) files.
- Enable mg(1).
- Space treatment in ipcs(1).
- Do not treat bind(2) with IPv4 mapped address in a special way.
- Creation of 2.7-stable release, see our page describing it.
- Convert amiga port to UVM.
- Arrange to have ahc(4) support Adaptec 2930CU.
- SECURITY ISSUE: It was possible to bypass the learning flag on a bridge.
A patch is available.
[Applied to stable]
- In ftp(1), do not attach Host: directive if we are using the proxy.
- Make almost all manual pages machine independent.
- DRIVER FIX: The isapnp(4) ef(4) driver failed to configure properly.
A patch is available.
[Applied to stable]
- Helper script cleanup in httpd(8).
- SECURITY ISSUE: Update to ipf 3.3.16.
A patch is available.
[Applied to stable]
- On i386, place extra byte at end of pcb so that the iomap works for last 8 ports.
- Fix some key parsing routines in ssh(1).
- Permit detach of audio devices.
- Properly configure multicast table in wi(4).
- Handle 64 bit architectures in pstat(8) -f.
- Update rtadvd(8).
- Remove nfsiod(8) and replace it with an in-kernel thread based implementation.
- Make ssh(1) X11 forwarding work on localhost.
- Crank vnode use counts to 32 bits.
- Correct ifconfig(8) printing of gif physical address on non-IPV6 kernel.
- RELIABILITY FIX: Repair a routing table panic.
A patch is available.
[Applied to stable]
- Make ancontrol(8) act like our changed wicontrol(4) semantics.
- Use getifaddrs(3) in libc rpc code.
- For boot_config(8) code, save enable command in the history for config(8)'s -eu updating.
- Update multicasting support for ipv6.
- Fix usage printing in passwd(1).
- By default, do not vsync blank sparc cgsix(4) monitors, but provide a sysctl to do so.
- Start at a BlueSteel (Broadcom) 5[56]01 crypto accelerator driver.
- Accept empty shell specifications in sshd(8).
- In ssh(1), do non-blocking on ssh1 protocol sockets too.
- Some additions to keynote(3).
- Crank rt_refcnt to 32 bits.
- Supply entropy from i386 mouse drivers to the kernel random number generator.
- Correct p2p interface address handling and various other bugs in route6d(8).
- Few more tweaks to pcvt termcap definition.
- Ensure SIOCSETVLAN gets a valid vlan tag.
- After ftp(1) finishes downloading, change progress meter to show the total elapsed time.
- Handle 0-size files in ftp(1)'s progress meter.
- Parse RFC2732 ftp URLs in ftp(1).
- In ipv6, perform NUD on p2p link, only if the destination/gateway is real neighbor.
- In getaddrinfo(3), translate DNS error code into getaddrinfo error code (EAI_xxx).
[Applied to stable]
- RELIABILITY FIX: Parse IPv4 options more carefully.
A patch is available.
[Applied to stable]
- Translate DNS error codes in getaddrinfo(3).
- cardbus(4) com(4) driver.
- Support debugging libraries via DEBUGLIBS in /etc/mk.conf.
- Driver for tcic(4) style pcmcia adapters.
- Fix ipsec(4) ESP sanity checks that caused really short packets to be dropped. Only icmp was affected.
This list mentions mostly platform-independent changes. For a list of changes
made in a particular platform, please check the page for that platform. If you
find them not listed there, the changes are either (1) not being documented or
(2) are documented here.
www@openbsd.org
$OpenBSD: plus.html,v 1.592 2000/06/18 02:13:06 provos Exp $