Changes made between OpenBSD 2.8 and OpenBSD-current
This is a partial list of the major machine independent changes
(i.e., these are the changes people ask about most often). Port
specific changes have also been made, and are sometimes mentioned
in the pages for the specific platforms.
Note: Problems for which patches exist are marked in red.
We are working on OpenBSD-current.
- SECURITY FIX: The rnd(4) device does not use all of its input when data is written to it.
A patch is available.
[Applied to stable]
- Fix sprintf overflow in
fsinfo(8).
- fdisk(8)
can change only the partition ID if desired.
- Use gif* instead of enc* for IPsec bridges.
- Permit multiple
dhclient(8)s
to run simultaniously.
- Have rc initialize RAID parity.
- Let talk(1)
pass high characters without escaping; for use with other charsets (disabled by default).
- Prevent mountd(8)
from deadlocking due to DNS issues.
- ftpd(8)
logs actual bytes transfered as opposed to original file size.
- fsck_ffs(8)
no longer marks filesystem clean if fsck needs to be rerun.
- dhclient(8)
gracefuly handles missing LEASE_TIME.
- gprof(1)
now works under mvme88k.
- ssh(1)
option: HostKeyAlias. Other minor ssh(d) fixes.
- Make the
auvia(4)
driver behave nicely with fixed rate codecs.
- Revoke root priveleges as early as possible in
ping6(8).
- Make edquota(8)
and repquota(8)
handle quotas over 4 gigabytes correctly.
- SSH cleanups.
- In ksh(1),
don't reset nonblock if it's not interactive.
- SECURITY FIX: xlock now authenticates via a pipe.
A patch is available.
[Applied to stable]
- IMPLEMENTATION FIX: PS/2 mouse driver, pms, lockup fix.
A patch is available.
[Applied to stable]
- Only invoke DMA transfers when transfering over 100 bytes for some drives.
- SECURITY FIX: Fix holes in procfs.
A patch is available.
[Applied to stable]
- Fix setting of nwid for wi(4).
[Applied to stable]
- Compaq SMART Array RAID controllers supported.
- New machdep.allowaperature sysctl value of "2" to provide access
to entire first megabyte of memory.
- Fixed some obscure PCMCIA related panics.
- Merged Apache 1.3.14 and mod_ssl 2.7.1.
- Add support for the Natsemi 83820.
- Fix /etc/sudoers permissions and initial creation handling.
- Merged openssl-engine-0.9.6.
- More photurisd(8)
cleanup.
- Allow sys/netinet/ip_spd.c to compile in non-INET6 kernels.
- Synchronized pfkeyv2 implementation with pfkey RFC.
- In ipsec(9), look for TDB if gateway is unspecified.
[Applied to stable]
- New CRYPTO option for
options(4).
- Add bytecounter stats to
netstat(1).
- New timeouts in some SCSI and RAID drivers.
- Strengthen random TCP sequence numbers.
- IMPLEMENTATION FIX: Compute crypto(9) session IDs correctly for kernel.
A patch is available.
[Applied to stable]
- In ssh(8),
don't abort login when failing to set tty owner and mode if the tty already has
correct owner and permissions.
- sshd(8)
no longer requires a source port > 1024 for rhosts-rsa.
- New ICMP types and codes.
- Add support for the 802.1D spanning tree protocol for bridges.
- Add transport protocol/ports negotiation support to
isakmpd(8),
among other IPsec changes from the EOM-branch merge.
- Turn off path MTU when ICMP needfrag messages are blocked.
- Big batch of Alpha drivers added to Alpha's GENERIC kernel.
- Don't let
route(8)
touch region after free.
- Removed libgmp.
- Make
photurisd(8)
use bignum.
- SECURITY FIX: Fix another security problem in the KerberosIV code.
A patch is available.
[Applied to stable]
- In ssh(1)
when using skey/tis-auth always request new challenge.
- Support newer cy cards in the
cy(4)
driver.
- New Swiss and jp106 keyboard maps.
- CVS_RSH is set to "ssh" by default in
cvs(1).
- Fix endianess issues in
ssh(1);
- Overhaul the
adw(4)
driver.
- Add vrrp, smb, and timed printing to
tcpdump(8).
- calendar(4)
only accepts real files.
- Fix perror() calls in
pcvt(4)
that were buffer overflows.
- Avoid argv passing overflow in
tftp(1).
- Support I/O Data USB-ET/T USB ethernet in the
kue(4)
driver.
- Fix (partially) the reset sequence for 16-bit PCMCIA cards.
- Extend paranoia surrounding passed KRB environment variables in
telnet(1).
- Update the
isp(4)
driver adding maxluns support, among other things.
- PCI LIVENGOOD chipset support.
- Support the other 3com 990 series cards.
- libtermlib obsolete; removed.
- Fix RIPv0 (RFC 1058) and NFS port-number printing in
tcpdump(8).
- Make pcap generated BPF filters work on the tun interface.
- Add
ssh-keyscan(1)
to the arsenal.
- SECURITY FIX: Fix buffer overflow in ftpd.
A patch is available.
[Applied to stable]
- IMPLEMENTATION FIX: Fix fastroute related panic.
A patch is available.
[Applied to stable]
- SECURITY FIX: Fix two security problems in the KerberosIV code.
A patch is available.
[Applied to stable]
- ftpd(8)
can get umask via a login class in login.conf.
- VLAN devices stop sending packets if the parent interface isn't running.
- Stability fixes in
isakmpd(8).
- ssh-agent(1)
disables agent, x11, and port forwarding if hostkey has changed.
- Prevent
ssh-agent(1)
from dumping core.
- isakmpd(8)'s
x509 handling ignores the ID length.
- Support hot insertion and removal of Texas Instruments PCI113X CardBus bridges.
- Fix deletion of flows in pf_key_v2 handling of isakmpd(8)
[Applied to stable]
- Avoid race conditition in
adduser(8).
- Fix pciide on 164sx Alphas.
- Variable handling in
make(1)
improved, along with other fixes.
- MAKEDEV(8)
enforces ttyC[0-f].
- ssh(1)
can gracefuly handle invalid ciphers.
- General isakmpd(8)
improvements, including PGPnet interoperability fixes.
- Bigger RAM probe delay in
hifn(4)
driver.
- Assorted
ksh(1) fixes.
- Support for kernel events on vnodes.
- fix CAST-128 key size in isakmpd(8)
[Applied to stable]
- IMPLEMENTATION FIX: Imac DV reports the VGA device improperly.
A patch is available.
[Applied to stable]
- Avoid SIGHUP log issue in
ypserv(8).
- Support kernel event queues via
kqueue(2).
- Support for quite a few more USB devices, including scanners.
- RELIABILITY FIX: The qec+qe ethernet cards should not generate NMIs.
A patch is available.
[Applied to stable]
- Repair overriding of pseudo devices in config(8)
[Applied to stable]
- Harden ftpd(8)'s
EPSV and EPRT handling.
- Fix off-by-one error in
ssh-agent(1).
- RELIABILITY FIX: repair AES (rijndael)
kernel support.
A patch is available.
[Applied to stable]
- IMPLEMENTATION FIX: In sshd(8), fix skey support in SSH1 protocol.
A patch is available.
[Applied to stable]
- Fix ifconfig(8)
induced panic when given a specific IPv6 option combination.
- RELIABILITY FIX: The ThunderLAN driver, tl(4), should not claim all interrupts.
A patch is available.
[Applied to stable]
- Correct free-before-reference bugs in rshd(8) and rlogind(8).
- Improve queue handling in gdt(4).
- New Adaptec FSA RAID driver called aac(4).
- Fix DMA error problems in adw(4).
[Applied to stable]
- If MANPS environment variable is set, the system will also build and install postscript manual pages into /usr/share/man/ps[1-9]/.
- In date(1), fix an off-by-one error which would happen when changing time over DST.
- Permit -Tps in nroff(1).
- Make some pfkeyv2 interfaces conform to RFC 2367 numbering.
- New timeouts in a couple of network drivers.
- Prevent nfsd(8) from swapping out.
- Use PHOLD/PRELE in various kernel components.
- Buffer overflow fix to telnet(1).
- Many man page improvements.
- Permit handling more than 6 arguments in a hostname.if(5) file.
- kcore handling in kvm(3) for alpha.
- Update usb code.
- Update alpha architecture support. A snapshot will come out soon.
- In pchb(4), for Intel random devices, do not busy wait for data.
- Switch amiga to uvm(9).
- Fix amiga pmap module submap allocations.
- Centralized netisr dispatching.
- ppp(8) updated.
- In aue(4), fix multicast filter programming.
- Repair an uninitialized variable bug in ipsec(4) output.
[Applied to stable]
- Add pcibios(4) interrupt setup support for AMD750 chipset.
- RELIABILITY FIX: In sparc zs(4), when using serial console, the interrupt routine was unable to distinguish it's own interrupts.
A patch is available.
[Applied to stable]
- Generate new hashkey every time a bridge(4) is brought up.
- Change bridge(4) code to use lower spl.
- Passive FTP support in lynx(1).
- In ssh(1), downgrade to SSH1.3 if server is SSH1.4.
- In sshd(8), do not disable rhosts(rsa) if server port greater 1024.
- In sshd(8) Agent forwarding and -R support for SSH2 protocol.
- ipsecadm(8) man page repairs.
[Applied to stable]
- In pfkeyv2, send the message to registered promiscuous listeners.
[Applied to stable]
- Some minor bridge(4) fixes.
- ld.so(1) support for the pmax.
- On powerpc, print out the size of the L2 cache size on G3 and G4 machines.
- 2.8 release builds are running, but some of us are already working on post-release hacking.
This list mentions mostly platform-independent changes. For a list of changes
made in a particular platform, please check the page for that platform. If you
find them not listed there, the changes are either (1) not being documented or
(2) are documented here.
www@openbsd.org
$OpenBSD: plus.html,v 1.716 2001/01/23 16:04:40 deraadt Exp $