Changes made between OpenBSD 2.9 and OpenBSD-current
This is a partial list of the major machine independent changes
(i.e., these are the changes people ask about most often). Port
specific changes have also been made, and are sometimes mentioned
in the pages for the specific platforms.
Changes to the ports collection are documented
here.
Note: Problems for which patches exist are marked in red.
This file is not currently maintained, because the people who can edit
and maintain it are WAY too busy to keep it updated. Eventually we hope
to catch up. Really.
We are working on OpenBSD-current.
- SECURITY FIX: fix out of bounds handling in sendmail debug handling
A source code patch is available.
[Applied to stable]
- ...
- SECURITY FIX: check filehandle size copied from userland
A source code patch is available.
[Applied to stable]
- ...
- Promote PMAP_NEW option to mandatory status.
- In the netinet subsystem, zero the TCP checksum field before calculating the new value; fixes problem with bad checksums on keepalives.
- Use 64-bit integers for some ipcomp byte counts, fixing strange results with netstat(1).
- Support Addonics FlexPort 8S via addcom(4).
- Ignore O_TRUNC on open(2) when not opening a regular file.
- On ext2fs, ffs, and ufs partitions, don't truncate anything except for symlinks, directories, and regular files.
- Repair kern_msgbuf under sparc.
- Support DEC EtherWorks cards via lc(4).
- Bring na.phone up to date.
- The iha(4) driver wasn't able to update the EEPROM, so don't even bother.
- Rework ata and wdc(4) probing code; deal better with floating buses and supress spurious interrupts.
- Plug memory leak in pw_copy() found in libutil.
- Put Kerberos 5 things in libkrb5, out of libkafs.
- Allow sshd(8) to be compatible in all 4 combinations of Kerberos 4 and Kerberos 5 settings.
- When ssh(1) is reading a password, don't panic if fork(2) or pipe(2) fail; just return an empty password.
- Sync rtsold(8) to latest KAME, fixing a memory leak and a timer value.
- Change quad types on alpha to "long long" as opposed to "long", allowing printf(3)'s "%lld" format to be used without a bogus cast.
- In the iha(4) driver, allow sync to be negotiated even if wide is not.
- Modify nv(4) XFree86(1) driver as to avoid the dimming text mode problem.
- Add a BSD authentication module for radius authentication.
- Make sure that ld(1) references all aliases to avoid them being only partially resolved.
- Ensure ppp(8) calculates the number of key changes correctly.
- Repair the NFS server's request tracking during write-gathering, thus avoiding client hangs.
- Use login.conf(5) for passwd(1) variables as opposed to passwd.conf(5).
- Yank PF_ENCAP support out of isakmpd(8).
- Fix-up multicast settings in netstart(8).
- Bump MSIZE up to 256.
- IP/TCP/UDP hardware checksumming for nge(4); limited by MTU.
- Avoid segmentation fault when mg(1) can't read an init file.
- Support for ipcomp(4); disabled by default.
- Show kern_fthread to the door.
- Userland iopctl(8) control utility for iop(4).
- In passwd(1), lock the passwd(5) file after having gotten a new password from the user; also change the actual locking procedure.
- Support for /etc/wsconsctl.conf.
- Handle descriptors 0, 1, or 2 being closed when ppp(8) is envoked.
- Reduce MTU by 2 after MPPE has been negotiated in ppp(8).
- Merge pdksh patch into ksh(1), fixing some problems with propagated return values in multi-command lines.
- Utilize the welcome variable from login.conf(5), in ftpd(8), instead of hard-coding /etc/motd.
- Discipline the audio(4) device so it gets along with revoke(2).
- Repair NFS-related problem with diskless clients by getting the root filehandle via nfs_root.
- Add support for screen switching to wsconsctl(8).
- Change wsconsctl(8)'s interfact to be more sysctl(8)-like.
- Shuffle around maxlen setting inside the net subsystem to avoid potential problems.
- Make icmp(4) error checking saner.
- Initial ip6(9) support for isakmpd(8).
- Packet normalization support for pf(4).
- Userland sectok(1) control program.
- Repair kern_fork brain-damage.
- uvm(9) and MNN are no longer optional.
- Import altq(9): alternate queueing support.
- Poof! The old vm disappears.
- No more M_COPY_* macros; use M_MOVE_* or M_DUP_*.
- Add dmesg(8), wicontrol(8), and ancontrol(8) to powerpc's ramdisk.
- New mvmeppc port.
- Many mvme68k improvements including: switching to uvm(9), repairing system trace, cleanup of locore.s, KNF, etc.
- pciide(4) support for powerpc.
- Change icmp6(4) packet header length computation so it works with both 4.4BSD's M_COPY_PKTHDR and OpenBSD 2.9+'s M_COPY_PKTHDR.
- Implement getpeereid(2), allowing local-domain servers to determine client credentials.
- Support generic BSD authentication in xdm(1).
- Disable usb(4) on alpha by default.
- Kerberos v5 support for SSH1.
- Hardware RNG support in lofn(4).
- Smartcard support in ssh-agent(1) and ssh(1).
- Large -Wall/-Werror/-W... ongoing cleanup throughout tree.
- Nuke mips port.
- Initial import of iop(4) (I2O) framework.
- Rewrite nc(1), adding ip6(4) support.
- In su(1), offload root instances for Kerberos to the auth program.
- Disable SMB decoding in tcpdump(8).
- Enable audio on alpha by default.
- Endian fixes in the wi(4) driver.
- Adios NQNFS.
- Nuke the pmax port.
- Don't perform TCP/UDP hardware checksumming when doing IP fragmentation.
- Delayed checksum support in the netinet subsystem.
- Support setting the Ethernet address through ifconfig(8) for vr(4) cards.
- Bypass ipsec(4) for all dhcp(8) traffic, avoiding potential problems with newly booted clients.
- Modify timeouts for IP spd expirations.
- Internal fiddling of nfsd(8)'s handling of its root vnode.
- Import pf(4), an ipf-compatible packet filter.
- Avoid panics under i386 if bus/dev/func numbers for PCI are not valid.
- New sysctl(3) KERN_POOLS to retrieve pool information from the kernel.
- Cleanup and update dhcp(8) to 2.0pl5.
- Utilize readpassphrase(3) in ssh(1).
- Allow access to /dev/pci.
- Repair multiple key handling in wicontrol(8).
- New ether_input_mbuf to ease transition from ether_header in ether_input; drivers will migrate to this.
- Wave goodbye to kernfs.
- Replace existing telnetd(8) with the one from heimdal-0.3f.
- Assorted modifications to uvm(9).
- RELIABILITY FIX: link XF86Setup
against the right version of libXxf86vm.a.
Fix the
problem of corrupted XF86Config file produced by XF86Setup.
A source code patch is available.
[Applied to stable]
- Avoid a pidfile/sigterm race in sshd(8).
- Merge the system's crypto.h into crptodev.h, avoiding name conflicts with OpenSSL.
- Various pool(9) improvements including a new pool_cache() function and cleaner locking.
- Spelling audit throughout the manual pages.
- Try to have ssh-keygen(1) decode ssh-3.0.0 private RSA keys.
- New mg(1) feature: M-x theo.
- Support PCI bus configuration from userland.
- Add TCP, UDP, and IPv4 hardware checksum processing, excluding outbound TCP/UDP.
- Internal shuffling of vnode(9) operations in some filesystems.
- Disable interrupts in the wi(4) driver before mapping and establishing the interrupt, thereby avoiding a race condition.
- MI loadfile support; currently only used on powerpc.
- Obsolete *known_hosts2 in ssh(1).
- Some hifn(4) fixes, largely related to descriptor lengths.
- Don't let ssh(1) overwrite argv.
- Shrink dmesg(8).
- Merge authorized_keys2 into authorized_keys in ssh(1).
- Provide a sysctl(3) interface to msgbuf; handy for dmesg(8), allowing it to run without setgid.
- Upgrade to heimdal-0.3f.
- Use moduli(5) instead of the deprecated primes.
- Add RNG support in hifn(4) for the 7951.
- In isakmpd(8), fallback to stat(2) when readdir(3) doesn't return d_type.
- Apply KNF to many kernel sources.
- Don't forward ip6(4) packets back into point-to-point link if the packet's destination address matches said p2p link's interface.
- Lots of manual page cleanups.
- Upgrade to openssl-engine-0.9.6a.
- Many fixes in the kernel's lockf(3) code including avoiding livelocks on ptrace-related scenarios.
- Modify file locking routine in the skey(3) library, preventing a race condition, plus other modifications; integrate.
- Document physio(9).
- More variables in login.conf(5): login-timeout, login-tries, and login-backoff.
- Improve ppp(8): handle hardware-imposed MTU/MRU limitations; support stateful MPPE (Microsoft encryption).
- Repair vi(1) to avoid spinouts when creating temporary files.
- Make ftp(1) use binary for transfers as opposed to ascii.
- Merge passwd.conf(5) into login.conf(5) and add passwordtime and minpasswordlen variables.
- Move microcode includes around to avoid erroneously installing them, among other reasons.
- Overhaul some kern_exec internals, cleaning up the setuid/setgid-checking code.
- Adapt skeyinfo(1) to use BSD authentication and removal of the suid root bit.
- Improve powerpc's awacs driver; many interrupt fixes.
- Allow the use of ^T in passphrases read by readpassphrase(3).
- SECURITY FIX: avoid race in execve(2) when checking flags for ptrace(2).
A source code patch is available.
[Applied to stable]
- Update if_lastchange when IFF_UP is changed instead of on every packet transmission and receipt.
- VM renovations on mvme88k.
- Use va_start(3) and va_end(3) for every call to vfprintf(3) and associates.
- Replace commonly used static lists with persistent growable arrays in make(1).
- Have slstats(8) use an ioctl(2) so it doesn't need to be setgid.
- Ensure *chi doesn't receive interrupts before being initialized.
- Let pci_mapreg_map() take an extra argument to limit the size of the PCI region to map so we can still work with things publishing too much PCI memory.
- Use lpd_flags in rc(8), allowing flags to be passed to lpd(8).
- Support EDNS0 (RFC2671) buffer size notification for DNS queries.
- Upgrade to binutils 2.10.1.
- Protect include files in /usr/include/net against multiple inclusion.
- Fix unmapped interrupt problems on some VIA-based boards.
- New options, improvements, and fixes for wicontrol(8).
- Palm support in libsectok.
- Rewrite ldd(1).
- RELIABILITY FIX: use correct db(3) pointers in pwd_mkdb(8), and don't star out empty passwords
A source code patch is available.
[Applied to stable]
- Assorted ppp(8) alterations.
- Correct initialization of the policy_id field for SA structures in isakmpd(8).
- PCI shim for wi(4).
- Repair preservation option in cp(1).
- Allow the number of gre(4) devices to be changed in boot_config(8).
- rc(8) no longer starts netatalk -- if installed -- by default.
- RELIABILITY FIX: compute length correctly on certificates in isakmpd(8).
A source code patch is available.
[Applied to stable]
- Ensure kqueue(2) works on ext2fs(8).
- More pipe fiddling.
- Enforce Remote-ID specified in Phase 1 peer section in isakmpd(8).
- Ongoing license audit and copyright notice cleanup.
- Extend pfkeyv2's RFC2367 compliance and fix backward compatibility problems.
- Adjust routing socket message to the right size.
- Switch UID when sshd(8) cleans up temporary files and sockets.
- Speed up arc4random(3) in some net subsystems.
- Upgrade to XFree86 4.1.0.
- Use default hoplimit when icmp6_error doesn't know about the incoming interface.
- Create sysctl(3) parameters for ccpu, diskstats, fscale, nprocs, and physmem.
- New md5(1) implementation with a BSD copyright and other improvements; includes regression test.
- Improve swapctl(8).
- Don't allow packets that need IPsec(4) processing to be bridge-broadcast.
- Expand handling of X509 and KeyNote certificates in isakmpd(8).
- Fix some tcp(4) behaviour with connections in the CLOSING state.
- Some ld.so(1) renovations.
- Repair kqueue(2) related panic.
- SECURITY FIX: verify location when using fts(3) to pop up directories.
A source code patch is available.
[Applied to stable]
- Update root device selection routines for sun3.
- Miscellaneous fxp(4) improvements.
- Remove ipf(4) from the tree.
- Remove pcvt(4) from the tree.
- Add BSD authentication support to userland programs; authorization defaults in login.conf(5).
- SECURITY FIX: Update to sendmail(8) 8.11.4 which addresses signal race conditions.
A source code patch is available.
[Applied to stable]
- Hardware clock support on powerpc.
- Fix directory state tracking in fsck(8).
- New BIOCGHDRCMPLT and BIOCSHDRCMPLT ioctls for bpf(4) to disable overwriting of the link-level source address.
- Support interface capabilities.
- Repair cluster_rbuild() in vfs_cluster.
- Twiddle with the atapiscsi(4) driver.
- fxp(4) bug fixes.
- Bring back the old (no ECONNABORTED) accept(2) behaviour for Unix domain sockets.
- Support Heimdal's Kerberos 5.
- Upgrade to Perl 5.6.1.
- Allow arbitrary atime/mtime setting on ext2fs(8) volumes.
- Fix lookup code in procfs(8).
- Many assorted mg(1) fixes and improvements.
- Clean up and shrink make(1).
- Various improvements to the ubsec(4) driver.
- Fix panics in the ep(4) driver by initializing packet tags.
- New PCMCIA products from NetBSD.
- Utilize packet tags in the net subsystems.
- Diversify time parameter parsing in sshd(8).
- Better keyboard-interactive support for ssh(1).
- Convert lseek(2) read(2)/write(2) to pread(2)/pwrite(2) in kvm(3).
- Import libsectok, used for ISO 7816 smart cards and iButtons.
- Tweak delays in the i82365 PCMCIA controller driver to avoid momentary freezes.
- Improve rate support in auich(4).
- Make vax use wscons(4) and enable the smg framebuffer.
- More select(2) fixes in ssh(1).
- Fix X11 client bug in ssh(1).
- PMAP_NEW support on the vax and hp300.
- Create COMPAT_23 and COMPAT_25 options.
- In vr(4), handle suspend mode better on the VT6102.
- Do not check return values for malloc(9) calls with M_WAIT or M_WAITOK.
- New option: SMALL_KERNEL, subtly changes some kernel semantics to change the kernel size significantly. Use *only* for boot floppies.
- Change ip_sum semantics in ip_output().
- Compress ac97(4) vendor tables.
- ac97(4) now knows about rev 2.2.
- Squish compatopts to a more sensible set, killing COMPAT_09, COMPAT_10, COMPAT_11.
- Shrink the alpha boot blocks a bit.
- We no longer support ECOFF kernel loading in the alpha boot block.
- Teach ac97(4) about more CODEC models.
- At boot time, swapon(8) before fsck(8) is run.
- Fix fts(3) to handle very long paths.
- Repair various signal handler bugs in pppd(8).
- Handle memory allocation failures in fsck_ffs(8) and fsck_ext2fs(8) better.
- Fix a recently introduced bug in supfilsrv(8).
- Correct acceptance of ARP packets coming in on non-IP bridge(4) interfaces.
[Applied to stable]
- txp(4) now works on the alpha.
- More fixes to make(1).
- Check a calloc(3) in fsck_ffs(8).
- Add a temporary DTYPE_CRYPTO until device cloning support shows up.
- Fixes to fdescfs.
- busdma changes to txp(4), preparing for the alpha.
- Split wi(4) into bus dependent and independent parts.
- On hp300, splhigh() in cpu_exit().
- Misc cleanup of the shared m68k codebase.
- More bus_dmamap_sync(9) in hifn(4).
- Initial non-working alpha ld.so(1) support.
- Support newer versions of the lmc(4) cards.
- Kill a debug message in ubsec(4).
- Add swiss german keyboard layout to wscons(4).
- Smoke out the OLD_PIPE code.
- krb4-1.0.8
- Bug fix to make(1).
- Speed up top-level tree Makefiles by doing exec for subshells in new directories.
- Artful fiddling of the kernel pipe stat code.
- No need for setgid kmem on iostat(8) anymore.
- Add more sysctl(3) support in the kernel.
- Make the alpha floppies fit again...
- Make hifn(4) use bus_dma(9). Now works on the alpha.
- Initial cut at userland hardware crypto(4) support.
- In ubsec(4), initial support for the Broadcom 5820.
- Honour ddb.console on sun3.
- On the pmax, fix a curproc misuse.
- In pcibios(4), deal with buggy BIOSs which incorrectly leave the router as 000:00:0.
- hp300 cleanup in progress...
- Solve a problem of Lilliputan proportions in powerpc isinf(3).
- Mickey goes mad and does a strlcpy(3) whack on src/bin.
- Unify rdsetroot and rd(4) support between almost all architectures.
- Man page cleanups galore.
- In hifn(4) attempt to support the Hi/Fn 7951.
- Do stdout/stderr flushing in sshd(8) using non-blocking mode.
- Fix kerberosIV versioning link problem.
- Cleanup MAP_COPY flags in the tree.
- Use genassym.cf on alpha.
- Unify the rd(4) support.
- Update sysctl(8) and vmstat(8) to use the new interfaces.
- Make more data available via the sysctl(3) interface.
- Handle fastroute in the bridge(4).
- hp300 man page cleanup.
- Fix a resource leak in twe(4).
[Applied to stable]
- Use madvise(2) option with MADV_FREE for malloc(3) 'h' flag.
- Support MADV_DONTNEED and MADV_FREE in madvise(2).
- Switch sparc to UVM and PMAP_NEW.
- Support HP425e.
- Refill txp(4) receive ring only when empty -- performance enhancement.
- Fix SSH2 -R support in ssh(1).
- More pmap/uvm interface changes.
- Correct signal handling in ping6(8).
- Implement screen blanker in wscons(4).
- Attempt to support hifn7951 in hifn(4).
- realloc(3) fixes to ipf(8).
- ipf 3.4.17
- Fix kernel extent code to be more careful about ranges.
- UVM support for mac68k.
- Change i386 in_cksum failure to a printf(9), instead of a panic(9).
[Applied to stable]
- In txp(4), add support for hardware vlan(4).
- Fix a bug in make(1) exposed by the recent jumbo patch.
- Fix ti(4) to handle vlan(4) properly.
- vsunlock fixes to UVM.
- Signal ignore bug fix to ssh(1).
- Kill i386 VM & pmap_old support.
- Fix process priority bug in atrun(8).
- Enable vlan(4) by default in GENERIC kernels.
- Fix pread(3), preadv(3), pwrite(3), and pwritev(3) on big endian architectures.
- In sendmail(8), use FAST_PID_RECYCLE.
- Remove excess (vaddr_t) casts.
- Get rid of CLSIZE and friends.
- Increase strlcpy(3) in parts of the tree.
- Some minor changes to isakmpd(8).
- Cleanup M_* malloc types in the kernel.
- UVM for the hp300.
- Numerous cleanups to sup(1).
- In systat(8), handle kvm_nlist(3) failing.
- Fix a channel race in sshd(8).
- Document that nc(1) no longer has a -e option.
- Fix localhost handling bug in httpd(8).
- Jumbo patch to make(1) that has been brewing for a while.
- Various improvements to mg(1).
- Big USB code update.
- Fix a signed vs unsigned error in the gm(4) Ethernet driver.
- In wump(6), improve our cave topology algorithm. Don't ask.
- Force -h to override the BLOCKSIZE environment in du(1).
- Substantial updates to sup(1).
- Fix a register save/restore bug in clcs(4) so that suspend/resume works better.
- Allow the right CTRL+ALT keys to work as the left ones do in wskbd(4).
- Continue to hack our new txp(4) driver into shape.
- In ifconfig(8), implement support for removing tunnel outer IP address pair.
- Revert a buggy optimization in tsort(1).
- Use pread(2) in nlist(3) instead of abusing lseek(2) with read(2).
- Remove cruft leftover from the old PCVT console driver.
- Fix filename tab-completion in mg(1).
- Convert some more drivers to the new timeout(9) interface.
- Whack dtom() in the kernel. Fo'get about it.
- Avoid a NULL pointer dereference in faithd(8).
- Various reset and delay fixes in wdc(4) to help certain ATAPI devices.
- Deal with suspend/resume more cleanly in pccbb(4).
- Better hints handling and memory allocation in tsort(1).
- Correct an error condition in /etc/ksh.kshrc.
- Add a koi8-r keyboard layout for wskbd(4).
- Allow interoperability between OpenSSH and older ssh-2.0.x variants with weaker key generation.
- Instrument improved locking and rework SCSI a bit in ami(4).
- Cleanups to ancontrol(8).
- Add a -b option to ssh(1), similar to telnet(1)'s equivalent.
- Fix a memory handling bug in telnet(1).
- Use pool(9) interface for the VFS cache.
- Improve OpenSSH interoperability with ssh.com-2.0.x clients.
- In the mvme88k port, replace resource maps with extents.
- Numerous fixes and updates to sup(1).
This list mentions mostly platform-independent changes. For a list of changes
made in a particular platform, please check the page for that platform. If you
find them not listed there, the changes are either (1) not being documented or
(2) are documented here.
www@openbsd.org
$OpenBSD: plus.html,v 1.794 2001/08/28 10:31:42 jj Exp $