Changes made between OpenBSD 3.5 and OpenBSD-current
This is a partial list of the major machine-independent changes
(i.e., these are the changes people ask about most often). Port
specific changes have also been made, and are sometimes mentioned
in the pages for the specific platforms.
Changes to the ports collection are documented
here.
Note: Problems for which patches exist are marked in red.
We are working on OpenBSD-current.
The following list sums up (almost) all the changes made up to April 25.
- Since isprint(3) doesn't consider all whitespace printable, also use isspace(3) for the binary file test in less(1).
- Fix float -> quad conversion in libc.
- Prettier outpub from bgpctl(8).
- Permit multiple default routes.
- A few more unionfs fixes.
- Respect access rights on a union filesystem (PR#745).
- Add a few pieces missed in the merge of OpenSSL 0.9.7d.
- Add input queue congestion flag support to a few interfaces that can't use the new IF_INPUT_ENQUEUE macro.
- Prevent an endless loop in pf(4) with 'route-to lo0' rules (PR#3736).
- Have authpf(8) run pfctl(8) to change the rulebase instead of sucking in code from pfctl and doing it itself.
- Set MINCLSIZE back to its smaller pre-KAME IPv6 value, so now clusters will be used more often.
- In pfsync(4), purge only a specific expired state instead of doing an expensive purge all expired states while running at a high spl(9).
- Make sure the local address and bgpd(8) neighbor address are of the same address family.
- Use '|' instead of ':' as the field separator for spamd(8) database keys, in preparation for future IPv6 support.
- Fix a potential null dereference in the ssl(3) application utility code.
- Give routed(8) a local copy of the radix tree code, so it doesn't get (re)broken by net/radix.c changes.
- Make ssl(3) S/MIME work again.
- Add 'neighbor cloning' to bgpd(8), allowing a configuration to be specified for a network/prefixlength pair as well as the peer IP address. The configuration is cloned for each new peer in the given address range.
- Some string cleaning in ddb(4).
- Fix a missing return statement in in bgpd(8)'s control connection error path.
- Add multipath support to the radix tree, allowing multiple routes to a single destination (though it won't actually get you anywhere just yet). From KAME.
- Send pfsync(4) packets for IPv6 protocols other than TCP, UDP and ICMP.
- Sync kernel radix tree code with 4.4BSD-Lite2 via NetBSD.
- Don't add a PF_GENERATED tag to pf(4) synproxy generated packets for the second handshake, so they can match rules (and create state) on another interface.
- Add a 'probability' modifier for pf(4) rules, setting the likelihood with which a rule will trigger.
- Greatly simplify inetd(8)'s hostname/address lookup code.
- Since OpenBSD has openpty(3), we may as well have telnetd(8) use it.
- Initial support for IPv6 transport in bgpd(8).
- Add spamd(8) config files to changelist(5) and /etc/mtree/special.
- Some additional TCP option length paranoia in pf(4)'s normaliser.
- Have netstat(1) display the new tcps.rcvacktooold statistic counter.
- Sync <tree.h> with Niels Provos' version to get rid of a compiler warning for RB_NEXT(3).
- Port the gcc2 bounds checking support to gcc3, enabled with -Wbounded (see gcc-local(1)).
- Add some CMSG_ macros to get proper alignment in portalfs. From NetBSD.
- In isakmpd(8), make sure the KEY_LENGTH attribute is present when checking AES proposals as this is required when acting as responder to SafeNet peers.
- Silence getopt(3) errors in the privileged tcpdump(8) process.
- Don't display rubbish on the first output line from vmstat(8), wait for the stats to stabilise.
- Fix the calculation of a raw IPv6 UDP packet's checksum.
- For dhcpd(8)'s ping probes, just use the pid for the ICMP id like ping(8) does, instead of some architecture-dependent wierdness.
- Merge in new Omron LUNA port (luna88k), based on OpenBSD/mvme88k, NetBSD/luna68k and CMU Mach.
- As with dhcrelay(8), set a write filter and lock the bpf(4) descriptor before privilege drop in dhcpd(8).
- Change pw_copy(3) to take the old entry as an additional parameter, allowing both a change of username and a check that the file hasn't changed since it was last read (fixes PR#3698). Adapted from FreeBSD.
- Set a write filter and lock dhcrelay(8)'s bpf(4) file descriptor before dropping privileges.
- Drop the port-changing options in dhcrelay(8) too, always use standard ports.
- New TCP stat counter tcps.rcvacktooold, counts the number of times we drop very old ACK packets when the sequence number isn't exactly right.
- Set the km_page allocator's low watermark to a value that allows the system to boot.
- Switch the build over to the new, improved dhcpd(8) and dhcrelay(8).
- Remove the -p (listen port) option of new dhcpd(8).
- Bump the default kern.maxclusters to a value high enough to deter all but the most determined tweakers.
- Remove the GATEWAY config(8) option now that both IP forwarding and mbuf cluster allocation are configurable using sysctl(3).
- Introduce a new sysctl(3) kern.maxclusters controlling (oddly enough) the maximum number of mbuf clusters. This deprecates the much-abused NMBCLUSTERS config(8) option.
- Use the km_page allocator as the backend for the mbuf and mbuf cluster pools.
- New km_page pool(9) allocator running in an interrupt-safe kernel thread (kmthread).
- Resource starvation checks for sockets:
- Check the level of mbuf(9) cluster utilisation when doing an accepting a listen socket, and fail if usage is greater than 95% of the hard limit.
- New API sbcheckreserve() returns ENOBUFS if more than 50% of mbuf(9) clusters are in use
- Use sbcheckreserve() when accepting a connection, and on setsockopt(2) for SO_SNDBUF and SND_RCVBUF, and allocate minimal buffers in in low-memory situations.
- Stop propolice tripping an assert in gcc3.
- Make spamd(8) display an error if it can't open the /var/db/spamd database for writing, and return a proper error code.
- Cure the angst in user(8) caused by the non-existence of the /nonexistent directory.
- Correct new dhcpd(8)'s handling of very long lease times (PR#2888).
- Fix a propolice bug in gcc(1) and unbreak MySQL (mysql bug id 1442).
- Have ssh(1) perform strict permission checks on ~/.ssh/config files and abort unless they're correct.
- If kernel ipsec(4) and/or ipcomp(4) processing is disabled by sysctl(3), pass any packets through as raw IP to give userland a chance to handle them.
- Sync the em(4) driver with FreeBSD.
- Tidy up usb(4) kernel configs in line with recent i386 changes.
- Restore siop(4)'s ability to detect SCSI options after the recent probe changes.
- Since dhcpd(8) can now be invoked legitimately without an interface, don't abort when the user doesn't give any options.
- New _tftpd user and group.
- Make sure m_pullup2(9) copies the M_CLUSTER flag when it creates a new mbuf (PR#3740).
- Have pf(4) block unconditionally when the input queue congestion flag is set, instead of doing CPU-intensive rule tests.
- If an interface input queue becomes full, set a new congestion flag in the queue structure. Since a full queue usually indicates processing overload, this flag can be used to allow other subsystems to cooperate in easing the situation.
- Make netstat(1) show the number of mbuf clusters in use rather than the number of pages.
- Fix a ufs directory-related panic (PR#3672). Fix from FreeBSD.
- Have the cvs(1) server check for attempts by a client to walk up the directory tree illegally.
- Perform some additional checks on the paths fed to the cvs(1) client by the remote server.
- Some address family agnosticism in bgpd(8).
- Let bgpctl(8) show IPv6 peer addresses in neighbour view.
- Now that dhcpd(8) doesn't need to continuously reopen the leases file for writing, have it chroot(2) to /var/empty and drop privileges after starting up.
- Only open the dhcpd(8) leases file once instead of every time it needs to be written.
- Set up new dhcpd(8)'s bpf(4) listen filter for the right port.
- Have mopd(8) do a chroot(2) to /var/empty and drop its privileges.
- Massive style(9) application to isakmpd(8).
- Stop another instance of syslogd(8) from unlinking a socket that's in use.
- TCP packets are now allowed to have IPv4 options.
- Begin work of separating binary emulation type from the executable file format.
- New user and group _mopd, for some obscure reason related to mopd(8).
- Enable all supported USB devices in the i386 GENERIC config.
- Pass the jobname to lpd(8)'s input filter via the -j option, some filters need it.
- When the syncache aborts a connection, don't set an ACK in the RST packet.
- Add entries for all supported USB devices to the GENERIC config on sparc64.
- In crypto(9), add cases for sha2 algorithms in swcr_authcompute().
- Fix systat(1) screen updates after resuming from a ^Z.
- Make pf(4) antispoof rules work with dynamic interfaces.
- Match on all characters of the interface name in the pfctl(8) parser.
- Make sure privsep tcpdump(8) transitions into STATE_RUN even when writing to stdout with '-w -'.
- Implement AI_NUMERICSERV (from RFC3493) in getaddrinfo(3).
- Since the UDP checksum in mandatory in IPv6, drop any input packets where it's absent and make sure it's set even for error output.
- dhcpd(8) cleanup:
- Use getopt(3).
- Remove pidfile code.
- Steal some already-sanitised code from dhclient(8).
- Remove code to handle network access methods we don't care about, only bpf(4) is necessary here.
- Break out dhcpd(8) into usr.sbin/dhcpd and begin The Process.
- Have lpd(8) treat 'o' format files (PostScript) from MacOS 10.1 the same as 'l', not 'f', since PostScript can contain binary data. From FreeBSD.
- Parse and handle RFC 2858 Multiprotocol Extensions in bgpd(8).
- Allow restore(8) to recover files larger than 4GB by using size_t instead of long.
- Have dhclient(8) retry up to ten times after a second's delay for interfaces showing no link.
- More careful IKE payload parsing in tcpdump(8).
- New _PATH_DEVFD and _PATH_VAREMPTY constants in <paths.h>.
- Fix a null deref in syslogd(8).
- Have new dhcrelay(8) do a chroot(2) to /var/empty and drop privileges.
- In libpthread, update curthread immediately after a thread switch.
- New _dhcp user and group for, funnily enough, the DHCP programs.
- Refactor the installer's network initialisation code into IPv4-specific sections in preparation for IPv6.
- Start surgery on dhcrelay(8):
- Move to /usr/src/usr.sbin/dhcrelay.
- Kill pidfile code.
- Use daemon(3) and getopt(3) instead of DIY.
- Huge cleanup of mopd(8).
- Implement a rate limit for TCP ACKs of 100pps, and use this more general mechanism for in-window SYN handling too.
- Safely handle aborts in malloc(3) etc. without tripping the recursive call handler by mistake.
- Fix reliability problems with bge(4) and gdt(4).
- Fix an accidental busy-wait in sensorsd(8).
- Increase the maximum number of pty(4) devices to 992. See the Upgrading Mini-FAQ item 3.5.1 for upgrade instructions.
- Fix a typo in kern/tty_pty.c when generating pty(4) device filenames, soon to be exposed by changes to pty.
- Compatiblity fixes to mpt(4).
- Change snprintf(3)'s handling with size==0, in line with a vsnprintf(3) change (rev. 1.5) from years ago.
- Fix a segmentation fault in Xlib when a .Xauthority file contains IPv6 XDM-AUTHORIZATION-1 data (NetBSD PR xsrc/25098).
- Rearrange the GENERIC config file so clonable interfaces are together, and without the now-unnecessary device count.
- When libpthread is poll(2)ing for read- or writability of an fd on behalf of a thread, check the ERR, HUP and NVAL flags as well as the read or write flags.
- Sync uudecode(1) with FreeBSD, including base64 support.
- Stop a number of network interfaces moaning about a failed mbuf(9) allocations, the complaint uses mbufs and just makes things worse.
- Pass SIGINT and SIGQUIT through to syslogd(8)'s privsep child.
- Move the pf(4) altq, OS fingerprint and table pool(9)s from the default (interrupt context) kmem allocator to the much-larger nointr allocator.
- If newsyslog.conf(5) doesn't list a user or group, create new files with the uid or gid from the existing file.
- Force cvs(1) to use the libc getopt(3) implementation instead of its own.
- Have pfctl(8) check that the file it's trying to open isn't really a directory.
- More gcc(1) optimiser fixes for mvme88k
- Swap the last two parameters to TAILQ_FOREACH_REVERSE(3) in line with FreeBSD and NetBSD.
- Use a more efficient realloc(3) size when displaying long lines in less(1). Speeds things up when, for example, your system crashes in the middle of a build leaving a pile of linefeedless binary crap in the typescript file.
- After going to the trouble of saving errno before it gets overwritten, use the saved value in pflogd(8)'s error output.
- Don't try to close invalid file descriptors in the tcpdump(8) privsep code.
- Have isakmpd(8) set the timezone before privsep so the child has the right zone settings.
- Within dhclient(8)'s new lease file naming scheme, allow for the -l filename override.
- On sparc and sparc64, don't compare a RAMDISK kernel's root filesystem time with the system time, they're unlikely to have much in common.
- Zero out the key data pointer for unknown isakmpd(8) key types.
- Merge in Perl 5.8.3 and OpenSSL 0.9.7d. No lame new licenses for a change.
- Now that dhclient(8) needs an instance per interface, having a single lease file won't do so use /var/db/dhclient.leases.<ifname>.
- Make sure the list dereference when deleting all SAs in isakmpd(8) comes before the delete operation that free(3)s the list node.
- Fix /etc/rc.local(8)'s handling of ntpd_flags.
- Unbreak pxeboot(8/i386, 8/amd64) build under gcc3.
- Allow dhclient(8) to work on more than the first physical interface found.
- In several programs, fix getopt(3) calls containing option letters for which there's no corresponding case handler.
- ISO C function declarations for make(1).
- Fix a sizeof(pointer) bug in tcpdump(8)'s IPv6 options parser.
- Fix some misplaced braces in route(8), making 'route add' a bit more -q.
- Enable /dev/crypto(4) and hifn(4) on cats machines.
- Make newsyslog(8)'s file renaming and copying operations set the same permissions in all cases.
- Fix double call of the ktrace(2) signal trap handler.
- Add missing prototypes (in <pwd.h>) for bcrypt(3) and md5crypt(3).
- Fix some gcc(1) optimisation bugs on mvme88k.
- Fix a sizeof(wrongthing) bug in afsd(8) that was breaking 64-bit machines.
- Have tcpdump(8) print IKE DELETE payload contents.
- Remove the installer's special-case upgrade of the OpenSSL /usr/include symlinks.
- Fix a double-free in libpthread (PR#3730).
- Reenable libm compiler optimisation on sparc64, since it works properly with gcc3.
- sscanf(3) -> strtol(3) in newsyslog(8).
- Don't initialise ncurses(3) until after options processing in backgammon(6).
- Plug the new-and-improved dhclient(8) into the standard build.
- Fix a sizeof(pointer) bugs in afsd(8), sup(1) and visudo(8).
- Make pf(4)'s cache of m_tag_get() results actually work.
- Check for fdopen(3) failure in vacation(1).
- 3.5 -> 3.5-current.
- Change wskbd(4)'s AltGr key handling so shift-altgr-other has the same effect as altgr-shift-other.
- Never allow pf(4) states propogated via pfsync(4) to overwrite newer states held locally. If an overwrite is attempted, broadcast the newer version to the network to speed resynchronisation.
- Under Linux emulation, pass madvise(2) straight through to the native syscall.
- On receipt of an in-window TCP SYN (Stevens vol.II p.964), return a 100pps rate-limited ACK instead of blindly RST'ing the connection.
- Don't try to recreate the xfs(1) logfile after dropping privileges.
- Don't abort xfs(1) gracelessly when handling an unimplemented protocol request.
- Many manual page fixes.
- In a number of programs, don't close files that are known to be not open.
- Fix a missing initialisation in tcpdump(8)'s privsep code.
- Make spamd(8)'s -v logging option do something useful.
- Fix line breaks in spamd(8)'s log output.
- Allow non-GNU ANSI compilers (e.g. TenDRA) to build again by changing 'static inline' to 'static __inline'.
- Don't close descriptors we know aren't open in syslogd(8).
- Drop arc4random_8() api from the kernel.
- Change rfork(2) so the RFMEM flag gives complete vmspace sharing including the stack, in line with other implementations.
- Add --line-buffered option to grep(1) etc.
- Remove some unbounded recursions in the libc regex engine, found with certain expressions containing backreferences.
- Fix ls(1)' column alignment when using the -h option.
- New axe(4) USB Ethernet driver.
- Fix an off-by-one in procmap(1).
- Better bounds checking in the ramdisk's strategy() routine.
- Limit the trust between local and remote instances of the rcp(1) and scp(1) programs.
- Change netstat(1)'s -p option so that, when used without -s, it shows a list of sockets for the given protocol.
- Let rcmdsh(3) work on hosts without an IPv4 address.
- Initialise the kqueue(2) subsystem in kernel main() instead of on first use.
- Add IPv6 support to openssl(1)'s s_client command, complete with the usual '-4' and '-6' switches.
- Reorder checks in ssh(1) so that the IP options check isn't skipped just because UseDNS=no.
- Make /usr/src/Makefile's cross-tools target work again.
- Have inetd(8) properly use the exec'd program's basename as argv[0] if no arguments are specified.
- Fix includes search order in GNU ld(1) to help cross-ld builds.
- Don't byte-swap a variable we'll need later in its original order in GNU ld(1).
- On an msdos filesystem with long filenames support enabled, fix some false-positive name matches when an integer multiple of 13 characters match. From NetBSD.
- Some portability fixups in isakmpd(8).
- tcpmd5 changes for bgpd(8):
- Allow either the source or destination to be a wildcard in SA lookups (netinet/ip_ipsp.c:gettdbbysrcdst()).
- Add support for the wildcard to pfkeyv2.
- Use the new pfkeyv2 wildcard support in bgpd(8) and remove the local address requirement for md5sig.
- Unbreak libc's regex engine compilation with -DREDEBUG.
- Change /etc/rc(8) so that a spamd(8) banner (configured via $spamd_flags) may contain spaces (PR#3720).
- Teach pax(1) how to expand GNU tar long links. From NetBSD.
- Change systrace(1)'s handling of filename-too-long errors so it just fails the syscall instead of stopping the process. Fixes PR#3140.
- Some ELF name translation fixes in nm(1).
- Add /etc/rc.conf.local to /etc/mtree/special.
- Lots more activity on the SMP branch.
- Wrap pkg_add(1) installation operations in perl(1) eval{} blocks so it's possible to at least register what did work.
- Unknown entry types in a packing list now result in an error.
This list mentions mostly platform-independent changes. For a list of changes
made in a particular platform, please check the page for that platform. If you
find them not listed there, the changes are either (1) not being documented or
(2) are documented here.
www@openbsd.org
$OpenBSD: plus.html,v 1.921 2004/04/26 17:33:31 deraadt Exp $