This is a partial list of the major machine independent changes
(i.e., these are the changes people ask about most often). Machine
specific changes have also been made, and are sometimes mentioned
in the pages for the specific platforms if you
are interested in further port-specific details. Many ports
have had architecture-specific enhancements relative to NetBSD,
but when they do not they certainly have plenty of platform-independent
changes, starting with those listed below..
Note: Problems for which patches exist are marked in red.
For changes in other releases, click below:
2.0,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.6,
4.7,
4.8,
4.9,
5.0,
5.1,
5.2,
5.3,
5.4,
5.5,
5.6,
5.7,
5.8,
5.9,
6.0,
6.1,
6.2,
6.3,
6.4,
6.5,
6.6,
6.7,
6.8,
6.9,
7.0,
7.1,
7.2,
7.3,
7.4,
current.
Changes made between OpenBSD 2.0 and 2.1
- Fix keyboard and delay timing in i386 bootfloppy bootblocks. Whee!
- Added gzip and cdrom support to the sparc and alpha bootblocks.
- Support crunch on arc (for bootable installs).
- Repaired install stuff for most architectures significantly, improving ftp/http installs, single bootable install floppies, and in some cases CDROM booting. Most floppies contain vi, too.
- The vnd(4) device has a new safer mode of operation called svnd where you can trust a disk-image right after it's unmounted, i.e. cache-coherency.
- sleep(3) and usleep(3) now call nanosleep(2) for significantly less overhead.
- GNU Groff 1.10 with (improved) Makefile wrapper.
- A bit more man page cleanup starting to happen...
- Split rc.local, creating rc.securelevel. (Securelevels look like a worse and worse idea every month.)
- newfs_msdos(8) can has enough brains to find the partition size itself.
- Significantly improved the unpredictability of the DNS packet id's in the resolver and named.
- libpthread works on the m68k.
- Support for PCI NE2000 clones.
- Some more userland 64 bit fixes.
- Unify naming of architecture names between gcc & binutils.
- Signal handling fix to crontab(1).
- Various fixes to the YP utilities.
- Support extended partitions in fdisk(8).
- Support /etc/rc.shutdown from halt(8).
- PCI aic7860 scsi support improved.
- Support .group entries in /etc/passwd.conf
- Repair some bugs in mail(1), especially regarding signal handling.
- Always skip the first 8KB of all swap partitions (hint: disklabels & bootblocks)
- The df(1) utility now has a human-readable "-h" option.
- For the first time ever, an obj@ populated /usr/src tree compiles cleanly when mounted read-only.
- Various man page fixes.
- NAT now gets started from /etc/netstart.
- Fix AFS string-to-key handling in kerberos.
- Correct DEV_BSIZE and lp->d_secsize confusion throughout the source tree. CD9660 is much happier now.
- Use in_addr_t and in_port_t all over the place.
- For config(8), if any kernel options get added/deleted/changed since the previous commit, warn that the compile tree needs 'make clean'.
- Make real i386 CPUs work again. In case no one noticed, they didn't work for about 5 months. The bug was very hard to find...
- Once again, really correct the various source routing pieces of the userland source tree.
- A whole bunch of 64 bit fixes in the source tree (hint: alpha).
- Fix patch to honour Index lines better.
- Solve a few resolver problems after the recent 4.9.5-P1 integration, not all our fault.
- Use 10 X characters in many remaining mktemp() calls which are hard to excise.
- getnetent() and friends now work a lot more like gethostent().
- More buffer overflows, but none in sensitive programs.
- Fixed some more mktemp races (sigh, will this ever end!)
- Add support for YP v1 to ypserv.
- Add md5 & blowfish passwd support to adduser(8).
- Numerous more pax/tar fixes.
- Add ./.message support to ftpd
- 16 partition support for the alpha port.
- cvs 1.9.6
- 64 bit clean in.rarpd.
- Change mail.local -H behaviour slightly, and convince mail(1) to use it for correct locking!
- New termcap and terminfo database files.
- Be more careful about modes of lost+found directories.
- Implement NOFILE_MAX--hard limit on max descriptors per process.
- gcc no longer defines -D__NetBSD__, only -D__OpenBSD__ now!
- sysctl kern.osrevision gives OpenBSD date.
- A few ypbind fixes.
- Fixes to fts(3).
- ddb improvements for 64 bit machines.
- The NE2000 if_ed driver now works on the alpha, too.
- Various atm fixes.
- Support for "secure" YP password maps.
- Substantial changes and fixes to the scsi scanner support.
- noaccesstime option for filesystems (saves batteries on laptops)
- Bye bye tahoe bits.
- pccon(1) to control the pccons driver.
- Merged changes from at 2.9 into our own at.
- Fix pcmcia on the i386.
- ipsecadm as an initial cut at controlling IPSEC sessions.
- Various fixes to the fsck tools.
- Let fsck and fsirand automatically work on very large filesystems.
- Numerous improvements to pax, including full support for cpio and a lot of fixes to tar mode.
- Import of libwrap and tcpd (tcp wrappers).
- Import of the mvme88k kernel port.
- Add support for FreeBSD md5 to /etc/passwd.conf.
- BIND 4.9.5-P1.
- deroff(1) 1.0 from Debian (a Linux).
- settimeofday(2) won't roll back the date if securelevel > 0 (from lite2).
- newfs(8) now has an inline fsirand(8) with no noticable speed decrease.
- Replace which(1) with a C program.
- libg++ pulls in libcurses automatically.
- Fix weak symbol support in ld.
- cvs 1.9.2
- IPSEC package from John Ioannidis and Angelos D. Keromytis.
- Working kadmind for kerberosIV.
- Add support for /etc/passwd.conf which controls the format and strength of passwd entries for the next time a user changes their password. These options can be set per-user.
- New scalable BLOWFISH-based crypt algorithm for passwd file entries. It uses a very large strong-random 'salt' and the number of rotor runs is configurable. Hence if you have faster machines you can slow the crypt routine down and make harder keys.
- fix some more memory and file descriptor leaks in libc/rpc
- Fix so that stack limits which are not a multiple of the pagesize work.
- Fix a few netinet kernel crash problems.
- Fix pax & tar to be POSIX compliant.
- add RPC service name generation to netstat -a
- Make dd(1) work fine with our 64-bit off_t types, now you can copy very large disks using it.
- Improved NFS filehandle creation.
- Use lots more XXXX characters in calls to the few remaining mktemp() calls in the source tree. This cuts out a whole class of races.
- IPF 3.1.7 which includes fully working NAT support (ie. IP masquerading).
- The hp300 joins many other ports in supporting 16 disk partitions.
- Have libc/rpc save you from yourself if you do enable source routing.
- Change mktemp(3) and family to generate more random filenames, yet still as collision free as possible.
- Merge new ftp(1) changes from NetBSD.
- Add cdev and partition support to the ramdisk driver.
- New wgrisc port for Willowglen embedded r3081-based machine with ISA slots.
- Support for gzip'd kernels in some bootblocks.
- Be more careful if some fool decides to enable source routing ;-)
- Added RFC-1812 ICMP unreachable codes to ip_icmp.h, traceroute, and ping.
- /sbin/dump -a saves you from needing to deal with finicky tape length options (from FreeBSD)
- config.old(8) has been removed from the tree, as the hp300 port switches to config(8).
- A SA_SIGINFO implementation for sigaction() and signal handlers. This is a small part of POSIX 1003.1b and permits the signal handler to figure out the exact cause of a signal; such as fault address information for SIGSEGV or more detailed information for SIGFPE.
- The Alpha port and all its utilities now compiles using in-tree versions of all tools. Yipee!
- amd (the automounter) is now 64-bit and working on the alpha.
- Changed netinet IP_HDRINCL option to require ip_len and ip_off in network byte order. This is a compatibility/portability fix and we expect other BSD systems to eventually follow suit.
- Bug fixed that prevented bufpages/nbuf > 1 setups. This allows large buffer caches even when available kvm space is low, like for i386 & sparc.
- Some ypbind(8) tightening up, includes a method to specify a list of valid servers
- Completely in-tree PowerPC port for non-Apple hardware. This port requires nothing outside the in-tree development environment to build (except mkisofs for building distributions).
- A working fsirand.
- More kerberosIV security patches.
- Repair many uses of the SIOCGIFCONF code for machines with an outrageous number of network interfaces.
- pax in tar mode will understand multiple -v options to generate ls-like output.
- Prevent stat() from disclosing inode generation numbers to non-root userland.
- various adjtime() corrections inside the kernel.
- No buffer lengths in fmt(1).
- Support lchown(2) in dump(8), cp(1), pax(1), cpio(1), chown(8), and restore(8).
- New gnu cpio 2.4.2
- Added lchown(2) for compatibility with SVR4 implementations.
- Sendmail upgraded to version 8.8.5.
- Upgrade of awk(1), integration of BSD tsort(1), getopt fixes.
- Support for the hp300 added.
- Fix a fairly nasty security hole in all of the games.
- new aucat command.
- libcrypt goes away. We do not need this stub library anymore. Do not link against it on OpenBSD, all the pieces you need are in libc.
- ppp 2.3b3
- Permit building of kernels without a.out support.
- Properly use _POSIX_SAVED_IDS throughout the source tree.
- Import of the powerpc port.
- Change the games to be run setgid games, not setuid games. This closes a whole slew of fascinating security holes.
- Add disklabels to the vnd device driver.
- Properly split fsck, mount, and newfs into multiple pieces. Use disklabel information if it is available.
- Permit NFS attribute cache to be configured on a per-mount basis.
- Add XCASE/IUCLC/OLCUC/OCRNL/ONOCR/ONLRET tty subsystem flags for backwards compatibility.
- Repair some more KerberosIV buffer overflows. Hard to believe this is supposed to be security software.
- f77 0.5.19
- texinfo 3.9
- sendmail 8.8.4
- Fix a few setgroups() related security holes.
- Add NetBSD's "route show" implementation, and at the same time fix the new buffer overflows that this provided.
- Fix information gathering attack in ping(8).
- tcpdump 3.3
- If disklabel reading code discovers an ISOFS filesystem underlying, spoof a nice disklabel (enough to fool mountroot).
- At boottime, have (*mountroot)() look at the root device's disklabel to determine which filesystem type is to be mounted.
- Add disklabels to the floppy device drivers.
- Multiple updates for GNU software
- Hundreds of little fixes all over the place.
- Some YP and bootparamd security changes.
- Add FreeBSD md5 diffs to mtree(8). This can be used to implement a tripwire-like system.
- GNU gdb works on the mips-based platforms.
- Imported FreeBSD's calendar.
- Increased compatibility in the pccons driver with BSDi features.
- Added -C option to pax/tar. Also made -z support compressed files too.
- Prevent generic users from mounting filesystems by default.
- Use pdksh as our /bin/sh. This provides excellent POSIX compliance.
- Numerous small security fixes again...
- com driver is now bus-independent.
- lpt driver is now bus-independent.
- The Arc port family has a new member: The rPC44 works!
- New bsd.*.mk feature: DEBUG=-g. Try it, you'll like it.
- pdksh version is now 5.2.11
- Make login get more consistently upset about failed logins, and tell user about these failures at the next successful login.
- Memory leak paranoia in cron.
- Numerous more difficult-to-exploit-but-possible-if-someone-really-wanted-to buffer overflows found in system utilities..
- Various repairs to the scsi scanner support.
- Import of ctm.
- Integration of the pmax port.
- Beware $HOME overflows throughout the source tree.
- OLF binary type added. This is like ELF, but includes an OS-dependent tag. elf2olf(1) converts an elf binary to a tagged OLF binary which the kernel can recognize correctly.
- In numerous utilities: prefer $LOGNAME, but also accept $USER.
- The NIST suite showed numerous errors in libraries and the kernel. Only a few small errors remain now, mostly regarding serial ports.
- More ftpd raging paranoia security fixes.
- Numerous fixes to the lpr suite, including security.
- Crank kvm space on the i386 port, also limit buffer cache usage so that 512MB machines may work (untested :-)
- GPL i387 emulator added.
- Skey revamped into full OTP (RFC1938) support, including sha1 and md5 support.
- Add stack tracebacks to Arc port's kernel debugger.
- The /dev/*random devices are now default on all architectures.
- A number of security fixes to the way coredumping works.
- upgrade to CVS version 1.9.
- The NIST Posix test suite became free. As a result we have been correcting numerous problems in the source tree, and expect to be completely POSIX compliant very soon.