This is a partial list of the major machine independent changes
(i.e., these are the changes people ask about most often). Machine
specific changes have also been made, and are sometimes mentioned
in the pages for the specific platforms.
Note: Problems for which patches exist are marked in red.
For changes in other releases, click below:
2.0,
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.6,
4.7,
4.8,
4.9,
5.0,
5.1,
5.2,
5.3,
5.4,
5.5,
5.6,
5.7,
5.8,
5.9,
6.0,
6.1,
6.2,
6.3,
6.4,
6.5,
6.6,
6.7,
6.8,
6.9,
7.0,
7.1,
7.2,
7.3,
7.4,
current.
Changes made between OpenBSD 3.0 and 3.1
- Fix xim problems with zh_CN locale in xf86(4).
- Enable Apache httpd(8) modules on ELF-based architectures.
- Disallow ftpd(8) logins to accounts lacking passwords.
- Log control signals on the IDE bus in wdc(4), obtainable through atactl(8).
- Move xautolock(l) into the ports(7) system.
- Import pmdb(1).
- Improve ALTIVEC support in OpenBSD/macppc and powerpc.
- Begin to split authorization in sshd(8).
- Protect against overflows and null dereferences in OpenBSD/i386 CPU probing.
- Morph ptrace(2) into one of the kernel config(8) options(4).
- Repair some of the problems in the new ahc(4) driver.
- Prefer the MAC address found in the local-mac-address property of hme(4), falling back on myetheraddr().
- Rewrite the powerpc pmap handling.
- Realize that suffixes given to gzip(1) may be longer than 3 characters and account for this in buffer sanity checks.
- Permit user and group names to start with a numeral in identd(8).
- Enable altq(9) support in more drivers.
- Update to zlib 1.1.4, fixing a security hole.
- Support reverse lookups when displaying states in pfctl(8).
- Add the PT_IO API for reading and writing traced processes memory with ptrace(2).
- Don't listen(2) on a port nc(1) really doesn't have.
- Ensure tcp(4) code doesn't operate on freed memory.
- Schedule tcp(4) timers with timeout(9) instead of tcp_slowtimo.
- Phase in use of red-black tree(3) algorithms for uvm(9).
- Implement a shutdown hook for raid(4) devices, allowing safe use of swap.
- Export sha1(3) and md5(3) interfaces through crypto(4).
- General crypto(4) and openssl(1) related work.
- Recognize a preserve flag in mtree(8) to disable attribute modification.
- Repair an off by one error in sshd(8).
- Differentiate a closing connection from a bad greeting during read of the protocol version string in ssh(1).
- Many improvements and cleanups to the trap handling in the installation system.
- Implement machine specific commands to the bootblocks on OpenBSD/hppa.
- Provide a toggle for immediate ack behaviour on tcp(4) TH_PUSH segments.
- Use timeout(9) instead of tcp_fasttimo for delayed acks in the tcp(4) subsystem.
- Vanquish a race condition in pciide(4) interrupt sharing.
- Avoid rejecting valid leases in dhclient(8).
- Add SOCKS4 support to nc(1).
- Import the 4.4BSD deroff(1) and spell(1) programs.
- Enhance the handling of quirky scsi(4) devices.
- Improve debugability of unloaded pf(4) rules by printing meaningful rule numbers.
- Safen SPLAY_MIN and SPLAY_MAX on an empty tree(3).
- Support an optional pool(9) memory hard limit in pf(4).
- Guard against pool_sethardlimit() decreasing the limit below the current size of the pool(9).
- Disable Nagle in ssh(1) port forwarding.
- Implement the splay and red-black tree(3) algorithms.
- nwkey and powersave support in ifconfig(8).
- Deal with groups in adduser(8) more thoroughly.
- Optimize OpenBSD/vax sources with -O2.
- Support an aperture driver on OpenBSD/macppc.
- Add a sysctl(3) interface kern.usercrypto that allows userland programs to utilize hardware crypto(4) devices.
- Send kind regards to the pool(9) option POOL_EXPOSE, as it's no longer with us.
- Add extattr(9) (Extended Attribute) support.
- Include a siginfo_t structure with ktrace(2) containing the fault address among other useful information.
- Clean up and debug the iommu driver.
- Remove flawed assumptions about memory layout in the stack sharing code in FORK_VMNOSTACK.
- Account for process signal masks when dealing with signals in pthreads(3).
- Reorder the network components initialization in netstart(8).
- Fix some signal races in rbootd(8).
- Improve mg(1) in many ways, including lots of buffer cleanups and undo support.
- Enable beeper(4) on OpenBSD/sparc64 when pckbd(4) is enabled.
- Silence the raid(4) subsystem a bit.
- Include support for generic 802.11 ioctl(2) calls in the wi(4) driver.
- Repair a fcntl(2) F_GETOWN issue on LP64 BE architectures.
- Install "right" zoneinfo timezone(3) files in addition to the "posix" ones.
- Remove xebec code.
- Enable echo(1) in adduser(8) signal(3) handlers.
- Don't require -n in conjunction with -x in xargs(1).
- Use mktemp(1) in security(8).
- Switch ssh(1) cipher operations to use the openssl(1) EVP API.
- Allocate some in-kernel memory from a kmem_map-backed pool to avoid deadlocks and MAX_KMAPENT panics.
- Avoid a possible panic on reboot(8) with mfs(8) file systems.
- New trm(4) driver.
- Remove a permissions loosening chmod(2) in pkg_install.
- open(2) the console with O_NONBLOCK in syslog(3) to avoid blocking on a locked console.
- Provide config(8) accessible hooks for modifying the NMBCLUSTERS, BUFCACHEPERCENT, and NKMEMPAGES options(4).
- Calculate ip(4) checksums and copy back modified headers before logging a packet in pf(4) to ensure the integrity of logging.
- Enable vnode(9) caching in the kernfs(8) code.
- Support for nc(1) connecting to and listening on an AF_UNIX socket(2).
- Treat the pound symbol (#) as an escaped character during vi/emacs filename completion in ksh(1).
- New port of the ahc(4) driver.
- Remove the getpw(3), vlimit(3), and vtimes(3) functions.
- Simplify PID selection algorithm.
- Immunize nanosleep(2) against system time changes.
- Minimize time spent doing time management in pf(4).
- New tvtohz(9) function.
- Add skip steps for rule action and direction in pf(4), considerably hastening rule set evaluation.
- altq(9) fixes and improvements through a sync with KAME.
- Implement multiple overlapping read/write requests in sftp(1) file transfers.
- Update to apache httpd(8) 1.3.23 with mod_ssl 2.8.6.
- Relocate ssh(1) configuration files to /etc/ssh.
- Remove dangerous agressiveness in NFS optimizations with symbolic links.
- Improve the sis(4) driver a bit.
- Update to heimdal-0.4e.
- Fix a possible FIN retransmission mishap.
- Account for temporary references to a struct file to avoid races in shared fd(4) situations.
- Allow specification of the copy buffer length in ssh(1) via -B.
- Some ssh(1) channels cleanup.
- A potpourri of multi-faceted hppa improvements.
- Double check the byte ordering in mpool(3).
- Introduce many new and fruitful regression tests.
- Add a driver to get a performance counters on sparc64.
- Make ddb(4) understand "boot reboot" and "boot poweroff".
- Include a bha(4) driver.
- Improve support for header byte swapping in tcpdump(8).
- Use "aes" in place of "rijndael" in ssh(1).
- Mark execing processes with a flag to indicate to ptrace(2) and similar not to fiddle.
- Handle DMA errors and big-endian systems in the ubsec(4) driver.
- Upgrade to XFree86 4.2.0
- Plug memory leaks in zlib, ftpd(8), and the login_getcap(3) family.
- Support disklabel(8) style size/offset values (ala "300k", "500M", "2G") in fdisk(8).
- Enable the serial console driver and keyboards found on some sparc64 systems.
- Use more pool(9) based allocations throughout the system.
- Update to sendmail-8.12.2.
- Add magma(4) and spif(4) support to sparc64.
- Don't let wdc(4) try UDMA modes if the controller doesn't support them.
- Pay attention to direction with the fastroute and route-to options in pf(4).
- Implement net.inet.icmp.rediraccept and net.inet.icmp.redirtimeout via sysctl(8), configuring an icmp(4) redirect ignore and timeout.
- Use and support the UNIMPLEMENTED message in the ssh(1) protocol.
- Prevent file descriptor close mistakes in faithd(8), route6d(8), rtadvd(8), and rtsold(8).
- Remove requirement for reserved ports in the NFS server by using the vfs.nfs.norsvport sysctl(8).
- Handle playback interrupts nicely in the cs4321 driver.
- Correctly differentiate between reading and writing operations on a number of devices, including radio(4)
- Allow port 0 to be used in pf(4) rules.
- Improve tty(4) resizing support in mg(1).
- In mixerctl(1), only open the mixer with RDWR when really needed.
- Enforce sane port ranges in the pfctl(8) rule parsing logic.
- Obey POSIX and don't update the modification time of the file if a write(2) is done with a length of zero bytes.
- Allow pf(4) rules to be identified by arbitrary labels.
- Support the HiFn 7811 in the hifn(4) driver.
- Add ELF support to modload(8), among other improvements.
- Support flags for savecore(8) in rc(8).
- Recognize a "no" keyword in the nat/rdr/binat syntax of nat.conf(5) to avoid translation.
- Allow a cvs(1) tagname to be expanded during checkout, export, and
update to be specified on the command line.
- Repair behaviour of ip(4) over ip6(4) tunneling when using gif(4).
- Clean up the lkm(4) subsystem.
- Consistently use SIG_DFL instead of SIG_IGN to disable a SIGCHLD signal(3) handler.
- Do not allow root to login(1) via an insecure tty even if the auth method does not use plaintext passwords.
- Don't let root change its password via login_chpass(8) and
login_lchpass(8).
- Add usbtablet(4), input support in XF4 for usb(3) devices.
- Avoid hanging x11 channels in ssh(1) with rejected cookies.
- ssh(1) protocol 2 HostKey default becomes /etc/ssh_host_rsa_key and /etc/ssh_host_dsa_key.
- Enable usb(3) devices for sparc64.
- Add a new m4(1) based makedev(8) generation system.
- Have fdisk(8) remove references to the NT serial number when writing to the MBR.
- Handle truncation to the middle of a file hole in FFS.
- Update sudo(8) to 1.6.4.
- Add more commands to ddb(4).
- Fix PT_{READ,WRITE}_{I,D} on sparc64.
- Migrate regression tests to a new, unified framework.
- Ensure correct alignment in some bridge(4) code.
- Many pthreads(3) fixes: only poll file descriptors when needed
use scheduling ticks for better timing, and avoid a polling related overflow.
- Only require write permission in pf(4) and pfctl(8) when modifying.
- Various od(1) and hexdump(1) fixes and POSIXification.
- Rename libusb to libusbhid(3).
- Enable RAIDFrame auto-configuration.
- Ignore the RSH environment variable in rdist(1) if it is empty.
- Correctly retain yp(8) bindings in ypbind(8) when using more than two domains.
- Plug a memory leak in the EPRT command of ftpd(8).
- Repair hex mode output in skey(1).
- Default to using the non-blocking behaviour on new accept(2) sockets.
- Repair tty(1) related panics caused by the session pointer code.
- Have ssh(1) and family exit on openssl(1) allocation failures.
- Only require the -t option when using ssh-keygen(1) to generate keys.
- Don't examine the tcp(4) header of non-tcp packets in PPP.
- Strengthen permissions on ppp.conf.sample.
- Use constant bitmasks as opposed to bitfields in the mmu segment and page table structure for mvme88k.
- Correctly print the payload string of tcp(4) RST segments when tcpdump(8) is verbose.
- Implement a scalable timeout(9) mechanism with constant-time add and delete.
- Let mvme68k systems lacking a configured pcc device compile.
- Don't default to generate rsa1 keys in ssh-keygen(1), and try all standard key files when invoked without arguments.
- Have crontab(1) send SIGUSR1 to cron(8) when a crontab file has changed, making changes take effect sooner.
- Send failing packet sequence number when sshd(8) is responding with an SSH_MSG_UNIMPLEMENTED.
- Ensure that user and system times increase monotonically.
- Add powerhook support to yds(4) to handle apm(8) resumes correctly.
- Repair memory leak in pcap(3) associated with compiled bpf(4) programs.
- Support span ports so that one can snoop a bridge from another interface/machine/network.
- Disestablish the xl(4) powerhook on detach.
- Add a -u flag to fdisk(8) which updates the MBR code but leaves the partition table intact.
- Big isp(4) overhaul.
- Improve signal handling in cron(8) so that processes run by cron(8) can't zombify until cron(8) wakes up.
- Add a pf(4) DIOCADDSTATE ioctl(2) that adds state entries.
- Support primitive stateful pf(4) filtering for other non-TCP/UDP/ICMP protocols.
- Fix icmp6(4) MIB counter.
- Better signal handling in login_skey(8) to avoid a possible race condition.
- Update signal handlers in passwd(1) to complement new catching getpass(3) call.
- Allow vnd(4) to create things larger than 2G.
- Perform a sanity check on the inner IP header of IP-in-IP encapsulated packets.
- Support -o for sshd(8), like ssh(1).
- Catch -- don't block -- SIGINT and SIGTSTP in readpassphrase(3) and getpass(3).
- Enable rootdev auto-configuration by device drivers during boot and add support for raid devices.
- Parse hex numbers in pf(4) correctly.
- Curtail the use of regex(3) in ssh(1).
- Make NKMEMPAGES dynamic based on memory size, deprecating NKMEMCLUSTERS in favour of NKMEMPAGES, NKMEMPAGES_MIN, and NKMEMPAGES_MAX.
- Forbid the coupling of different address families in pf(4) nat, binat, and rdr rules.
- Release the right descriptors when pipe(2) fails.
- Use pidfile(3) throughout the tree instead of hand-rolled imitations.
- Don't let sshd(8) pass user-defined variables to login(1).
- Nuke smartkey(1).
- Remove pipe based interface to photurisd(8), leaving only PF_KEY.
- Issue a "failed" message instead of a 2nd challenge if sshd(8) sees the same key in authorized_keys twice.
- Let the sshd(8) fake X11 server listen on localhost by default.
- Use ip6(4) in sendmail(1) when possible.
- Fix an alignment bug on alpha by using getifaddrs(3) instead of various ioctl(2) calls in named(8).
- Conform to historic behaviour in fmt(1); don't format lines that start with a dot.
- Avoid a "thundering herd" problem in accept(2), and fix an infinite loop on 64-bit systems.
- Use pool(9) for socket allocations.
- Correctly signal an error condition in newsyslog(8) so we don't send a signal to PID 0.
- Repair an error in uipc_socket that could make a transient error permanent.
- Perform a pf_route() before logging in case the logging created a bogus rule, avoiding a panic.
- Have socket connection queues use a tailq queue(3).
- Add fastroute option to pf(4).
- Support pasting characters with codes above 127 using the mouse via wscons(4).
- Handle PID files terminated with newlines correctly in newsyslog(8).
- Among other improvements, don't leak memory in ppp(8).
- During installation, preserve blank space in responses.
- Centralize the mount list, unifying locking, and add vfs_isbusy to help verify that a mount point is locked.
- Strengthen the mbuf traversal code in pf(4), avoiding potential crashes on ip6(4) packets with options.
- Make dummies for aclocal and the auto* family in cvs(1), hopefully mitigating upgrade hassles.
- Don't allow the pf(4) CHANGEBINAT ioctl(2) when securelevel > 1.
- Include stub dl* function definitions in libc on ELF, making libdl unneeded.
- Enhance network handling during installations.
- Block signals in find(1) when running fts_read().
- Move NFS creds out of the standard buf structure and into the nfs node, and use pool(9) for NFS node allocation.
- Fix the password length check in user(8).
- Use lockmgr in procfs (mount_procfs(8)) instead of a home-made version.
- Correctly mark items on the syncer worklist with VBIOONSYNCLIST, ensuring items not on the list don't have this mark.
- Convert to using the vn_marktext() function instead of VTEXT to mark a vnode as executing a text image.
- Enable the NI_WITHSCOPEID getnameinfo(3) flag by default.
- sendmail(8) should listen on port 587 for ip(6), like ip4(6).
- Add sanity to the apmd(8) battery alert when the battery is charging.
- Let chdir(2) errors in rwhod(8) be seen.
- SECURITY FIX: update ssh to OpenSSH-3.0.1.
A source code patch is available.
[Applied to stable]
- Repair ipx frame-type handling in ifconfig(8).
- SECURITY FIX: don't let pf wander off the end of ipv6 icmp packets.
A source code patch is available.
[Applied to stable]
- Fix a recursive mutex problem in pthreads(3).
- RELIABILITY FIX: quiet bogus interrupt messages on sparc64 pciide cdroms.
A source code patch is available.
[Applied to stable]
- Support the "S" command in interactive mode in top(1) to toggle display of system processes.
- Prepare for UBC by adding a daemon that processes async I/O and repairing some other things.
- Don't memset(3) too much memory in ssh(1) or sshd(8).
- Be much more sure that software cannot be used in crypto(9) stuff.
- Fix behaviour of system(3) in phtreads(3) so it doesn't hang forever.
- Use select(2) instead of unsafe SIGIO method for handling wscons(4) events in X11.
- Increase buffer sizes in tcpd(8) and ssh(1) so they can hold a full hostname.
- Add uscanner(4) device node to i386 and macppc.
- SECURITY FIX: be more careful with file permissions in vi.recover
A source code patch is available.
[Applied to stable]
- RELIABILITY FIX: provide illegal instruction trap handling for Altivec instructions on macppc.
A source code patch is available.
[Applied to stable]
- Take advantage of the bus_dmamap_sync API.
- RELIABILITY FIX: finally address the PCI abort problem on hifn7751.
A source code patch is available.
[Applied to stable]
- Move accounting disk space watcher into a kernel thread, fixing accounting on NFS.
- Fix many signal handlers throughout the tree.
- Avoid overruning mbuf length in ip6(4) handling.
- Big rusers(1) update, including protocol version 3 support, avoidance of duplicate issues on multihomed machines, and timeout tweaking.
- Support mmap(2) past 4GB offsets.
- Repair creation of the hosts(5) file during installation.
- Size mprotect(2) allocations from malloc(3) to 0 bytes, resulting in a fault on access.
- Handle autorepeat delays better in wskbd(4).
- Send the User-Agent header when using ftp(1) to WWW servers and proxies.
- Overhaul some fd(4) handling within the kernel.
- Ensure isakmpd(8) dies promptly on reciept of the SIGTERM signal(3).
- Fix a problem with bsd_auth(3) and passwords containing colons.
- Make -h and -L in pax(4) and tar(1) follow symlinks on extraction of directories.
- Support ddb(4) entry with usb keyboards using uskbd(4).
- Enhance handling of console keyboard attaches and deattaches.
- Allow the SCSI cd(4) driver to eject empty drives.
- Repair backgrounding (~&) in ssh(1) for v1 and add support for v2.
- Spiff up the isp(4) driver; protect against deranged fabric name servers and correctly handle the ISP_QUEUES_FULL status.
- Cleanup wx(4), getting rid of a bogus pullup on small mbufs and setting a txint delay.
- Polish wsconsctl(8): better usage output, print nice output when changing display.* settings, and prefer warn(3) over err(3).
- Handle standard file handles better in cron(8), and change an unsafe vfork(2) call to fork(2).
- Import xc-mit to build XhpBSD for hp300.
- Don't let tcpdump(8) segfault on some radius traffic.
- Fix some bugs in ppp(8), including a PASV bug, a set reconnect bug, and allowing for looser MRU handling.
- Use a more specific error message when pfctl(8) is given a bad interface name.
- Correct printing of RDR rules in pfctl(8) when using ! with destination rules.
- Reset state counter when clearing states in pf(4).
- Ignore SIGPIPE early in ssh(1), allowing operation to continue even if the agent dies.
- Implement syslog_r(3).
- Support the Creative Labs SB Live! sound card with emu(4).
- Repair __PSEUDO_NOERROR on hppa.