OpenBSD 2.0 released
This is a partial list of the major machine independent changes
(i.e., these are the changes people ask about most often). Machine
specific changes have also been made, and are sometimes mentioned
in the pages for the specific platforms if you
are interested in further port-specific details. Many ports
have had architecture-specific enhancements relative to NetBSD,
but when they do not they certainly have plenty of platform-independent
changes, starting with those listed below..
Note: Problems for which patches exist are marked in red.
For changes in other releases, click below:
Changes made between birth and OpenBSD 2.0
- CTM is now a supported way of obtaining OpenBSD source code.
- Added sudo (which is maintained by one of our developers)
- Working Linux ext2fs.
- We have completed security reviews of almost all userland programs and libraries except for the gnu stuff (where, based on preliminary inspection there is poor handling of temp files).
- FreeBSD's adduser(8) command. Also an rmuser(8) command.
- A 7% reduction in size of static binaries.
- Compile time option to compile the source tree almost completely dynamic.
- Almost a hundred more security fixes, including /tmp races because of strncpy.
- Another kerberos security fix.
- deal with the SYN bomb problem (denial of service attack) as well known.
- less version 2.90
- mopd for networking booting Digital machines
- latest GNU groff, incorporated in a clean wrapperized form.
- secure multicast tools against possible security problems.
- sendmail gecos hole fixed (in a number of ways; other programs in the source tree were also vulnerable).
- Nice sample files in /etc
- 16 partitions working on sparc and i386 (yipee!)
- vim is replacing nvi, since nvi does not have a pure BSD license, and vim also works better.
- And of course... more security related bugfixes... (ie. dump, restore, mt).
- ftp command modified for easily scripted ftp & http downloads.
- Complete in-tree development for MIPS/Alpha systems (ie. binutils).
- New routed from SGI.
- *Hobbit*'s netcat utility. The crackers use it, so should you.
- Say goodbye to dump, restore, and mt security holes: They are no longer setuid.
- DDB can now access symbol tables from LKM modules
- Some serial driver support for /dev/cuaXX devices to support transparent out+dial
- FreeBSD pipe() system call; quite a bit faster.
- libgnumalloc is gone; our malloc() is better.
- Kernel warns if /dev/console does not exist; nice warning for booting with an unpopulated /dev directory.
- cdio command for using CD audio.
- Even more security fixes.
- latest version of perl, and a lndir command.
- gcc 220.127.116.11 (to get closer to native alpha support ar gcc bugs).
- vim version 4.5
- a good start at NETIPX support
- improved locate command
- Fixed timeout support in RPC library, and also fixed it to support more than FD_SETSIZE file descriptors.
- rudimentary support for ISA Plug-and-Play cards
- `lsof'-style features in fstat.
- Numerous ftpd improvements and fixes, including multihomed and skey support.
- ncr53cXXX scsi scripts assembler
- arc4-based random support in kernel
- Kerberos is much more silent if not configured
- scsi subsystem security fix
- much newer join command (4.4lite2 with other fixes)
- RCS version 5.7
- added /etc/fbtab support to login & init.
- partial protection against tcp SYN attacks.
- POSIX & C2 requirement; lose setuid/setgid bits if owner/group changed by chown(). This can be turned off with sysctl.
- a real adduser program, which can even be used uninteractively.
- install now supports -C, -p, and -S flags.
- 20 or so more security fixes
- at -f security fix.
- generic protection against the bind() takeover problem.
- new rdisc Router Discovery daemon
- Numerous FreeBSD userland fixes and improvements incorporated.
- FreeBSD malloc() that uses mmap() and is able to free unused memory.
- Fixed long-standing vm swap-leak.
- _POSIX_SAVED_IDS behaviour with permitted BSD extensions.
- Newest version of pppd.
- zlib (non-GPL'd gzip-compatible library)
- Numerous more security policy and implementation improvements (OpenBSD defaults to installing in a very secure mode)
- Significantly improved ftp daemon.
- Protection from the udp spamming and ftp bounce attacks.
- randomized port allocation in bind(), bindresvport(), and rresvport() -- security via unpredictability.
- The most secure rdist support anywhere.
- Fortran in the tree.
- terminfo database support.
- Working ATAPI audio support for multiple architectures.
- Linux ext2fs and BSD4.4 LFS support being worked on.
- Accepts FreeBSD MD5 passwords in password maps, soon will be able to generate them too
- Even more security fixes.
- using AT&T awk, gawk is toast
- pax as tar, gnutar is toast
- Boot kernels with "-c" to edit/enable/disable device configuration tables
- ATM support (support for one company's sparc & i386 cards available)
- kernfs extensions
- select() that can handle any amount of file descriptors.
- new system calls: rfork(), minherit(), poll().
- /sbin/init now deals with non-existent ttys, no longer spins gettys madly.
- ncheck utility for ffs
- Numerous scsi fixes
- Some ddb improvements and extensions
- In-kernel update(8) with an adaptive algorithm
- /dev/*random -- a device driver providing some kinds of random data
- Solid YP master, server, and client capabilities.
- Kerberos and other crypto in the source tree that is exportable
- Numerous security related fixes
- new scsi, md5, pkg_* commands
- ATAPI support (should work on all ISA buses)
- Some LKM support in the tree.
- All the pieces needed for cross compilation are in the source tree.
- Verbatim integration of the GNU tools (using a wrapper Makefile)
- nlist() that understands ELF, ECOFF, and a.out, allowing non-a.out ports to use kvm utilities
- better ELF support
- ipfilter for filtering dangerous packets and Network Address Translation for IP masquerading.
- The FreeBSD ports subsystem was integrated and is usable by you!
- a termlib library which understands termcap.db, needed for new curses.
- New curses library, including libform, libpanel and libmenu.
- Many many NetBSD PRs fixed (which NetBSD has not yet fixed)